Рубрика: Blog

Crisis Response Journal KFC – A management cock-up?

David Rubens examines the supply chain disruption caused by Kentucky Fried Chicken (KFC) switching distributors in its UK operations, while Emily Hough makes some initial notes on how the company’s social media handled the crisis

Up to 575 of the company’s outlets were closed at the peak of the chicken shortages (Lucian Milisan/123rf)

As someone who makes his living travelling round the world talking about, teaching and consulting on risk and crisis management, writes David Rubens, one of my lessons is that crises are in themselves often unique, but the reasons for crisis are depressingly predictable. In the vast majority of cases, the causes of a crisis are not external events (though those can be large scale, dramatic and with significant impacts), but rather the management failures of the organisations responsible either for preventing the crisis from occurring, or for responding once they have.

We use a wide range of crises as case studies. In almost all cases, once specific details identifying each case have been removed and the summaries of the post event reviews and enquiries are attached to a different event, it is fascinating to observe how the swapped around notes are equally applicable to the new crisis they have been attached to.

Thus the post-event report on the Space Shuttle Challenger identifies exactly the same reasons for failure as the report on BP’s Deepwater Horizon disaster, and the reports on the Utoya Island massacre in Norway could be equally applied to the organisational and management failures that led to the crisis in New Orleans following Hurricane Katrina.

The recent events involving fast food chain Kentucky Fried Chicken (KFC) switching suppliers for its logistical delivery services, leading to the closure of hundreds of KFC branches across the UK, is an example of a significant organisational failure that has catastrophic impact in terms of both revenue and, possibly, reputation. Despite the supposed management capabilities that are held by both KFC and its new supplier DHL, the reasons for the failure were not only predictable, but given the circumstances of the project, almost inevitable.

Firstly, it should be questioned why KFC decided to change suppliers from Bidvest, a specialist food supplier with a nationwide network that had held the KFC contract for many years, to DHL, a general supplier that had no previous experience working with KFC, and which was attempting to manage the national distribution from a single distribution centre. If, as has been reported, the reason for the change was because DHL was prepared to undercut Bidvest and provide the service for a cheaper fee, then it has to be asked which part of the operation it was cutting back on, and whether, even if the operation had been carried out smoothly, the potential cost savings would have been worth the additional risk and disruption.

Reading through the various press reports, a number of points that reflect some of the core principles of strategic risk management keep coming up. These are not issues that should be considered as ‘clear in retrospect’, but should have been front and centre of the considerations of the KFC management team when considering switching from a known, tested and experienced supplier to one that is not only unknown and untested, but one that lacked experience and was promising ‘cutting edge innovation’ – a scary phrase whenever it is used in reference to complex operational management.

«We’ve brought a new delivery partner on board, but they’ve got a couple of teething problems – getting fresh chicken out to 900 restaurants across the country is pretty complex,» KFC Statement»

Bringing your client’s operations to a standstill, damaging its reputation and creating a situation where it is held up in front of a global audience as an example of weak management and general inefficiency, does not come under the heading of ‘teething problems’. The correct phrase is ‘catastrophic failure’. There was nothing that was involved in the delivery of the chicken that was not known at the time of the bid that was put in, and there were no outside influences that could be blamed for the failures. It was simply a matter of bad management, weak oversight, unrealistic expectations and an inability to recognise completely predictable critical failure points that should have been identified, reinforced and controlled in order to ensure the smooth running of what is, in its essence, a rather simple three-stage operation – receive order, collect chicken, deliver chicken.

Some of the points that should have been covered in the pre-launch risk assessment include:

Managing the transition

All transitions are complex, challenging and create unforeseen problems that themselves can quickly escalate to critical crisis status. This is true of even the most simple transition process, but anything that involves the integration of high levels of technology, critical dependencies and dispersed centres, as the KFC operation does, should consider critical failures to be an inevitable part of the transition process.

Integrating technology

The ability to integrate complex technology is always a high-likelihood failure point; in fact, it should be presumed that technology will fail to deliver that which it promises. It can then be accepted that there will be an inevitable period of settling in during which, rather than supporting and enhancing operations, technology will actively disrupt them.

For something as complex as an individual just in time booking system based around 900 separate stores, and involving a completely new process with which the local shop owners are unfamiliar with (and may have not received sufficient training in), mean that not only will such failures happen, but they will have a critical impact on the ability to keep those 900 shops stocked with their single most important commodity.

Was the system tested properly?

