Crisis and the extended enterprise
Withstanding crises that occur outside your four walls
Reliance on third-party service providers, along with their suppliers and partners, has become increasingly pervasive, complex, and interconnected. The decisions and actions of these providers, by default, affect your organization’s business operations and reputation. So what happens when a crisis occurs in this complex and far-reaching ecosystem? How prepared are you to respond and recover from critical events that originate outside the “walls” of your organization? Learn how an extended enterprise approach to crisis management can help you not only reduce revenue loss but also improve operational efficiencies and increase reputational resiliency during turbulent times.
- Why should you act now?
- What are the challenges?
- How can you prepare?
- How can you respond and recover?
- What can your organization gain?
Why should you act now?
Consider the impact to organizations from crisis-related events: Over the past several years, extended enterprise crises have cost organizations more than a billion dollars in fines, restitution, and lost revenue.1
What you do when a crisis strikes your organization and how you manage and work with your extended enterprise can help reduce your exposure points as well as financial losses. It can also help you preserve your brand and reputation. But only if you’ve prepared.
1 Deloitte research of publicly traded, crisis-impacted companies for 2012-2013, Deloitte Development, 2016.
What are the key challenges?
Quite frankly, without a clear understanding of your own crisis plans, you’re at a disadvantage. Developing clear strategies and performing exercises and periodic testing of those plans and strategies under different scenarios will help you recognize where your challenges may lie before a crisis occurs. Equally as important is the need to have a comprehensive extended enterprise risk management (EERM) program. Without it, you’re exposed to risks that may be further amplified in times of crisis.
The potential for operational risks is also higher without a focused and pre-determined approach. Does your service level agreement (SLA) require your third party to provide pertinent key performance indicators (KPIs) so your organization can properly monitor the performance of the provider’s services? If not, quality issues might create a problem for your product or service, which could result in financial loss or heightened reputational damage to your organization.
In the event that an incident occurs, if there’s a lack of alignment on the crisis plan with your third and fourth parties, it’s unlikely that your real-time response will be effective when the crisis hits.
How can you prepare?
Preparation is rooted in understanding your environment and having a risk strategy that’s ready to be implemented. Key aspects of preparing for a crisis are:
- Understanding your organization’s practices and the third parties with whom you engage
- Working with leadership to determine the scope and governance of your existing Crisis Management Program is expansive and mature
- Clearly defined roles and responsibilities before, during, and after a crisis
- Incorporating your third parties in your extended enterprise into your Crisis Management Program, including the performance of ongoing due diligence and monitoring
Forging relationships and an overall understanding with your organization’s third parties can help your preparation efforts. Since you don’t want to be exchanging business cards for the first time during the crisis, you should incorporate crisis plans in your discussions with third parties and stakeholders.
Watch this video to learn more:
How can you respond and recover?
To reduce your exposure points and financial losses and better preserve your brand and reputation, consider implementing these components into your third-party crisis management program:
- Lead decisively
- Continually frame the crisis
- Actively communicate and own the story
- Be ready for the unexpected
- Drive toward actionable intelligence
- Do the post-mortem and learn from past experiences
Watch this video to learn more about these six critical components:
What can your organization gain by taking an extended enterprise approach to crisis management?
Implementing a third-party crisis management program can help your organization realize:
- Consistent and repeatable procedures across your third-party portfolio
- Greater focus on the higher risk areas and better detection of incidents
- Better control over how a crisis will be addressed
- Clarity in the links between your organization and the third and fourth parties
- Increased confidence in your crisis preparedness
- Reduced analyst, regulator, and other stakeholder scrutiny
With roles defined and potential exposures isolated, you can gain deeper insight into the interaction points between your organization, your third parties, and their suppliers and partners. As a result, you’ll have a higher degree of confidence that your organization can withstand a crisis in its extended enterprise.
More from The flip side series
Rhoda H. Woo
Kristina (Krissy) Davis
Managing third-party risk to accelerate performance
Trends, innovations, and risks of the extended enterprise