No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Risk

Preparing for the Unexpected

by Jim DeLoach
June 29, 2015
in Risk
Preparing for the Unexpected

Stuff happens. We may not like it, we may even consider it unfair, but it is a fact of life. In the business environment, the question is: Are management and the Board prepared to respond?

Two years ago, I had the opportunity to talk with the Chairman of the Board for a major institution. He observed he had talked with some of his peers about recurring situations across America that had caused a reputation hit. There was a train of thought in this discussion that there had to be a connection between an organization’s risk assessment and its crisis management. In other words, should the risk assessment process inform the organization’s crisis response team?

It’s a fair question. And it’s important. Even the proudest organizations and brands are not immune to being called out by the unexpected.

Rapid Response Teams

To improve response readiness to a crisis, many companies form a rapid-response crisis communications team because everyone knows you can’t fight a fire with a committee. A rapid response team might consist of representatives from executive management, leadership of affected business units and leadership of such functions as human resources, finance, operations, information technology, public relations and legal. If necessary, a suitable crisis management consultant might be engaged. This team typically authorizes a pool of individuals who are trained to serve as spokespersons to speak on behalf of the organization in times of crisis to the media, internally at employee meetings and/or externally at public meetings.

An effective response plan emphasizes the importance of transparency, straight talk and effective deployment of social media. Messaging emphasizes the company has a plan, compassion for any victims and, as appropriate, the company’s efforts to investigate to ascertain what happened. Holding statements, prepared with the assistance of public relations and pre-approved by legal, express concern for the safety and well-being of any victims and buy time for the response team to investigate the incident and take appropriate steps to reduce the chances of another occurrence. Most importantly, the response team’s actions must back up the messaging.

That’s for starters. A rapid-response team should formulate a crisis management plan and ensure it is updated and tested periodically and supported by the communications plan discussed above. Key internal and external stakeholders who matter most to the organization should be identified and a reliable system should be in place to notify them when a crisis emerges.

Is a crisis response capability enough? Not necessarily. Not all crises are equal. Depending on the nature of the potential crisis, the response plans will vary in terms of specifics. For example, one Fortune 100 company has long stressed the vital importance of contingency planning. Its corporate crisis management plan is supported by 17 standing crisis response teams that deal with matters such as financial issues, security, plant safety, environmental matters, weather phenomena and terrorism. These teams are prepared to respond immediately to a crisis. Once a crisis worthy of evoking the crisis management plan emerges and its cause and nature is determined, the appropriate teams are activated to determine what needs to be done while the others stand down. This company’s crisis management plan offers remarkable versatility.[1]

The Risk Assessment Process Can Enhance Preparedness

Properly focused, the risk assessment process provides insights as to the appropriate crisis response teams to have in place. Traditional risk maps, heat maps and risk rankings based on subjective assessments of severity of impact and likelihood of occurrence often leave an organization with a list of risks and, with respect to the high-impact, low-likelihood risks, little insight as to what to do next. And once the exercise is completed, the question still remains: What is the organization going to do if any of these events were to occur?

Throwing darts at the wall to guess at probabilities to determine that a particular risk is remotely likely to happen isn’t going to eliminate the threat. That’s why, when assessing risks, it is important to consider the following factors in addition to significance of impact and likelihood of occurrence:

  • Velocity to impact once an event occurs (e.g., does the scenario or event have an immediate impact once it occurs, allowing little time for reaction, or does it smolder for years mired deep into the company’s processes until the day of reckoning finally arrives?);
  • Persistence of the impact (e.g., does the scenario or event have a lasting headline effect or will it quickly become yesterday’s news?); and
  • Resiliency of the company in responding to the scenario or event.

These additional criteria help management evaluate high-impact, low-likelihood threats to identify areas where preparedness must be improved.

Another approach is to undertake an “extended end-to-end enterprise” perspective by looking at the value chain that summarizes the entire life cycle of value creation; that is, management should look upstream to key suppliers and downstream to key customers to identify the key dependencies that really matter. For example:

  • Which suppliers do we depend on for essential raw materials and component parts? What would happen if we were to lose one of them for any reason? How long would we be able to operate? Are there other qualified sources of supply that can be readily available?
  • Have our key suppliers performed their own risk assessment, looking at their suppliers? Do they have effective plans for taking corrective action in time of disaster? How do we know?
  • What if there were temporary shortages in raw materials? Or serious defects in supplier raw materials and component parts? Or material volatility in prices?
  • Are there customers we can’t afford to lose? What if major customer contracts were not renewed? What if major customers were to consolidate? What if we were to lose a major distribution channel?
  • What if there were significant disruptions in the transportation system?

When assessing the potential impact of a disruption, consider its velocity and persistence as well as the organization’s response readiness. When these additional factors are considered, risk management begins to intersect with crisis management. This analysis may point to one or more areas requiring a rapid response team.

In summary, it is an imperative for executive management and the Board of Directors to build a rapid-response crisis management capability for sudden and unexpected high-impact, high-velocity and high-persistence events. A world-class response to a persistent crisis is vital to the company’s ultimate recovery from it. Simply stated, early preparation improves an organization’s ability to respond to a crisis, reduces damage to a company’s brand image and reputation and minimizes regulatory sanctions, penalties or fines.

[1] “DuPont’s Swift Response to the Financial Crisis,” Ram Charan, Bloomberg Business Week Magazine, January 7, 2009.


Previous Post

Records & Information Management: 2015 Risk Perspective

Next Post

Willpower Woes: How a Rotten Resolve Can Hurt You

Jim DeLoach

Jim DeLoach

Jim DeLoach, a founding Protiviti managing director, has over 35 years of experience in advising boards and C-suite executives on a variety of matters, including the evaluation of responses to government mandates, shareholder demands and changing markets in a cost-effective and sustainable manner. He assists companies in integrating risk and risk management with strategy setting and performance management. Jim has been appointed to the NACD Directorship 100 list from 2012 to 2018.

Related Posts

Kovr 2F Partnership

Kovr.ai Partners With Second Front Systems for Government Software Accreditation

by Corporate Compliance Insights
May 22, 2025

Kovr.ai and Second Front Systems have partnered to automate software accreditation processes for government agencies through a combined platform that...

SolidusLabs Launch

Solidus Labs Launches AI Agent for Trade Surveillance

by Corporate Compliance Insights
May 22, 2025

Solidus Labs has launched an agentic AI system for trade surveillance workflows at financial institutions. The New York-based firm's platform,...

TrustCloud Funding

TrustCloud Raises $15M

by Corporate Compliance Insights
May 22, 2025

Security assurance platform TrustCloud has raised $15 million in strategic funding led by ServiceNow Ventures. Cisco Investments, Presidio Ventures, OpenView...

Diligent Vault M&A

Diligent Acquires AI E&C Provider Vault

by Corporate Compliance Insights
May 22, 2025

GRC software provider Diligent has acquired Vault, an AI-powered ethics and compliance platform, to integrate speak-up technology and investigation tools...

Next Post
Willpower Woes: How a Rotten Resolve Can Hurt You

Willpower Woes: How a Rotten Resolve Can Hurt You

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights