INTRODUCTION

CRISIS MANAGEMENT

2

Crisis Management

To manage a crisis one first must understand that crises:

Occur abruptly

Cannot always be anticipated or forecast

May not occur within an issue category

3

Crisis Management

Basic Causes of a Business Crisis

1. Acts of God

2. Mechanical problems

3. Human errors

4. Management decisions / indecisions

4

The Nature of Crises

Crisis Definitions

A major, unpredictable event that has potentially negative results and its aftermath may significantly damage an organization and its employees, products, services, financial condition, and reputation.

A low-probability, high-impact event that threatens the viability of the organization and is characterized by ambiguity of cause, effect, and means of resolution, as well as by a belief that decisions must be made swiftly.

5

Crisis Management

How a Crisis Should NOT be Handled

Minimizing the issue

Stonewalling

Too little, too late

6

Types of Crises

EconomicEconomic

PersonnelPersonnel

PhysicalPhysical

CriminalCriminal

InformationInformation

ReputationalReputational

Natural disastersNatural disasters

7

Types of Crises

Outcomes of Major Crises

Escalated in intensity

Subjected to media and government scrutiny

Interfered with normal business operations

Damaged the companies bottom line

Resulted in major power shifts

8

Crisis Management: Four Stages

Prodromal Crisis StageWarning—precursorSymptom —precrisis

Prodromal Crisis StageWarning—precursorSymptom —precrisis

Acute Crisis StagePoint of no return

Crisis has occurred

Acute Crisis StagePoint of no return

Crisis has occurred

Crisis Resolution StagePatient is well/whole again

Crisis Resolution StagePatient is well/whole again

Chronic Crisis StageLingering on—perhaps

indefinitely; period of self-doubt; self-analysis

Chronic Crisis StageLingering on—perhaps

indefinitely; period of self-doubt; self-analysis

Learning

Figure 6-8

9

Pattern of a Poorly-Managed Crisis

Early indications that trouble is brewing occur.

Warnings are ignored / played down.

Warnings build to a climax.

Pressure mounts.

Executives are often overwhelmed or can’t cope.

Quick-fix alternatives look appealing. Hasty moves create trouble.

Clamming-up versus opening-up options present themselves.

Most firms choose the former.

A siege mentality prevails.

10

Managing Business Crises

Fink’s Three-Stage Model

1. Identifying the crisis

2. Isolating the crisis

3. Managing the crisis

11

BusinessWeek’s Five Steps in Managing Crises

1. Identify areas of vulnerability

2. Develop a plan for dealing with threats

3. Form crisis teams

4. Simulate crisis drills

5. Learn from experience

Managing Business Crises

12

Monsanto’s 10R’s for Handling Public Policy Crises

Respond early Recruit a credible spokesperson Reply truthfully Respect the opposition’s concerns Revisit the issue with follow-up Retreat early if it’s a loser Redouble efforts early if it’s a critical company issue Reply with visible top management Refuse to press for what is not good public policy Repeat the prior statement regularly

Managing Business Crises

13

Managing Business Crises

Augustine’s Six Stages of Crisis Management

1. Avoiding the crisis

2. Preparing to manage the crisis

3. Recognizing the crisis

4. Containing the crisis

5. Resolving the crisis

6. Profiting from the crisis

14

1. Identify crisis communication team

2. Identify key spokespersons

3. Train your spokespersons

4. Establish communications protocols

5. Identify and know the audience

6. Anticipate crises

7. Assess the crisis situation

8. Identify key messages to communicate

9. Decide on communication methods

10. Be prepared to ride out the storm

Crisis Communications

15

Components of Crisis Plans

Media communications 99%

Employee communications 98%

Crisis management team 94%

Communications with elected officials 86%

CEO / senior executive involvement 82%

Documentation / written policy / handbook 81%

Website communications 77%

16

Be First, Be Right, Be Credible

Be FirstBe First

Be CredibleBe Credible

Be RightBe Right

Get message out first to controlcontent and accuracy

Get message out first to controlcontent and accuracy

Be open, honest, and speak withone consistent voice

Be open, honest, and speak withone consistent voice

Say and do the right thingSay and do the right thing

17

Benefits of Crisis Management

Fewer disruptions to every life for consumers, employees, and citizens

Preparing for one type of crisis may be beneficial when other types of crises strike

BUSINESS CONTINUITY PLANNING: WHAT IT IS?

SESSION 2

18

Last Overview – Session 1

Krisis tidak bisa menjadi pilihan yang dapat ditolak oleh organisasi. Krisis hidup dan terus berkembang seiring dengan lajunya organisasi dan lajunya komunikasi organisasi tersebut.