It would be interesting to know what sort of testing process was put in place, and, if there were testing programmes, whether they were realistic in terms of the pressures they placed on various parts of the system, or if they were ‘nominal’ testing, more symbolic than realistic.

This is exactly the problem that was a root cause of the London Heathrow Airport’s Terminal 5 opening day fiasco, when the complex ticketing and baggage handling systems failed, leaving both the British Airports Authority (BAA), which is responsible for the building and management of the terminal and British Airways (its only client and user), facing a disastrous operational and public relations crisis.

Take this quote from the report of Terminal 5 opening failure: “Despite the rigorous tests that took place, it was inevitable that once real passenger bags were introduced into the system, there would be bedding-in issues. As Colin Matthews, Chief Executive of Heathrow Airport said in his evidence to the committee: ‘It may have been that the baggage we were testing was too uniform….[M]aybe the reality of the baggage that people put into the system was more diverse than our test represented’.”

Management of complexity

To claim that one reason for the failure is that the operation was complex is simply not acceptable. It is precisely the distribution company’s ability to manage complex delivery operations that is its core service. Builders build, engineers design, and delivery companies deliver. It would not be acceptable for the engineer of a bridge that collapsed to make the excuse that ‘t was really complex engineering, so why is that considered an excuse here?

This is exactly the same point that was made after the G4S failure at the London 2012 Olympics. Nick Buckles, CEO of G4S, repeatedly explained in a House of Commons Home Affairs Committee hearing into the failure of G4S to deliver the security personnel it was contracted to, that one of the reasons for this failure was: “It was an extremely complex operation,” the Chairman Keith Vaz, clearly losing patience, said that he knew that it was complex – that was why it was the company’s job to deliver it.

High reliability and zero failure

Although this did not involve a nuclear power station or an aircraft carrier – typical ‘zero failure’ organisations that are associated with high reliability theory – it is clear that reliability, ie the ability of the service provider to provide the service week in, week out, without interruptions, disruptions or the need to make excuses, was at the heart of the contractual agreement. Whatever else was being discussed, the reliability of the chicken delivery was actually the only critical issue. It seems that in the desire to describe the new contract as a ‘groundbreaking’ move that would see DHL ‘re-write the rule book’ and ‘set a new benchmark for delivering fresh products to KFC in a sustainable way’, DHL forgot what the company was actually meant to do. The fact is that delivering chicken does not necessarily benefit from ground-breaking (ie untested) technology but, when done well, it is a rather old-fashioned (and fundamentally boring) service.

Management responsibility

At the end of the day, whatever the reasons for the DHL failures, the ultimate responsibility rests with KFC management, which is responsible for the company, the brand, shareholders and its franchisees. You can outsource services, but you can never outsource responsibility.

It would be interesting to know how involved the KFC management was in overseeing the development of the DHL package, and ensuring – through rigorous testing and validation – that all its assumptions were realistic, and that when the day came to give it the green light, it was actually ready to go.

Like so many of the management disasters that we see on a regular basis, in both the public and private sectors, this cannot be blamed on anything except personal and organisational incompetence. The issues that were central to this failure are the critical issues that are studied as part of any management, risk management or crisis management programme.

The causes of this fiasco were completely identifiable prior to the event happening, and in fact should have been flagged up early in the development process as specific points that needed to be monitored and managed. They will, undoubtedly, be exactly the same critical failures that will be the root cause of the next management disaster we see…. And the one after that…

KFC social media response: Pretty clucking good…

It is an interesting exercise to observe how KFC’s online communications responded to the crisis, writes Emily Hough. It is a given that, in any crisis, the media and communications teams will be at the frontline of response; it is their task to manage reputation as well as to keep customers, the media and stakeholders informed.

The initial consensus seems to be that the company’s messages, especially on social media, struck the right balance between apology, appreciation of customer loyalty, keeping customers updated, and maintaining a sense of humour, whatever might have been going on behind the scenes.

In general, the agreement is that KFC’s Twitter feed has risen to the challenge.

As often stated in CRJ, especially with regard to social media, it is imperative to engage with all stakeholders in a crisis, including victims, customers, employees, regulators, politicians and shareholders. In the case of KFC, this also includes franchise holders.

There are a few key points that illustrate positive ways that this event was handled, although these are merely initial observations, primarily based on analysis of the company’s Twitter feed.

