Every corporation needs a crisis communications plan. The reality is that far fewer such plans are actually developed. Then when they are, many end up on a shelf gathering dust. Fundamentally, crisis communications planning is about risk management— reputational, business, regulatory and legal risk. It’s also about protecting stakeholder relationships, internal and external, and demonstrating to the communities in which an organization operates that it has earned and values its license to operate there.
Why do so few companies create a robust crisis communications plan? It’s easy to glibly say that, as the saying goes, “denial is not a river in Egypt.” The main reason, though, is a variation on that idea. It’s human nature to think that the worst case won’t happen and that whatever does go wrong can be managed.
The opposite is usually the case: the companies that don’t think they need a crisis plan are the ones who very often do. And that explains why so often these same companies reach out to a PR firm with demonstrated crisis communications expertise only after the crisis hits. By that point, some degree of damage has already occurred with some of it unrepairable.
How can companies prevent communications crises?
Hence, the first principle of planning for crises: assume that eventually they will happen. That’s because in most cases they result from an issue, or issues, that percolate for months, or years, without being properly understood and managed and then explode into a full-blown crisis. That’s why every such plan is as much about identifying and managing issues in their various stages as they are dealing with the actual crisis.
Which brings us to the second principle of optimal and effective crisis communications: the longer you wait to properly plan the fewer your options will be when the crisis needs to be managed. Strategic and tactical planning increases optionality. Related to this is the fact that if mistakes in managing the crisis happen it is usually early on in the response—and a reflection of inadequate planning and overall preparedness.
The third principle is in many ways the most complex: the corporate culture you know and live by on a day-to-day basis is not necessarily the one optimally prepared to deal with a crisis. You find out a lot about “who” the organization really is when that crisis hits. At the one extreme of culture behavior, is an organization that doesn’t care as long as it doesn’t get caught. At the other is what’s called a generative culture that anticipates and whenever possible prevents a crisis happening and when it does seeks to manage it at the highest professional level. This preferred way of being and functioning not only values planning but has found a way to become a more resilient organization on multiple levels.
Here are the best practices for creating a crisis communications plan:
1. Conduct a comprehensive assessment
Think of this assessment as a kind of “X-Ray” into the organization, its conduct and practices and its broader business, community and government relationships. Begin with leadership and management, then go to operations, stakeholder relationships, and business partnerships. Look at the company’s regulatory footprint and consider any and all compliance obligations across jurisdictions. If the company has physical operations, especially any manufacturing or processing in a community, include those. Then, assess potential legal liability, which first can arise from a compliance issue, and otherwise the potential for contract disputes, employment matters, and product liability, to mention just a few areas of typical incident.
This seems like an enormous task but focus here is the key. The assessment should address three questions:
- First, how well is each area functioning in terms of achieving key corporate and business objectives?
- Second, if there are issues of any kind what precisely is the potential problem, why does it exist and how well do we understand it?
- Third, what outside parties do we need to bring into our assessment to provide an objective point of view? Such perspectives are key and should also incorporate into the plan itself.
2. A deeper look at the assessment stage
Why focus on the functioning of the company? Simple. Bernie Madoff’s Ponzi scheme ensnared some of the most highly functioning banks and investment funds in the world—none of whom realized they were being defrauded, right under their noses. This part of the assessment then assumes nothing about where a problem may arise, no matter how effective the executives appear to be.
- Analytical Tools: Evaluating the functioning of leadership and management is different than that of a physical manufacturing plant. Risk assessment evaluation criteria must be established for each area. What’s key is the decision-making process for dealing with issues, and past crises, and what were the outcomes. Knowing past “performance” and using those learnings greatly influences how an organization will deal with future crises.
- Potential Problems: This is like doing a stress test. Determine here as well criteria for defining what a clear and present problem is from those on a scale or continuum of lesser potential severity. See this as a kind of metaphorical landscape (with “foreground” issues needing more attention than “background” ones) to organize the assessment and prioritize where to focus first.
- Assessment Team: It can be extremely difficult for an incumbent executive team to conduct the assessment with the requisite amount of clear-eyed self-analysis that is needed. This too is human nature. Select someone to lead the assessment, craft and manage the timeline. Create a team that includes outside legal and compliance counsel and a PR firm with demonstrated crisis management and communications expertise, especially in dealing effectively with the global news media. There should be internal and external leads who then coordinate closely with each other on a division of labor conducting the assessment.
