Fundamental experiences of the crisis team’s work over the past twelve months, in S+S Report 01/2021

The past months have left massive traces in all our lives. These traces are particularly pronounced among three groups: young people and young families, the many self-employed and tradespeople, and the elderly in care and old people’s homes. They have all done and continue to do very special things and deserve all our respect and appreciation. The listing of these three groups is in no way meant to exclude the many others affected. The pandemic has brought large sections of the population to fundamental limits, both humanly and economically. In the “time after Corona” we will ask ourselves what lessons we will all learn from these months of “special settings in our lives”.

Article by Dr Klaus Bockslaff

We experience other aspects of the Corona crisis in the many institutions and companies affected. Not long ago, we all could not have imagined that, apart from a “relaxation break” in the summer and early autumn, many companies have been in “crisis mode” almost continuously since March 2020 until now. It is not uncommon for the number of crisis team meetings
to have reached or exceeded 140 by now.

The experiences of the crisis team’s work [1] over the past twelve months described below are based on an intensive exchange with representatives of well-known companies. In 90-minute meetings every two to three weeks, the respective developments were presented in a short paper and then critical topics and questions were also exchanged very openly.

These meetings were mainly attended by representatives of business enterprises from a wide range of sectors. Certainly very important experiences from the area of the public crisis teams involved at the municipal or regional level could only be observed in passing. However, it can be seen that the challenges faced by crisis teams at the municipal or regional level were very similar to the issues in the business sector. In view of the wealth of topics that have been of great importance in the work of these bodies in recent months, we will only mention the points that are particularly important from our point of view.

The following points from the discussions may be mentioned, for example:

[1] The term “crisis team” is used here to refer to the decision-making body that managed this situation, regardless of what the internal designation was in the companies or institutions.

Pandemic plans
often fell short

Many companies have had pandemic plans in place since the times of swine or bird flu. These plans were often based on the classic scenarios of BCM contingency planning “staff, building, IT and service provider failure”. In many cases, they were also aligned with the pandemic levels originally envisaged by the WHO. However, these have not proved to be realistic.

Fortunately, only a few companies have suffered critical staff losses due to the pandemic. And yet staff are at the centre of prevention and emergency response. Buildings and office space are still available, but can only be used to a limited extent due to distance measures. T must provide external access with mobile end devices for a large number of employees at short notice, while still ensuring data protection and information security. It is important to stay in close contact with service providers in order to be able to react quickly to restrictions in the ability to deliver.

The task nowwas to adapt the existing pandemic plans to the situation given with COVID19. For this purpose, new regulations had to be made in a large number of areas and incorporated into the corresponding planning.

Home office will
change our society.

Setting up home offices as a form of work in Corona time has proven to be a very effective way of reducing social contact. Whereas employees used to have to go to great lengths to get a day’s home office, this has now become a widespread practice. There are a number of challenges associated with setting up the home office option. In many cases, the home environment was and is not geared towards this. While the technical requirements and equipment could be clarified quite quickly in part only by using private devices, the associated difficulties in the private sphere became apparent, especially for young families. Then, when the day-care centres and schools closed, home office had to be combined with home schooling. From the operational point of view, questions about ensuring data protection and information security have not yet been clarified. How are confidential documents handled in the domestic sphere?

It is too early to judge how much working from a home office has pushed IT security into the background. In any case, it is necessary that the safety awareness of the employees is considerably strengthened. The possible consequences are shown in the next point.

Ransomware attacks

The simultaneous occurrence of COVID 19 and a ransomware attack puts companies under particular stress. In recent months, ransomware attacks on companies have increased massively. In this “crisis within the crisis”, it has proven its worth that the “normal” crisis team and the IT crisis team worked very closely together according to common rules and procedures. The previous separation was abolished and a new
joint structure was created. In the process, something was created in this situation that would have required a lot of persuasion in “normal” times.

A necessary prerequisite for the success of this newly created joint crisis team was that possibilities were created for the “core team” to work together in one large room in compliance with all hygiene rules. The available personnel could be optimally deployed by immediately dividing the crisis team into two independently acting crisis teams.

The increase in ransomware attacks on businesses in recent months may be partly due to working from the home office. IT security has often taken a back seat. What is required is that the safety awareness of the employees is considerably strengthened. A good tool is the offer of tools and e-learning possibilities, which, for example, offer the possibility to simulate the risk of a possible phishing attack. With the Phishing Reply Test (PRT), a company can quickly and easily determine whether and how many of its employees in key departments are falling for highly targeted phishing attacks.

Role and decision making in the crisis team

Role and decision making and leadership in the crisis team pose major challenges. During the discussions with the participants in the roundtable, the experts repeatedly reported glaring leadership errors by the decision-makers in staff work. In some contributions, the “lametta bearers” did not really come off well. It has also been shown in this “crisis” that the management and leadership of a crisis team are not skills that are automatically associated with the appointment to a certain position. If you list the skills and abilities that are to be expected of a good head of staff, it reads like a requirements profile at an assessment centre. However, it must be taken into account that the fundamentally existing skills come under particular stress in a crisis team situation. “Stress desocialises” is one of the key phrases in leadership theory.

