In all businesses, no matter how well-run, operational crises are inevitable. What’s important is how management handles those crises.
Lloyd and James will talk about what defines an operational crisis.
They’ll discuss why a post incident report is essential.
And they’ll outline a crisis prevention plan in five parts.
Table of contents:
1. Coordinating a response
2. Learning from a crisis
3. Five ways to prepare for the unknown
How would you define a crisis?
Lloyd and James define a crisis as an overlap of what tech people would call a major incident and what others would term a crisis. This would include instances like natural disasters, power outages, or loss of internet, especially for remote teams situated in places prone to extreme weather conditions.
They also classify financial failure or unexpected cash flow incidents as potential crises, using the recent issues with SVB bank in the US as an example.
The unpredictable nature of these incidents can catch one off guard, making it crucial to have an effective crisis management plan in place. The way one responds to a crisis when it happens, says James, is a critical factor in determining its overall impact on the business.
The topic of security
As a guard against potential crisis, Lloyd and James highlight the importance of cybersecurity. This is especially relevant in light of recent statistics putting hacking incidents in Australia at 24 times that of other countries.
There is a need for businesses, particularly small to medium ones, to have a plan to counteract such potential security breaches. Lloyd says that even though this issue may not be top of mind, basic preventive measures can make a significant difference.
Coming from a background in banking, Lloyd offers assistance in implementing these preventive measures, which include backing up data, establishing a plan to restore from a backup, and managing passwords effectively. James adds that two-factor authentication should be a standard practice, and is a crucial part of his business’s cybersecurity checklist.
Does it impact your reputation?
Lloyd and James delve into reputation as a key aspect of crisis management, stressing how a bad rep can significantly affect a company’s ability to operate.
Lloyd points as example to Volkswagen’s emissions scandal, where the automaker’s image suffered due to their manipulation of emissions test results.
Crises, says Lloyd, aren’t exclusively tech-related as often perceived; they can span a wide range of areas impacting businesses, including reputation crises.
James agrees. In his own business he tries to hedge against a variety of negative future events, with measures such as redundancy, backups, and diversifying assets. He mentions a personal encounter with crisis when Signature Bank collapsed, in which case his hedging strategy protected him from potential ruin.
Again on reputation crises, James speaks to increased vulnerability in the age of social media and deep fakes, where falsehoods can spread and perpetuate rapidly. Even lies can seriously damage a company’s reputation.
James suggests one protective measure could be careful selection of clients, and being quick to identify mental instability. Pressures like financial stress, says James, can provoke people into emotional, rather than logical, behavior. This poses a unique set of challenges for businesses in maintaining their reputation and effectively managing crises.
Where a director of operations comes in
Lloyd explains the role of a Director of Operations in crisis management, where it’s important to respond rapidly to any crisis, whether of social media reputation or cybersecurity.
For instance, Australian companies are proposed to have a 72-hour window to report a hacking incident to the government. Because many businesses lack a proper crisis management plan, the burden falls on the founder, which can prolong the crisis and cause potential financial and human resource losses.
Lloyd advocates having a Director of Operations to handle crises effectively and prevent it from impacting the day-to-day work of the team.
James contrasts two types of businesses: one goes from crisis to crisis with the founder frantically trying to resolve issues, and another has their people and systems in order and a plan ready for emergencies. In the former type, this constant firefighting can create a toxic work environment and high employee turnover. The latter, however, has Standard Operating Procedures (SOPs), clear communication channels, and can quickly resolve issues as they arise.
Three areas to consider
There are three areas, says Lloyd, that a Director of Operations focuses on in crisis management.
Firstly, coordinating a response to ensure efficient handling of the crisis. This is critical – without a DOO or point person, the responsibility is on the founder, which can be overwhelming, especially in the instance of a reputational crisis needing public engagement. Having a DOO to manage the team response and resolve the issue quickly can ease this burden.
Secondly, recovery and learning from the crisis is essential. It’s not enough just to fix the issue. A proactive analysis of what caused it, what can be learned from it, and what can be done to prevent such crises in the future is needed.