In any crisis, there are key points to be remembered when it comes to communication:

  • Rapid and consistent response
  • Robust internal communications
  • Understand stakeholders and customers in advance, through monitoring and engagement
  • Engage during a crisis
  • Beware fatigue
  • Debunk false reports and prepare to be mocked, especially by competitors
  • Always have recovery in mind – a crisis can be a turning point, from which the organisation can emerge stronger

Rapid response

Trending under the hashtag #KFCCrisis, news of the company’s chicken distribution issues trended rapidly. Indeed, some politicians reported that their constituents had contacted them about the event, and several UK Police Forces took to Twitter saying they had received calls about the chicken shortage and reminding the public that this was not a police matter.

The KFC Twitter team responded rapidly and with humour, acknowledging there the problem – and the farcical fact that a chicken-based fast food organisation had run out of chicken.

The post began with humour, was gracious in not excessively blaming its new distributor, but rather it focussed on admitting the problem, emphasising that KFC would not ‘compromise on quality’ and paying tribute to its restaurant team.

The feed also directed customers to a website, which was updated every 15 minutes, indicating which outlets were open. It repeatedly posted this with the hashtag #wheresmychicken.

Robust internal communication

There is no point in responding to a crisis and handling it perfectly, having a wonderful relationship with the media, running a fantastic social media response, engaging with customers online and getting the facts out there if staff on the ground haven’t been told what is going on. This gives rise to contradictory information, frustrates both customers and staff and can store up further organisational problems down the line – put simply it does not aid recovery.

Evidently, we are not in a position to comment on KFC’s internal communications. From an outside perspective, it does appear that communication and operations seemed to work well with each other.

Understand stakeholders and customers in advance

Social media is not merely a sales tool, nor is it a one-way street. Prior to the distribution issues, KFC engaged with its customers in a witty, yet informative manner, which has probably contributed towards building reputation and customer loyalty and, in all likelihood, and will therefore aid recovery.

It is vital to be aware of the different sources that the public, media, customers and other stakeholders will go to for information – these will be different according to their needs and demographic. Monitoring what is being said about a brand – and from the tweets and replies before the crisis struck on February 14 it is clear that KFC did this consistently – can pay great dividends should a crisis occur.

Engage during a crisis

Never, ever, go quiet. If people are connecting with you through social media, it is vital to engage with them. Be polite and helpful – if you don’t know something, admit it, but let them know you are working to get more information as soon as possible. This is an excellent way of defusing detractors, and a good way of enhancing already positive feelings about the organisation amid loyal customers – they can correct misconceptions for you and will often enter into the spirit of things if humour is being demonstrated. Show sympathy and understanding, and tailor responses as much possible.

Beware fatigue

In a prolonged crisis fatigue is a formidable enemy, across all teams and in whatever the department. Judgement can become clouded, decisions can be difficult to take and paralysis in terms of management can become a real threat. Scalability is essential in communications teams – day-to-day operations are simply not the same as dealing with a crisis and require greater resources, as the British Airways computer glitch showed in May 2017.

Debunk false reports and prepare to be mocked

It is important that customers have a degree of trust in the information provided. But some individuals could post false content or push their own agendas.

This happened to KFC, but the company was quick to correct Twitter users who posted that staff were not being paid or who questioned the quality of its raw products.

And with regard to being mocked – humour can be cutting, even devastating. In the private sector, competitors may also join in. And indeed, they weighed in with KFC – as is shown below. The response was light-hearted banter, yet challenging — many a word is said in jest, but the underlying message was clear: don’t poach our customers. KFC demonstrated the fundamental tenets of social media communications: Be empathetic, human, and never rude or insulting. It corrected falsehoods or misunderstandings, but did not censor or react aggressively (and yes, there are many examples of where companies have done just that, always to the detriment of their reputation).

The company also took the step of taking out full-page advertisements in the national media to apologise, rearranging its initials, to produce an advertisement whose humorous approach neither detracted nor diminished the strength of the apology and acknowledgement of the problem.

Finally, judging from its replies to Twitter posts and memes, KFC is, indeed, planning for recovery. The social media team has been asking people asking if they can re-use their tweets, as the company is: “Putting together a little something for when the KFC Crisis all blows over.” It will be fascinating to see what is being planned…

Cities Under Water

For a number of years I have been using changing weather patterns and the impact on global mega-cities as a central case study for our risk and crisis management training programmes. I have used examples from South East Asia (mainly Bangladesh) as an example of a country and society that sees catastrophic flooding as a natural part of its seasonal cycle, but have also used examples from the impact of severe weather on major cities such as New Orleans and Hurricane Katrina (2005), and the flooding in Paris (2016) and across central Europe involving the Elba and Danube drainage basins (2013).