Ketika krisis muncul maka peluangnya adalah memanage krisis tersebut menjadi lebih terkendali.

19

Your Company Is Complex

Infrastructure Buildings Equipment IT Network

Records IT Paper

Supply Chain Operations

Employees Cash Flow

CustomersProductsServices

Loss Of One System Stops Your Cash Flow

Infrastructure Buildings Equipment IT Network

Records IT Paper

Supply Chain Operations

Employees Cash Flow

CustomersProductsServices

OR

An Ounce Of Prevention, What Is It Worth?

PANICS

MANAGE TOGETHER

Peristiwa-peristiwa yang mengganggu Kesinambungan

Bisnis

23

External Threats

Fires

Utility outages• Electricity

• Gas

• Water

Natural • Tornados• Floods

• Hurricanes

Man-Made• Water main breaks

• Terrorist attack

• Overturned truck with hazardous load

• Building damage

Internal Threats

Hardware

Computer viruses

Software

Lack of IT security

Faulty IT infrastructure

Coffee pot

Negative employees

Building problems

Electrical wiring

Water damage

Internal environment

Lack of physical security measures

Why Should You Care?

Crisis Prevention

Statistics are harsh

Customer retention

Employee safety and loyalty

Vendor commitment

Cash flow protection

Business Continuity Plan

Bagi perusahaan memiliki sebuah BCP dipandang sebagai sebuah jaminan kebijakan yang memberikan kontribusi pada “good governance”-nya sebuah bisnis.

Industri jasa keuangan adalah terdepan dibanding industri lainnya dalam persyaratan BCP yang up todate dan tested. Regulasi-regulasi ini ditegakkan dengan audit-audit internal dan eksternal dan dalam kasus-kasus ekstrim dengan berbagai sanksi dan denda.

27

Business Continuity Plan

Beberapa badan regulasi tertentu mengawasi persyaratan mutlak untuk BCP di negara-negara yang berbeda.

Di AS, ada US Federal Reserve Board yang melakukan tugas ini.

Di Singapura, ada Monetary Authority of Singapore (MAS) dan

Di Hong Kong ada Hong Kong Monetary Authority (HKMA).

28

Business Continuity Plan,What Is It?

BCP dirancang untuk melindungi proses bisnis yang kritis dari kegagalan/bencana alam atau yang dibuat manusia dan akibatnya hilangnya modal dalam kaitannya dengan ketidaktersediaan untuk proses bisnis secara normal.

BCP merupakan suatu strategi untuk memperkecil efek gangguan dan untuk memungkinkan proses bisnis terus berlangsung.

Peristiwa yang mengganggu adalah segala bentuk pelanggaran keamanan baik yang disengaja ataupun tidak yang menyebabkan bisnis tidak bisa beroperasi secara normal

Business Continuity Plan,What Is It?

Your organization’s:• Untuk memperkecil efek berbagai peristiwa yang

mengganggu pada perusahaan

Tujuan BCP yang utama adalah untuk mengurangi risiko kerugian keuangan dan meningkatkan kemampuan perusahaan dalam proses pemulihan sesegera mungkin dari suatu peristiwa yang mengganggu.

The BCP consists of three major elements

31

The BCP consists of three major elements

1. The Prevention Plan is developed to minimize the potential for a disaster (or crisis) to occur

2. The Emergency Response Plan is developed to ensure employees know how to respond when they discover a potential disaster, or when and how to evacuate the building if necessary and who and how to assess the damage.

3. The Business Resumption Plan is developed to minimize the impact on the organization — by minimizing the length of time a business interruption lasts and providing procedures to use in resuming business operations.

32

Pengembangan BCP

Ada empat element atau langkah-langkah dalam membangun sebuah BCP yang baik, meliputi:• 1. Pembuatan Cakupan dan Rencana. Tahapan ini

menandai dimulainya proses BCP. Hal yang dilakukan adalah membuat lingkup dan elemen lainnya yang diperlukan untuk menentukan parameter dari rencana.

33

Pengembangan BCP

Ada empat element atau langkah-langkah dalam membangun sebuah BCP yang baik, meliputi:• 2. Business Impact Assassment (BIA). Proses ini

dilakukan sebelum membuat Disaster Recovery Plan. BIA digunakan untuk membantu unit bisnis memahami dampak dari bencana; meliputi pelaksanaan analisa risiko dan menentukan dampak terhadap perusahaan jika potential loss yang teridentifikasi oleh risk analysis sungguh-sungguh terjadi.

