© 2002 Jonathan Bernstein
JUST A THOUGHT
Towhey's Law of Perception: The good news is that perception is NOT reality. The bad news is that reality is irrelevant.
G. Mark Towhey, Towhey Consulting Group
AN OUNCE OF PREVENTION
Organizational Full Body Scans: A Crisis Prevention Analogy
by Jonathan Bernstein
In a brainstorming session the other day, we were explaining to a prospective client that what we do, through the vulnerability audit process, is take our decades of experience with others' crises, figure out how those crises happened or were exacerbated, and then apply that knowledge to our current clients' needs.
"We reverse-engineer crises," said Phil Cogan, my executive vice president and head of our new Phoenix, Arizona office, referring to the practice of taking apart an object to see how it works in order to duplicate or enhance the object.
Almost perfect. We're not trying to duplicate an organizational structure when we conduct vulnerability/risk audits, although we are working to enhance the organization. But he wasn't done. Over lunch, Phil said, "Y'know, vulnerability audits are also comparable to the medical full body scans becoming so popular in the U.S. In our case, we enable clients to find the seeds of future problems, long before they turn into crises, and then help them devise ways to keep those seeds from growing."
Bingo. Indeed, detecting and responding to incipient organizational cancers and early warning signs of ailments large and small is the essence of crisis prevention.
Let's continue the latter analogy to explain a common phenomenon: organizational leadership refusing to take an honest, in-depth look at its own actual or potential vulnerabilities. Why, sanely and logically, would this be so?
For the same reason, Phil and I believe, that many people don't want full body scans, or HIV tests, or breast cancer screening, or other early-detection methods for disease.
FEAR. They don't want to know. If they don't get the test, they can live in delusion (I'm fine) and/or denial (it won't happen to me, it happens to OTHER people).
But here's where organizational leadership has to set aside its gut-level human reaction to diagnostic techniques and practice sound principles of corporate governance, focusing on the fact that not just THEIR lives, but the professional and personal lives of many others rests on their decisions. True courage is doing the right thing even when you are afraid.
If a single human refuses to get a colo-rectal test and later is found to have colon cancer, it will obviously have a negative and potentially tragic effect on that individual, his/her loved ones and closest acquaintances. It will have varying degrees of impact on his/her co-workers and employer, depending on his/her position and how well he/she is regarded.
However, if an organization's leadership refuses to conduct some reliable form of assessing its vulnerabilities and later is found to be seriously or terminally "ill," hundreds or thousands of people can be harmed, professionally and personally. And an organization attempting to self-diagnose without the in-house availability of a skilled "corporate diagnostician" is like a medical patient doing his/her own cancer screening. It's just another form of delusion and denial.
One of the questions I'm most frequently asked by reporters, following a post 9-11 year rife with corporate disasters, goes something like "has there been a change in organizations' willingness to proactively anticipate crises and take steps to avoid them or minimize damage when they occur?"
My answer is, "yes, there's been a slight positive change, but the vast majority of organizations with which I've been in contact remain reluctant to conduct vulnerability audits until and unless they've already been serious burned, sometimes more than once. And then only if they survive the crises for which they weren't prepared."
It's a choice -- I hope organizational leaders start choosing more wisely, because a lot of people are depending on them.
CRISIS MANAGER BUSINESS ANNOUNCEMENTS
Executive Session Vulnerability Audits & Crisis Document Audits
Bernstein Crisis Management offers two low-cost means by which an organization can get a quick handle on its current level of vulnerability to potential crises. One is a day-long guided brainstorming/training session for executive management, our Executive Session Vulnerability Audit. The other is a three- to eight-hour task -- letting us analyze and prepare a report on your current crisis preparedness documents. For more information, Click Here.
Branding Crisis Manager
You can arrange to distribute "Crisis Manager" to your own email list with a "Brought to You By" credit in the masthead. There is no charge and only some reasonable restrictions to preserve the integrity of the publication. Several organizations are already doing this and finding that it is appreciated by their contacts. Write to email@example.com for more info.
Crisis Manager Presentations & Workshops
Want to REALLY get some of this information into the hearts and minds of your organization? Your ineffable ezine editor and crisis communications consultant and his talented associate, Phil Cogan, are available to make presentations and lead workshops. Their presentations can often be certified for the continuing education credits required by a number of professions. A list of our recent and pending speaking engagements can be found by clicking here or on the "Presentations" button to the left. For more info: firstname.lastname@example.org or call (626) 825-3838.
