During the economic crisis, it seemed as though we’d been constantly running in crisis mode. To put it mildly, the worldwide situation got out of control years ago and it didn’t show signs of improving soon. Uncertainty abounds, fingers were pointed in every direction, and many of us felt powerless to do anything but wait and worry. In those situations, it’s best to know about crisis and risk management.
The difference between crisis management and risk management is the same as the difference between corrective action and preventive action. The first is reactive, occurring as the event unfolds and the second one is based on taking action to reduce the risks BEFORE there is an event in the first place.
The economic crisis occurred and whether it was through our fault or not, we had react to the event in front of us all, get it under control, and fix it quickly as possible — that’s what crisis management is. Depending on the nature and extent of a problem, it may take considerable resources to fix using risk management techniques. As we’ve seen, the economic crisis had used an enormous amount of resources and promises.
Unfortunately, it looked as thought many companies — but especially small-to-medium businesses — simply had to do their best to ride out the economic storm. Too much was beyond their knowledge or control.
Many people laid the lion’s share of the blame for the economic crisis on the financial sector, or on government policies. Certainly they weren’t the only causes, however. Companies in every sector took unnecessary risks and didn’t implement a system of effective controls and oversight. Good risk management practices existed but they weren’t followed.
Risk management consists of identifying potential threats, assessing their likelihood and their impact (if they were to occur), and taking the necessary steps (preventive actions) to eliminate or minimize risks. There are risks we’ll always be powerless to avoid or control (severe weather, earthquake, etc.), but we can cope with them — and many others — better simply by implementing effective risk management systems and have contingency plans ready to execute.
There is a management philosophy, mirrored by ISO 9001, that merely correcting a problem isn’t as good as identifying its root cause and taking steps to make sure the problem doesn’t recur. That’s called “taking corrective action”.
That philosophy also says that making sure a problem doesn’t happen again isn’t as good as preventing it from happening in the first place (aka, “preventive action“). It follows, then, that risk management is markedly preferable to crisis management. This is not to say you shouldn’t prepare to manage crises (after all, the best-laid risk management plans aren’t going to prevent every crisis…like they say, “Stuff happens”) but that crisis management should be your fall-back position.
Now you know a little bit about crisis and risk management. Comments, anyone?