With the backdrop of flooded cities on the screen behind me, I have said that, in my opinion the people in the training room were, within their working lives, likely to see a world under water for a significant part of the year. We have then gone on to discuss what significance that would have for city planners in general, and crisis managers in particular.

Given the news over the past few days, it seems that my time-line for the arrival of such a situation had been radically mistaken, and it may be that we are already entering a world where the distinction between ‘dry land’ and ‘flooded areas’ can no longer be maintained.

Hurricane Harvey in Texas brings back the indelible images we associate with Hurricane Katrina, and the current catastrophic flooding in Mumbai has affected not only a major Indian city, but also a major global financial center. However they are only the major stories that capture the headlines in international news channels. The situations, and the consequences they bring with them, in countries across the world, can no longer be seen as outlier anomalies, but must be recognised as indicating a new stage in the development of 21st century urban management.


As the map at the top of this blog shows, of the sixteen mega-cities listed (ie with more than ten million inhabitants), fifteen are based on the coast (the sole exception being Delhi in India). Of the predicted thirty global mega cities that will exist by 2030, almost all will be on the coast, and almost all will also be in the ‘developing global south’, which means that they will be largely unplanned and unmanaged, with little or none of the underlying urban infrastructure that we usually associate with major city development.

The nature of a major flood event means that the damage is often widespread, total, catastrophic, and has an extremely long recovery period – often counted in decades rather than months or years. It involves infrastructure degradation (roads and bridges washed away, railways incapacitated and power generation severely damaged), health issues (release of sewage into the flood waters, lack of water purification, spread of diseases), and a social dislocation that has often had the highest impact on exactly those areas of the community that are least able to manage it and, in risk management terms, have the least resilience to disruptive events.

I have been impressed by the efforts of the US local, state and regional emergency response agencies in dealing with the impacts and consequences of Hurricane Harvey as best they can, in the face of what was an unprecedented level of rain leading to an unprecedented level of disruption. However, if we are to avoid the catastrophic levels of personal and social impact that we have seen in recent flooding and other natural disaster incidents, then we need to accept the reality of the threats that we are facing, and to treat them as a part of the new reality of 21st century risk management rather than as one-off events that can be largely forgotten once the television crews have left and moved on to the next story. 


Deltar Certificated Training Programmes

You can see more information on the

Deltar 3-Day Level 5 Management Award in Corporate Risk and Crisis Management here

Deltar Level 6 12-Month Distance Learning Diploma in Strategic Risk and Crisis Management here

Both awards are fully certificated, and regulated by UK Ofqual (Office of Qualifications).

How Crisis Ready Are You? A Ten-Point Check-List

A coach of the German football was once asked what made the team so successful at winning competitions. He replied that to do well in the first half of the competition you needed energy and desire, but to do well in the second half you needed technique and discipline. It is similar in developing effective risk, resilience and crisis management capabilities. There certainly needs to be support and buy-in at every level of the organisation, from the car-park attendants and toilet cleaners through the general staff and the team leaders, all the way to the divisional directors and the chief executive officer, but there also needs to be the technical skills that will allow the organisation to understand its own capabilities, identify its weaknesses, and create an on-going culture of risk management that will allow it to become a truly resilient organisation.

The ten points on the checklist below can be used as a quick guide in assessing how mature the organisation’s risk management culture is, and how strong (if at all) the underlying risk management foundations are.

Point 1: Risk Sensitivity

The first point that needs to ask is how mature an organisation is in terms of recognising and acknowledging risk. Just as a teenager will do things that are clearly (at least to older, wiser eyes) foolish and potentially injurious, but they will nevertheless completely ignore anyone who tries to tell them that, so many organisations have an attitude towards risk that is clearly, at least to an outside observer, potentially harmful. If the overall approach to risk is one of wilful ignorance and an inability to discuss it in a meaningful way, then there is little else that can be done.

Point 2: Time Gap Management

There are two time gaps that are critical in assessing the ability to manage a crisis.

The first is the time that it takes from a potential or actual crisis to be triggered, and the organisation to recognise it as such and then start to do something about it. Most organisations will spend a significant amount of time and effort trying to pretend that there isn’t a crisis, during which time the crisis itself is developing, growing and becoming more destructive. The second time gap is the time it takes between the organisation acknowledging the crisis and then having the ability to respond in a way that will actually impact on the external event, as well as increasing the organisation’s chance to either manage it or, if it has got to that stage, survive it.