Editor's Note: I tripped across some of Geary Sikich's work on the Internet and contacted him, after which I learned that he and I had been through the same military intelligence training program within a year of each other, back in the 70's. If our shared participation in an oxymoronic first career doesn't throw you off, you will appreciate his insights about the changing face of business continuity, an excellent companion piece for the above article about detecting vulnerabilities and why there is resistance to that process.
Redefining Business Continuity for Uncertain Times
by Geary W. Sikich
We are facing a time unparalleled in our history. Since September 11th, the ground rules for business have fundamentally changed. Coupled with recent financial revelations and pending bankruptcies by top corporations, business can no longer enjoy a laissez faire approach by management.
At every level, companies and their value chains have been put on notice that "disruptive events," whether physical, financial, cyber-based or from other causes, are now a realistic and foreseeable expectation. As such, a proactive approach to business continuity planning must become part of the way that business is conducted, rather than an adjunct to the business of the company.
In a recent survey performed by Logical Management Systems, Corp. (LMS) and Cambridge Human Resource Group, it was confirmed that a full 50% of the respondents still have no integrated crisis management plan in place. This supports numerous reports by industry specialists, including one conducted by the Society for Human Resource Management in April 2002 that showed almost 90% of respondents reported little or no change in the way their companies approached crisis management.
Corporate executives have a legal duty and a moral obligation to their stakeholders to assure business survivability, but since September 11th it appears as if they are in a state of decision/action paralysis or denial about the need to take action.
The LMS/Cambridge survey also revealed that 50% of the respondents had developed their plans within the last two years and only 38% had actually conducted impact assessments (audits) to determine potential threats, risks, hazards and vulnerabilities to which their organizations are exposed, prior to creating their plans. You may be asking, "what does this mean to my business?" Simply put, your business has a vulnerability exposure. This vulnerability exposure may reside within or it may reside in your value chain (suppliers, vendors, customers, etc.) network. Additionally, if your organization has not validated the assumptions (hazards, risks, threats, vulnerabilities) underlying the plan to determine realistic threat and risk scenarios, it raises a question as to the validity of the plan should a crisis situation materialize.
Today more and more courts have opened various causes of action, attaching greater liability to the employer, when there is a high degree of foreseeability of harm to others, as well as prior notice, even in the case of a criminal act by a third party.
The events of September 11th, have now taken this liability analysis one step further. Prior to September 11th, businesses never seriously contemplated a terrorist attack of this nature (on U.S. soil) as a viable part of their contingency planning efforts, which in legal terms meant they were not likely foreseeable. However, one can argue that events such as the embassy bombings in Africa, the first World Trade Center bombing and even Oklahoma City should have alerted executives to the real possibility of such an event occurring on U.S. soil. Regardless, there is no question as to the issue of foreseeability today. Companies are on clear notice by the government and experts throughout the globe of these "new (or previously ignored)" vulnerabilities and have a duty to plan accordingly.
Business Continuity Redefined
Business continuity must be redefined based on the integration of strategy, competitive intelligence and event management as a new method of conducting business. Many companies currently view it as an adjunct to the business of the enterprise -- in another words, a necessary evil or an overhead cost of doing business, not a value proposition. The danger of this philosophy is that a company exposes itself unnecessarily and unknowingly to vulnerabilities, and thus increases its potential liability, because the company has failed to take prudent and appropriate precautions for foreseeable threats.
The critical question for corporate risk managers, general counsel, business continuity planners and other professionals lies in how far this new duty extends in light of September 11th and the government's clear warnings of potential ongoing attacks. Companies and their senior management are now on notice of these "newly realized" vulnerabilities and need to plan accordingly. Corporations and senior management are now facing new laws placing higher degrees of liability and responsibility upon them from stakeholders, insurers, employees, unions, local community groups and various government agencies. Companies need to begin thinking what this means for the organization in everything from compensation packages to insurance policies in other words - business continuity.
Business continuity planning as it is currently practiced must be redefined. To do this we must first define what business continuity thinking is and is not. Business continuity thinking is not merely episodic or sequential. It should be persistent over time and pervasive throughout the organization. It must become a way of doing business and not an adjunct to the business of management.
By episodic or sequential, we mean that the traditional way of developing the components of business continuity can no longer be accomplished as stand alone elements. Traditionally, organizations have differentiated the process of developing each of the following and have separated them into information silos:
- Mission, Vision, Value Statements
- Strategic Planning
- Tactical Planning
- Competitive Intelligence Activities
- Hazard Analysis
- Risk Management
- Vulnerability Assessment
- Threat Assessment
- Executive Succession Planning
- Crisis Management Planning
- Facilities Relocation Planning
- Crisis Communication Planning
- Contingency Planning
- Disaster Recovery Planning
- Consequence Management Planning
- Emergency Planning, etc.