34

Pengembangan BCP

Ada empat element atau langkah-langkah dalam membangun sebuah BCP yang baik, meliputi:• 3. Pembuatan Business Continuity Plan. Tahapan

ini menggunakan informasi yang didapat pada proses BIA untuk mengembangkan business continuity plan yang sebenarnya. Proses pengembangannya adalah meliputi rencana implementasi, rencana pengujian, dan pemeliharaan rencana yang dijalankan.

35

Pengembangan BCP

Ada empat element atau langkah-langkah dalam membangun sebuah BCP yang baik, meliputi:• 4. Persetujuan dan Implementasi. Proses ini

terdiri dari mendapatkan persetujuan akhir dari manajemen senior, penyiapan sebuah program awareness korporat dan menerapkan prosedur pemeliharaan untuk meng-update rencana sesuai dengan kebutuhan.

36

Plan Topics

Risk identification• improvement• Management

Business resumption

IT contingency plans

Crisis management• Emergency

preparedness• Communication• Evacuation

Plan maintenance

Management Plan

Subsidiary plan umbrella:• Delineates how the subsidiary plans work together• Designates ownership of subsidiary plans

Functions:• Defines the business process• Identifies rules and processes for change

management and plan maintenance• Establishes the timeline and methodologies for testing

the plan

Subsidiary Plans

Information Technology

Crisis Management

Business Resumption

Information Technology Plan

Consists of two functional plans:• Disaster Recovery

• Restoration of electronic business data • Restoration of Key IT systems

• Cyber Incident Response Plan

• Detection and response to Viruses, Hackers, or other Cyber threats

Crisis Management Plan

Consists of three functional plans:

• Communications Plan • Internal and external communications and relationships

• Process

• Evacuation Plan • Shelter – in – Place vs. Building evacuation • Employee accounting

• Emergency Preparedness• Mitigation

• Management

Business Resumption Plan

Manages the organization’s operations from a disruptive event through “business as normal”

Evaluates resource and asset needs

Procedural changes

Process Overview

1. Organizational overview

2. Business Impact Analysis (BIA)

3. IT evaluation

4. Risk assessment

5. Services selection

6. Procedure management

7. Crisis management

8. Change management

9. Plan maintenance

It will not happen to me

We can make it through

We have backups

We have business interruption insurance

It will be too costly

We don’t have the time

Common Misconceptions

It Will Not Happen To Me

1/3 of all companies experience a major disruption each year

You have a 25% chance of a data disruption that lasts over 24 hrs

33% of SMEs that had a disaster recovery plan, used it

Year Date Title Disaster Number

Major Disaster Declarations in NJ

2005 04/19 Severe Storms and Flooding 1588

2004 10/01 Tropical Depression Ivan 1563

2004 07/16 Severe Storms and Flooding 1530

2000 08/17 Severe Storms, Flooding And Mudslides 1337

1999 09/18 Hurricane Floyd 1295

Emergency Declarations in NJ

2003 09/23 Power Outage 3188

2003 03/20 Snowstorm 3181

2001 09/19 Terrorist Attack Emergency Declaration 3169

1999 09/17 Hurricane Floyd 3147

1999 09/17 Hurricane Floyd 3148

We Can Make It Through

43% of companies experiencing disasters never recover

Most that suffer a catastrophe are out of business in 2 years

Data not restored in 48 hrs, 50% chance of closing in 2 years

• 72 hrs, 95% chance of closing in 2 years

Normal misconceptions• 66% of business executives believe they will resume

normal operations within 24 hrs

• IT executives believe they will resume normal operations within 3 days

We Have Backups

75% of backups are unusable when needed

2:30 A.M.Your data just got wiped outYou grab your backups but…

Your systems are gone!Where is your business now?

Think clearlyThink beyond backups

We Have Business Interruption Insurance

Does not protect you• Does not stop you from losing customers• Does not stop your vendor’s bills• Does not give you a place for resuming business

• Does not keep your cash flow flowing

Is good to pay for services needed to get back running

It Will Be Too Costly

Crisis prevention is surprisingly affordable

We focus on you, our customer, and on your bottom line

Our holistic approach is streamlined for companies your size

We Don’t Have The Time

We use a simple, non-intrusive, approach

Our holistic approach to keeping you in control includes:• Assessing existing risks and weaknesses

• Designing a solid crisis prevention & business continuity plan

• Factoring future company and systems expansion

Let’s Get Started

Your company is the center of a very unique world: when you are safe, all are safe. Isn’t that what it’s all about?

Appropriate Systems, LLC works with you to create your ounce of prevention.

QuestionsThank You For Your Time