This major research report, produced by Cass for Airmic (the Association of Insurance and Risk Managers in Industry and Commerce) investigates the origins and impact of over twenty major corporate crises of the last decade. The crises examined involved substantial, well known organisations such as Coca-Cola, Firestone, Shell, BP, Airbus, Société Générale, Cadbury Schweppes, Northern Rock, AIG, Independent Insurance, Enron, Arthur Andersen, Railtrack, the UK Passport Agency and also some smaller firms. Several did not survive and most of the rest suffered severe damage.

The aims of the research were to trace the deeper causes of the crises, to assess the post-event resilience of the companies involved and to consider the implications for the risk management of companies in general.

The report is built around eighteen detailed case studies which analyse the impact of critical events both on the enterprises most directly affected and, in many cases, on other associated firms. There are references to around forty organisations in total.

The case studies provide a rich source of lessons about risk, risk analysis and risk management, in the context of critical events of many different types, ranging from fires and explosions, product-related and supply chain crises to fraud and IT failures. The report details over one hundred specific 'lessons about risk' which emerge from the case studies.

Much broader lessons have also been distilled from the case studies. Several of the firms studied were destroyed by the crises that struck them. While others survived, they often did so with their reputations in tatters, and faced an uphill task in rebuilding their businesses. The research concluded that the firms most badly affected had underlying weaknesses which made them especially prone both to crises and to the escalation of a crisis into a disaster.

These weaknesses were found to arise from seven key risk areas that are potentially inherent in all organisations and which can pose an existential threat to any firm, however substantial, which fails to recognise and manage them. These risk areas are beyond the scope of insurance and mainly beyond the reach of traditional risk analysis and management techniques as they have evolved so far. In our view, they should be drawn into the risk management process. They are as follows:

A. Board skill and NED control risks- limitations on board competence and the ability of the Non-Executive Directors (NEDs) effectively to monitor and, if necessary, control the Executives.