5 Steps To Create A Crisis Management Plan

A crisis can come in many forms, such as a global pandemic, natural disaster, loss of essential documents, problems with the supply chain or anything else in between. Every business must therefore ensure that there is a crisis management plan to use in case of an unpredictable event or a situation that can negatively impact a business or its reputation. How organisations react to a crisis depends on various factors such as maturity, whether it is prepared for a crisis, financial viability and scale.

As you are probably aware, few (if any) businesses were prepared for the Covid-19 pandemic in 2020. Many companies failed or had to restructure, create new processes and change their working environment completely to survive. Now, organisations are well aware of the importance of having a crisis management plan and are conducting a routine risk assessment to prevent any unexpected events in the future.

In this article, we will understand how to create a strong crisis management plan that can help your business reduce risks and be prepared for the unexpected.

What is crisis management plan

A crisis management plan or a risk mitigation plan is a document that defines how to deal with various risks and what actions and processes have to be taken to remove or mitigate the threats.

For business, risks can mean various things such as uncertainty in quality, costs or schedule. The risk management plan aims to identify those and develop a system that can mitigate negative impacts and maximise potential positive outcomes.

However, it might be easier to say than do. A common problem with humans is that we often think we have control, but in reality, it’s the complete opposite. For example, we tend to think only of the risks we have previously encountered or heard of, which limits our ability to think of less likely events. We can also be pulled into a default decision rather than coming up with a new and different solution that is better suited to the current crisis.

When building your risk management plan, ask yourself if you are becoming a victim of those biases and ignoring real risks.

What type of risks should you be thinking of?

Have you ever wondered what type of risks can affect your business? This will vary business-to-business, of course, but here are some common risks.

  • Management – Risks can come from scheduling, planning or communication.
  • Technical – Risks can include performance, quality and technology.
  • Organisational – Risks relating to logistics, resources, budget or projects.
  • External – Risks relating to users, customers or suppliers.

Each risk has a level of awareness

The definition of risks and unexpected events is that they cannot be planned. However, that doesn’t mean that you shouldn’t be aware of them.

  • Risks which are known – Those risks have already been spotted by a stakeholder and have been brought to the attention of someone in the company. In that case, it should be analysed and documented.
  • Risks which are unknown – Those are risks that no one has discovered, so they require more attention and have to be discovered during risk planning.
  • Risks which cannot be known – There are some risks which you cannot possibly foresee—for example, a pandemic or market crash.

Five steps to creating a crisis management plan

Creating a crisis management plan is straightforward and includes identifying the risk, analysing it, prioritising, preventing contingency, and monitoring it.

Identifying the risk

The first step of crisis management planning is identifying all possible risks your project or business might face. It’s worth noting that it should be a common practice done at the beginning and through the project development.

In this stage, you should look deeper into those four risk categories we discussed.

Some possible ways to identify a risk are:

  • Risk checklist
  • Brainstorming session
  • Interviews
  • Analysing assumptions

A good risk analysis should involve as many people in your organisation as possible. You should speak to your team, stakeholders and outside experts if you need additional expertise.

Once you have identified those risks, you must document them. The best practice is to give a bit of explanation rather than writing “a slow website”; try writing:

“If our website speed is slow, we will have difficulty acquiring new customers, which can negatively impact our profits.”

  Risk analysis

Once you and your team have identified potential risks, it’s time to analyse them. The questions you should ask yourself are:

  • How often can it happen?
  • What are the consequences?
  • How likely is it to happen?

Those factors allow you to understand the scope and probability of risks and give importance to each one of them. By giving greater attention to possible uncertain events, you can discover common issues across your organisation or a project and refine the risk management plan for the future.


Next, you should rank them on a scale of likelihood and impact. You can visualise it on a table such as Risk Matrix to make it easier. By doing so, you can better understand the risks and how urgent your response has to be.

This step of crisis management planning can give you a full view of your organisation and shows you where to focus. Moreover, if the plan is made for a particular project, it will allow your employees to come up with various solutions for each risk, so once the risk happens, there is no need to stop.

Preventing and Contigency

For each identified risk, a business should come up with a response to help prevent it, such as:

  • Avoiding the event by removing the threat.
  • Mitigating by implementing processes to reduce the risk’s impact.
  • Transferring the risk to external stakeholders or to a team that can tackle it.
  • Accepting the risk and its negative impact.

Remember that not all risks need the same level of response – that should be based on the risk matrix. There is no point in spending many of your resources on a low probability and impact risk if they could be better used elsewhere.

If the identified risk happens, you should be equipped with a contingency plan. This document should outline what has to be done, the workflow and whom to inform. Some things you should consider are:

  • Where to allocate teams, budget and various other resources.
  • Whom to notify.
  • Develop a plan of action.
  • Identify whether there are any alternatives or if there is someone who can help.


The last step is monitoring. Keep in mind that crisis management is a continuous process. Unknown events are common; therefore, your plan should constantly evolve and adapt. There should be a person responsible for identifying risks, prioritising them and ensuring that everyone in the organisation is aware of them. Risks can also change, so if something was a low probability risk, there is a chance that it will become a high risk in 6 months.

An easy way to fail a project is to pretend that there is nothing that could ever go wrong. By implementing a smart crisis management plan, your organisation can always be prepared for unexpected events.

Read also:What is business risk management?

Zaman Lashari
Zaman Lashari
Articles: 706