One of our basic statements on crisis management is that the core element of crisis management is a structured decision-making process in a highly escalated situation. Managing this process is the essential task of the head of a crisis team.

❏ One of the biggest challenges in staff work is the decision-making process. The challenges of decision-making are often underestimated. Poor decision-making makes an already difficult situation worse.
❏ At its very core, incident and crisis management involves responding well to a highly escalated situation based on the best available information in order to implement decisions, thus controlling the organisation’s response to the event and thereby minimising the impact of the event. [2]

This decision-making process is accompanied by modern crisis management tools [3], which support the work of the staff itself and not only a peripheral process of crisis management, such as alerting. ISO CD 22361 emphasises the importance of decision-making and recommends an approach that corresponds to our methodology, among others.

[2] This is the explicit wording of the draft of the new ISO standard on crisis management, ISO CD 22361.
[3] As an example, please refer to our crisis management tool DEMiOS 3

International coordination and virtual crisis team work require new solutions

Especially in large companies and corporations, staffs in many countries are involved in managing the situation. The question is how the work of these staffs is coordinated with each other. An important success factor in this situation is that the work of these different staffs is based on the same methodological approach. The leadership rhythm has proven to be a connecting element of the content work with the steps shown in the graphic below.

In practice, there are many different variants of the process organisation presented here. In essence, however, it is necessary that the adopted approach be used as uniformly as possible throughout the Group. A consistent methodology at the central and regional levels is important for the success of crisis management work. This approach also includes structuring the decision-making process. Decision-making itself should not be the result of a spontaneous decision, but of a controlled process. Decision-making is the core of crisis management.

In the practice of large companies, regional and local crisis teams have been provided with a comprehensive “toolset” of various elements. In addition to active support from the control centre in the event of an incident, this consists of a wealth of helpful documents and training materials. The consistent criterion for the extent of central control is the idea of “freedom in a framework”, i.e. in the case of central guidelines: “as little as possible, as much as necessary”.

A management rhythm based on the steps shown is an essential unifying element of the content-related work and should be used uniformly throughout the group (Graphic: Verismo GmbH)

Boost for digitalisation

The Corona crisis has pushed digitalisation forward by at least five years and increased the demands for digital solutions. New technologies like MS Teams are catching on. MS Teams and other communication tools have proven to be a central communication tool in many companies. Associated with this is the use of filing and sharing of information. Information is collected decentrally by the professional organisation according to established methods and delivered to the head office.

The acceptance of cloud services has increased because their security has increased and their vulnerability has decreased. The networking of solutions and their scalable availability permeates all areas. In addition to the classic crisis management topics, future requirements are coming strongly to the fore. In addition to the methodical procedure in a crisis, competences in digital communication, digital crisis management, data protection, cyber security as well as crisis communication via “old” media and social media must be demonstrated; these are basic requirements of today that will certainly become even more important tomorrow.

A future-proof crisis management application must enable a company to network existing solutions such as alerting tools, event reporting systems, collaboration tools or programmes such as Office 365 with the crisis management application via interfaces and to integrate them cost-effectively into the existing IT system landscape. Our future depends on the interactivity of the subsystems. The Corona crisis has led to new experiences at these interfaces that will change and improve our future.

Learning from the crisis

One of the essential requirements of crisis management is that at the end of a crisis, a detailed “debriefing” is carried out to carefully examine how the handling of the situation is to be evaluated.

In the waning of the COVID19 pandemic last summer and autumn, this opportunity for “lessons learned” was often missed. There are even said to have been companies where the significance of crisis management as a whole was questioned with the reference to “everything went well after all”. However, the events in autumn/winter 2020/2021 have shown that this assessment was wrong. Let us hope that later this year we will get the chance to ask again: “How was it”?

We strongly recommend that an assessment of the work of the crisis teams or “task forces” be carried out. We propose to clarify a number of questions in individual interviews with the people involved. These could include:

❏ What went well?
❏ Which contributions have promoted the result?
❏ What went bad?
❏ Were we dealing with a controlled process?
❏ What can I do to improve the maturity of the crisis management process?
❏ What contribution can I make myself so that things go better in the future?
❏ Where do I see potential for improvement?

This examination of the work of the various staffs should be done by people who were not directly involved in the work. The results could then be summarised in a report and presented with appropriate recommendations. The degree of implementation of the adopted recommendations will show the maturity of the  crisis management system.

Overall, crisis management has changed a lot over the past twelve months. Weaknesses from the past have emerged vividly. New requirements have been added, especially in the area of working in virtual staffs. With the growing realisation that the current Corona crisis may not be the last virus-triggered crisis, appropriate measures for the future are urgently needed. Otherwise, we will be in the same situation as after the bird flu: the basic knowledge is there, but it is not being used.

Download Article as PDF (German only)