The above list is illustrative of our penchant for specialization. When an event occurs, these often disjointed elements piecemeal plans into action with panic, chaos and confusion often the result. We must take action and make the business continuity thought process part of the way we do business. It is no longer a matter of "what if," rather it is a question of "when" will the next event occur and are we prepared?
Geary W. Sikich is the author of It Can't Happen Here: All Hazards Crisis Management Planning (Tulsa, Oklahoma: PennWell Books, 1993) and the Emergency Management Planning Handbook (New York: McGraw-Hill, 1995), available in English and Spanish-language versions. His latest book, Global Vulnerabilities - Local Impacts: Redefining Business Continuity (Tulsa, Oklahoma: PennWell Books, 2002) is scheduled for release in the fall of 2002. Mr. Sikich is the founder and a Principal with Logical Management Systems, Corp., (www.logicalmanagement.com) based in Munster, Indiana.
Editor's Note: We periodically feature reviews of products and services that are of potential use to crisis managers. Here are a couple of widely diverse publications I've been looking over recently.
Report: Securing Your Corporate Reputation
If you are someone who was, is or might ever be concerned about your organization's reputation and want to know the value of preserving it:
- Go to http://www.cuttingedgeinfo.com/FLReports/FL54_Reputation.htm, right now.
- Sign up to download the full PDF version of the summary report, which is free.
- Seriously consider paying for the full report, which costs $995.
According to the description by report producer Cutting Edge, "this report will show your organization how real companies build trust among consumers, employees and shareholders and cultivate lasting reputations that improve their bottom lines. Your team will learn from these companies' successes and mistakes to develop its own reputation management systems.
You will see how great companies such as GE, Johnson & Johnson, Coca-Cola, and FedEx have overcome industry stereotypes, built ethical corporate cultures and weathered corporate crises to develop strong, durable reputations. A Penn State study shows that reputable companies tend to gain financially: between 1983 and 1997, Fortune's most admired companies increased annual returns, on average, by 22%. In contrast, the Standard & Poor 500 posted 16% returns, and companies on the other end of the spectrum - those that rank lowest in annual surveys - faced negative returns of 1.7%.
I have found GREAT value in what I've read thus far, which was merely the downloaded summary. I am hopeful of being able to review the entire report soon and I'll report more on it at that time.
Risk Management: An International Journal
Risk Management is published four times annually by UK-based Perpetuity Press. It is a scholarly publication clearly targeted at senior-level professionals in fields related to managing risks and security. As such, it is very thorough, featuring detailed analyses and commentary by international experts. The publication could easily be required reading for any graduate-level course on risk management. Subscription cost is £295 ($457) in the UK and £320 ($496) for overseas subscribers. More information at www.perpetuitypress.com.
Disaster Recovery Yellow Pages
The Disaster Recovery Yellow Pages are a compendium of resources, all paid advertisers, who provide almost any form of service you can imagine to help you "return to normal" following a disaster. The categories in its overview table of contents include consulting and services; hotsites, warmsites, coldsites, mobile facilities; equipment; software; and associations, publications, materials, supplies, training.
It comes in two forms -- three-ring binder, and CD-ROM (that auto-runs and opens a browser window) -- and I heartily recommend the latter for its relative ease-of-use. I actually had a reporter on the phone not long after receiving the manual and he wanted to know if I could refer him to psychologists who counseled disaster victims. I attempted to find same in the three-ring binder and found the indexing system so confusing that I had to offer to call him back once I'd located the information, which I did later. The CD-ROM, although outlined in the same way, is searchable using a browser's FIND function, which makes it much simpler to use.
Of note: because the listings are paid advertisers, who provide little or no background information, this directory is only a starting point, albeit a useful one if you have no other information. The three-ring binder and CD-ROM cost $98 each or $179 for both together. More information at www.disaster-help.com.
If you have a product or service you'd like reviewed, please write to email@example.com.
