You are on page 1of 9

Crisis Management

Who’s In Charge?

Presented by:
Cynthia Simeone, CBCP, PMP
Satori Consulting
Judith Walker, PMP
Goldman Sachs

Crisis Management

• What is Crisis Management?

“ Crisis Management involves identifying


a crisis, planning a response to the
crisis and confronting and resolving the
crisis.

http://en.wikipedia.org/wiki/Crisis_management

1
“ The overall coordination of an
organization's response to a crisis, in an
effective, timely manner, with the goal of
avoiding or minimizing damage to the
organization's profitability, reputation, or
ability to operate.

www.it.jhu.edu/etso/dr/industry/glossary.html

…AND making sure people are safe

Crisis Management…

“The application of foresight, judgment and leadership:


• Foresight to plan for a crisis;
• Judgment to establish sound risk mitigation and recovery
solutions;
• Leadership to enable teams to perform during a crisis.”

- Cynthia Simeone, Satori Consulting

Crisis Activities
p le ation
eo sport
rp Tran
t fo Re c
Buildings un ove
co ry
Ac site
s

Technology

What’s happened?
People
safety
ss Firm leade
Busine rship

es
Communications Utiliti

2
Who’s in Charge?
The historical view of crisis management ownership
CEO Business Security Dir. of BC Enterprise Risk Officer
Owner Technologists
Unit Heads
CIO
Audit

Business
Influencers Technology Finance Safety Regulators Corporate Integration
Process
OCC/FFIEC

50’s & 60’S 1970’s & 80’s 1990’s 2000 2001 2002 2004-now

Client/Server SEC/ NYSE


Significant Mainframe NFPA G-L-B Act SOX
Technologies NASD
Events 1600
HIPPA/ 9/11/2001 Rulings
JCAHO Economic
Globalization

Delivery Centralized Decentralized Centralized Matrixed


Disaster Recovery
Model Disaster Business
Alternate-Site
Focus Recovery Continuity
Data Storage
Hot-Site
Recovery

Other Key Stakeholders/Influencers

• OHS • Environmental/Non-
• OEM technical threats
impacting the human
• Cross industry, cross component of crisis
organizational, cross recovery
agency
interdependencies • Regional impacts
• Shareholder expectation –
competitive advantage

Why Should You Care about


Managing a Crisis?

3
How do Organizations Successfully
Manage a Crisis?
• Provide a framework for groups to work together by
identifying
– Governance Structure
– Decision Matrix and Clear Escalation Point Definitions
• Focus on Primary Components:
– Command and Control
– Communications
– People Accountability
– Recovery – Have a Plan

How Can you Apply this to Your


Company?
Recommendation for Organizational Crisis Management Definition

1. Assess Current Organization Governance Model by


developing a Responsibility Assignment Matrix Map
2. Define desired chain of command criteria for your
organization
3. Perform Command Gap Analysis (current versus desired)
4. Develop Governance Guidelines to meet your
organization’s command criteria
5. Develop Benchmarking Matrix
6. Implement Revised Governance Model

Responsibility Assignment Matrix Map

LEGEND Business
Responsibility Continuity Security /
Executive Office Enterprise Risk Finance Communications Audit Business Unit Technology
Assignment Matrix Steering Facilities
R = Responsible Committee

A = Accountable
Scope/Strategy
S = Supportive

C = Consulted

I = Informed Risk Assessment

BIA

Emergency
Response/
Operations

Risk Evaluation/
And Control

Maintenance
Exercising,
Continuous
Improvement

4
Define Desired Chain of Command
Criteria for Your Organization
• Develop an information/communication workflow diagram
– Common Roles
– Frameworks for Communication
• Determine organizational drivers and influencers
• Identify communication interdependencies and
intersections

Desired Chain of Command

Level 1 Crisis Command Incident Response


Center Team

Division A Division B Division C


Level 2

Level 3 Department 1 Department 2 Department 3 Department 4 Department 5 Department 6

Crisis Command Center


a.k.a Emergency Management Team

• The “War Room”


• Where Strategic Decisions are Made
• Central Point for ALL Public Interaction Including
- Public Emergency Responders (police, fire, etc.)
- Media
- Shareholders
• Manage Response and Recovery

5
INCIDENT RESPONSE TEAM (IRT)
Senior tactical representatives from each key response
division who link-up to:

• Establish impact/disruption
• Coordinate response and recovery
• Account for people

Incident Response Team Activities by


Division
Technology/ Business/Ops/
Security Facilities BCP HR Exec Office
Account for
What’s
Building Technology people Firm leadership
happened?

People safety Utilities Recovery sites

Business

Account for
people Transportation

Recovery sites

Communications (Internally focused) / Corporate Communications (Externally focused)

Develop Governance Guidelines

• Define Roles and Responsibilities


• Define Levels of Authority
• Identify Escalation Point Criteria

6
c
H gi
te
ra
St
Internal activity / requirements

EMT
IRT
M
l
ca
cti
Ta

CCC
L M H

External / Organizational Consequence


(financial / reputation health)

Achieving the Objectives


METHODS AND IMPACT
Command and People
Communication Tech Recovery
Control Accountability
Notification tests, micro-drills, table-top exercises and full
1 Drills/tests drills. Must be held regularly to be effective. Forces attention
on Crisis management improvement.
   
Implement process to consistently capture and action lessons
Incident/near-
2 miss learning
from real incidents and near misses. Our experiences + other
companies.
   
Build tools to support technology recovery. This could include
New crisis
3
tools
tools which help with rapidly gathering impact information or
tracking our recovery status
 
Develop a scoring method to benchmark Technology crisis
4 Benchmarking management against the rest of the firm and to show progress
over time
  
General training covering Crisis Management fundamentals
5 Training plus Technology specific information  

TARGETING THE METHODS


Incident/near-
Drills/Tests New crisis tools Benchmarking Training
miss learning

Senior management     

Critical groups     

All employees 

Implement Revised Governance


Model
How do you tell the CEO that s/he’s not in charge in a
crisis?
• Before you begin – define and socialize your value
proposition
• Use standard organizational Change Management
practices and principles
– Define Roles and Responsibilities
– Hold one-on-one meetings with executives
– Facilitate frequent drills to create a synergistic
environment of support and common goals
• Keep lines of communication open – the primary key
to success!

7
Ready to Practice?

• Drill Simulation Exercise

The theory for how a large crisis


would unfold
Emergency Escalation &
Activation of Business
Response Disaster Divisional Notification
Recovery
& Evaluation Declaration

EMERGENCY Division Business


INCIDENT EMT Units
MANAGEMENT
RESPONSE
TEAM (EMT)
TEAM (IRT)
Crisis Divisional Business
Event Divisional EMTs/ EMT
Security Units
C-Suite Command Centers
HR Senior Management Divisional
Business
BCP • Business EMT
Units
Corp Comms • Technology
Technology Divisional
EMT Business
Facilities Units

Scenario
• Who needs to be involved in this situation?
• Who should be in charge in this situation?
• Why? Why not [name another option]….

8
Parting Thoughts . . .

CRISIS MANAGEMENT CRISIS LEADERSHIP

• Reactionary • Anticipatory
• Short-term progress • Long term strategy &
Versus principles
• Narrow Focus
• Tactical -- implement • Wide focus
• Strategic – envision

The Presenters

Cynthia Simeone is a Management Consultant with Satori


Consulting. She can be reached for further comment and
information at csimeone@satoriconsulting.com

Judith Walker is a Vice President in the Business Continuity


Program Office at Goldman Sachs. She can be reached at
judith.walker@goldmansachs.com