Risk Management: Crisis Containment


By Paula Green

Recent natural disasters have shown that in times of crisis, having a robust crisis management plan that kicks in automatically—and a team to implement it—can make all the difference when it comes to minimizing the impact on employees, the company and its reputation.

300 Features_19 Risk Mgmt_CrisisContainment

Good crisis management does not mean trying to map out responses to all possible disasters that may strike a multinational with dozens of offices and tens of thousands of employees operating around the globe. Rather, it is about having a distinct management process that can be rolled out immediately to manage any type of emergency. “A company needs a crisis management team that is cross-functional and taken from the top of the organization,” says Tracy Knippenburg-Gillis, reputation risk and crisis management leader at insurance broker and risk consultant Marsh. “This is a core group…the variables depend on the company. But this is not a cast of thousands, and the CEO is not leading it.”

“You don’t want to create another crisis,” adds Carol Fox, director of strategic and enterprise risk practice at the Risk and Insurance Management Society in New York. “Crisis management means you can manage anything that happens, regardless. It is a plan for whatever occurs.” Fox contrasts the emergency response of a crisis management plan with the corporate business continuity plan, another essential risk management tool. The business continuity plan sustains a corporation’s long-term health when its sources of revenue, production or sales are disrupted. The crisis management plan is “muscle memory.” It kicks in automatically when a disaster strikes.

Two decades ago, most risk managers developing crisis management plans didn’t even think of man-made events such as terrorist attacks and deadly computer viruses. And natural disasters with the force of the powerful storm that struck New York City’s financial district last October weren’t imagined hitting the northeast coast of the United States.

The earthquake and subsequent tsunami in Japan in March 2011 and the monsoon that created havoc in Thailand in July the same year upped the anxiety levels of risk officers.


Add in the Toyota auto recalls and the BP environmental disaster and it becomes clear that it is no longer solely risk officers zeroing in on the immediate consequences of a crisis, but ultimately the company’s long-term reputation and continued existence.

“Senior management is getting involved,” says Knippenburg-Gillis, adding that board-member attention on crisis management has soared in the past five years. “There is a great level of awareness, and it is a high-profile issue.”

The issue has generated increasing attention among executives in the past 10 to 15 years, according to Alessandro De Felice, group risk manager for finance, administration, control and IT at Prysmian Group, in Milan, which manufactures cables for the energy and telecommunications industry. He notes: “Most large companies have adopted a policy to address a potential problem. They [executives] have become more conscious of the need for a plan and the advantages of it.”

The two earthquakes that hit northern Italy late last May, killing some 24 people and displacing thousands, sparked renewed attention to crisis management among executives, De Felice adds. Registering magnitudes of 6.0 and 5.8, respectively, the quakes were felt across a large area of northern Italy from Milan to Venice. Combined, they constituted the worst earthquake disaster to hit the country since the L’Aquila temblor killed more than 300 people in central Italy in 2009.

So how does a corporation prepare for the unthinkable? Assembling a good crisis management team before the crisis is essential. Knippenburg-Gillis says this team should be composed of senior managers from across the company: operations, legal, finance, communications, information technology and human resources. The specific departments and numbers would depend upon the company and its industry. A technology firm, for example, would rely particularly on expertise from its information technology department, she says. “But they’re not taken from the executive team, because these [executives] have a business to run,” she adds. “This cross-functional team needs to be able to manage the crisis and its consequences, both short-term and long-term.”

150 Features_19 Risk Mgmt_CrisisContainment

“Crisis management means you can manage anything that happens, regardless. It is a plan for whatever occurs.”

—Carol Fox, RIMS


The crisis blueprint, while created to handle all untoward events, has to be tailored to the needs of the company and its corporate structure. “Its main duty is to address all the company’s activities,” says De Felice, who is also vice president of the Federation of European Risk Management Associations in Brussels. The plan, he says, “has to be very aggressive, according to the industry. For example, a shoe company will have different needs than a bank.”

In order to protect the corporation’s integrity, the message a company delivers has to be consistent as it addresses the ongoing challenges created by the crisis, De Felice adds. For example, the response of the Italian cruise line Costa Cruises, under control of Carnival Corporation, helped mitigate the damage caused by the irresponsible actions of its captain when one of its ships ran aground last January, he says. The giant cruise ship Costa Concordia hit a reef and sunk off the coast of Tuscany, Italy. At least 30 people died. The ship’s captain had deviated from the ship’s computer-programmed route, claiming he was familiar with the local seabed. “They [Costa Cruises] only had one person talk with the media…not different people,” says De Felice. He compares that to the wide-ranging messages and comments delivered by senior BP executives, as the escalating disaster caused by the oil spill in the Gulf of Mexico in 2010 unfolded.

Lori Seidenberg, senior vice president of enterprise risk management for Centerline Capital Group in New York City, says an emergency task force helps the corporation move through the crisis as safely and smoothly as possible. Centerline had the chance to test its emergency response system when Hurricane Sandy hit New York City last fall. Just a year ago, the real-estate investment management company had moved its offices from midtown Manhattan to the city’s financial district. Only a block away from the World Trade Center site, the firm’s executives were well aware of the need for an emergency response system. Its emergency task force, consisting of a number of executives including the president and senior managers from operations, communications, risk management and information technology, set up the company’s first line of internal communications as the storm knocked out power and forced the company to close its doors for one business week.

“We met by phone three times a day,” says Seidenberg. An emergency alert system was used to push messages to employees by telephone, email and text. “You have to think outside the box. We were very lucky to have a plan and procedures in place. It all worked out,” says Seidenberg, who is also a board member at RIMS, the risk management society. “But there are always lessons to be learned.”