Crisis management requires pragmatism

Over the past two years I have facilitated more than 100 exercises for incident management teams from a range of organisations. These have varied in scope from straightforward desktop scenarios to complex multi-level simulations.

Over the past two years I have facilitated more than 100 exercises for incident management teams from a range of organisations. These have varied in scope from straightforward desktop scenarios to complex multi-level simulations.

Here are some observations based on these exercises, highlighting some danger signs to look out for in incident management teams in your organisation.

Homogeneity

Most incident management teams are overwhelmingly male. Also, the age range of team members is very narrow I would estimate that more than 90% of delegates who attend our training courses and exercises are aged between 40 and 55.

In many cases, teams also share a common professional background, having followed similar educational paths and worked in similar companies.

This homogeneity tends to limit the range of options considered. It can lead to the phenomenon of "groupthink". This idea was most famously demonstrated in the US cabinet that approved the "Bay of Pigs" invasion, where the team became blinded to the weaknesses in a flawed plan.

Overconfidence

There is an unfortunate human tendency to believe that we can predict the future, despite all the evidence to the contrary. In exercises, this often results in decisions being made based on people's explicit or implied predictions about how a scenario will play out.

The tendency for overconfidence becomes more pronounced where individuals possess expert knowledge the rest of the team can easily be swayed by the confidence with which "experts" make predictions.

So, paradoxically, experience and knowledge can become a drawback in a crisis situation if they are not managed appropriately.

Exactitude

The final danger sign is unrealistic expectations of the availability of accurate data. This is most pronounced in teams and team members with a strong technical background.

People who are accustomed to analysing large volumes of detailed information are often uncomfortable with the ambiguity inherent in a crisis situation. This manifests itself in a ­delay in making important decisions until it is too late.

What is the solution then? I would certainly not advocate appointing people to an incident management team who lack the ability to make a useful contribution simply to artificially create diversity or "dilute" expertise.

In many cases, there is scope to not choose people simply based on their specific job role. Sometimes, someone more junior may be better suited to managing a crisis. Having put your team together on paper, ensure that they participate regularly in realistic and ­effective training.

This will identify which, if any, of the weaknesses identified above are present, and will progressively develop team members' awareness and ability to manage potential negative effects.

Patrick Roberts is a senior consultant at business continuity and risk management consultancy Needhams 1834

This was last published in October 2007

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close