The Politics of Crisis Management – Public Leadership under Pressure Second edition

Authors: Arjen Boin; Paul ‘t Hart; Eric Stern; Bengt Sundelius

In this book, the authors discuss aspects of managing crises. Although the examples throughout the book have been chosen from politics, the book is an added value for organizations in private sectors, because of the strategic aspects of crisis management that it discusses, which are rather universal. In broad terms, the book deals with the following topics:

Improving the sense making of the crisis
  •  There are several reasons why a leader does not see a crisis coming.
Threats that policymakers see in time are the ones that can best be managed. Similarly, the same applies to opportunities: if they are spotted in time, they can be used best.
But why don’t they see some of the threats?
In some cases, none of their employees looked in the direction of the threat. That is why leaders must take measures to drastically reduce the chance of such blind spots occuring. They must also be alert to what they were not told and what they do not see in the surrounding area.Secondly, they can be surprised because the pieces of the puzzle are divided over several agencies and they do not succeed in getting all the pieces together in time, let alone that they know if they have all the pieces at their disposal.Eventually it may be that some of them saw it, but they did not want to stick their neck out to tell the leader, or that they did not want to see it. This is partly the principle of the “Gray Rhino”.
  • A crisis can get out of hand if the leader fails to get a good picture of the events that occur.

In today’s society, with the current state of technology, people talk about “Big Data” when an event of some magnitude occurs. From data, information must be created that is then transformed into knowledge to be treated with wisdom.

That is why the leader must encourage his employees to work methodically in finding the relevant facts in the explosion of data coming from the Crisis Management Team. Although this is the work of the employees, the leader must be aware of how the information came about and was filtered before it was brought to him.

  • Crises that test the personal sense-capacities of leaders are felt by them as a torment.

Every person is limited. Learning to deal with this is not easy and requires courage and wisdom. Especially in the midst of a developing crisis.

Confused leaders can easily slip away into system 1 thinking, where very simplistic visions of the situation can be adopted, where stereotypes of other parties are assumed to be true, and where they can become susceptible to passivity, fatalism, or a hasty decision making and overconfident recklessness behaviour. Under such circumstances, their prudence and their ability to make a sober diagnosis diminishes.

Improve Decision making in the crisis

  • The rhetoric of the “leader at the top” has little to do with the reality of effective crisis decision making and the coordination.

To be sure of a good approach and a proper course of the crisis, it is best using a combination of strategic choices and corresponding operational actions. This does not mean that a single leader at the top or a small team must make all the decisions. The subsidiarity principle is more appropriate. People who can say something sensible about the situation because it is their specialism must be able to make their (local) decisions.

The leader can best delegate that what does not belong to his specialty but to that of another agency. Where explicit supervision is requested this can be done, but the question is whether that question should always come from the leader, except for the need to keep an overview.

  • . . . But the bill is finally presented to the top (leader).

Somewhere between a careless “flight into action” and a freeze provoked by fear, leaders must make critical decisions that they alone can take. Even in the heat of the “struggle”, at the height of the crisis, strategic choices and normative considerations are essential in their functioning, their reasoning and in making choices.

  • In coordinating crisis response, planning (making the plans in advance) is more important than the plans (that they use at the time of the crisis itself).

Leaders must assume that the crisis will go differently than the plan of action stipulates. Even if their employees predict the right crisis. Even if everyone agrees on the nature of the crisis. The plan will fail, the necessary funds for the actions will be wrongly estimated. Training of employees who “have to do the job in the field” is necessary. The whole process of the crisis will have to be closely monitored. Deviations from the desired evolution will have to be corrected.

A crisis, by definition, disturbs the stable situation and creates uncertainty. It challenges the authorities to challenges that they are not used to and that they can never fully grasp in a previously drafted plan. Every correct crisis response therefore contains improvisations, which require flexibility and resilience rather than paper plans.

Improving the meaning making of the crisis.

  • Leaders who can not communicate skillfully can not lead in a crisis.

People try to understand their situation in times of uncertainty and discontinuity. They ask questions like “Why did this happen?” And “Why was this not prevented?”. In addition, they want to know what their leaders have done to prevent it. Or what they did to keep the crisis to a minimum. This is the collective concept formation. Several actors will provide their vision. (For example the media.) A kind of assessment can be drawn up from this. The media will “scrutinize” the leaders.

This means that the ability to create an image and an understanding of the situation is a very useful feature, and very helpful in setting a desired course of the crisis. Therefore, the art of “story telling” and the accompanying understanding of its underlying mechanism why a story can catch on and when not, is very important.

Unfortunately, leaders are often tempted to make a story that is created through their system 1 thinking on the basis of quick-by-the-turn arguments that seem to give an explanation at first glance. In addition, they sometimes make huge promises. This is a basic error.

Improve the Termination of a crisis and Accounting

  • Crises do not stop by themselves. They must be ended.

