Int. J. Risk Assessment and Management, Vol. 2, Nos. 3/4, 2001

319

Strategies to reduce the impacts of disasters on business processes: the case of business continuity John E. Laye Continuing Education in Business and Management, University of California at Berkeley, Contingency Management Consultants, 346 Rheem Blvd. – Suite 202, Moraga, CA 94556-1588, USA E-mail: [email protected]

Ma Isabel Martinez Torre-Enciso Business and Management Department, Universidad San Pablo CEU, R.C.U. Escorial-Mª Cristina (U.C.M.), C / Cuesta de San Vicente 24, 28008 Madrid, Spain E-mail: [email protected] Abstract: Events that are described as ‘disasters’ are those that cause severe impacts on human activities. Severe impacts can be reduced, and some can be eliminated for practical purposes, through suitable strategies. The aim of this paper is to discuss different ways to facilitate a comprehensive approach from policy level through middle and down to operational management. We will further discuss how the comprehensive approach can identify which business processes should not be, or can be, interrupted, integrating business continuity into overall strategy, and describe techniques to insure continuity of critical business processes. Part of this paper’s report is our research, which includes interviews with executives knowledgeable about their corporations’ crisis management planning. Recent literature and curricula for emergency management professionals now emphasize mitigation and recovery. In conjunction, directives from senior management and regulatory agencies are impelling a comprehensive management approach. One logical result is that business continuity has become one of several strategies used to reduce the impacts of disasters. The authors advocate using senior management’s perspective to select criteria that can identify which business processes require the business continuity strategy. They believe managers at the policy level should facilitate using the comprehensive approach by setting the criteria for the next two levels’ managers to apply. The authors expand the discussion, noting ‘strategy’ is applied differently at each of the three management levels. The authors propose seven impact categories that can determine when to apply business continuity or another strategy. They conclude by outlining management techniques to incorporate business continuity into overall strategy. Keywords: Emergency Preparedness Planning; crisis management; decision making; business continuity; emergency management; disaster. Reference to this paper should be made as follows: Laye, J.E. and Martinez Torre-Enciso, M a.I. (2001) ‘Strategies to reduce the impacts of disasters on business processes: the case of business continuity’, Int. J. Risk Assessment and Management, Vol. 2, Nos. 3/4, pp.319–329. Copyright © 2001 Inderscience Enterprises Ltd.

320

J.E. Laye and Ma.I. Martinez Torre-Enciso Biographical notes: John Laye is a Managing Partner of Contingency Management Consultants and Director Emeritus to the University of California at Berkeley’s certificate program for emergency preparedness managers. His disaster management experience began in 1972 with hurricane Agnes. John began instructing other managers at California’s Specialized Training Institute and continues public policy instruction at FEMA’s Emergency Management Institute, also teaching Strategic Planning and administering the Practicum at the University of California’s Extension. He was elected a Certified Management Consultant in 1992, and was elected a Fellow of the Business Continuity Institute in 1997. His master’s (MS) is in Systems Management from the University of Southern California and his BA from the US Naval Postgraduate School. His academic research with Professora Maria TorreEnciso of Madrid centres on executive decision making and is the basis for their research papers and articles in business and professional journals. Other professionals attend John’s lectures for symposia in North America, Europe and Asia, where he connects research findings to the real world, Europe and Asia. He also provides litigation support and expert witness services to attorneys addressing due diligence issues after disasters and similar events. Maria Isabel Martinez Torre-Enciso, is an Assistant Professor in the Business and Management Department at the Universidad San Pablo CEU, Spain and the RCU Escorial-Ma Cristina del Escorial (UCM) where she has been teaching management and finance for the past nine years. She has also taught in other European and North American Universities. She received her PhD in 1996 from the Universidad Complutense de Madrid, Spain. She has published more than 20 papers on emergency management and other fields in national and international reviews and has participated in several international symposium and conferences. She is a member of different professional associations and working groups. Her research interests are emergency management, business continuity, risk management and international financial markets. She also works as a free consultant for companies and government agencies.

