Crisis Management Versus Risk Management: Do You Know the Difference?
27 September 2016 at 9:58 am
Not for Profit boards need to ask insightful questions and work in partnership with the CEO and executive team to create resilient, adaptable and risk-aware organisations, writes Jodie Willmer, lead consultant at Conscious Governance and upcoming Pro Bono Australia Executive Webinar host.
I was recently asked to present a keynote speech about risk management for Not for Profit organisations, and when I probed deeper with my client it became apparent that what they really wanted to know about was how to manage an unforeseen crisis.
This wasn’t the first time that a client of mine had merged the concept of a crisis into the concept of risk, so it led me to consider the key differences. My ultimate aim was to ensure that clients were using the right language to adequately prepare for and manage foreseen and unforeseen future events.
A crisis is an event that occurs at a specific point in time. It is usually something that is unforeseen, public in nature and has the potential to cause great harm to an organisation in terms of finances, revenues, reputation, market positioning and service delivery.
The following are examples of a crisis:
- the sudden departure of a long-standing CEO or board chair
- fraud – this will impact on trust of donors, funders and stakeholders
- accusations of sexual misconduct or abuse
- a viral video that compromises the organisation’s credibility.
The manner in which an organisation, its executive team and board responds to and handles a crisis will often determine the overall impact the crisis has. Being on the front foot with a crisis management plan and scenario planning, acknowledging what has happened (and expressing authentic empathy towards people who have been affected), accepting responsibility, offering assurances and following through quickly will ensure the best possible outcome.
Conversely, being slow off the mark, deflecting responsibility and doing little else is likely to exacerbate the situation and lead to greater negative consequences.
Managed well, a crisis situation shows the world that the organisation is resilient and well run.
A risk is a potential activity or event that could harm the organisation’s finances, revenues, reputation, market position and capacity to deliver services.
Risks may be of a strategic nature or operational nature. Examples of both are as follows:
- not preparing adequately for new trends and shifts in the marketplace
- taking a course of action that is not in line with the strategic objectives of the business
- making a major investment in technologies, systems and methodologies that are about to become obsolete due to changes in the environment.
- a cost overrun on an infrastructure project
- the mismanagement of a business unit
- a lack of training and induction about critical incident reporting.
Some writers elsewhere on the web have referred to risks as potential threats, however it is my belief that describing them in this way does more harm than good as it tends to polarise and paralyse rather than energise and mobilise.
So the key differences could be summarised by the following:
- Crisis management is concerned with responding to, managing and recovering from an unforeseen event.
- Risk management is concerned with identifying, assessing and mitigating any activity or event that could cause harm to the business. Risks can be strategic or operational in nature. An example of a strategic risk is not preparing adequately for new trends and shifts in the marketplace, while an example of an operational risk is the cost overrun on an infrastructure project.
Effective risk management and crisis management starts with the board. Regular board reports that analyse these critical risks, their monitoring and treatment provide the board with strategic information regarding the key drivers of the business. The board’s role in monitoring these risks is not to ensure they don’t occur, but to turn these risks into strategic advantage.
Boards need to ask insightful questions and work in partnership with the CEO and executive team to create resilient, adaptable and risk aware organisations.
Jodie Willmer will co-host Pro Bono Australia’s Executive Webinar, Organisation Review: Protecting your organisation’s reputation, on 5 October 2016, 2pm with Ross Campbell and Georgina Chapman. The 60-minute live panel will help you prepare, or improve an existing risk management strategy, to ensure the safety of your staff, volunteers and clients and publicly protect your reputation. Book here.
About the author: Jodie Willmer is a lead consultant for Conscious Governance, a Melbourne-based Not for Profit consultancy specialising in strategic planning, governance and risk. Email: firstname.lastname@example.org