When crisis management professionals analyze what went wrong with an organization's crisis response, a constant factor in "wrong way" examples is failure to test existing crisis plans via simulation exercises, something that is much easier to do now thanks to Internet-centered tools. I asked Robert Burton, Director of Risk Management at Blue Waters Global, LLC, about this phenomenon.
Jonathan Bernstein: In my experience, a lot of organizations create crisis response plans of various types, but then never test them. Why is that?
Robert Burton: It really varies from one industry to the next but generally an organization believes that if they have a plan they are prepared for a crisis and that the "box" has been checked. Where an industry is required to have a response plan (be it a crisis, emergency, business continuity, security or even disaster plan), it is easy for the entity to hire the consultant or write the plan internally and place it on the shelf to gather dust. Plans are never complete without testing them from a number of directions to ensure validity, and even then they should continue to evolve. Continual risk assessment and plan improvement is essential.
JB: If you have a multi-location business, how can you engage all the members of your crisis response teams in a simulation exercise without incurring a huge expense?
- Communications and Collaboration -- During the exercise design, the delivery and after the exercise it is critical that teams can easily communicate and collaborate.
- Situational Awareness Dashboard -- During an exercise it's important that the tool provides a synopsis of current exercise activities -- in our system we call that the Situational Awareness Dashboard. This should be easily accessible and provide a thousand foot view of what's happened and what the current state of play is.
- Easy to use and easy to follow -- The tool has to be easy to use at the front end much like a simple web site or you will run the risk of losing your constituents before the exercise even starts.
- Immediate Results -- The tool should enable an organization to get immediate feedback from the exercise. This can be done in a number of ways depending on the evaluation criteria and scoring methodology.
- Training -- It's vital that teams are provided with the basic information regarding the plan and their roles during crises. Having access to training on a regular basis can only be done cost effectively in an eLearning format especially when it comes to organizations that are dispersed across a city, region or the world.
RB: We are seeing a shift due to easy-to-use social media sites such as Facebook and Twitter and also the fact that younger executives are now entering the C-suite. Easy- to-use is the key. Will an organization buy-in to a tool that is difficult to use? So easy-to-use and no technical training but with all the bells and whistles is what you want.
JB: How often does an organization need to run simulations in order to truly be ready for a breaking crisis?
RB: The general rule of thumb is that the plan should be tested when a procedure or other part of the plan changes, when personnel that might be impacted by the plan change, when new personnel join a team, when a regulatory body requires it, when an incident has occurred that may require changes and as often as its determined in the organization's policies and procedures. If an organization is continually responding to incidents then the plan will be indirectly tested, which may reduce the requirement to run regular simulations.
JB: What do you say to organizations that do horribly on their first simulation exercise?
RB: Testing a plan for the first time always has the potential for something going horribly wrong. However, what I will say is that if you have built up to the first simulation exercise with training personnel on their roles and run through a number of potential scenarios in meetings then you should be at least prepared to respond in a coordinated and efficient manner. Working through a problem for the first time with new plans and personnel will be a learning experience for all and ultimately lead to more successful exercises in the future. Organizations should focus on an exercise program where they have a goal to conduct a certain amount over a period of time to ensure any gaps are filled.