Table of contents
In the first part of our 8-part blog series, we start by clarifying some basic questions. What do we mean by crisis management? What advantage do companies and organisations gain from it? What is a crisis and what is the difference between the disciplines of crisis management, risk management and business continuity management?
So let’s get started!
What crisis management is and how companies benefit from it.
It is all too human to not want to deal with any crisis issues at all during calm, prosperous times. After all, crisis prevention and crisis preparedness, which we will discuss in later parts of our blog series, are very time-consuming for companies. Nevertheless, the effort is worth it, because with the help of clever crisis management, companies and organisations are able to take effective countermeasures to avert worse. After all, those who do not act quickly and according to plan in emergencies and crises risk economic damage, legal consequences, the loss of their good reputation and, in the worst case, endanger human lives and the environment. The purpose of crisis management is therefore to be prepared for such situations.
Thus, crisis management is understood as the systematic handling of concrete crisis situations with the aim of ensuring the continued existence of the company or organisation. Last but not least, crisis management is a central management task which, in addition to identifying and analysing crisis situations, involves developing the right strategy with suitable measures to deal with a crisis situation. In the course of a crisis, follow-up is of course also an important part of crisis management.
Often the terms risk management and business continuity management appear synonymously in connection with crisis management, although - despite clear overlaps - there are some key distinguishing features.
What are these?
Difference between crisis management and risk management
While risk management basically serves to prevent crises, crisis management - from the actual understanding - only begins when a crisis occurs. The difference between risk management and crisis management lies primarily in the fact that the former attempts to identify, analyse and evaluate risks that are as concrete as possible in order to prepare measures or scenarios that can be used to react when a risk occurs. And so the ISO 31000 standard describes risk management as “coordinated activities to guide and control an enterprise or organisation with regard to risks “. In contrast, crisis management is rather to be understood as a kind of early warning system that focuses on sudden, unexpected hazards. This fine distinction leads to the fact that risk management can be understood as a process superordinate to crisis management. This also means that crisis management always kicks in when risk management has not taken a scenario into account or has not taken it sufficiently into account, or when the existing safety management is not sufficient to mitigate a dangerous development or dangerous situation in advance.
Despite the semantic differences in the terms, there are similarities in the content of the two types of management. The basic structure for risk management as well as for crisis management can be found in the 5 phases pre-planning, risk analysis, preventive measures, crisis management and evaluation.
Let us now turn to another discipline that is also frequently mentioned in connection with crisis management, namely business continuity management.
Crisis management vs. business continuity management
Business continuity management (BCM) is designed to minimise damage to companies and to take the best possible precautions in the event of serious disruptions. Among other things, the BCM system defines plans on how regular operations can be resumed as quickly as possible after an interruption caused by a disruption. BCM is thus basically a kind of precautionary system to increase the resilience of an organisation. The international ISO 22301 standard helps to consider the most important points for business continuity management. It provides the appropriate framework for implementing a BCM system in companies of any industry and size.
In comparison, crisis management consists of preparing an organisation for the occurrence of emergencies and crises by means of targeted measures in order to minimise the extent and duration of an event as much as possible. Crisis management is thus closely related to business continuity management and is characterised by the fact that (pre-)defined measures take effect immediately when an event occurs in order to ensure the most reliable BCM possible. Since both management systems have certain dependencies or overlaps, it is important never to consider the measures for emergencies and crises in isolation from each other, but always to coordinate them with each other, taking continuity management into account.
Before we come to the end of the first part of our blog series, we will take a short detour to the simple question of how crises are actually defined.
What is a crisis?
The concept of crisis is used in different ways depending on the field, discipline or context. The Federal Office of Civil Protection and Disaster Assistance defines a crisis as follows:
“Situation deviating from the normal state with the potential for or with already occurred damage to protected assets, which can no longer be managed with the normal operational and organisational structure, so that a Special Organisational Structure (BAO) is required. “.
In the corporate context, a crisis is a deviation from normal operations that can no longer be managed within the usual structures. Special measures are therefore required here to restore the normal state.
Another definition describes corporate crises as follows:
”(…) unplanned and unwanted processes of limited duration and influenceability and with an ambivalent outcome. They are capable of substantially and sustainably endangering the continued existence of the entire enterprise or even making it impossible. This happens through the impairment of certain goals, the endangerment or even non-achievement of which is tantamount to a sustainable threat to or destruction of existence. (…)” (Krystek 1987)
What is defined in detail as a crisis or an emergency is logically always a question of perspective. Thus, a crisis in a large trading company can be triggered by the discovery of substances hazardous to health in the products, while in a medium-sized company a major hacker attack leads to a crisis or a smaller company has to fear for its existence due to a fire. Regardless of what triggers a crisis, the point in all situations is that something must be done to resume normal operations as quickly as possible. We will discuss how a crisis is ultimately “lived through”, i.e. which phases crisis management involves, in the next part of our blog series.
Continue reading: What is crisis management? Part 2: The crisis management process
