The aftermath of a global corporate scandal is a very messy affair. Firstly, there’s the breaking news, then the media frenzy, the plummeting share price, the evaporating confidence, the damage-limitation exercises and finally the groveling executives. We live in a super-charged, hyper-connected environment, answerable to the 24-hour “churnalism” cycle and social media chatterati. Boeing, Uber, Nissan, Huawei, Airbus or Purdue Pharma, to name but a recent few, have all had to step up like Winston Churchill to their darkest hour. “Crisis management can be like dealing with an explosion,” explains Jo Willaert, president of the Federation of European Risk Management Associations.
Be quick, honest, open and, in such circumstances, be compassionate in communications, these are the key principles of crisis management
And with any explosion, corporate or otherwise, everyone ducks away from the line of fire for fear of getting hit. Damage limitation can trump open communication. Slow and myopic group-think can stymy a crystal clear, crisis management plan because the stakes can be excruciatingly high and the fallout unthinkable. No one really wants to spark the next Lehman or Enron crisis. It would be career suicide.
Why do companies need a crisis management plan?
“Be quick, honest, open and, in such circumstances, be compassionate in communications, these are the key principles of crisis management,” says Julia Graham, deputy chief executive of Airmic, the UK’s risk management body.
Yet time and again these messages don’t seem to permeate the rarefied air of boardrooms or the upper corporate classes, and it shows. Whether it’s Boeing’s chief executive taking a week to respond to the fatal Ethiopian Airlines crash or BP’s boss Tony Hayward making a quip during the Gulf of Mexico oil spill saying he “wanted his life back”. The rapid, heartfelt response to an incident is as crucial today as it was ten years ago.
“An actual crisis is a pressure cooker and no time to start working out roles, responsibilities, and processes for your management team. Yes, Mr. Hayward apologized quickly, yet the damage was done and here we are almost a decade later still talking about it,” says Marc Cornelius, founder of 8020 Communications, a specialist public relations consultancy.
At the heart of every response is an effective crisis response plan. Businesses are most resilient when they’ve already considered what to do if the worst happens and if all executives understand the roles they need to play. A risk manager co-ordinates decision-making teams that need to be multi-disciplinary, with all business functions represented, since they see situations from diverse angles.
“For instance, a classic tension can exist between legal and marketing perspectives: saying very little might theoretically limit your potential liability, but will the consequent damage to your brand end up costing you more long term? You can bet those functional tensions would have been going on recently within Boeing,” says Mr. Cornelius.
Why strong leadership is crucial in crisis management
Time and again though companies are caught up in a crisis storm that is hard to weather. Facebook had its Cambridge Analytica moment, while Monsanto had to deal with a customer allegedly contracting cancer from its weedkiller, then there was Exxon’s reaction to the Alaskan oil spill, the list goes on. The lessons that can be learned are legion. Each event is unique and complex.
Rupert Younger, director of the Oxford University Centre for Corporate Reputation, thinks we need to go beyond our preparation manuals, rehearsals, box-ticking exercises, and well-documented crisis management plans, and instead, create more of a wider culture of being able to respond to crises.
“Smart companies should spend as much time listening as talking, empathy, and humanity are crucial. Each stakeholder has to feel well informed and properly looked after at all times, and internal teams need to be organized and focused on this,” says Mr. Younger.
One thing that a lot of crisis experts agree on is the crucial role that executive leadership plays in dealing with a crisis. Like the logjam over Brexit, markets and corporations look for certainty, any perceived loss of control, lack of solutions or uncertainty can cause real harm, especially in the early stages of an incident, and a lot of direction comes from the top.
A responsive C-suite is the new imperative, especially when key executives are increasingly being held accountable if their company is not able to respond to a crisis. Look at various governments’ response to the live-streamed mosque attacks in New Zealand and their crackdown on social media companies for showing harmful content, from Australia to the European Union, including the UK.
Sound risk management leads to greater trust
When management could be personally liable for these crises and fines could reach as high as 4 per cent of global turnover, as is the case under the EU’s General Data Protection Regulation, it’s enough to make any corporate board, from Twitter to YouTube, rewrite their crisis management plans and think twice about how they respond.