Point 3: Development of Crisis Management Team (CMT)

The ability to put together a crisis management team that can take control of the situation at the very start of the actual or potential crisis is a significant issue for any organisation. Crises are, by their very nature, rare events, and if the people involved in the CMT are not aware of their roles, have not practiced them or do not understand the specific challenges associated with crisis management, then it is almost certain that the crisis management process itself will fail, and that within a very short time it will be the management failure that becomes the focus of attention as well as the actual crisis itself.

Point 4: Information Overload – Creating a Common Operating Picture

The problems in crises is not that there is not enough information, but that there is an overload of information, much of which will be partial, muddled, contradictory and without any context that can give it an overall meaning, all of which needs to be assessed and judged as to its veracity, its relevance, and its place in the overall picture.

The single issue that emerges in all post-crisis reviews is that the information management system was overwhelmed within the first few minutes, and that that in itself became a critical issue in the development of an effective and meaningful response.

The presence of a team that can sort that information, and pass it on in a structured form to the decision-makers , creating a Common Operating Picture that can be shared by all stake-holders, will be a critical step in creating an effective crisis management response.

Point 5: Interoperability

Any crisis response is going to involve a multiple of response teams, both internal and external, formal and informal, and it is the ability to create immediate working relationships with all of those teams that will set the foundation for an effective multi-agency response.

All crisis response operations will be made up of a mixture of command and control, coordination, collaboration and cooperation, and it is the ability to understand the differences between these relationships, and to make them work in the pressures and challenges of an actual crisis response, that will allow the different teams to develop effective working practices.

Point 6: Distant Management

Although many organisation talk about ‘empowerment, and ‘decision-making autonomy’, once an actual major incident occurs, the natural reaction of most organisations is to try and control decision making. They do this by bringing decision-making authority back to the centre (the headquarters), and restricting it to a few chosen people, without whose authorisation nothing can be done. Although it is easy to understand why an organisation does this, that does not justify it. In fact, the desire to take decision-making authority away from the people who are actually involved in the management of the situation s one of the chief cause of response breakdown.

The basic rule is, that the further away the person making the decisions is from the scene of the event, the more time it will take for responses to be developed, the less effective they will be, and the greater the impact on the actual response operation.

Point 7: ‘Support and Adapt’, not ‘Command and Control’

The use of the phrase ‘Command and Control’ presupposes a traditional, military-style centralised, hierarchical command-based management system. Although this may be effective in the highly disciplined and well-trained environments within which a military operation will be operating, it does not reflect the reality of the more chaotic and less well-structured response frameworks that most emergency and crisis management operations are dealing with. The truth is that most response teams on the ground do not need a hierarchical command system to tell them what to do – it is clear to them from their own assessment as to what needs to be done. The role of the management system then is to understand what is needed, and to ensure that the necessary supplies, man-power and other resources are provided so as to enable the response teams to manage their own operations as effectively as possible.

Point 8: Creating an Information Exchange Network

All emergency response operations are complex, and involve high levels of interaction of multiple teams at different areas of the operation, all operating at extreme levels of stress on both an immediate and long-term basis. One of the critical responsibilities of the strategic management team is to ensure, a s much as possible, that there is a Common Operating Picture, that is, that as many people as possible involved in all aspects of the operation are sharing as much information as possible. This aspect of ‘information exchange’ and ‘information sharing’ means that all of the different teams and agencies are able to feel themselves as being part of a unified response operation that is working together to achieve a common goal, rather than each team working in isolation, with little if any understanding of what else is happening around them in the wider response context.

Point 9: Protecting Reputation: Managing the Message

In the modern world, there is no such thing as a ‘private incident’. Any incident that affects people or impacts on them in some way, can be considered as potentially global in the nature of the media coverage it can attract, both from traditional news sources – television and newspapers – and modern – social media in its various forms. The ability to manage that message, and to use it to protect an organisation’s reputation, is a critical part of any crisis response operation.

Recent examples that have hit the headlines, and from wildly different events, include the failure of the local council in north London to response effectively or appropriately to the Grenfell Tower fire disaster, the failure of British Airways to respond effectively when the failure of its ticket-booking system led to the disruption of hundreds of flights worldwide (and which they initially blamed on a minor power failure), and the catastrophic response of United Airlines when two security staff were filed dragging a passenger of one of its planes after they had over-booked the seats. The fact that the mobile-phone footage on the United Airlines incident went viral (together with the failure of the CEO to respond effectively), led to United losing $900 million in two days from their share price.

