A crisis is a moment of truth that tests a company’s readiness, resilience and response. Organisations can emerge stronger after their most testing moments. Are you prepared? Watch this video to get a flavour of what’s going on.
The coronavirus pandemic has created new challenges for businesses as they adapt to new operating models. Across all industries, companies are facing a period of greater uncertainty and growing threats from financial crime, disruptive technologies and other strategic risks. It is also clear that crises and reputational issues strike more quickly than ever before. This is amplified by social media and the ‘public information space’. The reputational, operational, legal and compliance implications could be considerable.
For most, a major crisis is a once-in-a-career event. As a consequence, it is easy to fall back on routine procedures, only worsening the outcome, or to improvise the wrong solutions out of fear and panic instead of following effective practices. But at a time when corporate reputations are under greater scrutiny, managing financial crime threats, strategic risks, and being ready and able to deal with crises and issues effectively when they happen are high priorities for many boards and senior executives.
The crisis lifecycle
Effective preparation needs to address the entire crisis management lifecycle – prevention, response and recovery. Each phase of this lifecycle can present an opportunity to protect the organisation from risks, costs and damage emanating from a crisis – and to strengthen the organisation’s defences in future.
Each phase answers a specific objective:
- Be ready: prevent crisis, identify risks and prepare for the worst.
- Know how to respond: analyse and respond to the crisis, while keeping the business running.
- Recover fast: learn, recover and emerge stronger.
Each phase has a range of solutions, which need to be customised to prevent the avoidable and prepare for the truly unavoidable. Below are two Deloitte client stories with successful outcomes.
360° crisis prevention
A Swiss-based multinational corporation established best-in-class risk management procedures to prevent adverse events to the fullest extent possible. The project included the redesign of the enterprise risk management process, including assessing and defining the company’s risk appetite, conducting a risk assessment across all divisions and the re-design and implementation of a mitigating control framework.
Long-term efficiency in crisis response
A Swiss-headquartered multinational client had to respond to regulatory actions taken by a number of regulatory authorities in the wake of allegations of corrupt business practices. The allegations related to the securing of new business in several geographies, including the Middle East and Central Asia, and covered a period of over ten years. A comprehensive and broad investigation was conducted, including email and other document reviews, interviews and analysis of ERP systems in various international locations.
Crisis prevention is on the agenda of most executive committee meetings, but should perhaps be given extra attention in light of the growing threats and vulnerabilities stemming from the pandemic. In the midst of the third wave of the coronavirus and concerns about the longevity of the pandemic, companies should be proactive in addressing the threats, and plan ways to prevent crises rather than responding when they occur.
This pandemic has taught us that preparation is key to successfully limiting risks. The ability to quickly react to unforeseen events helps reduce overall impact and prepares companies to better face the continuous increase of threats. Companies that were caught off guard will have to quickly assess their exposure to threats and prioritise initiatives to address their security gaps. The reality is that companies need to change their outlook from ‘if’ they get attacked, to ’when’, and recognise that the fallout can be financially and reputationally devastating, especially if customer data is involved. There are ways to reduce the likelihood and impact of threats, but it requires focused action and forward planning.