For most of my career I was a Risk Manager for America. First, as an FBI counterterrorism agent, then as one of the original Strategic Planners for the National Counterterrorism Center (NCTC) and, finally, as a state Homeland Security Advisor. I have been studying threats of a humankind and anticipating the next form for more decades than I care to admit.
Whether the threat is human engineered or natural certain maxims of Crisis Management apply.
First, have a plan based not just on historical events. Those responsible for Enterprise Risk Management must have vision. Whether as a member of a team or alone, the Risk Manager must act as a ‘Red Cell’ continuously challenging the status quo and looking over the horizon. In the Spring of 2013, as a Strategic Planner at the NCTC I was asked to prepare a counterterrorism exercise for the Kenyan Government. I had studied the terrorist group al Shabab and its tactics. For a number of solid reasons, and some instinct based upon years of work, I readily identified the Eastgate Mall in Nairobi as a likely target and I created a scenario that depicted multiple terrorists carrying out a complex attack on the mall as well as several other Nairobi targets. The scenario was not taken seriously. Six months later the infamous attack occurred.
Similarly, the 9/11 Commission Report acknowledged a lack of imagination on the part of United States officials as one critical reason why the terrorists were so successful on that fateful day.
Just as in the world of Counterterrorism the pandemic threat requires a monitoring system, experts with vision to decipher clues and connect the dots, confidence in those selected experts and a plan to respond.
Second, if you are going to designate someone as your Crisis Manager, have confidence in your selection and empower that person to do his or her job. Along with empowerment there must be clarity of mission and clarity of roles and responsibilities. That means a solid Crisis Management plan that is tested and updated regularly.
Third; if you don’t capture and document the mistakes that were made during a crisis, as well as the things that worked well, then you’ve made a bad event much worse. An After-Action Report must be all inclusive, candid to the point of painful, and it must be shared with your entire organization once the crisis resolves. After a thorough review plans must be corrected. There will be another crisis.
Fourth; during any crisis others are watching and learning from how you handle the situation. Whether adversarial nation states or business competitors they will take advantage of your perceived failures, weaknesses and successes.
At best the goal of a Crisis Manager should be visionary, to adapt quickly to developments on the horizon and prepare to deter or mitigate any risk. At the very least it should be to learn from a tragic event to ensure it does not reoccur.