It is very tempting to consider the end of the operational actions as the same as the end of the crisis. That is not the case, because the political aftermath and aftercare follow their own logic. Various actors in the crisis will systematically explore the aftermath of the crisis to seek opportunities, which can be encouraged. But some also seek opportunities to attack their opponents, to seek praise or to initiate reforms or to make a profit on the hood of third parties (victims). That is why it is important to formally put an end to the crisis, also politically. That moment, however, the leader must determine carefully. And for this reason (currently) no (generally) valid criteria apply.

  • Accounting after a crisis is desirable and inevitable, but it is not without risk politically.

All involved actors will evaluate their positions, and possibly defend them. This happens especially when there are some involved who bear responsibility in the story. In addition to the media, formal institutional organizations will also identify responsibilities by means of legal steps eg in legal, political and professional arenas. These various, but often interwoven, responsibility-allocating processes do not necessarily have to escalate into an aggressive blaming game. But exactly that happens often and is a thing for the leaders to keep in mind.

  • . . . But to have it always as a “name, shame and blame” game would make it a “Self-destructive Prophecy”.

So instead of dreaming of a victory, leaders can better keep another scenario in mind, namely that of the black sheep because of polarization by the media, among others. In times when governments are easily victimized by polarization, leaders often run the risk of being hit by the social “blame & shame game”. In itself, nobody is actually served with it. It is often an attempt at a quick win from opponents.

Improve learning from the crisis situation

  • Drawing lessons should be more than copying seemingly successful policies and categorically rejecting what failed elsewhere.

When leaders are faced with a new crisis, they can never assume that it is similar to a previous crisis. They can not rely on a tried and tested repertoire of techniques. This can be a reasonable approach to the level where there are similarities. It will thus remove some of the leader’s uncertainty and increase the reaction speed and efficiency of the crisis response team.

But the present is not a copy of the past. Leaders can easily be misled into categorically implementing everything that has helped in a similar case from the past, without noticing that the crisis is taking a different turn. That is why meta-learning is also important. Classify the crisis into categories and think at a higher level within the Crisis Management Team in order to manage and adjust the Crisis Response Team depending on the turn of the crisis. (So ​​”learning to learn”.) The system 2 thinking is important in order to adjust the system 1 thinking.

  • Learning from crises means that you have proactive, interactive and continuous crisis planning processes.

Crisis management sometimes requires cooperation agreements across different (types of) boundaries. Such forms of cooperation (eg in working groups) must be established before a crisis takes place. Private Public Co-operations are necessary because a lot of vital resources come from the private sector. Operational activities must be shaped in conjunction with a general vision of how to manage crisis management. That vision on crisis management is in itself a result of political deliberation that must be fixed in advance. Once again, planning is more important than the plan.

  • Erasing everything and starting all over is often not the best way to learn from a crisis.

Crises are too often the result of a chain reaction on a political level or in high-risk technological systems. In particular, crises do not correspond one-on-one with the tasks of agencies or specialists.

It can be argued that in most cases the worst-case scenario (the whole system has failed, so everything has to be done differently) does not apply, and sometimes even does not exist. A better way of learning from the crisis stems from a leadership of “dynamic conservatism”. This strategy defends the idea of ​​core values ​​and the institutional commitment and obligations. It encourages leaders to flexibly adjust policy structures and modus operandi of public organizations to the oppressive context of crises rather than give in to the temptation of grand reformist rhetoric.


  • Sense making:
    • Detecting (an) emerging threat (s).
    • Ensure that policymakers get a firm grip on what is going on.
    • Provide what next events will / can be.
  • Decision making and coordinating:
    • To shape the overarching direction and coherence of the common efforts.
    • To respond in a cohesive way to the crisis.
  • Meaning making:
    • Actively shaping the public understanding of the crisis.
    • This if it is possible in a democratic, mediatised political system.
    • The purpose of this is to align the common definition of the crisis in such a way.
    • Make it possible to work efficiently on the desired direction.
    • Let the crisis evolve towards a desired situation.
  • Accounting:
    • Taking control of the democratic process of explaining the ideas that were there and the actions that were taken.
    • This is tested against the values ​​of the government and the citizens.
    • With the aim of achieving closure with citizens and government with regards to the crisis.
    • This is necessary so that the community and politics can go further.

In the event of a crisis, certain characteristics of existing institutions, policies and customs can be harmed without the possibility of recovery.

  • Learning from the situation:
    • Drawing lessons and seizing opportunities
    • Reconsider and reform these characteristics of existing institutions, policies and practices in a follow-up period.

These issues are, as formulated here, all aspects of strategic crisis management as this can be applied by a government to its functioning and for the benefit of its society. However, by simply reading it all with the government in mind as an organization that also has to deliver its services to society, all this is (not always easy) translatable to strategic crisis management for private organizations. As a result, this book is a good dues for holistic crisis management, in addition to other books on operational crisis management, for which more literature is available.