1

Introduction

Natural and anthropogenic events that are described as disasters are usually those with severe impacts on human activities. Such impacts can be reduced, sometimes to a point approaching elimination, by implementing suitable management strategies. In recent years, emergency management professionals’ writings have begun to shift from a nearly exclusive focus on the response phase of emergency management to articles on the mitigation and recovery phases [1]. The curricula of institutions’ classroom training topics and even their addition of ‘recovery’ exercise workshops reflect this shift. Continuing this evolution, very recent emergency preparedness policy education for emergency managers has incorporated longer-term restoration [2]. Recent directives promulgated by senior management and financial regulatory organizations have addressed issues of: wide distribution, vertical integration, and time lines before and after destructive events; in short, comprehensive emergency management [3]. One logical result is that managers’ impact assessments are now identifying business processes that can be allowed to shut down and be recovered later. The corollary is the discovery that shutting down some business processes would generate impacts so severe that they should not be interrupted. For those, a strategy of business continuity, rather

Strategies to reduce the impacts of disasters on business processes

321

than recovery is necessary. The next obvious issue is selecting criteria to differentiate business processes [4] in order to match candidate processes with different strategies.

2

Facilitating a strategic approach from the policy level

To begin the process, a strategic viewpoint is necessary. The “strategic vision can be described as the concept for a new and desirable future reality that can be communicated throughout the organization” [5, p.79]. The organization’s response should be to marshal its resources to achieve the strategic vision throughout the strategic management level. There are many definitions of strategy and more specifically of corporate strategy. This term was originally used to describe “the pattern of decisions that determined a company goals, produced the principal policies for achieving these goals and defined the range of businesses the company was to pursue” [6, p.59]. The evolution of this concept brings nowadays a more inclusive definition: “corporate strategy is the way a company creates value through the configuration and coordination of its multimarket activities” [7, p.5]. Strategies exist at a number of levels in the organization. It is possible to distinguish at least three different levels of organizational strategy with different ranges of decision making. First is the corporate, strategic, or policy level. For many organizations, the main issues at this level are about the overall purpose and scope of the organization. The decisions at this level are called policy decisions or strategic decisions. This level is identified with “the overall plan for a diversified company” [8, pp.43–59]. Being clear about this level of strategy can be very important because it is a key basis for other strategy decisions. The second is the business strategy level. The decisions taken at this level are called tacticals, and provide directions for the efficient distribution of resources to achieve the strategic level targets. This level is concerned with the issue of building a sustainable competitive advantage in a discrete and identifiable market and can be thought of in terms of business units’ strategies. Here a strategy is about how to compete successfully in particular markets; the concerns are therefore about how advantage over competitors can be achieved, what new opportunities can be identified or created in markets, which products or services should be developed in which markets, etc. At this point it is important to define what a ‘strategic business unit’ (SBU) is. It is a unit in the overall organization for which there is an external market for goods or services different from other SBUs. It is very important to be clear about the needs of customers or clients and how competitors are placed for a particular strategic business unit [9, pp.90–91]. So there is a double purpose in establishing the SBU: On one hand, to identify key factors of each differentiated activity; on the other hand, to establish internal and external similarities and differences that could arise in the different businesses. The third level of strategy is at the operating end of the organization. Here, strategies are concerned with how the different parts of the organization (in terms of resources, processes, people and their skills) are pulled together to form the structure which will effectively deliver what the overall strategic direction requires. The decisions taken at this level are called functional or operational decisions, and are concerned with day-today company activities. Because emergency preparedness is essential throughout the company and is run by the organization's managers, emergency strategies should be

322

J.E. Laye and Ma.I. Martinez Torre-Enciso

developed throughout the three levels, matching the different kinds of issues addressed by each set of managers. The three levels described form a strategic hierarchy with responsibilities corresponding to different persons within the organization. Also, those levels do not represent different problems, but only different aspects of the same strategic problem for the company. This concept introduces the necessary interrelation between the different levels for a successful comprehensive corporate strategy. “That means the decisions taken on the upper level condition the decisions that will be taken on the other lower levels because the first ones define the context in which all other decisions will be taken” [10, p.19]. For this reason, “the information interrelation and communication between the different levels responsible is absolutely necessary for the coordination of the different strategies and the consecution of the coherence and consistence of them within the main objectives of the company” [11, p.57]. This paper tries to connect the different levels of strategy in any organization through all decision making levels, looking for the word ‘strategic’, in several senses. The first is a broad, or expansive, viewpoint. Management literature of the recent past used the term ‘horizontally-integrated’ for this concept. The second part of the required strategic viewpoint is understanding the interfaces and functions up and down the line of authority – vertically integrated. The final requirement is a concept of causes and effects beyond one or two cycles of the business processes being considered. That strategic viewpoint is best achieved from the organization's policy level exemplified by Senior Vice Presidents upward through Boards of Trustees or Directors.

