Managing crises before they happen

Ian I. Mitroff with Gus Anagnos

The book is a collection of facts about crisis management.

In his definition for Crisis management in the first chapter, the author states that risk management and emergency planning have to do with natural phenomena, while crisis management mainly relates to crises caused by people. This narrow definition of crisis management is important for the correct interpretation when reading the rest of the book. He therefore argues that crises are an inherent part of modern communities. But also that crises caused by man can be avoided. It is important to always look for signals of problems in the environment. Denial of problems is the greatest danger.

In the second chapter, the author speaks about failing success. More specifically, how can the organization be the victim of its own success. Because certain actions have been repeated over and over and over again, such as the production and sale of Tylenol, one becomes blind to the weaknesses in the process, which for J & J in 1982 appeared to be the security from begin to end of tylenol. A lesson learned for J & J is that they always have to take responsibility for their product. An organization must therefore always search for new techniques, and constantly question its processes, including the security process. In order to draw up security plans, one must always consider the following five aspects of the environment in relation to the organization: complexity, links and connections between matters, the scope and size of processes and systems, speed and visibility.

In chapter three the author discusses a model for best practice for crisis management, based on risks, mechanisms, systems, stakeholders and scenarios. It is therefore necessary to have emergency plans for economic risks, information risks, physical risks, HRM risks, reputation risks, psychopathic actions and acts of god.

Chapter four is about what to say or not to say. The author mentions the ‘Johari Window’. A first golden advice is: investigate the situation, and avoid deceiving yourself. Always accept liability for your product and your actions. And know that there are no real secrets in this world anymore. There is always someone who knows what you do not want, and an investigative journalist is always there. And taking the initiative to tell the truth above that you have to be squeezed out is always preferable because you remain ‘in control’.

Linked to this is chapter five about taking responsibility: are you the victim or are you the bad guy? One is or will quickly and easily become the bad guy, one remains or becomes difficult the victim. Psychology of the mass plays a major role in this. It is important to take responsibility, to take action and not to actively play out the classic victim role. Give yourself as a spokesman an understanding and empathetic role and never get into technicities. Avoid alienation of victims, customers and stakeholders as a face of the organization. And never assume that the logic within the organization is also that of the media and the masses.

This is why chapter six is ​​also important: the detection of weak signals to deal with crises before they happen. Never block them! Pay attention to the alarms of people on the work floor. Keep your communication lines open. Reward people when they report a problem. And make sure people know what to do in a crisis.

To be able to do crisis management, one must also be able to think out of the box. Chapter seven is about that. A remuneration policy is therefore appropriate. By stimulating this way of thinking you will find new and original solutions to problems. In addition, decisions must also be made, which everyone, from top to bottom, must support. But beware of a known issue: watch out to solve the wrong problem. And always check that what is taken for granted.

Chapter eight is about seeing ‘the big picture’. How things come together, one crisis can ignite the other, but that a single event is seldom enough to blow up the situation. So all factors that contribute must be taken into account. Base the action plans on this, and consult the large picture regularly to ensure that you do not make the situation worse.

Chapter nine is the road that was seen in 2001 as a starting point in 2002. The most important advice in this is “Start by designing and implementing signal detection systems throughout your organization”.

In Hindsight – A compendium of Business Continuity case studies

Edited by Robert A Clark

In Hindsight reflects on a series of disasters from a BCM perspective. Some organizations have scored good, others did not. Five organizations were not prepared and did not make it. A sixth has made it thanks to an extraordinary portion of luck. Some disasters had extraordinary proportions and global consequences. Others stayed local. The causes vary, from brutal bad luck like acts of God and accompanying volcanic eruptions, to things that could be prevented like the Herald of Free Enterprise, in which somebody is clearly to blame.

Other causes of human nature are lack of insight or poor management, profiteering, stupidity, terror, … All these things have in common that they are in the environment of many organizations.

The consequences can be equally diverse: environmental damage, death, safety and health problems, global economic crisis, legal prosecutions …

This diversity of topics makes the book very suitable as an eye-opener for managers and boards of directors.

