DTR006 Self-Auditing for Crisis Management

Downloadable PDF Resources

  1. English
  2. English/Spanish
  3. English/Russian

This module will take you through Self-Auditing for Crisis Management.

  1. Introduction
  2. Ten Questions You Need To Ask (And Answer!)
  3. Summary
  4. Main Points

The information in this document is part of the Deltar
‘Level 4 Management Award in Advanced Risk and Crisis Management’


Although crises are usually large-scale, fast escalating and highly impactful, with the possibility of catastrophic failure always a possibility, the truth is that many crises are actually the result of a failure of an organisation to respond to what are relatively minor and actually quite well understood problems. We could say, therefore that the cause of the crisis is not the outside event, but the capability gap that leads to a failure to either recognise the potential crisis in time, or to respond effectively once a crisis has been triggered.

If you look at whatever crisis is making the media headlines as you go through this module, it is likely that the underlying cause of that situation is inbuilt weaknesses within that organisation that are known, and have been known for a long time, but which have not been dealt with. It is also possible that not only has the problem been known, but that the organisation that is suffering from the crisis has actually spent a significant amount of time and energy in either ignoring the problem, or in actively covering it up.

This section will look at ways in which you can check out your own organisation for inherent vulnerabilities, decide whether the right level of crisis management awareness and capability has been achieved, and identify exactly where the weaknesses and vulnerabilities lie which are almost certain to lead systems breakdown in the event that a crisis event is triggered.

10 Questions You Need To Ask (And Answer!)

  1. Is there a clear understanding of the three levels of crisis management, and do the people who would be expected to fulfill those roles have the necessary skills and capabilities?The Strategic level is composed of the decision makers who are brought together in the first few hours to map out the company’s response. The Tactical level are the managers who would be expected to work together to put together a crisis management plan, and the Operational level consists of the team leaders and people on the ground who would put that plan into practice.Although this makes it sound quite simple, the ability to work effectively on all three levels is something that often falls apart in the pressure of crisis response, and it is the failure of the organisation to have a robust crisis management framework that actually causes many of the subsequent problems.
  2. Can you get the right information to the crisis management team?The problems in most crises is not that there is not enough information, but that there is an overload of information, much of which will be contradictory, and all of which needs to be assessed and judged as to its accuracy, its relevance, and its place in the overall picture. The presence of a team that can sort that information, and pass it on in a structured form to the decision-makers will be a critical step in creating an effective crisis management framework.
  3. Are you able to create effective multi-division teams, and are they able to make decisions and put plans in place?A crisis management team will inevitably be made up of a wide range of different groups, many of whom will not have worked closely together before, and some of which will have extremely differing cultures in terms of decision-making, authority and chains of command. The effectiveness of the Crisis Management Team is dependent on having a structure that allows those different groups to be integrated into a single team, and to develop effective working procedures that would allow different groups to work together in as seamless a manner as possible.
  4. How do you manage the ‘Time Gaps’?There are two significant ‘Time Gaps’ in any crisis management situation. The first is the time that it takes for an organisation to realise that there is actually a crisis event in place, and that it is rapidly escalating. The second is the time that it takes between that realisation, and the decision to do something about it. The more effectively an organisation manages these two time gaps, the more effective their response will be.
  5. Do you trust the people on the ground to make decisions?Once a crisis has occurred, it is often a natural reaction for central management to try and control the situation, creating plans and issuing orders. In fact, this is likely to be an ineffective management model, and it is almost always more effective to allow the people who are closest to the situation to assess the needs and develop appropriate responses. It is a basic truth of crisis management that the further away the person making the decisions is from the actual scene of the operation, the less effective the decision-making will be.
  6. Do decision makers have the necessary experience?In crisis situations, people tend not to make decision in an analytical way, but rather through using their own experience to ‘recognise’ a situation, to develop immediate ‘best option responses’, and then to adjust those as more information comes in.. However, the effectiveness of such ‘intuitive decision making’ is based on the experience of the practitioner. If the person in that position does not have the necessary experience, the likelihood is that both their intuitive decision making and their analytical decision making will be flawed.
  7. Can you control the overwhelming amount of information coming into the system?The single most important function of any crisis management operation, and the single most common cause of failure, is the ability to manage the flow of information around the system. The crisis situation is likely to be unstable, and changing on a continuous basis. There will be new information coming in, changing priorities, requests for clarification, needs to coordinate and collaborate between different teams, etc. Anything that creates blockages, delays or confusion within this process is likely to have major and significant impacts on the final outcomes.
  8. Can you manage your relationship with the outside world?Although the immediate requirements of the crisis situation may be taking up all your time and attention, it is also important to remember that there may well be a wide range of other stakeholders that you need to manage. These could be suppliers, customers, clients, partners, other companies in your sector, media outlets, regulatory bodies, etc. If the impression is given that that organisation is not in control of the situation, then the focus of attention will no longer be on the crisis event, but rather on the failure of leadership in response to that event. This can happen at even the highest level of global management, and with people who have unlimited resources at their disposal.Obvious examples are President George W. Bush in response to Hurricane Katrina, the Japanese government in response to Fukushima, or the response to failures in leadership by G4S in relation to the 2012 London Olympics or Tony Hayward in relation to BP and the Deepwater Horizon oil spill. Once an organisation’s leadership is forced to be defensive about its own actions, it is almost impossible to recover the initiative.
  9. Have you prepared properly?Crises do not have to end in failure, and in fact, can be seen as opportunities. Security managers who have been given the support to develop effective crisis management capabilities will not only protect their organisations, but will give them a significant competitive edge in the event that they are challenged by a major crisis situation.However, as important as the individual skills are, it is the corporate risk attitude and culture that will have the greatest impact on the ability of the organisation to identify potential crises at the earliest opportunity, to respond in a timely and appropriate manner, and to embody the concepts of organisational resilience that will allow the speediest recovery in the post-crisis period. Real crisis management does not start when a crisis is discovered, but is an embodied value intrinsic to every aspect of an effective organisation’s operation.
  10. ??????These are only some of the possible significant questions you need to ask. We have left the tenth question free, so that you can add your own.


Crisis management is perhaps the greatest test of a security manager’s skills, and yet it is often the area where we have least training and preparation. Most of the activities that fill a security manager’s day are routine, and in fact it has been said that whatever your job might be, you will probably spend eighty per cent of your time managing the same five things.

If there is one thing that any serious security manager should recognise, it is that the vast majority of crises don’t just happen – they are caused, and the main reason that they are caused is through weaknesses in that organisation’s own management procedures. Creating effecting management protocols, and developing the ability to recognise the causes of potential crises before they escalate into actual crises, is perhaps the greatest service that a security manager can provide to their organisation.

Main Points

  • Although crises are large-scale dramatic events, they are almost always the result of a series of minor problems that are ignored or deliberately hidden
  • Crisis management can be prepared and practiced. Use the checklists in this section to identify where your own organisation might have institutional weaknesses
  • Crisis management will always involve high levels of cooperation and collaboration. Make sure that the other divisions that you will need to work with understand what is needed in crisis situations
  • You are the security manager. Accept the responsibility. Do not leave it to someone else less able than you to do it!