3

Research – methodology

By sending a research questionnaire to, and later conducting interviews with a few companies’ senior managers, [12] the authors tried to study the strategies selected in support of goals adopted by corporate managers when they become aware of threats to continued business operations. We chose corporations in the financial sector listed in the Fortune 1000 group, and executives whose titles ranged from Vice President to Treasurer. The research questionnaire was divided into four steps with a total of 18 questions. •

The first group of questions was about company goals. We postulated that threat recognition would generate goals usually focused on one or more of the following three: insuring corporate survival, mitigating the corporation’s losses, or improving the corporation’s position.

Based on the responses to question number 1, ‘Is our premise realistic?’ 60% of the sample recognized the three potential goals and 40% added one more: elimination of the threat by responding to question number 2, ‘Do you know of other goals adopted in response to these threats?’ Regarding question 3 and 4, ‘Has this corporation adopted any of these goals?’ and ‘Which goals?’, 20% had not adopted any goal, 20% had adopted the first two, another 20% had adopted all three, 20% had adopted the three plus ‘elimination of the threat’, and the other 20% had adopted survival and mitigation as their current goals, with improving the corporation’s position as a deferred goal.

Strategies to reduce the impacts of disasters on business processes •

323

The second group of questions were about possible strategies to achieve the following goals: business continuity, quick restoration, recovery over a longer period, and addressing lower priority business processes after a threat materializes as an event. We inferred that different strategies might be applied to different business processes within the corporation.

All the executives interviewed thought these were realistic strategies (number 5). Question number 6, ‘Are there other strategies?’ brought a variety of responses. 20% had adopted strategies for only a few of its business processes (business units), but plan to apply them to all units over time. The companies that have selected ‘elimination of the threat’, extended that concept into strategies as follows: 1

change processes,

2

shore up the infrastructure,

3

diversify, and

4

marketing and public relations.

Strategy 3 meant to develop other customer services to maintain profitability, and Strategy 4 meant to overcome the potential for loss of customer confidence by emphasizing positive aspects during disasters. Twenty percent of the companies had done nothing for advance preparation. •

The third group of questions was about when a shift in strategy is needed. The researchers reasoned that certain business processes are more important or less important, dependent on where a corporation is in its business cycle. We therefore asked whether a shift in strategy would be needed through question numbers 10, 11 and 12: ‘Is this a realistic premise?’ ‘Does that happen in this corporation’s plans?’ and ‘What criteria determine which strategy to apply, and when do strategies change?’

All the interviewees agreed that a requirement for strategy shifts is realistic, though 20% said it was not part of the corporation’s planning. This was the same 20% with the ‘no preparation’ strategy. The other 80% replied with variations reflecting urgency based on the position in their business cycles when the event materializes, and differed by time sensitivities in the several business processes contemplated. The responses tended to be too complex for a paper of this length because of the number of variables entering the decision process. Attempting to summarize: for financial trading companies, urgency attaches to monthly, quarterly, and annual report dates, as well as trading volumes. Some executives noted that critical dates associated with the Year 2000 phenomenon added to that company’s selection of strategies. Continuing with the variety and peculiarity of responses, one financial institution affected by mergers tied strategy changes to organizational changes. It also reported that the type of materialized event (disaster, emergency) would drive strategy change. Another noted the necessity to move information system processing to a hot site [13], and stated its strategy would depend on the time required to effect the move vis-à-vis where it was in the trading day. Another response was based on the number of hours or days that business processes were expected to be inoperable, noting that a priority system assigned to its business processes was in place. Logically, the companies without pre-planning did not address this issue.

324 •

J.E. Laye and Ma.I. Martinez Torre-Enciso The last group of questions was related to actual experiences. Significantly, companies without plans had not yet had an event that impacted on their business operations. The other 80% of the sample have. In order to determine the training for those strategies, we asked these questions: ‘Have these goals and strategies been tested in your corporation?’ (number 13), ‘In management training exercises?’, ‘On what scale?’, ‘What scenarios were used?’ (number 14).

