The range of potential issues and crises that face the modern organization can seem impossibly daunting when taken as a whole. This can lead management to decide, explicitly or implicitly, that there are simply too many potential threats to effectively prepare for, and thus they end up preparing for none.
While it is true there are a vast number of potential crises threatening any given organization, not all of them have the same probabilities for all organization types. Further, organizations themselves are not uniform in terms of risk exposure, reputational capital, executive experience and a host of other factors that determine their overall risk profile.
It is thus important for the relevant management actors to review the range of potential issues and crises based on the company’s own risk profile and environmental situation. The most effective way to do this is to segment these potential threats into logical categories. This also helps make it easier to divide up the review process among team members as well as make the whole task much more ‘doable’.
One approach to categorization of issue and crisis sources is to look at internal sources, external sources and overlapping sources.
Internal Sources
Some issues and crises are directly attributable to factors or actions within the organization. Because they are within the organization’s control, mitigation should be easier than would be the case for external sources. When a crisis is traced to an internal source the organization is often subject to harsher treatment because stakeholders feel that it was clearly within the organization’s power to prevent it. A good example of this is the recent Volkswagen emissions cheating crisis. There is no way the organization can blame some external factor for the crisis, it was 100% within the company.
Internal sub-categories include:
- People – the actions of management and/or staff
- Culture – the nature of the organization’s corporate culture (e.g. the hyper competitive cultures found in many large financial institutions prior to the 2008 sub-prime crisis)
- Product/Service – the specific items produced by the organization or the services it provides
- Process – the processes / ways of work within the organization
- Operations – the sourcing, manufacturing, distribution systems employed by the organization
- Financial – the organization’s financial systems and/or status
External Sources
The potential sources of issues and crisis found outside of the organization such as the political, economic, cultural and demographic environments in which the organization operates. These tend to be macro risks that can manifest themselves as a crisis for the organization depending on its relationship with its external stakeholders.
External sub-categories include:
- Regulatory – the nature of the regulatory environment in which the organization operates
- Legal – the legal system(s) and potential for hostile litigation that the organization is exposed to
- Environmental – the potential impact the organization has on the natural environment and the level public awareness regarding environmental protection
- Market – the market(s) in which the organization operates including stability of demand, competitive systems, and overall health of the economy
- Societal – cultural, religious, national, ethnic and demographic factors that can impact the organization’s relationship with its stakeholders
Overlapping Sources
Increasingly organizations are exposed to sources of risk that span the internal and external categories. This is especially true for larger organizations that offer a range of products or services and use an array of suppliers and service providers.
Overlapping sub-categories include:
- Supply-chain – increasingly, major corporations and brands are being held responsible for the actions of organizations throughout their supply chain, even if these organization have no formal/legal relationship beyond the selling and buying of goods or services
- Organized labor – the potential impact of local, national and international labor organizations and/or organizations advocating for the rights of labor on an organization – in terms of its relationship with its own employees as well as its overall reputation
The above segmentations should be considered as a potential starting point and certainly not a comprehensive listing. Further, each organization will need to review the various sub-categories to see if they are relevant and then to determine the probability that they will be the source of an issue or crisis. The crisis management team must be brutally honest with themselves in this process. For example, an organization that is highly leveraged or utilizes complex derivative instruments, probably has a greater financial risk exposure than a more conservative company – regardless of how smart or successful management is.
By breaking down the potential sources of issues and crisis and then reviewing them in light of the organization’s own unique situation the crisis management team can begin to define an overall picture of the risk environment. With this information, management can make more informed decisions regarding the allocation of resources to be tasked for risk mitigation.
Top 5 Takeaways:
- Issues and crises can emerge from a wide range of sources.
- Organization management needs to assess where they are most at risk regarding potential crises
- The most effective method of undertaking the risk assessment is to disaggregate the potential sources of issues and crises
- A useful way to break down the potential sources is to look at internal, external and overlapping sources
- When conducting the assessment the crisis team needs to be very honest with themselves about where their organization faces significant risks