Crisis Management
In a perfect world, a company that has an effective enterprise risk management process in place and operating effectively is unlikely to be faced with an unexpected event that creates havoc. But we don't live in a perfect world—and even an effective ERM process can provide only reasonable, not absolute, assurance that even risks capable of causing major damage will be mitigated.
You read the headlines and know what can and does happen, where companies' valued reputations and very survival are at stake. A crisis can result from an accident, and we need only to think of General Public Utilities' Three Mile Island, Union Carbide's Bhopal, Exxon's Valdez, and BP's Deepwater Horizon, to name just a few. Crises also can result from natural disaster, product defects, attempted hostile takeover, CEO departure, fraudulent reporting, lawsuits, regulatory investigation, deteriorated finances, and a host of other events. As shown in Exhibit 12.1, the types of crises companies face and their frequency have evolved and, as of a couple of years ago, were led by those related to white-collar crime, mismanagement, casualty accidents, consumer activism, defects and recalls, and labor disputes.
Exhibit 12.1 Crisis Categories Compared (Percent of total crises each year)
Source: Institute for Crisis Management, 2010.
| Category | 1990 | 2009 |
| Facility damage | 5.5 | 7.0 |
| Casualty accidents | 4.8 | 11.0 |
| Environmental | 7.8 | 2.0 |
| Class-action lawsuits | 2.2 | 7.0 |
| Consumer activism | 2.8 | 9.0 ... |
Get Governance, Risk Management, and Compliance: It Can't Happen to Us—Avoiding Corporate Disaster While Driving Success now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