The penultimate chapter also emphasizes the importance of small sparks: fraud, cyber attacks, employee dissatisfaction, the media, small and large fires, including those of the neighbors, poor planning of major projects, breaches of information security such as data theft, floods, diseases, etc.

But the final message, perhaps the most important, is in a quote from Vince Lombardi, a former American football player, who said: “It is not whether you get knocked down; it’s wheter you get up “. And that requires preparation.

Practical Enterprise Risk Management

Author: Gregory H. Duckert

The book builds logically from corporate governance, and indicates a number of shortcomings herein, mainly system implementation. Then the actual story of risk and ERM begins. In this the author curses against everything that is for a subjective assessment of chance and impact and the related conclusions. He swears by cold facts and data. In this way he comes to the idea that risk assessment is about management. Risk management is an unmissable tool in this. After an overview of types of risks, he shows us how we should perceive risks objectively. He speaks about a data-centered model where it is possible to keep track based on all data in the company, and to do bench-marks on your own company. By introducing the concept of KRI (key risk indicators) instead of KPI (key performance indicators) linked to outcome of the processes instead of the output and with a number of analysis techniques such as trends, ratios, thresholds etc it is possible to build historical data and to find triggers of things that go wrong, with root-cause analysis. Then measures can be defined and implemented.

In addition, it is possible to pour this data into useful tools, so that the data neatly presents at meetings throughout the organization, the right KRIs at the right level. In doing so, he provides a handle on how to bring risk management to the board of directors, or to the board of directors.

As a penultimate chapter, the author discusses the phenomenon of outsourcing and a select number of risks at the various stages. It is therefore not surprising that he, for example, thinks of the outsourcing of IT as a bad thing; IT is according to him a core business of the company because everything depends on it.

The author concludes the book with the ownership of ERM. It is essential to know that everyone contributes. Everyone has a role to play in one way or another.

The Fantods Of Risk

Author: H. Felix Kloman

This book is one of the two ‘collected works’ by H. Felix Kloman.

In this work the author starts from some premisses, preliminary conclusions actually: what is risk, what is risk management, what is the process, what are the goals? Throughout the book, the author tells about it, and tests these conclusions to his ideas and to all kinds of situations in the world. This leads to a first climax in the book in chapter 14: “Does Risk Matter?” In that chapter he also discusses “four times three”: four hypotheses, four questions and four cautions about risk management and the risk manager. The book concludes with an introduction: “The Future of Risk Management, Again”. In it he gives an overview of new objectives (the most important one seems to me is “to build and maintain the confidence of critical stakeholder groups”), new standards, in which he cites the ISO 31000 standard, new insights, (directly perceptible risks, scientifically predictable risks and virtual risks) and new tools for ERM.

In the context of this book, I also want to refer to his other book, “Mumpsimus Revisited”, which also contains many of his ideas, and which could have been used in this book during the build-up to the end.

Mumpsimus Revisited

Author: H. Felix Kloman

The author starts with the history of risk management in 1905-1912, with a foundation in 1881 by Otto Von Bismarck, and in doing so reaches highlights until 1996, with mentioning the start of “The Global Association of Risk Professionals”. From then on, the book is a succession of articles, classified according to the main topic in chapters, varying in subjects within risk management, and difficulty.

Although the author in a funny way in the last chapter denounces the use of jargon, he assumes in the chapters about investments that the reader can follow the reasoning about captives. As a result, it is not a book for higher management, unless they have expertise in this and other matters.

In previous chapters, where he tells history, where he  breaks down the icons of risk management, and where he tells the parables, he is much more humane in his language. Towards the end of the book he gives an overview of the history of the captives.

The way in which the book is written makes it difficult to find a common thread. It is more a book to get a short piece of refreshing ideas about risk management in the evenings, or to learn about an aspect of risk management or its history that you were previously unaware of.

Throughout the book reference is made to the works of other authors. Unfortunately, they are not shown in a bibliography at the back.