This major research report, produced by Cass for Airmic (the Association of Insurance and Risk Managers in Industry
and Commerce) investigates the origins and impact of over twenty major
corporate crises of the last decade. The crises examined involved substantial,
well known organisations such as Coca-Cola, Firestone, Shell, BP, Airbus,
Société Générale, Cadbury Schweppes, Northern Rock, AIG, Independent Insurance,
Enron, Arthur Andersen, Railtrack, the UK Passport Agency and also some smaller
firms. Several did not survive and most of the rest suffered severe
The aims of the research were to trace the deeper causes of the crises, to
assess the post-event resilience of the companies involved and to consider the
implications for the risk management of companies in general.
The report is built around eighteen detailed case studies which analyse the
impact of critical events both on the enterprises most directly affected and,
in many cases, on other associated firms. There are references to around forty
organisations in total.
The case studies provide a rich source of lessons about risk, risk analysis and
risk management, in the context of critical events of many different types,
ranging from fires and explosions, product-related and supply chain crises to
fraud and IT failures. The report details over one hundred specific 'lessons
about risk' which emerge from the case studies.
Much broader lessons have also been distilled from the case studies. Several
of the firms studied were destroyed by the crises that struck them. While
others survived, they often did so with their reputations in tatters, and faced
an uphill task in rebuilding their businesses. The research concluded that the
firms most badly affected had underlying weaknesses which made them especially
prone both to crises and to the escalation of a crisis into a disaster.
These weaknesses were found to arise from seven key risk areas that are
potentially inherent in all organisations and which can pose an existential
threat to any firm, however substantial, which fails to recognise and manage
them. These risk areas are beyond the scope of insurance and mainly beyond the
reach of traditional risk analysis and management techniques as they have
evolved so far. In our view, they should be drawn into the risk management
process. They are as follows:
A. Board skill and NED control risks-
limitations on board competence and the ability of the Non-Executive Directors
(NEDs) effectively to monitor and, if necessary, control the Executives.