Risk, Threats and Crisis Scenario
Risk
The risk is the potential loss exposure due to a threat; which causes a disruption to business operations and preventing them from achieving the Minimum Business Continuity Objective (MBCO).
Threat
A Threat is an indication or warning of probable man-made or natural situation that can disrupt an organization’s operations or services.
Crisis Scenario
A Crisis Scenario describes a (crisis or disaster) situation that might disrupt the business.
In crisis management planning, crisis scenario is the equivalent of threats, identified as part of the Risk Analysis and Review phase.
Three Basic Elements of Crisis
The three basic elements of a business crisis are:
- Encountering an increased stress level;
- Having difficulty in finding a resolution; and
- Determining the timing of implementing the solution.
The scenario should include stress indicators or observations. Reference the number of hours worked, safety and quality issues, risks, and legal or regulatory concerns in the crisis scenario. A clear explanation of how the crisis is affected by increased stress on business operations can help reinforce the feeling of emergency.
Crisis Events
The events (or occurrences that happen over a period of time) leading up to the crisis can pertain to people or human resources. Example as shown in Appendix 2: Crisis Types.
Finalize Crisis Scenario
When the crisis is clearly be defined and the and the events leading up to the crisis, the organisation can provide an inventory of available resources and the current status of the situation. They can also create a timeline of problems or issues that led up to the crisis.These include actions that already have been taken. Identify the people to contact for taking action, including anyone who may be able to assist in the crisis. You may also want to provide a tool set that may consist of software applications, communication channels, references or other measures that can help crisis responders.
Sources of Risk
The sources of risk (Australian Government, 2012a) may include:
- Biological hazards;
- Civil and political hazards including civil and political unrest, terrorism, sabotage and hostage;
- Management activities and controls including deficiencies in areas of non-compliance with internal management systems, legislation, and agreements/contracts;
- Natural hazards and/or disasters; and
- Technological hazards (failure of technology).
Elements at Risk
Elements at risk (Australian Government, 2012a) covers the:
- Assets;
- Commercial reputation and goodwill;
- Environment;
- People; and
- Quality of life.
Performance Criteria
In this chapter, the performance criteria describe the performance needed to demonstrate achievement of the “Element of Risk.” The performance criteria are to:
- Establish the organizational context for crisis management;
- Investigate the environment to identify sources of risk, elements at risk and vulnerability;
- Identify and consult crucial relevant personnel, appropriate specialist advisors, and emergency response agencies in determining the sources of risk; and
- Develop emergency sources of the risk register.
Identify Sources of Risk
In the crisis management planning process, the Risk Analysis and Review (RAR) phase focuses on the identification of adverse threats and crises affecting organizational assets and provide a risk treatment or crisis strategy for them. By addressing the major fields of threat exposure, this phase details the framework for risk assessment to provide a suitable response. It identifies the types of crises that could occur in an organization concerning its weaknesses and limitations.
Identify Crisis Types
Threats, either man-made or natural, are situations or conditions that can cause disruption or crisis to an organization’s operations or services. Threats are generic. They may or may not have an impact on a given organization. For example, an organization may be immune to a certain threat. Alternatively, a particular threat may not apply to an organization. Vulnerability refers to those threats that are pertinent to the organization concerned. Risk Analysis is the attempt to evaluate these threats objectively via quantitative or qualitative methods. These methods usually employ some element of likelihood or uncertainty in their evaluation.
For a start, a scan of the horizon is carried out to categorize potential threats and its types and causes.
Categorize Crisis Types
From the sources of risk, these are some of the basic types of crises:
- Natural
- Technological
- Confrontation
- Malevolence
- Organizational Misdeeds
- Skewed Management Values
- Deception
- Management Misconduct
- Workplace Violence
- Rumours
- Lack of Funds
- Natural Factors
Examples of Crisis
As an example of what each business should be prepared to deal with:
- Natural
- For example, tornadoes, earthquakes, hurricanes, landslides, tsunamis, and floods.
- Technological
- For example, the breakdown of critical equipment during a crucial business period, corrupted software and events that give rise to technological crises.
- Confrontation
- For example, boycotts, strikes for indefinite periods, Internal disputes, Ineffective communication and lack of coordination that gives rise to confrontational crises, employees disobey their superiors by giving them ultimatums and forcing them to accept their demands.
- Malevolence
- For example, kidnapping company’s officials and false rumours.
- Organizational Misdeeds
- Superiors ignore the after-effects of strategies for quick results.
- Skewed Management Values
- Deception
- Management Misconduct
- Due to Workplace Violence
- For example, beating employees, superiors on office premises.
- Due to Rumours
- For example, employees spreading factually inaccurate information that tarnishes the image of the organization.
- Lack of Funds
- For examples, lack of funds leading bankruptcy and liquidity crisis
Goh, M. H. (2016). A Manager’s Guide to Implement Your Crisis Management Plan . Business Continuity Management Specialist Series (1st ed., p. 192). Singapore: GMH Pte Ltd.
Extracted from Recognize the Sources of Risk
Find out more about Blended Learning CM-300 [BL-CM-3] & CM-5000 [BL-CM-5]
Please feel free to send us a note if you have any of these questions to sales.ap@bcm-institute.org |