|
Continued from previous page
For companies, there are similar
interdependencies within organizations
that could lead to business disasters.
For example, Arthur Andersen
was sent into bankruptcy because of
the action of a relatively independent
unit in Houston, and the Barings
Bank in London was destroyed by the
actions of a single trader in Singapore.
In these cases, the autonomous players
within the company had incentives to
pursue their individual interests even
when they threatened the security and
survival of the larger organization.
"One of the most important things
that managers should take away is the
recognition of the interdependencies
and complexities within an organization,
if each division is operating in
a semiautonomous fashion,"
Kunreuther says.
In addition to these internal concerns,
managers have to recognize that
to address problems such as security,
they may need to look beyond the
borders of their own organizations.
"There is also need to cooperate outside
the organization," he says. "Think
in terms of associations and the important
role they can play. Appreciate the
importance of public/private partnerships,
regulations, subsidies and fines,
taxes, and third-party inspections."
Risk Management:
Bhopal, Chernobyl,
Valdez, WTC
How do individual companies protect
themselves from natural disasters,
accidents, or terrorist attacks that
could sink their businesses? The field
of risk management has developed
rapidly over the past few decades,
spurred on by a series of well-publicized
disasters. Risk management
arrived in force in the chemical industry
with the leak of poisonous gas at a
Union Carbide plant in Bhopal, India,
in 1984, which killed more than 3,000
people and injured thousands of others
in the surrounding villages. In 1986,
the meltdown and explosion at the
Chernobyl power plant in the Ukraine
and the Exxon Valdez accident in
1989 hammered home the importance
of risk management.
"People realized then it could sink
a company," says Paul Kleindorfer,
co-director of Wharton's Risk and
Decision Processes Center. "A major
company, Union Carbide, with
111,000 employees disappeared from
the planet because of Bhopal. This
was a gripping, chastening experience.
These incidents gave rise to the whole
risk management paradigm and particularly
the crisis management side of it."
While risk management was well
recognized in safety-intensive and
environmentally sensitive industries,
it wasn't until the terrorist attacks on
9/11 that managers realized every
company needs to be concerned about
this issue. Terrorist attacks also
expanded imagination about potential
risks. Kleindorfer humbly points out
that while he has written ten books on
the postal service, not one of them recognized
the potential for a few letters
containing deadly anthrax spores to
bring the entire system to its knees.
How do companies address these
challenges? The standard risk management
paradigm that has emerged follows
four key phases:
- Vulnerability and threat assessment:
Understanding what parts of your system
are vulnerable to natural disasters
or terrorist attacks.
- Risk assessment: Once you can see
the vulnerabilities, you need to determine
which ones are most important
so you can focus on the big ones.
- Risk management: These risks can
then be managed by mitigation of the
risks through strategies such as hardening
the facility, containment, or mitigating
the consequences through
mechanisms such as insurance.
- Crisis management: These are the
plans for responding quickly and effectively
to disasters and other crises.
|