Social media is a powerful tool that can allow an organisation to be in the best position to manage and influence the response to any incident it is involved in, but just as with any aspect of emergency response and crisis management, that capability cannot be created in the middle of an actual crisis event. The ability to plan and for and prepare the organisation to make the maximum use of social media in order to protect its own reputation and brand value is one of the critical aspects of any modern crisis response framework.

Point 10: Effective CM Capabilities are Dependent on Sustained Support from the C-Suite

As important as the individual skills are, it is the corporate risk attitude and culture that will have the greatest impact on the ability of the organisation to identify potential crises at the earliest opportunity, to respond in a timely and appropriate manner, and to embody the concepts of organisational resilience that will allow the speediest recovery in the post-crisis period.

Real crisis management does not start when a crisis is discovered, but is an embodied value intrinsic to every aspect of an effective organisation’s operation.

We put this tenth point in as the last one, because we consider it to be the killer argument, the one that we want our audience to remember at the end of our presentation to the Executive Committee, that they will carry with them, and which – hopefully — they can then use to support the development of an on-going, organisational capability development programme.

Point 11

Point 12

Although it is nice to make lists, and it gives us a feeling that we can bring some sort of order and coherence to what is often a chaotic and incoherent reality, these ten points are only a guideline to what could more appropriately be considered as a corporate attitude or ethos.
As you may have noticed, we have left two points blank. That is because there are a whole load of possibilities that we could put in there, but it is up to each person and each organisation to decide for themselves what other points should be in there.

Some possibilities for Points 10 and 11….

  • Crisis management doesn’t start once a crisis event occurs – it is a reflection of our organisational DNA, who we are and everything that we do
  • We should be a learning organisation. Take advantage of near misses!
  • The role of the crisis management team to not simply to manage a crisis, but to ensure that every part of the organisation understands their role in contributing to and supporting an effective crisis management response.
  • Crisis management is important – take it seriously!

Deltar Training Solutions

Deltar Training Solutions runs a range of specialist risk and crisis management training programmes around the world, including three-day Level 4 Management Awards in Strategic Risk and Crisis Management, and a 12-month distance-learning Level 6 Diploma in Strategic Risk and Crisis Management. Both qualifications are accredited through Ofqual, the UK government’s registry of qualifications.

Dr David Rubens DSyRM, CSyP, FSyI FSyI is widely recognised as one of the leading authorities in strategic risk and crisis management, having worked at the highest level of academia, corporate and government risk and crisis management programmes. He currently runs the Deltar Training programmes around the world.

Deltar Training Solutions
Email : info@deltar-ts.com

British Airway’s IT Failure: A Lessons For All High Reliability Organisations

If any organisation should be able to claim that it is a High Reliability Organisation, it is British Airways. It fits all of the requirements in terms of both its organisation structure (complex, multi-stranded, high levels of mutual dependency between all of its myriad components) and its services (critical to all of its users, who are dependent on it to supply the services that it has promised).

And yet, the recent IT failure that affected its global operations but has subsequently been blamed on a single operator in a sub-contracted maintenance company, seems to break all of the rules of HRO management – with predictable results.

To recap the situation, in May this year, BA’s ticketing system suffered a total and catastrophic failure during the Spring bank holiday weekend, one of the busiest weekends of the year. That immediately affected the flights of over 75,000 passengers world-wide, but also created disruption across the BA system, as well as affecting other airlines which had passengers who were either transitioning to or arriving from BA flights.

Any international airline is dependent on a zero failure operating system, as even the smallest failure – booking systems not working, luggage handling failures, flight crews in the wrong place, refuelling not happening, food not being loaded in time – creates an instant chain of cascading consequences that have massive knock-on effects that quickly spread well beyond the original event.

They are dependent on systems that are, in a famous phrase associated with High Reliability Theory (HRT): ‘Systems that are not only foolproof, but damned foolproof’ (1). However, systems as complex and interdependent as an international airline, do not just happen. They are also not just an issue of correct design and professional management. They are in fact a reflection of the culture of the organisation.

Prior to the development of High Reliability Theory, the main academic school of thought concerning highly complex organisations was Normal Accident Theory, described by Perrow (2) in his study of the Three Mile Island nuclear disaster, and which he then developed as a general theory of systems that stated that the more complex an organisation was, the higher the likelihood of failure. When that complexity involved two or more systems that were themselves complex, interacting to create an even higher order of complexity, then the likelihood of failure was almost certain. In this sense, failure was not a non-normal state that should be considered as an unexpected event, but was in fact an inevitable consequence of the complexity of the systems themselves.

