Your crisis management governance model serves as one of the foundational elements of your entire crisis management program. It defines everything from the structure, roles and responsibilities of your crisis team, straight through to your internal escalation process.
When working with clients to develop a scalable crisis management program, their governance structure is one of the first things I focus on developing. Following are some tips and guidelines to help you develop or strengthen your own crisis management governance model.
How to structure your crisis management governance model
For starters, there are two important things to take into consideration when developing your crisis management governance model:
1- Your crisis management governance structure should mirror your organization’s governance structure
As human beings, we revert to default when under pressure. So it’s important for your crisis management governance to be a natural flow for your team. I’ve seen consultants try to use fancy terms when helping an organization develop their governance model – things like “Crisis Leadership Team” or “Crisis Action Team” – but taking this approach, in my experience, is not very practical. In fact, the last thing you want to be doing in a crisis is using terms and language that aren’t natural to you, and that people may not understand or may be confused by.
What you want to do instead, is make sure that your crisis management governance reflects the organizational structure that all employees and team members are already familiar with. This applies to everything from the leadership structure of your company to the language you use to name and refer to your crisis teams (more on this below).
2- Each stakeholder group should have representation at the crisis management table
When assessing the scope and impact of an incident on your organization, you want to ensure that each key stakeholder group is considered and represented throughout all stages of crisis management. The only way to do this is to have a well-rounded crisis management team that encompasses all stakeholder group “owners”. (I wrote more about this here, if you’re interested.)
What to include within your crisis management governance model
While you develop your crisis preparedness program’s governance model, you’ll want to be sure to think through and include the following:
To think through and answer:
- What is the current governance structure of your organization (including names of groups, i.e.: “senior management”, “business heads”, “unit heads”, regional heads”, etc.)?
- If a (potential) crisis were to present itself, what would be the natural internal escalation process that would take place?
- Is this escalation process a natural course of everyday business – in other words, are your employees already familiar with it?
- How do you balance filtering through different events, so as not to summon members of senior management for nothing, but to also ensure efficient and timely escalation when an incident is serious enough?
- Which members of your management team would be responsible for implementing parts of your crisis management plan (i.e.: communication with key stakeholders, important crisis management actions, etc.), versus who would actually be accountable for the organization’s crisis management?
Answering these questions will help you determine the different teams and their crisis management responsibilities. For example, you will most certainly determine that your crisis management team is made up of two or three subset groups, each with their different capacities and functions.
Following is an example of these subset groups, which you can feel free to model after and adapt to your own needs:
The leadership team
This individual, or group of individuals, has the ultimate authority to declare a crisis and activate the crisis management playbook. This group is also accountable for the management of the crisis. Depending on the organization’s governance structure, this may be the CEO, or it may be a group of individuals, such as the Board of Directors or the entire senior management team.
The “action” team
This group will have important crisis management roles and responsibilities, though won’t necessarily be accountable for the organization’s crisis management, nor will they have the authority to declare that the organization is officially in “crisis mode”. Instead, they will be told to activate their respective action plans by the leadership team, when appropriate, and will be held responsible for the implementation of those actions. This group, depending on the structure of your organization, may be comprised of business heads, department heads, unit heads, regional heads and so on.
The working groups or specific ad hoc teams
These teams are typically case-specific and serve as the starting point of the internal escalation process. They are usually responsible for conducting a preliminary assessment of the situation and flagging it for escalation, as appropriate. For example, in a cyber security incident, your IT team will probably be the first to receive news of a potential issue. But then what? As most organizations encounter many IT-related incidents in a given week or month – the majority of which are not crises – you want to ensure that the proper people are assessing each individual incident and escalating them to the crisis team only as needed. But in order to do this, you want to ensure that the group responsible for conducting this preliminary assessment is well-rounded and able to look at the full scope and impact of the incident on the business. So in this example, this group may consist of an IT member, along with other department team members, such as legal, compliance, IR, HR, different business units, etc.
Additional items to include within your crisis management governance
Once you have your crisis management governance worked out, you’ll want to ensure that you have the proper documentation that will prove useful in a crisis – as well as to be used in trainings and exercises. For this, you will want to include:
- The subset teams that comprise your crisis team, defining their crisis management functions and responsibilities
- The different team members (first called out by title, followed by name) and their individual crisis management roles and responsibilities
- Alternates for each crisis team member (each team member should assign a secondary person to assume their crisis management responsibilities in the event that they cannot be reached in a crisis)
- Detailed contact information for each crisis team member and their alternate
- The proper escalation protocol of a given incident or event
As you can see, your crisis management governance plays an important role within your crisis preparedness program. The most important things are to ensure its practicality and that it mirrors your organization’s already established culture and processes. What additional (or different) elements have you included within your organization’s governance model?
Pgoto credit: tridland/shutterstock.com