“Yet events usually outpace responses and without preparations or expertise at the table, leadership can find themselves frozen as they watch things unfold. The organization needs to be clear on who takes the lead in efforts to restore the confidence of the public, clients, employees, and investors,” says Erik Petersen, head of crisis management consulting in Europe at Control Risks.
“The issue is that leaders will often be required to make decisions with insufficient information. It can take days or sometimes longer to get facts or understand the nature of the problem, while stakeholders will demand immediate answers and response.”
The fact is most of us trust corporations around the globe without knowing what kinds of systems they have in place to deal with risk, safety, and incidents that involve people’s lives, health and wealth. We eat, fly, drink, drive and consume various products from countless companies that we put our utmost faith in. The question is, can we really trust them?
“Companies that manage risk well tend not to face crises of their own making,” says Sandra Sucher, professor of management practice at Harvard Business School. “In my research, I’ve found a close association between sound risk management and being trusted. Risky actions lead to mistakes of many kinds, and we mistrust, with good reason, companies which don’t seem to appreciate the consequences of their mistakes and fail to anticipate the risks that things could go wrong.”
Why you cannot ignore crisis communication management
Another aspect that’s crucial is crisis communication and the language used. “It is arguably becoming one of the most important elements of damage limitation in an era where harm to brand and reputation is the greatest part of the impact,” says Mr. Petersen.
Increasingly, big corporations value the role of crisis communications, they also understand that it’s a specialized skill either to be cultivated in-house or via an outside consultant who knows the business well and is on call. “Those organizations that don’t value communications, do so at significant risk,” says Kelli Matthews, senior instructor at the School of Journalism and Communications, University of Oregon.
Many crises that whip through the media are hardly binary affairs, they are infinitely complex. The key is to make these issues simple and communicate in plain, unambiguous language. “This can be really challenging,” says John Martin McDonald, founder of Caeli Communications. “As Mark Twain once said: ‘I didn’t have time to write you a short letter’. But you must make the effort and do it throughout the crisis.”
Reputational damage may be significant, if not permanent
All this underplays the role of the risk manager, yet they are a crucial go-to person in any crisis. They have a pivotal role to play since the impact of a crisis can touch many facets of a business from customers to shareholders, affected communities to supply chains.
“The professional risk manager serves as a coordinator across many functions that need to be involved in a situation like this, both for the manufacturer and the airlines in the case of the Boeing crisis,” says Typhaine Beaupérin, chief executive of the Federation of European Risk Management Associations. “The risk professional will also play an important role in managing the complex insurance issues that will inevitably arise as a result of a crisis.”
It’s not all doom and gloom. Many businesses can be resuscitated over time. “A company’s reputation is not earned overnight and, usually, not lost overnight,” says Marc Szepan, a lecturer at the University of Oxford Saïd Business School.
But beware, a recent study by The Economist of the eight most notable corporate crises since 2010, including those at Uber and Wells Fargo, found that the median firm was worth 30 percent less today than it would have been had the scandals not occurred. Ouch.
When considering how to create a psychologically healthy and safe work environment, it does require a high level of innovation or new thinking. One can simply look at how workplaces have been addressing physical health and safety for the past several decades.
There are two well-established methods to proactively address health, safety and wellbeing in the workplace: 1) Risk Management, and 2) Wellbeing Promotion. If you consider the public health model approach to disease prevention, wellbeing promotion can be considered a primary prevention intervention, suitable for 100% of employees to reduce illness risk and promote positive mental health. Risk management can be considered a secondary prevention initiative, to identify at-risk employees and groups, and reduce the likelihood and consequence of illnesses.
While risk management and wellbeing promotion activities can be carried out independently of each other, when used together, they increase the chances of positive employee mental health outcomes. Where they fail to prevent a stress-related illness occurring, tertiary prevention interventions should be made available, including counseling (e.g. Employee Assistance Programs), and injury management and return to work provisions.
While risk management and wellbeing promotion activities can be carried out independently of each other, when used together, they increase the chances of positive employee mental health outcomes.
Method 1: Risk Management
Risk Management in relation to psychological health, safety and wellbeing involve four steps:
1. Identify psychosocial hazards – find out what could cause harm, considering recognized psychosocial hazards (e.g. role overload, role clarity, job control).
2. Assess risks if necessary – understand the nature of the harm that could be caused by the psychosocial hazards, the likelihood of it happening and the amount of harm that could be caused.
