Managing a disaster situation or a crisis over which you may have little or no control requires cool-headed leadership and a clear strategy.Tracey Evans reports.
The days of corporate complacency towards risk are over. Planning for a disaster that could bring down the business is now a must; regulators, auditors and insurers are demanding it.
Most organisations have been touched by some form of crisis in recent years. A disaster in a remote corner of the world now affects businesses far removed from the centre of the crisis through a chain reaction of events.
The globalisation of the economy, our dependence on information technology and the threat of terrorism have all had a part to play in increasing the risk of business interruption or failure. As a result events such as the Enron scandal, September 11, SARS, and cyberviruses that hit hundreds of thousands of computers worldwide in a matter of minutes, can be devastating for organisations in Australia.
Then there are the risks in our own backyard: the collapse of major corporates such as HIH, One.Tel, Ansett and Pan Pharmaceuticals; the Altona petrochemical refinery fire and the Moomba gas plant explosion; bushfires, floods, drought and major storms and cyclones; industrial action; extortion and product tampering; and so on.
Just hours after the bombshell announcement by the Therapeutic Goods Administration last April that it was suspending the licence of Pan Pharmaceuticals and recalling products, the Blackmores crisis management team went into action.
Blackmores, one of Australia’s largest complementary medicines manufacturers, wasn’t directly affected by the recall because none of its products had been manufactured by Pan, but chairman Marcus Blackmore knew that the fallout would be industrywide. “Our main concern was customer perception,” he says.
An emergency meeting of the Blackmores board approved a $1.5 million advertising program “not only to defend the company’s good reputation but to give support to the industry,” says Blackmore who spent hours giving interviews and signing off ads in newspapers and on radio around the country.
Meanwhile, with many of Blackmores competitors now absent from the shelves, the company significantly boosted production to cope with the anticipated increase in demand. “It really was ‘all hands on deck’.
“April 28 (the day of the announcement) was the blackest day our industry has ever had,” he says.
Blackmore is unimpressed with the Federal Government’s “spectacular lack of support” for the $1.5 billion industry. “It’s been a struggle to get the confidence back,” he says. “It’s had a devastating effect on our industry.”
Even so, the company’s ability to move quickly in the days after the crisis has paid off. “We picked up quite a bit of business from retailers filling their empty shelves with our products,” says Blackmore.
The company’s sales are up 25 per cent on last year.
Crisis planning is not an optional extra, writes Dr Harry Wilson, editor of the international journal, Disaster Prevention and Management and an academic at Bradford University, UK. “Research has shown that a very large proportion of organisations that have undergone a crisis event do not survive if they were not prepared. This is true for large and small organisations; disaster has no respect for size.”
Nonetheless, until recently, Australian businesses have been slow to implement rigorous strategies to cope with crises.
In the wake of the recent wave of financial scandals and spectacular corporate collapses in Australia and overseas, the Australian Securities and Investments Commission (ASIC), the Australian Prudential Regulation Authority (APRA) and the Australian Stock Exchange (ASX) have all issued, or are continuing to review, corporate governance rules to help ensure business continuity.
For example, the need for businesses to take seriously possible interruption threats is highlighted by the ASX in its new principles of good corporate governance. The ASX document notes that: “The integrity of the company’s financial reporting depends on the existence of a sound risk oversight and management control.”
The cost and availability of business interruption insurance is also proving a financial imperative for the move towards business continuity plans.
A survey of European risk managers last year by the brokerage, reinsurance and benefits consulting firm, Aon Risk Accounting found business interruption to be the number one threat.
The events of September 11 demonstrated that loss of life and property is no longer the only impact of such a tragedy, says Lloyd’s Deputy Chairman John Coldman, quoted in a Lloyd’s newsletter, The Market. “Today when business are forced to close, it starts a long chain of economic loss. In fact Lloyd’s estimates that the insurance costs of business interruption accounts for a staggering $US10 billion, or more than 25 per cent of the overall September 11 loss.”
Since September 11, business interruption premiums have skyrocketed by as much as 600 per cent, says Paul Johnson, Principal of Aon in Australia.
“At the same time certain sub-limits within policies have reduced. A good example of that is the supplier and customer clause. If your supplier or customer had a loss that impacted on you, generally you could claim that loss. Now insurers are putting higher limits on that loss and I think that really flowed out of disasters such as the Taiwan earthquakes and the World Trade Centre where the insurers didn’t realise the impacts some businesses had on dependencies.” Retention levels, or the amount of excess a company pays first, have also increased, he says.
“So it’s been a three-way loss to the insured in that premiums have gone up, cover’s reduced and deductibles have risen.”
Meanwhile, the wording in policy documents is also tightening up as insurers learn new lessons from each disaster.
Johnson, who’s assisting clients in Hong Kong with their claims following the SARS outbreak last year, has found that business interruption policies have been put to the test when it comes to the limits of coverage. “In some policies, the contagious disease had to be on the premises; some said it had to be within a certain number of kilometres; while others just said ‘in the vicinity of’. The first two are easy, but the third one is becoming a bit of a nightmare – what does ‘in the vicinity of’ mean?