Forty percent of corporations’ senior managers responded that no management training exercises had occurred. The other 60% had conducted exercises although the scale they used was limited to their crisis management teams. Only 20% discussed a scenario, which was typically a credible bomb threat, resulting in a simulated evacuation of its headquarters’ office building. ‘Have these goals and strategies been tested in real-world crises?’ ‘On what scale?’ or ‘What was the situation?’ (number 15) was the set of questions that asked about actual situations. Eighty percent had experienced actual crises such us power outages, or an explosion where building evacuations were conducted. Those resulted in the transfer of critical business processes to hot sites. We went on to try to discover if there had been attempts to assess the effects of the strategies: ‘What criteria were used to assess the results?’ (number 16), ‘What were the results?’ (number 17) or ‘Did the corporation decide to make any changes?’ (number 18). Sixty percent of the financial organization sample surveyed, responded to those questions. The criteria generally related to predetermined time objectives for the restoration of critical services. In addition, 20% compared its team’s actions to the preestablished procedures. As a special issue, the results from one company indicated that the team needed more rehearsals. The responding organizations’ resulting changes were more frequent tests of plan arrangements and additional training for their teams. For companies that moved to hot sites there was minimal loss of business or market share.

4

Impacts and their categories

Because the strategic viewpoint is necessary, but seldom internalized by middle managers, senior management has a responsibility to encourage and facilitate examination of the impacts events can cause. The leadership methods likely to prove successful are beyond the scope of this paper, but impact categories are not. Arguably, there are seven.

4.1 Human factors Probably most important, and certainly an essential category among impacts, is human factors. No operation, enterprise, service, nor function affected by the events we are contemplating, can continue without people. Whether termed ‘employees’, ‘providers’, ‘regulators’, or ‘____________’ (reader’s choice), either the function’s reason for being or means of accomplishment depends in some critical way on people. The term of choice to generalize in emergency management has become stakeholders [14, p.11]. Impacts on people are often those most managers think of first, lightening senior management’s burden to emphasize the importance of assessing this category of impacts.

Strategies to reduce the impacts of disasters on business processes

325

4.2 Environment Taking the long-term strategic approach, the next category for impact assessment is often the environment – environment, as in ecology, rather than the classic definition of fixed constraints outside a manager’s control [15, p.29]. This impact will not occur to many middle managers. For some business processes, this impact may be negligible; for others it may be extensive. In any case, it is prudent to assess each business process for environmental impacts if there is no mitigation before, nor response during the event.

4.3 Confidence Third, there may be impacts on confidence about the organization. Until recently, this was often termed ‘image’, but the pejorative connotation reduced that term’s value in defining this concept [16, pp.15–27). The confidence of several identifiable groups is essential: employees, customers, suppliers, staff, directors, regulators, legislators and others that readers will no doubt recognize as important and add to the list. A close corollary is morale.

4.4 Legal There are legal impacts for most adverse events. The legal systems in several states in the USA will cause readers to think of civil liability there, but there are legal aspects beyond that. There may be contractual performance obligations. In countries with legal systems based on socialist models, there may be obligations to employees and to the government [17]. Unique to California (so far) is a state penal code section imposing criminal sanctions on individuals, with maximum fines of $10,000 per day as an extreme example. Legal and political impacts are often linked.

4.5 Political The next category for consideration is political impact. When an event occurs with considerable human involvement, one or more interest groups will often see opportunities to advance their viewpoints. In many cases, lawmakers respond in haste by investigative hearings, directions for staff recommendations, and draft legislation.

4.6 Functional/operational Major events often interrupt, diminish, or destroy capabilities to conduct ongoing business functions or operations. The term ‘business process’ is beginning to replace ‘business function’. Often, these impacts are situational, or time-sensitive. An example is the ability to produce cheques. Two days after payday, the loss of cheque writing capability would almost be a non-event. Conversely, two days before payday …... There are many such capabilities, specific to an organization's departments or business units. The importance of involving the implementors in assessing specific impacts driven by hazard-specific event scenarios would be hard to exaggerate.

326

J.E. Laye and Ma.I. Martinez Torre-Enciso

4.7 Material The final category is material items that will be impacted on by many event scenarios. In general, these are replaceable and often easily valued insurable items. Examples are buildings, supplies, and equipment. Exceptions abound: original edition books and architectural heritage buildings are two. Permitting destruction of the latter may produce major confidence impacts. Assessing the impacts of foreseeable hazard event scenarios in those seven categories facilitates determining which business processes can be allowed to cease operation, then be recovered, and which deserve proactive mitigation to assure business continuity. Achieving consensus about those priorities is another matter beyond the scope of this paper.