3. Control risks – implement the most effective control measures that are reasonably practicable in the circumstances.
4. Review hazards and control measures to ensure they are working as planned.
Figure 1: The Risk Management Process
As figure 1 above demonstrates, the risk management process also requires management commitment and consultation with employees, including Health and Safety Representatives (HSRs) if they exist.
When controlling risks (step 3), it is important to reduce risks using higher order controls wherever possible. The Hierarchy of Controls applied to Total Worker Health by the National Institute for Occupational Safety and Health provides a conceptual model for prioritizing efforts to advance worker safety, health and wellbeing (see figure 2 below). Controls and strategies are presented in descending order of anticipated effectiveness and protectiveness. It is an easier model to apply to psychological health and safety than the original hierarchy (which is more specific to physical hazards).
Figure 2: Hierarchy of Controls Applied to Total Worker Health (NIOSH)
FlourishDx helps employers follow a risk management process for the identification and mitigation of psychosocial risks. The platform contains the “Work Design Survey”, which is a short battery of survey scales (86 multiple choice items) to assess employee perceptions of common psychosocial hazards.
Consistent with best practice, and the Thrive at Work framework (developed by the Future of Work Institute at Curtin University), the Work Design survey also assesses positive characteristics of work that promote flourishing, as well as steps taken by the employer to mitigate illness.
Consulting with employees during the risk management process, including the identification of hazards is a WHS legal requirement. The FlourishDx Work Design survey facilitates this process at scale and across geographical diverse work groups.
Method 2: Health Promotion
Workplace health promotion is the process of fostering healthy workplace policies and supportive environments, enhancing positive social conditions, building personal skills, and promoting healthy lifestyles. Physical health promotion at work typically focuses on the five pillars of good health, often abbreviated with the acronym “SNAPS”:
physical activity, and
Health promotion at work typically focuses on policies, education, and behavior change programs to promote the development of these five pillars.
Martin Seligman (often referred to as the godfather of positive psychology – the branch of psychology concerned with wellbeing), has identified five pillars of mental health, often abbreviated with the acronym PERMA:
To promote positive mental health in the workplace, employers should introduce policies, education, and behavior change programs aimed at assisting employees to develop these pillars. But where to start?
FlourishDx contains the “Flourish Survey”. It is a short survey to assess the degree to which individuals have developed PERMA. This can be used as a needs analysis, to determine priorities for intervention at either an individual or group level. At a workplace level, the Flourish Survey results are a leading indicator of mental health, as it has been shown that people with well-developed PERMA are less susceptible to mental illness, and more likely to be flourishing.
The insurance industry uses the term “risk appetite” to describe the level of risk that an organization is willing to accept. An essential first step in managing corporate security, and resiliency, has to do with determining your firm’s risk appetite.
Risk appetite is defined as the amount of risk exposure that an organization is willing to accept as a normal course of business. Tolerance for risk exposure can vary greatly from one company to another, and among different industry segments.
As a precursor to establishing an effective risk management program, it’s essential for a firm to determine its risk appetite. This can be done using a baseline analysis that accounts for a combination of threats, vulnerabilities, consequences, and readiness.
It’s interesting to note that often a company’s appetite for risk doesn’t match its actual exposure. In other words, companies are often unaware that their risk exposure is significantly greater that their actual tolerance for that risk.
Assessments, training, and exercises are all excellent ways to expose those gaps and establish focus points for adjusting your firm’s security posture to align with its risk appetite.
Whilst risk management played a role in business prior to the financial crisis of 2007-2008, it didn’t have quite so much of a major importance as it does today. These days, if a company doesn’t find a way to prevent or mitigate risk then it can really struggle to get back on track. Unexpected risks can shut down a business for days and sometimes even longer, many never even re-open.
Despite the scary facts, it is thought that 75% of businesses today still don’t have a risk management plan in place. Whilst there are many forms of risk management insurance can be one the most important as it helps to prevent losses, and as we all know fewer losses mean higher profits.
How we can help your Risk Management
At Bluedrop Services risk management is taken seriously and we endeavor to meet our client’s requirements to achieve maximum profitability with minimum risk to them. We have implemented a specialist risk management department which will strive to succeed in aiding clients in the process of risk management and how to reduce risk.
