Risk Issues and Crisis Management in Public Relations – A Casebook of Best Practice

admin

Authors: Michael Regester & Judy Larkin

In this book, the authors discuss risk management (although they only speak of risk issues) and crisis management as part of what they call ‘Issues management’ and that with an approach from the perspective of public relations. Here they give numerous examples in the form of case studies.

The book is divided into two parts: a section on the elaboration of issues management, which looks suspiciously like risk management, because it has many similar building blocks, and a second section on crisis management, emphasizing both the importance of the teams, as the communication aspects.

Issues management is working on the drafting of a procedure of issues management, in which a great deal of attention is paid to the components that the authors consider important. The whole is concluded with some overviews of concrete approaches in two existing organizations.

Concerning Crisis Management, it is the intention that you remember the following (not necessarily in this order and certainly not an exhaustive list):

 

  • Be the first to share, recognize first that there is a problem.
  • Rectify immediately any error that comes into the media.
  • Be complete, correct, honest, transparent and willing to communicate. Do not say things like ‘no comment’ and if nothing is known yet, then tell them you will not leave no stone unconverted untill is known how things work.
  • Provide a place to speak to the press. It’s best to work one-on-one for the television channels. The latter can take a lot of time and energy and therefore it can be interesting to have a single TV interview set up in consultation with all channels.
  • Start communicating immediately, even if you do not have any information yet.
  • Always discuss the following topics in the following order:

    • People
    • Environment and environs
    • Properties
    • Money

And always talk first about the facts, then emotions and then state a vision of what you will do or are doing about it. Prevent a void in communication.

  • Always make sure that your actions are in the spotlight, and that you are heard.
  • Avoid putting bad blood in the population.
  • Visit the disaster site.
  • Acknowledge fault when it is proven, not before. Refer to experts for the evidence and do not be tempted into endless defense talk.
  • Never speculate about what you do not know.
  • If the press does not pay attention to you, do not walk away, stay in the area but do not pull any attention to your organization. Do not be a ‘sitting target’.
  • Do not ignore any media source.
  • Be willing to pay ex-gratia.

All this is extensively upholstered with cases where it worked and where it did not work.

Key Risk Indicators

admin

Authors: Ann Rodriguez and Viney Chadha

In the book, the authors discuss the entire set-up and implementation of a Key Risk Indicators framework that can be used as an integral part of the Risk Management Framework, as a tool that can be used to support decision making in day-to-day management.

In the first chapter, the authors explain the foundations of KRI: measuring is after all knowing. That is why you also need to know that there are different types of indicators. The book covers Key Risk Indicators, Key Performance Indicators and Key Control Indicators.

Very important is the common language, the Risk taxonomy, which the people in the organization must speak. This is important, amongst other things, for the recognition of deviations that may occur in the measurements and / or the interpretation thereof.

But one of the most important aspects is with regards to Risk management and KRI, is the culture of the organization. One of the possible aspects is how committed the employees are to achieving common objectives. Another aspect is how well the three lines of defense have been developed and how well they work together.

In a few short chapters, the importance of the Enterprise Risk Management and the ERM Framework are discussed. The Operational Risk Management is discussed afterwards in a very extensive chapter. The most important program elements according to the authors are: risk and control self-assessments, scenario analysis, business environment assessments, data of internal losses, data of external losses, issues management and ultimately: the KRI.

In chapters 7, 8 and 9 the authors discuss the preparation of a KRI Framework, the life cycle of the KRI program and the KRI Project that implements everything. Chapters 10 and 11 deal with the use of KRIs and how you report about them, and what you report to them, depending on whether they do other things with the numbers … (The board does not need the same figures as Senior Management, for example).

In chapter 12, the authors discuss a tool that can determine whether an indicator is a “Key” indicator.

The story ends with a series of Case studies. The classic, Union Carbide in Bhopal could not be ignored. In addition, the authors also provide a number of KRI that could have yielded an alternative outcome. Finally, a number of concluding thoughts tell us that KRI must evolve from an art to a science. This book contributes to this.

The Psychology Of Information Security – Resolving conflicts between security compliance and human behavior

admin

Author: Leron Zinatullin

In this book the author explains the human side of IT Security. By linking the behavior of the target group (the people in the organization) to the desired outcomes (an information-safer environment) the IT security consultant has to bring this about.

But that requires knowing what the situation is, what the employees’ world is, what they view as their goals. And what they experience as being onerous.

Research shows that there are three objections to information-safe work by the employees:

  • There is no clear reason to comply with the IT security rules
  • The cost of fulfilling it is too high
  • There is an inability to comply with the rules

The author doesn’t claim that this list is exhaustive. The author does not go much further than the fact that you have to solve this with empathy for desired usability. How you do that is by communicating intensely with the target group. Unfortunately, the author proposes a classical scheme of communication, completely bilateral, one on one, instead of a communication in a network of people, many to many.

According to him, the goal of working on the information security culture is to show the employees that it can be an easy way of working. One of the explanations of a weak culture in this area is the “broken windows theory”: if a window falls in a neighborhood, the whole neighborhood will have to deal with a negative influence. But the theory would also work the other way around, and showing the good example is worthwhile.