5

Integrating business continuity into overall strategy

At the policy level, establishing rational criteria for transition points between interruptible and uninterruptible functions should remove the burden of individual case decision making from senior management. The authors recommend proactive case studies as management exercises, perhaps at more than one representative site to pilot development of those criteria. Several techniques have been employed to assure business continuity. They are often used in combination.

5.1 Alternative site capability, more often called a ‘hot site’ For information systems, the ability rapidly and remotely to switch to an alternative site is favoured. In this, as in most of the suggested techniques that follow, realistic testing is essential, not least because the human element is so variable.

5.2 Engineered robust systems This technique is increasingly employed for earthquake scenarios. One can strongly anchor equipment and add base isolation even to very large buildings. Some building types flex without breaking up in all but the strongest earthquakes. Engineering robustness is less easily achieved for flooding scenarios, including local flooding scenarios initiated by broken pipes and obstructed drains. It is very difficult to achieve for fire and terrorist scenarios, especially because the latter involve deliberate selection of weak points.

5.3 Modifying existing procedures Occasionally, rethinking a ‘necessary process’ eliminates or greatly reduces the hazard. Changing a water treatment chemical from liquid or gaseous chlorine to sodium hypochlorite, or eliminating chemical treatment in favour of ozone are examples. For liquid chemicals, raising containment dykes to become adequate for the total volume of the tanks inside them is effective. Another is insuring that tanks’ contents will not react dangerously if mixed when more than one is breached, and so forth. Thinking ‘outside the box’ makes these management exercises entertaining as well as challenging.

Strategies to reduce the impacts of disasters on business processes

327

5.4 Redundancy This approach need not fall to a cost-benefit assault if alternative uses for the redundant item can be found. Thus, conference rooms can be designed to function as Emergency Operations Centres (EOCs), schools become personnel care and shelter areas, and storage areas convertible to announcers’ booths or dispatchers’ rooms, can be added to transmitter sites.

5.5 Contingency planning Accepting that some probability exists for failure of a key business process, planning for alternative ways to meet the end users’ needs is a valuable manager’s tool. Examples of planning to reduce human factors impacts are: 1

Developing an ability to obtain and dispense enough cash to take care of employees' families’ immediate needs (milk for the baby, ice for the milk …..), will free the minds of employees who must restore essential business processes.

2

Developing a quick-response capability for cooperative day care for the children and aged relatives who are employees’ responsibilities will do the same.

These are but two uncomplicated (?) examples of this technique. There are other techniques, but those may prove adequate while keeping within practical limits for purposes of this paper.

6

Conclusions

Severe impacts on human activities result in events being described as disasters. However, the severity of impacts can be greatly reduced through management strategies. Recognizing that, recent literature and curricula for emergency management professionals have emphasized mitigation and recovery instead of immediate preparations and response. In conjunction with that change, directives from senior management and regulatory agencies are impelling a comprehensive management approach. One consequence is that business continuity is becoming one of several strategies considered to reduce the impacts of disasters. Senior management’s perspective can be used to select criteria to identify which business processes require the business continuity strategy. Managers at the policy level should facilitate the comprehensive approach by setting the criteria for the next two levels’ managers to apply. The authors note the term ‘strategy’ is applied differently at each of the three management levels. Results of our research indicate that senior managers are using discrete selection criteria and selecting the business continuity strategy as distinct from other strategies. The authors propose that seven impact categories be used to structure data collection which can then help determine when to apply business continuity, differentiated from other strategies. We also propose the several management techniques we outlined as useful when incorporating business continuity into overall corporate strategy, and that contingency planning provides a viable alternative, should the strategies adopted fail to reduce critical impacts sufficiently.

328

J.E. Laye and Ma.I. Martinez Torre-Enciso

Regarding future research, the authors queried a small number of financial institutions in a limited geographical area, and suggest investigators may wish to expand this research beyond our study’s parameters. Another part of our research included tests of the strategies’ efficacy. The data from this latter part are somewhat equivocal, therefore that topic is proposed for further research.

Acknowledgement The authors would like to acknowledge those senior managers who participated in this research, for their time, help, comments and support.