3. Putting the plan together
- Planning Team: Typically, it’s select people from the assessment team repurposed to create the plan.
- Prioritize: A thorough assessment reveals which issues are of highest priority to focus on—this is the urgent and important category. Driving this categorization is the potential for these issues to escalate into crises. The insights gained from the assessment also results in a clearer understanding of how to better monitor these issues. Look for accelerators within the dynamic of the issue—factors that could rapidly escalate it into a crisis. Combined, this creates the overarching Risk Profile of the organization.
- Engagement: The assessment usually also reveals which internal or external parties the organization should engage with to complete the plan. Examples here include joint-venture business partners, key customers/clients, and select executives in the organization overseeing areas that may be most vulnerable to a crisis. Their input will be valuable, especially as very often both parties will need to coordinate in addressing a crisis when it hits.
- Crisis Plan Architecture: Start with core recommendations that address the full spectrum of action items in the Risk Profile. Restate the Best Practices that were used to generate that profile and expand on what they revealed in more detail. High priority risks that are identified may need more research, analysis and engagement because of “known knowns” and “unknown knowns”; define the blueprint for achieving that and the expected outcomes.
Central to the plan’s core is the messaging manual. Create holding statements, talking points, templates for form types of communications (statements from the CEO, plus other statements used across media, legacy and digital channels), and Q&As for media training and preparation.
Then create the structure, operating principles and protocols for the Corporate War Room. This will include a breakdown of the Working Groups. One such group, for instance, will focus on legal and regulatory compliance, another will interface with core stakeholders, a third would manage all communications (internal, external, corporate, product, financial, government) and media relations.
War Room Operating Principles:
- What you know and don’t know: Your confidence level in the facts is absolutely critical. But often even more important is what you don’t know and need to find out. Having outside investigative resources here is critical.
- Exercise control: Vetting all publicly disclosed statements and information against the strategy and plan for when, why, how and why these are made.
- Rely on governors: “Hot house” thinking is common in a War Room. This is self-referring views and opinions and an overall climate of convincing yourself that things are better than they are. Governors are methods for being sure that never happens.
War Room Protocols:
- Command & Control: All teams need leaders, and yet leadership needs to listen and process diverse and sometimes conflicting views. Debates will happen but unless it’s clear who’s in command and how decisions will be made – and that they are in fact made in a prompt way—risk management will falter.
- Gathering and Assessing Facts: Timeliness is key here. When were these facts learned? Has or will the information change and why? Can the source(s) be relied upon for factual accuracy? How can we verify the facts? How should we use it, if at all? What impact will disclosure have?
- Communications: Organize all information in a central, easily accessed, and cybersecurity protected “location” and determine which information is covered by attorney-client privilege. Determine, if needed, who the spokesperson will be and the ground rules upon which engagement with the news media will occur.
Day One to Pivot
Day One is when public disclosure occurs (willingly by the company, following a leak to the news media, or a government entity) and the decision is made to activate the War Room and Working Group. Of course, this period is rarely 24 hours but several days, even weeks, and is consumed with assessment, response, stakeholder engagement, and media relations. It eventually ends in intensity, which means the initial “shock” in the public sphere passes and some degree of control is achieved.
Control is a relative term. New facts can emerge, and new parties who are adverse to the organization. The Pivot is therefore the transition to medium and long-term management of the crisis the steps for which will have already been detailed in the overarching crisis plan. Think here in timeframes and scenarios. What needs to be achieved in the immediate, medium, and then long-term timeframes?
What Did We Learn?
Crisis plans are living documents. If the right practices and behaviors have been instilled as part of a truly generative culture no time will be wasted learning from how the crisis was handled from day one and how to manage the next one, let alone prevent one from ever happening.
Mind you, it is always beneficial to remember that many great minds have been creating all sorts of similar such plans for generations. There will be good days and bad. It’s about leadership but mostly teamwork. And there will be surprises. As the 19th century German military strategist Helmuth von Moltke famously said and has been repeatedly paraphrased ever since by everyone from Dwight Eisenhower to Mike Tyson: no plan survives first contact with the enemy.