PLAIN ENGLISH DISCLOSURE
Bernstein Crisis Management has formal or informal co-promotional and mutually beneficial business associations with PIER Systems, Inc., PR Newswire's ProfNet service and CustomScoop. No, we can't go into details because that's confidential, proprietary, etc. But our relationship is NOT "arm's distance" and you should know that, since we regularly write about how we're using these services for crisis and issues management. That said, you should also know that Bernstein Crisis Management sought the relationships because its staff is convinced that these services are the best of their kind for Bernstein Crisis Management's needs and those of their clients. If you have any questions about these relationships, please contact Jonathan Bernstein, (626) 825-3838.
ABOUT THE EDITOR
Jonathan Bernstein is president & CEO of Bernstein Crisis Management, Inc., a national public relations agency specializing in crisis prevention, response & issues management. It is also the only national PR agency able to create crisis- and issues-specific websites for its clients in as little as five minutes by employing proprietary PIER System technology. Information on the firm's services can be found by Clicking Here or by calling (626) 825-3838. Information on its PIER capabilities can be found at www.crisiswebsite.com.
(Have a newsletter and/or website and want to exchange links? Let's talk about it! Write to firstname.lastname@example.org.)
These sites have proven valuable to my business and may do the same for yours.
"Media Insider" is a free service for the public relations community hosted by PR Newswire and ProfNet, its online resource linking reporters with expert sources. Updated daily with contributions from members, Insider reports on the people and new technologies behind the production of news. Go to http://www.mediainsider.com.
"The Publicity Hound" is a bi-monthly, 8-page subscription newsletter featuring tips, tricks and tools for free publicity. I'm a fan of editor Joan Stewart and heartily recommend her to anyone wanting positive publicity, the kind that helps you create a cushion of goodwill essential to surviving crises without going under. Sign up for her subscription newsletter as well as her free ezine, "The Publicity Hound's Tips of the Week," at www.publicityhound.com.
The PR Network provides a means for exchanging ideas and business improvement tips between PR professionals. They're at http://www.theprnetwork.com and their newsletter can be subscribed to by sending email to email@example.com with the word "subscribe" in the BODY of the email.
All information contained herein is obtained by Jonathan Bernstein from sources believed by Jonathan Bernstein to be accurate and reliable.
Because of the possibility of human and mechanical error as well as other factors, neither Jonathan Bernstein nor Bernstein Crisis Management is responsible for any errors or omissions. All information is provided "as is" without warranty of any kind. Bernstein Crisis Management and Jonathan Bernstein make no representations and disclaim all express, implied, and statutory warranties of any kind to the user and/or any third party including, without limitation, warranties as to accuracy, timeliness, completeness, merchantability, or fitness for any particular purpose.
Unless due to willful tortuous misconduct or gross negligence, Jonathan Bernstein and Bernstein Crisis Management shall have no liability in tort, contract, or otherwise (and as permitted by law, product liability), to the user and/or any third party.
Under no circumstance shall Bernstein Crisis Management or Jonathan Bernstein be liable to the user and/or any third party for any lost profits or lost opportunity, indirect, special, consequential, incidental, or punitive damages whatsoever, even if Bernstein Crisis Management or Jonathan Bernstein has been advised of the possibility of such damages.
A service of this newsletter is to provide news summaries and/or snippets to readers. In such instances articles and/or snippets will be reprinted as they are received from the originating party or as they are displayed on the originating website or in the original article. As we do not write the news, we merely point readers to it, under no circumstance shall Bernstein Crisis Management or Jonathan Bernstein be liable to the user and/or any third party for any lost profits or lost opportunity, indirect, special, consequential, incidental, or punitive damages whatsoever due to the distribution of said news articles or snippets that lead readers to a full article on a news service's website, even if Bernstein Crisis Management or Jonathan Bernstein has been advised of the possibility of such damages. Authors of the original news story and their publications shall be exclusively held liable. Any corrections to news stories are not mandatory and shall be printed at the discretion of the list moderator after evaluation on a case-by-case basis.
OTHER IMPORTANT STUFF
If you have questions for "Crisis Manager on the Spot" or comments about other topics, you can contact Jonathan Bernstein at: firstname.lastname@example.org.
Do you know people who are Crisis Managers, whether they want to be or not? Please pass this newsletter on to them!
Subscribe to the free, twice-monthly email newsletter below. After entering your email address, you will receive a message asking you to confirm your subscription in order to prevent someone else from adding you to the list without permission. YOU MUST CONFIRM YOUR SUBSCRIPTION OR YOU WILL NOT RECEIVE THE NEWSLETTER.
Articles in "Crisis Manager" were, unless otherwise noted, written and copyrighted by Jonathan Bernstein. Permission to reprint will often be granted for no charge. Write to email@example.com.