One of the founders of the study of High Reliability Theory, the creation of operation management programmes that are fail-safe, identified the foundation of high reliability as not being an issue of technical management, but of ‘mindfulness’ (3). This stated that it was a sensitivity to the possibility of failure, and an organisational commitment, at every level , to preventing even the possibility of failure, that was the underlying quality on which all high reliability organisations depended.

One of the fundamental beliefs of Weick’s model of high reliability was that there is no such thing as an insignificant problem. All problems are themselves indicative of an underlying fault or weakness, a significant failing that allowed that problem to develop. If that systemic fault or weakness had not been there, then the problem itself would have been identified and dealt with before it could become a problem.

Within a complex operation, the conclusion from the previous assumption is that the problem itself is not ‘an event’, but only the final visible part of a ‘long-chained causal process’, where multiple other failings had to take place to allow the conditions to rise that enabled that incident to occur.

The final part of this piece of HRT states that not only is each incident important in itself, but they should be treated as though they are indicators of a potential crisis. This means that they are in fact not only significant, but are warnings about underlying problems that could at any time escalate into an actual crisis situation.

To return to the BA incident, it is clear that the dependency on the IT system (and that could be anything to do with technological support, not just the ticketing system), should have been triple locked in terms of technical safety, but also triple-locked in terms of management attitudes and sensitivity to anything that could possibly have been seen as something that could lead to systems failure.

It is alarming therefore, to read in this morning’s newspaper that BA would not be publishing a review into its IT failure, and that Willie Walsh, chief executive officer of AIG the parent company that owned British Airways, stated that the IT failure was an ‘isolated incident’. This is despite the fact that BA had suffered at least four computer-related failures in the last year, and that BA chief executive officer Alex Cruz had gone on record last year when he told investors that the airlines IT systems were experiencing regular problems.

The ability to understand, and then correctly manage, complexity is an integral part of a management position. The higher the position, and the more complex the operation, the greater the responsibility. This incident happened to British Airways, but it is likely that every High Reliability Organisation is vulnerable to similar issues. For those interested in other examples of high reliability organisations losing the cultural commitment to excellence and zero-failure operating environments which then lead to catastrophic failures, case studies include the NASA Challenger and Colombia disasters, BP and the Deepwater Horizon failures, or the problems associated with multiple financial institution IT failures that we have seen over recent years.


  • Schulman, P. R. (2004). General attributes of safe organisations. Quality and Safety in Health Care, 13(suppl 2), ii39-ii44.
  • PERROW, Charles. (1984). Normal Accidents: Living with High Risk Technologies Princeton University Press,
  • Weick, K. E., Sutcliffe, K. M., & Obstfeld, D. (1999). Organizing for high reliability: Processes of collective mindfulness. Crisis management, 3, 81-123.

See also my article in Risk UK Magazine:

High Reliability Organisations: The New ‘Buzz Phrase’ For Business Management? Dec 2015, pp 50-51
High Reliability Organisations: A Model For Effective Risk Management Risk UK, January 2016, pp 49-50

Deltar Ofqual-Regulated Training Programmes

For information , please visit

3-day Ofqual-regulated Level 5 Management Award in Corporate Risk and Crisis Management
12-month distance-learning Ofqual-regulated Level 6 Diploma in Strategic Risk and Crisis Management

Advanced Risk and Crisis Management

Deltar L4 ‘Advanced Risk and Crisis Management’ Program in Chile

Deltar continues to make friends across Latin America, as it ran its third programme this year in the region, following previous programmes in Bogota, Colombia and Lima, Peru.

The course in Santiago, Chile was attended by sixteen people, representing financial institutions including the National Bank and private banking groups, global risk consultancies, emergency response consultants, IT infrastructure providers and scientific testing centres. As always, the three days were filled with lessons, discussions, exercises and non-stop learning.

Of the thirteen Feedback Forms completed, twelve gave 5/5 for ‘Course Contents’, ‘Presenter’s Knowledge’ and ‘Would you recommend this course to a colleague?’. The other one gave 4/5 to all three – a tough person to please!

Our next course is in Mexico City from 21st – 23rd June. As with all of our LatAm programmes, it is fully bilingual, with all course material, presentations and handbooks available in both Spanish and English, and with a professional interpreting service as part of the course.