Finally, the DOO’s role extends to preparing for the unknown, shifting from a reactive to a proactive stance. This involves identifying potential risks that could lead to crises and putting measures in place to mitigate these risks.
This proactiveness helps the business to anticipate and prevent crises, thus ensuring smoother operations.
1. Coordinating a response
Lloyd speaks to the importance of coordinating a response to crises, emphasizing again that without a point person like a DOO, the founder might be overwhelmed dealing with the crisis while trying to run the business.
Lloyd shares his experience in a payments company where an operational error resulted in a major supermarket’s customers being charged twice. The company had to involve various teams – IT, marketing, legal, and communications to handle the situation.
In this crisis situation, it was the role of the DOO to coordinate the different teams involved in resolving the issue. This enabled the CEO to focus on managing the company’s external image and dealing with the press.
2. Learning from a crisis
It’s essential, says Lloyd, to learn from crises. Such challenges offer an opportunity to improve systems and prevent similar issues in the future.
Lloyd recalls when, after a crisis, he recommended an upgrade in monitoring infrastructure across different departments to prevent similar mishaps. Many businesses struggle with handling crises and lack a process in place to learn from such events, leaving them vulnerable to recurrent problems.
— CCTV IDIOTS (@cctvidiots) May 14, 2023
Lloyd’s preferred method of learning from crises is the post-incident review (PIR). A PIR, he clarifies, is not an attempt to assign blame; instead, the focus is on identifying the causes of the crisis (Lloyd argues there’s rarely a single cause behind any problem, so it’s crucial to identify all contributing factors.)
The team then comes together to strategize on how to prevent a similar issue from occurring in the future.
As an example, Lloyd cites a common issue that can affect e-commerce websites – a problem at checkout. A crisis like this, he says, could be due to various factors, such as lack of a testing environment for developers, tight deadlines, poor planning, funding issues, or a culture that discourages speaking out about potential risks.
Lloyd highlights the need to investigate all causes, develop a plan to address each one, and set timelines for resolution. This approach, Lloyd argues, turns a crisis into an opportunity for improvement.
3. Five ways to prepare for the unknown
In the third area, preparing for the unknown, Lloyd identified five parts.
1. Classification of crises
First, you need to correctly classify crises, ensuring the appropriate amount of attention and resources is given to them. This classification is based on factors such as the number of users impacted, the scope of the issue, the risk of data breach, and potential reputational damage.
2. Risk assessment
Secondly, Lloyd discusses risk assessment as an integral part of proactive preparation. This involves routinely gathering a team to brainstorm potential financial and system risks, evaluating their possible impact and likelihood, and deciding whether to create a plan for them or accept the risk. This process can be done on a project basis or on a regular schedule.
3. Disaster recovery
Thirdly, Lloyd underscores the importance of disaster recovery and business continuity planning. This can mean having backup systems in place, rehearsing restorations from backups, and planning for potential location changes due to disasters or outbreaks.
The fourth strategy involves having robust cybersecurity plans in place to protect against data breaches.
5. Proper training
Finally, Lloyd insists on the importance of training, enabling teams to effectively handle crises, learn from them, and prepare for the unknown. Understanding these strategies doesn’t happen automatically; training is necessary to equip teams with the needed skills and knowledge.
James reinforces this, citing as example schools and hospitals that have rehearsed plans for common risks.
From continual crisis to smooth sailing
With proper crisis management, a business can make a transformative turn from being chaotic and reactive to a well-run, smooth operation. This shift can be achieved by mitigating drama through anticipation, coordination, recovery, training, and professional assistance.
The result is a more balanced work environment, replacing a constant state ‘of Whack-a-Mole’ with well-established rhythms for resolving issues efficiently.
While in his previous career it took James around two and a half years to overhaul a failing dealership, the turnaround time for smaller businesses, he shays, can be significantly shorter.
The key, says Lloyd, is having a plan in the event of a crisis.
If you need help with your business operations, you can find Lloyd at virtualdoo.com.
And if you’re seeking a sounding board for your online business endeavors, the JamesSchramko membership is the place.
Liked the show? Enjoy all the episodes when you subscribe on iTunes