In a perfect world, a company that has an effective enterprise risk management process in place and operating effectively is unlikely to be faced with an unexpected event that creates havoc. But we don't live in a perfect world—and even an effective ERM process can provide only reasonable, not absolute, assurance that even risks capable of causing major damage will be mitigated.
You read the headlines and know what can and does happen, where companies' valued reputations and very survival are at stake. A crisis can result from an accident, and we need only to think of General Public Utilities' Three Mile Island, Union Carbide's Bhopal, Exxon's Valdez, and BP's Deepwater Horizon, to name just a few. Crises also can result from natural disaster, product defects, attempted hostile takeover, CEO departure, fraudulent reporting, lawsuits, regulatory investigation, deteriorated finances, and a host of other events. As shown in Exhibit 12.1, the types of crises companies face and their frequency have evolved and, as of a couple of years ago, were led by those related to white-collar crime, mismanagement, casualty accidents, consumer activism, defects and recalls, and labor disputes.
Source: Institute for Crisis Management, 2010.
|Consumer activism||2.8||9.0 ...|