How to write an effective charity crisis plan

The charity sector has been hit by a raft of scandals in recent years, from safeguarding concerns and allegations of high pressure fundraising tactics to serious financial and data security incidents.

 

The last year has also seen an escalation of crises involving allegations of racism, sexual misconduct, and bullying within charities own ranks.

 

Oxfam is among large charities that have been embroiled in safeguarding scandals in recent years.

 

Small charities impacted include Devon and Cornwall Autistic Community Trust, which has been subject to critical health inspection reports highlighting safeguarding failures. In 2022, the Charity Commission launched an inquiry into the charity due to the severity of the concerns.

 

Meanwhile, Macmillan Cancer Support and Amnesty International UK are among charities to tackle crisis involving racism among staff in recent years.

 

To help charities handle such incidents, an effective crisis plan should be put in place. This can significantly minimise reputational damage, map potential risks and highlight examples of the kind of incidents charities can prepare for.

 

Here we offer a step-by-step guide to charities to creating an effective crisis plan.

 

 

Identify goals

 

When developing a plan, charities need to identify what they want it to achieve. There are likely to be several goals, such as protecting beneficiaries from harm, safeguarding employees, minimising reputational damage, and preserving the smooth running of operations.

 

Another goal is likely to be ensuring that tackling crises is the responsibility of everyone in the organisation.

 

While charity leaders, including its board and chief executive, are likely to lead on crisis planning, implementing it will be everyone’s responsibility, to minimise threats such as racism, fraud, and poor fundraising techniques.

 

Further good practice in developing a crisis plan is to involve staff. Canvass them for views on potential threats and ways the charity can tackle them.

 

 

Mapping risk

 

Such groupthink is vital for charities to ensure their plan is effectively mapping risk.

 

The mapping approach looks in detail at risks associated with the charity’s work.

 

For some charities, such as those that work with vulnerable people, issues around safeguarding could take precedence. Whereas for those that manage a large amount of data, averting a digital security crisis could be the focus.

 

Risk mapping should be an organic process that is constantly reviewed. This ensures emerging risks are factored in, such as if a charity diversifies into a new area that carries more risk, like supporting communities hit by disaster or conflict.

 

Charities are advised to run workshops with staff and stakeholders before mapping risk and creating an achievable plan to meet challenges head on.

 

 

Scenario planning

 

A crucial part of crisis planning is to offer staff the chance to rehearse how they and the organisation will react when the worst happens.

 

Scenarios should be staged regularly, like a fire drill for crisis management. For example, the charity’s finance team could take the lead on what the organisation should do if attacked by hackers using ransomware.

 

Set up a scenario where a safeguarding scandal breaks. This could perhaps involve a third-party provider abroad, or a senior member of the charity leadership team. How will the PR team react? What impact will it have on the charity’s reputation?

 

Scenario planning decision making needs to be recorded and assessed afterwards, to see how the organisation can improve its response. This is especially important in putting in place plans to protect staff and beneficiaries.

 

 

Creating guidelines and workable plans

 

The setting of goals, mapping of risks and evaluation from the rehearsal of scenarios can then be fed into crisis management planning. Guidance in the plans should be easily accessible to all staff and show clear pathways for how they can safely react to challenging situations.

 

For example, if a digital security risk is detected, such as ransomware, do staff know who to contact? Do leaders know which regulatory bodies, such as the Charity Commission or Office of the Information Commissioner, to call?

 

 

Crisis planning checklist

 

• Ensure all potential risks are mapped and analysed
• Include trigger points when crisis protocol should be enacted. For example, detail what action should be taken when a crisis first occurs, during the incident, and when the main threat has passed
• Detail a chain of command of who to contact when a crisis occurs. This could include specifying who raises the alarm to ensure specific teams are alerted, such as the PR or IT departments
• Communicate internally and establish a clear way to keep staff and stakeholders informed
• Communicate externally so that the wider public are aware of the incident. Transparency is key and organisations can damage their reputation if the public think a crisis is being covered up
• Make sure staff are trained in dealing with a crisis and are familiar with the crisis management plan and possible scenarios
• Black box thinking is needed. After each crisis review how decisions were taken to further improve responses. What went well? What went less well?