USA Law and Practice Contributed by: Jeff McAndrews, Megan Bouchier and Peter Gardner, FGS Global
• guidelines for reporting, evaluating, and responding to crises, including steps for escalation, crafting responses, and securing approvals; • pre-prepared messages for the most prob- able and high-risk situations; and • additional resources to ensure a smooth and effective response (eg, key stakeholder con- tact details). 4.3 Risk Assessment and Mitigation Understanding Risk Assessing risk starts with a vulnerability analy- sis, or an internal and external look at the issues that could impact an organisation’s constituents, reputation and/or normal course of business. Relevant risk factors include common crises such as natural disasters, cyber-issues or prod- uct outages or recalls, as well as any potential threats a management team has identified as part of its regular diligence. Regulatory changes or industry trends can also signal possible risk, as can perception studies that might reveal vul- nerabilities to be aware of among an organisa- tion’s stakeholders. Lastly, more organisations are realising that any number of reputational risks can impact their bottom line, licence to operate, ability to attract or retain talent or their competitive position. Expect the Unexpected At the same time, things that may seem outside the realm of possibility, but that would have high- ly problematic consequences, should also be considered. Monitoring crises impacting other organisations or playing out in other parts of the world should be part of this effort, even if they are not directly tied to the industry or business. Scenario planning should be conducted for events that are one, two or even three standard deviations from “common” crisis to pressure test a company’s existing protocols and procedures.
Still, it is equally important for companies to remember that not everything is a crisis. Under- standing what is not a crisis is as crucial as knowing what is, and is key to mitigating risk appropriately. 4.4 Crisis Simulation Simulations Create Smooth Real-Time Response Companies should and often do use simulations, conducted across business levels and functions, to prepare for crises. These can take different forms, but should always be informed by risk analysis, tailored to specific areas of interest or need and designed to facilitate collaboration. Likewise, example scenarios will be case-by- case, but might include cyber and customer data issues, M&A leaks, public shareholder issues and shareholder activism issues, union and labour-related issues, DEI issues or any cri- sis that has come up within the business sector in the past. Corporations: Integral Threads in the Fabric of Society Additionally, today’s businesses are not isolated from broader social issues; they are expected to actively engage with and influence them. Therefore, it is crucial that they consider social and political scenarios in any simulation, such as how the business might respond if it were revealed that they are engaging with a divisive public figure and how they would handle hot- button social and political issues like DEI, cli- mate change or political donations. 4.5 Training Employees are an Extension of the Crisis Team Many organisations have started to leverage e-learning tools to extend crisis training or risk assessment protocols to the whole of the organi-
158 CHAMBERS.COM
Powered by FlippingBook