For more details, please contact info@deltar-ts.com, or see the course information at the Deltar website in English or Spanish

Communication – Not Simply ‘A Transfer of Information’

The front page of a number of papers this morning carried the story that international pilots’ lack of English was causing potential disaster situations. Although English is supposed to be the international language of air traffic control systems around the world, and all pilots and air traffic controllers are supposed to have an internationally recognised qualification in English, the truth is that many of the people receiving the certification do not have the necessary level of skills. This are not just occasional one-off failures – the reports highlight the fact that’s some countries have institutionalised by-passing the necessary controls in order to give significant numbers of people the qualification, even when they are clearly not up to standard.

The Level 4 qualification that is the minimum level that all pilots are supposed to achieve certifies that they have a level of English that allows them to speak on aviation-related topics with accuracy and clarity, resolve misunderstandings and react to an unexpected turn of events. Give the pressure that any pilot or air traffic controller will be under as soon as a non-normal situation arises, the likelihood is that under such pressure, language skills will lessen even further, and the failure to create an effective communication channel between air traffic control and the pilot could mean that a situation that would otherwise have been handled as a relatively routine incident can almost immediately escalate into a major incident, and potentially a catastrophic disaster.
At the start of every course that I run, I ask the participants (all of whom are experienced risk, crisis and business continuity managers) ‘What is the number one cause of problems in security management programmes?’. The answer ‘Communication’ is usually either the first or the second option they offer me.

The truth is, that however well we might prepare our incident response programmes, once something goes wrong, we will need to put together a plan, distribute information, confirm positions, update the various teams, re-assess the situation, be aware of potential issues, and try to maintain a continually evolving four dimensional picture of all of the pieces that go together to make an effective response programme. It is hardly surprising that it is the management of the information exchange that is both the first thing to go wrong, and the failure that causes greatest problems.

Most people, if asked, will reply that ‘communication’ is something along the lines of ‘transfer of information’. And that is certainly not wrong. However, it fails to capture the full nature of crisis management communication.

The first thing we can add is rather than being the simple ‘transfer of information’, communication is ‘the transfer of complex information’. A crisis management message will often have a number of constituent parts, each of which are critical to the full understanding of both the current situation, but also to understand the requirements that are needed, whether it is to respond to that situation as it is, or to prevent it from escalating / deteriorating to a worse condition.

The second addition we can make to our original statement is that ‘Communication is the transfer of complex information under pressure’. There is always the background pressure of the general operating environment, but there may well be the specific pressures associated with a particular event which has just happened, or is just about to happen. The person transmitting the information may be aware of the catastrophic consequences of the failure of the person receiving the information both to understand its significance and then to take the appropriate avoiding actions. There may often not be enough time to go over and explain the message again, so there is the pressure to get it right, first time.

And the final thing we can add to the original definition is that ‘Communication is the transfer of complex information under pressure, to multiple stake-holders’. This means that any information that is needed to be transmitted / transferred, will need to go to multiple people who are either involved in the specific incident or who will be affected by the actions that those people who are involved in the situation will need to take to prevent or avoid that situation from happening or escalating.

As I often say in my lectures, within a crisis management scenario, the most significant role of the crisis management team is to not to make decisions or to give instructions, but to ensure that information flows smoothly and freely around the multi-agency frameworks, so that as much as possible all the players in the game have an on-going and updated ‘Common Operating Picture’ at all times.

Once we have the understanding that ‘communication’ is ‘the transfer of complex information under pressure to multiple stake-holders’, it puts into perspective the demands that effective communications puts on any operations manager, and highlights the reason why communications is likely to be the critical component that fails once a crisis is triggered.

David Rubens
3rd April, 2017
© 2017 www.deltar-ts.com

Working with Local Business Partners

Deltar-TS has developed a network of international partners that allows us to deliver UK-accredited training programmes across the world in a way designed to meet your own local needs, reflecting your own local working environment, but with the quality associated with an international management award.

For more information about courses in your area, or to discuss working with Deltar-TS to develop such courses, please contact info@deltar-ts.com

International News

Jan 2016
Working with Local Business Partners

Deltar-TS has developed a network of international partners that allows us to deliver UK-accredited training programmes across the world in a way designed to meet your own local needs, reflecting your own local working environment, but with the quality associated with an international management award.

For more information about courses in your area, or to discuss working with Deltar-TS to develop such courses, please contact info@deltar-ts.com