Then the author talks about the psychology of compliance with the rules: this includes external and internal factors. The external factors include reward, punishment, competition. The internal factors include giving meaning, pleasure and interest. There are interactions between both groups of motivations, strengthening or weakening. In addition, other factors are decisive, such as autonomy, etc.

In the last chapter, the author gives a first glance at how changing the approach to security.

Chasing change : building organizational capacity in a turbulent environment

admin

Authors: Robert C. Thames and Douglas W. Webster

This book is about change management. More specifically, building the change capacity of the organization.

The book starts with a first part about ‘Awareness’: changes can come from everywhere, and change management helps to optimize the survival in a changing environment. With their example of hurricanes and earthquakes, the intuitive link with risk management is immediate. One of the most important starting points of the book, is the importance of the ‘mindset’ of the employees as well as the organizational ‘mindset’: is it a ‘fixed’ mindset in which a changeable environment is impossible, or is it a ‘growth and development mindset’ in which a person and an organization are flexible with regard to a changing environment.

This last mindset is of great importance for the ‘change challenge framework’. So called first order changes and second order changes are important. A first order change is the change that results from a shift of the needs of the environment in relation to the capacities of the organization to meet those needs of the environment. A ‘targeted change gap’ is that portion of the first order change that one wants to close from the ‘First Order Change Gap’ (the total current first order change difference).

A second order change is the actual response of the organization with the intent to close the ‘targeted change gap’.

This results in a so-called ‘Second Order Change Gap’ due to maladjustment of the organization, especially by only filling in the physical dimension and a lack of softness on the changes. In doing so, the term ‘project plan’ is used to indicate the completion of the physical dimension, and the term ‘change plan’ to indicate changes in the organization and the personal mindsets. (This is the closing of the second order change gap).

As you can see, a fairly complex picture emerges, which requires its own terminology.

The second part of the book deals with only one part of the closing of the second order change gap, namely the development of organizational capacities for the possibility of change. The 13 capacities that are being looked at are:

  • Leadership
  • Commitment
  • Liability
  • Thinking forward
  • Innovation
  • Communication
  • Risk tolerance
  • Organizational learning
  • Trust
  • Diversity
  • Empowerment
  • Adaptability
  • Dynamic stability


For each of these topics, the book provides a chapter with a definition and a checklist for a five-point scale. This five-point scale can be used to assess both the current situation and the desired situation.

Chapter 20 discusses the implementation of the change plan. This is further illustrated in Chapter 21 by means of an action plan from a brand new CEO at the so-called ‘Candor Bank’. Chapter 22 provides a case study of hurricane Katrina in New Orleans in 2005 with the aim to illustrate the ‘change model and capability assessment’. In chapter 23, the conclusion, a short summary is given of the main ideas of the entire book.

Why Some Firms Thrive While Others Fail – Governance and Management Lessons from the Crisis.

admin

Author: Thomas H. Stanton

The book deals with the what and how of the mortgage bond crisis of about 2008. Only roughly because none of the organizations involved were not informed in advance. The book contains a great deal of historical material from the crisis, expressed in financial terms. A financial background helps to fully appreciate the book. Nevertheless, in the last chapter, the author takes up the challenge of extending the analogy with a number of non-financial organizations.

But what should we remember from this book?

First of all there are four principles of winners during crises:

1 ° Provide discipline and a long-term perspective.

2 ° Provide robust communication- and information systems

3 ° Provide the capacity to respond effectively to ‘early warning signs’ and

4 ° Ensure a constructive dialogue between the business units and the risk managers.

But there is more than that.

What are the differences between the firms that controlled the crisis and those who failed?

  • The winners nor the losers saw that the houses would decrease in value. But the “survivors” saw that the market moved in a way that they did not understand. Therefore, they reduced exposure to it.
  • The winners did research in 2006-2007 on the causes of the unexpected developments in the market.
  • JP Morgan differed from other organizations because they built up a financial reserve to take over other organizations if they would get into trouble because of the developments in the market.
  • Other companies failed because they took excessive risks at the wrong time in a narrow range of assets.
  • Successful organizations received a lot of feedback and engaged in constructive dialogues before taking on risks.
  • In some organizations, the CEO was actively involved in the decision to reduce the risk.
  • Successful organizations had a culture, supported by top management, that promoted constant communication between business units and the risk team and higher up the hierarchy.
  • When the successful organizations came into close contact, they again emphasized effective risk management.
  • Successful organizations had information systems that provided an organization-wide view on risks and their changes in time.
  • Perhaps the biggest problem is the immense pressure to deliver short-term performance. This prevents the installation of a risk management system.
  • Effective risk management requires expenditure and discipline, in order not to take short-term gain, which other organizations do, based on risky practices. Support from the CEO and preferably also from ‘the board’ is essential.
  • Risk management is part of all management. A strong information infrastructure is required both for managing the organization and for having an organization-wide view of the risks.
  • Make sure that risk management does not become a formality!
  • It is not easy to be a risk manager if the organization decides not to take the risks into account. You must always be able to tell your truth. Even if you are fired for it.
  • Although the markets and the risks become more complex, simple questions remain critical in order to guarantee a good decision. An important question with weird markets is “what is happening that we do not understand?”.
  • Winners discuss intense implications of threats.
  • Winners had drawn up models for the risk situations, but did not trust them blindly.