“The companies in Hong Kong are saying if it’s in Hong Kong then that’s in the vicinity but some insurance lawyers are saying it means a few hundred metres,” says Johnson. “Now most insurers are limiting claims to just the premises and with a specific financial amount,” he says.
With insurers increasing premiums, limiting cover and, in some cases, refusing cover, organisations are working harder than ever to “sell” their risk profiles and business continuity plans to get the best deal on cover.
Major corporates are spending as much as $100,000 to prepare sophisticated presentations on CD-ROM that include video, photographs of company sites, documentation about past claims, claims management, building reports, the risk profile and the business continuity plan.
“All of Aon’s top 20 to 40 clients would go through that process of selling the risk to the market,” says Johnson. “Our policy is to prepare the CDs when our clients go to the UK, Europe and to the US to buy insurance, so that the insurer can become educated very quickly and see that they mean business.”
Some industries are plagued by crises that threaten their survival. Take tourism. When tourism operator, Grant Hunt refers to the damaging affects of SARS on business in Australia as a “market cycle incident” you know he’s in a tough industry.
Hunt, Chief Executive Office of Voyages Hotels and Resorts is so accustomed to crises, he lists them almost nonchalantly, and with some pride that the company has survived them. The Ansett collapse, SARS, the war in Iraq, terrorism and even events such as the Rugby World Cup have all battered the business in various ways. But it was the fire last year at Voyages’ newly completed jewel in the crown, the $9.5 million ultra-luxury resort at Uluru, Longitude 131, that put the company into the headlines.
The fire caused more than $4 million worth of damage, destroying 12 of the 15 accommodation “tents”.
Hunt says the company’s crisis planning kicked in and as a result no one was hurt. “It was something we planned and trained for.”
Voyages’ rigorous planning, or in Hunt’s words the “shadow business plan”, saw it survive a bigger crisis – the Ansett collapse.
“It was the biggest single impact of anything because it took capacity out of the air, which we’re still struggling to reclaim,” says Hunt.
However, the initial threat was averted thanks to the shadow plan which had been drawn up and budgeted for just six months before the collapse.
“We were in a management workshop reviewing threats to the business when one of my executives had the audacity to suggest that the collapse of one of the major airlines (probably Ansett) was a threat we ought to consider.
“And we did, we actually workshopped it and figured out what we might do. It’s everything from realigning your capacity alliance on Qantas very quickly, right through to business control, cost-cutting, and staffing issues.
“So we just rolled the shadow plan out and battened down the hatches, controlled our costs, went on a pretty aggressive tactical marketing campaign to make sure that Qantas knew there was plenty of demand for seats, and away we went.”
The war in Iraq was also planned for, says Hunt. “We knew it was coming and there was market tension as early as the last quarter of 2002. We knew the conflict was imminent and so did the market.”
SARS had a bigger affect, says Hunt, because tourism organisations around the world were not prepared for it and didn’t take control of the story.
“It was a classic example of losing control of the PR process and the media rushed into that void and made it much worse than it was.”
Public relations can make or break a company in crisis. It’s all about communicating quickly and effectively with customers and shareholders, says Tony Rasman, Managing Director of PR firm, Fleishman-Hillard Stratcom.
He cites Arnotts handling of an extortion attempt in 1997 as a benchmark. The company withdraw its products from the shelves when it received word they had been poisoned.
“The company left nothing to chance and the chief executive communicated exactly what they were going to do,” says Rasman.
On the other hand, he says, a threat to the computer chip manufacturer Intel was badly handled. It was a case of reputation risk via the Internet when a mathematics professor posted on the web claims of flaws in Intel’s new Pentium microprocessor. Intel’s initial silence was a mistake and by the time the board finally decided to offer to exchange any flawed goods, it had incurred about $US475 million in costs.
“Good communication is about doing it quickly and not wasting a whole lot of time debating the issue,” says Rasman. “It’s getting out there and informing people that need to know exactly what the strategy is and why.”
Grant Hunt’s approach is to go one step further and turn adversity into opportunity. “You live this job with a lot of passion, and when there is a kick in the teeth you tend to take it hard. But, as with the fires at Longitude, you can either be a victim or you can get up and do something about it and use it to your advantage.”
Voyages is planning to use the worldwide publicity about the fire to its advantage when it reopens the resort in July.
Tracey Evans is a Sydney-based business writer.
Greatest risks facing European businesses
|Loss of reputation||2|
|Products liability/tamper/brand protection||3|
|Failure to change/adapt||7|
|Failure of key strategic alliance||10|
|Directors and officers’ liabilities||11|
Source: Aon European Risk Management and Insurances Survey 2003
- Obtain top management approval and support.
- Establish a business continuity planning committee.
- Perform business impact analyses.
- Evaluate critical needs and prioritise business requirements.
- Determine the business continuity strategy and associated recovery process.
- Prepare business continuity strategy and its implementation plan for executive management approval.
- Prepare business recovery plan templates and utilities, finalise data collection and organise/develop the business recovery procedures.
- Develop the testing criteria and procedures.
- Test the business recovery process and evaluate test results.
- Develop/review service level agreement(s).
- Update/revise the business recovery procedures and templates.
Source: This first appeared in an article by Kon Karakasidis in Information Management and Computer Security, 1997