Are Teams That Thrive in Crisis Poorly Managed ?

By Martin G. Moore
Well-run businesses can be boring. They donāt experience frequent crises, and donāt encounter surprises at every turn. Why? Because the leaders understand risk and they plan accordingly, avoiding the majority of disasters that other companies are routinely forced to face.
As a former CIO, I saw many of the crises that typically hit IT teamsācyber attacks, infrastructure failure, data corruption, project delaysāall of these are eminently avoidable, but to do so requires long-term planning, smart investment, and a commitment to taking preventive action, not waiting until something breaks before you even realize that thereās a risk exposure.
Itās impossible to pre-empt all the permutations and combinations of potential failure, but it is achievable to identify and mitigate the most significant risks that your company faces.
WHY DO TEAMS GET ADDICTED TO CRISIS?
Crises can be addictive. Letās unravel the DNA of the common crisis: something goes wrong, requiring dedicated focus and attention to fix⦠people feel important and valued as they swing into action⦠they work tirelessly to resolve the issue and get things back on an even keel⦠everyone collapses at the end, exhausted from the relatively short burst of effort, congratulating themselves on a job well doneā¦then, the leadership swoops in and praises everyone for resolving the crisis: We have a great cultureāwe always get the job done!
This feedback loop rewards all the wrong things, but people become addicted to the adrenaline rush, the kudos, and the challenge of a crisis (and in some cases, to the overtime payments that accompany the additional effort).
Once this becomes the predominant culture, people become comfortable living in a beak/fix cycle. In between the inevitable system failures, they catch their breath and relax, taking the opportunity to rest up until the next disaster strikes. Thereās no real focus on eliminating the root cause of a problem, nor is there appropriate attention paid to reducing the risk that something might fail in the first place.
Although the crisis culture demands that people respond with urgency when necessary, thereās no real imperative to plan ahead. Your people end up only ever addressing the most obvious, visible, and short-term symptoms of any issue. This is akin to covering a melanoma with a band-aid. Although you might think youāve ātreatedā the symptoms, itās still likely to result in catastrophic long-term consequences.
GETTING ON THE FRONT FOOT
Thereās one very important fact that we need to accept in order to change our thinking. The cost and effort required to resolve an issue once it reaches crisis point is an order of magnitude greater than the effort required to avoid the crisis in the first place.
But avoiding the crisis isnāt as much fun, and it requires a different type of workāprospective risk management work. The culture of a team that understands and considers risk on a daily basis is completely different to the sometimes cavalier attitude that breeds in the troubleshooting culture.
Letās think for a moment about cyber security. This field is constantly evolving, at an incredibly rapid pace, so itās no wonder the risk exposures are high. Moreover, itās virtually a given that no solution will ever be 100% foolproof. So how do you go about defending your organization against potential cyber security attacks?
It starts with understanding the likelihood that a certain type of attack will take place, and what that could mean for your company in terms of its consequences. If you work for an energy utility that provides public electricity infrastructure, the consequences of a bad actor hacking into your control systems could be catastrophic. However, given the nature of these control systems, and where they sit in the technology stack, itās fairly unlikely that this would happen.
Analyzing the risk, and determining how much youāre willing to invest to mitigate it is a judgment call: how long is a piece of string? What you do know, for sure, is that the consequences of not having control of critical plant doesnāt bear thinking about. This might require multiple layers of security and protection to reduce this type of attack to an extremely low probability. How can you do this, though, without exceeding the organizationās expectations for cyber security investment?
FIVE TIPS FOR STAYING AHEAD OF A CRISIS
Well managed teams largely avoid crises by planning ahead, and putting appropriate steps in place to reduce risk. Thereās no world in which all risks can be neutralizedāno-one has the resources to reduce risk to zeroābut treating them on the basis of criticality will enable you to ensure that the really big crises donāt land on your organization. Hereās a few tips for avoiding a crisis, whilst still being able to handle it on the off-chance it does strike:
#1: Understand and reduce key risks
Every leader in your team must be accountable for identifying and coming up with a plan for managing the key risks that are relevant to their portfolio. If this is emphasized, tracked, and rewarded, itās much more likely that your people will undertake the essential work of risk management, rather than just being reactive.
#2: Itās not about the spreadsheet
Many organizations fill out elaborate and complex spreadsheets or databases to assist with risk management. But itās not about the spreadsheet, which should simply be a means to an end. Sometimes, the simplest forms of risk capture are the best.
Your goal is simply to understand a few key facts: a) what is the likelihood that this event might occur?; b) if it does, what are the consequences for the company?; c) what could we do to mitigate the risk?; and d) how much is it worth investing to reduce the risk to a more acceptable level?
#3: Create a culture of challenging conventional wisdom
Ideally, everyone who works for you will harbor a risk management mindset. For example, in industrial businesses where safety is an issue, before doing anything, your people should ask themselves, āwhat could possibly go wrong with the task Iām about to perform?ā But even for less hazardous jobs, itās important to create a culture of looking at the holes in the Swiss cheese, not just admiring the cheese itself.
#4: Develop long-term focus
Itās easy to fix problems by addressing the symptomsāthe problem goes away immediately, and life can return to normal. But this is one of the pitfalls of a troubleshooting culture: symptoms will repeat if the root cause isnāt addressed. The team becomes excellent at dealing with that crisis, because every time they encounter it, itās not for the first time. As a leader, you must always be challenging your people with the simple question, āAre you addressing the root cause of this problem, and have you resolved it in a way that guarantees it wonāt re-emerge?ā
#5: Expect the best, but plan for the worst
All well-run companies have business continuity plans. In the event of an unforeseen event, what would you need to do to ensure the ongoing operation of your business? What happens when you lose connectivity to your major IT systems? How long can the business survive simply on manual processes? Knowing this in advance and testing any disaster recovery plans thoroughly will prepare you for most eventualities.
A really well-run business is one where the leaders think ahead, plan for the future, and focus their people on long-term outcomes with everything they do. Many who claim to have great teams purely because they can fix problems quickly may have missed the point and will never reach their ultimate performance potential.
Martin G. MooreĀ is the author of the Wall Street Journal bestseller,Ā No Bullsh!t Leadership. He also hosts the chart-toppingĀ podcast of the same name.
AsĀ the former CEO of CS Energy, he grew earnings from $17 million to $441 million, a compound annual growth rate of 125%, within five years.