Risk management is the identification, assessment, and prioritization of risk followed by coordinated and economical application of resources to minimize, monitor, and control the probability of any unfortunate events, which can occur at any time. The objective of risk management is to assure a company/task does not deflect from achieving its goals.
Risks can come from various sources depending on your type of business, these can include; road risk, potential failure of projects, legal liabilities, financial risk, accidents, deliberate attack, incorrect or no process and procedures, and poor health & safety policies. All of which could have a serious financial impact on a business or body.
Where should you focus your Risk Management?
Emerging companies should focus in particular on employer’s liability, data privacy and cyber liability, errors and omissions liability, directors’ and officers’ liability (D&O) and, depending on the number of employees, fiduciary liability and employment practices liability policies. By identifying and assessing risk early this will reduce the chance of a potential financial impact on a business.
How to reduce your risk
Strategies to manage risk typically include avoiding the risk, reducing the negative effect or probability of the threat, transferring all or part of the risk to another party, and even retaining some or all of the potential or actual consequences of a particular risk.
Although risk management has no measurable improvement on risk there is an increase in confidence in the decisions made by risk management strategies.
Simple risk assessments can be completed to reduce any type of risk, these should include:
1. What is the threat/risk 2. Who is exposed and why 3. Current process 4. What can be done to reduce the exposure 5. Documentation of the above
Sensible risk management is about taking practical steps to protect people from real harm and suffering not bureaucratic back covering. Taking a sensible approach to risk management is about ensuring the safety of employees and public, learning & understanding by all and responsibility of risk by companies.
Employers can provide their employees with a return to work evaluation form to give to their physician when the employee suffers a work-related injury. The form can facilitate communication between the treating physician and employer as to the employee’s status and capabilities. Many employers miss this step.
We encourage employers to send the physician the employee’s current job description AND a job description for an alternative duty position for which the injured employee might be eligible.
What is the importance of a return to work evaluation form?
It’s difficult to action plan the claim and get the employee back to work when there is no clear understanding of the employee’s injury AND job duties. This form along with the job description helps establish the baseline so all stakeholders can work in concert. This will get the employee back in some productive capacity.
Why should an employer provide this evaluation form?
If an employee is injured, they may not be able to perform their original duties. This return to work evaluation form helps the employer create accommodations enabling the employee to come back to work at the best of their ability.
A frequent (and very costly) mistake employers make is bringing the worker back too fast without having them medically cleared to perform their duties. We recently had an employer tell us their worker was injured playing softball for his recreational team on his own time. The employer never noted the incident formally in their employment records creating an incident. Further, they never had the employee medically evaluated to see how severe the injury may have been. Nor did they have the employee medically cleared to come back in the same capacity. Instead, he took a day off, came back to work too early. Sadly, he threw his back out on the job further, exacerbating the injury. Had the employer properly recorded the incident and had the employee fill out an injury form this would not have become a comp claim.
The original injury was non-compensable as it did not occur at work. It became compensable when he returned to work too early and made the injury worse. Following proper procedures and utilizing a return to work evaluation form would have gone a long way in preventing this type of situation from occurring.
What’s the impact on your workers’ compensation premiums by using a return to work evaluation form?
It creates a formal process around employee injuries that accomplishes several cost savings benefits:
Prevents employees from coming back to work too soon. This saves you from driving up injury rates and costs as the injuries usually become worse.
Facilitates very productive communication between treating physician, the injured employee and your company’s HR staff person.
The goal after every employee injury is to get them back to work in SOME capacity as quickly as possible. This cuts down on the ultimate cost of the claim. Too often we see employers simply file the workers’ comp claim with their carrier then walk away and go back to their regular scheduled programming. Then their experience modification factor gets re-calculated which may result in significant workers compensation premium surcharges.
Can employees abuse the return to work evaluation form?
Employees can abuse this only if the employer allows it to happen.
If the employer:
Meets with the injured employee every 10 days to check in on their healing progress
Makes it clear that the accommodations aren’t temporary
Allows open communication to provide the best accommodations and transition phase possible
Follows up with the physician
There should be no possible chance that the employee would abuse the return to work evaluation form. Truthfully, we see far more abuse when employers have no form and no process for getting the worker back on duty.