Three Steps Starting Effective and Efficient Risk Management according to ISO 31000

Author: Dr. Frank Herdmann

In a thin book of 70 pages, the author explains ISO31000 in both English and German. Yet another handbook you will say. Yes, but this time it is about version 2018 and in this booklet there is some emphasis on small and medium-sized organizations. In the end, it should not be forgotten that implementing an ISO standard such as ISO 31000 for a small or medium-sized organization is a relatively much greater effort than for a large organization that can set up a FTU (Full Time Unit) or a whole team. That is why some simplifications are necessary, without however touching the core of the message of the norm. With this, this approach is suddenly a Quick start for the bigger ones. The Quick Start is realized in three steps that the company must take:

“Establishing the Framework”

“Establishing the Process”

“Implementing and Executing the Risk Management Loop”

But why do we have to do this? The aim of risk management according to this new standard is value creation and value protection. You read that correctly. Risk management can be regarded as an added value and not as a cost. Also as a protection factor, among others by avoiding costs or minimizing it, it yields. That added value can be enormous. Also due to the obligations and liabilities of the management for negligence of the organization, for example by supporting good, correct governance.

The booklet starts with a fairly extensive introduction, starting with the ISO 31000 version 2009 and the success that came with it.

The aim of the book is not to give a detailed description of the implementation of ISO 31000 as it has to be elaborated by the large organizations (with its three pillars: framework, principles and process).

The principles, in fact, are the success factors or success criteria of risk management and serve the ultimate goal: creating and protecting value.

According to the author, the two most important principles are “Integrated” and “customized”.

The intention is to make the first acquaintance with ISO 31000 more accessible for small and medium-sized organizations. There is therefore no extensive or detailed advice. However, a number of issues that need to be elaborated in order to be able to speak of a full risk management, but often with the knowledge, skills and resources are already present in the organization. This makes this project bearable for a small organization. For them, this manual is therefore already a first step towards a tailor-made approach method.
Let us look at these three steps.

Setting up the Framework: This piece is perhaps the part of the standard that is most open to customization.

After all, the framework must be tailored to the organization, that goes without saying. The author emphasizes two pillars of this, namely leadership (effectiveness requires a strong and persistent commitment of all levels of management by means of a policy document or something, that makes clear what the objectives of the oranization are, as well as its commitment) and organizational culture. The so-called ETTO principle is important here. ETTO stands for “Effectivity – Thoroughness Trade Off”. There must be a balance between effective business and how well-considered risk management is. If there is too much “thinking through” according to the risk management map, this is detrimental to the effectiveness of the business. If, however, the business draws too much of an effective and efficient action, for example by exaggerating with “lean”, this can harm the risk handling and prevention. E.g. by eliminating any form of redundancy. Trade Off actually means that a golden mean must be found. Risk management must therefore be brought within the boundaries of the ETTO principle in the organization, in all its processes and at all levels in a supported manner. So it must be tailored to the organizational needs and culture.

Furthermore, the author motivates that risk management can also be mapped on all organizational activities as a plug-in dongle.

Setting up the Risk Process: The risk management process must be an integral part of all structures and activities. I.e. of the organization chart, the operations, the business model, and the processes. The framework must therefore, in principle, be reviewed with each change to a business process. However, the core of the risk management process is risk assessment and implementation of the measures: risk identification, risk analysis, risk assessment and risk treatment. This happens in an iterative process. In fact, it consists of two processes: the PDCA cycle for adapting the risk management process on the one hand and the operational risk management that must take place in all organizational processes and projects on the other.

This risk assessment is further discussed in detail in terms of possible technologies in ISO 31010: 2009. The decisions that can then be made can be summarized by:

Avoid the risk
Take or increase the risk
Remove the risk cause
Changing the probability
Changing the consequences
Share the risk with one or more other parties
Retain the risk with an informed decision

Parallel to these cycles, reporting takes place, where too many details can cause confusion or a false sense of security. Here, therefore, “less is more” applies.

Implementing and Executing the Risk Management Course: It is best for several reasons to use the risk management course during the design and implementation of the (core) processes of an organization: lower costs, less effort, and synergy between the processes and the risk loop. Ideally these processes have already been brought together in a manual of the organization. This risk loop is best integrated into the processes at the start of the process using information or estimates. It is best repeated when new information is added, whether new estimates are made, or changes to the process. The risk owner for this process or this part of the process is best considered before executing the first steps of the business process or when an uncertainty influences or can influence the process and its outcomes and objectives.

A first level of maturity of risk management by introducing the risk management course using check lists will be a gigantic first step to start effective and efficient risk management. An equally large step is possible by integrating risk management of a silo activity that simply registers risks on a regular basis to a proactive and integrated risk management according to ISO 31000: 2018.

Internal Audit must also be integrated, or in other words, aligned, with risk management and that in all areas: all activities and all processes. This also affects the planning of projects and processes and operations. It monitors the execution of the risk management course within the business processes and activities. Conversely, the results of risk management can influence the planning of Internal Audit.

A risk register is a commonly used method for monitoring, revising, registering and reporting risks.

Continuous Improvement

Applying the PDCA cycle, also known as the Deming cycle, will improve and refine the risk management course over time. As a result, it will eventually achieve a higher level of maturity. Risk management, like all skills, also requires training, experience, knowledge and expertise and is also open to continuous improvement, precisely because of the PDCA cycle. This will systematically improve skills by using more complex but better-suited assessment techniques from ISO 31010: 2009. (10000 Hours of Malcolm Gladwell: Outliers The Story of Success, New York 2008)