References and Notes 1

2

3 4 5 6 7 8 9 10 11 12 13

14 15 16 17

Pickett, J.H. and Block, B.A. (1991) ‘The future of emergency management’, in Emergency Management: Principles and Practice for Local Government, T.E. Drabek, and G.J. Hoetmer (Eds.), ICMA, USA, pp.309–336. Fluman, A.H., Laye, J.E., et al (1998) ‘Comprehensive (long-term) redevelopment’, Session 20 of Integrated Emergency Management Course – Recovery and Mitigation, Emergency Management Institute of the Federal Emergency Management Agency, Emmitsburg MD. Comptroller of the Currency and Administrator of National Banks (1989) ‘Corporate contingency planning’, (Banking Circular 177), Washington DC, revision of July. The use of the term ‘business process’ here equates to ‘business function’, or ‘operation’. Rowe, A.J., Mason, R.O., Dickel, K.E., Mann, R.B. and Mockler, R.J. (1994) Strategic Management, a Methodological Approach, Addison Wesley Inc., Fourth Edition, USA. Andrews, K.R. (1977) El Concepto de Estrategia en la Empresa, Universidad de Navarra, Pamplona. Collins, D.J., and Montgomery, C.A.(1997) Corporate Strategy, Irwin-McGraw-Hill, USA. Porter, M.E. (1987) ‘From competitive advantage to corporate strategy’, Harvard Business Review, May-June, pp.43–59. Menguzzato, M. and Renau, J.J. (1991) La Dirección Estratégica de la Empresa: Un Enfoque Innovador del Management, Ariel Economía, Barcelona. Hunger, J.D. and Wheelen, T.L. (1996) Strategic Management, Addison Wesley, 5th edition, Reading, Massachusetts. Cuervo, A. (1995) ‘La dirección estratégica de la empersa’, in Dirección de Empresas de los Noventa, Homenaje al Profesor Marcial-Jesús Lopez Moreno, Civitas, Madrid, pp.51–69. Authors have chosen a sample of five financial institutions to develop this research paper. A hot site has the correct computers, terminals, telecommunications, and supporting equipment already in place at a prearranged location outside the hazard area and is temporarily leased from a company that provides this service. Johnson, G. and Scholes, K. (1997) Exploring Corporate Strategy, Fourth Edition, Prentice Hall, UK. Churchman, C.W. (1968) The Systems Approach, Dell Publishing, Inc., New York, p.29. Sheldon Green, P. (1997) La Dirección ante Situaciones de Crisis, Biblioteca de Empresa, Financial Times, Londres. Laye, J.E. (1999) Interviews with Kristina M.A.S. Caylor on Entrepreneurial Construction in Mexico, unpublished interview notes.

Strategies to reduce the impacts of disasters on business processes

329

Bibliography Drabek, T.E. and Hoetmer, G.J. (1991) Emergency Management: Principles and Practice for Local Government, ICMA, USA. Godschalk, D.R. (1991) ‘Disaster mitigation and hazard management’, in Emergency Management: Principles and Practice for Local Government, T.E. Drabek, and G.J. Hoetmer (Eds.), ICMA, USA, pp.131–160. Laye, J.E. and Martinez Torre-Enciso, Mª.I. (1999) ‘Business continuity as a strategy to reduce disaster impacts on business processes’, Contingency, Emergency, Crisis, and Disaster Management: Defining the Agenda for the Third Millennium, Sixth Annual Conference of The International Emergency Management Society Conference, Delft, The Netherlands, June, pp.465–475. Martinez Torre-Enciso, Mª.I. (1999) ‘La prevención y gestión de emergencias como estrategia empresarial’, Anuario Jurídico y Económico Escurialense No XXXII, San Lorenzo del Escorial, pp.553–576. Martinez Torre-Enciso, Mª.I. and Laye, J.E. (1998) ‘Emergency preparedness as a business strategy’, Disaster and Emergency Management: International Changes for the next Decade, The International Emergency Management Society Conference 1998, The George Washington University, Washington DC, May, pp.375–387. Mascareñas, J. (1999) Innovación Financiera: Aplicaciones para la Ggestión Eempresarial, Mc Graw Hill (Ed.), Madrid. Navas, J.E. and Guerras, L.A. (1996) La Dirección Estratégica de la Empresa: Teoría y Aplicaciones, Civitas, Madrid. Sainz Fuertes, A. (1993) ‘El análisis estratégico: la empresa y su entorno’, Conferencias y Trabajos de Investigación del Instituto de Dirección y Organización de Empresas, No 85, Alcalá de Henares. Suarez Suarez, A.S. (1998) Decisiones Optimas de Inversión y Financiación en la Empresa, Pirámide (Ed.), Madrid. The Corporate Response Group Inc. and the Institute for Crisis and Disaster Management (George Washington University), 1997 Crisis Management Survey of Fortune 1,000 Companies, Washington DC.