A Conversation with Ian Mitroff, Crisis Management Guru

By Edward H. Baker  |  Posted 04-13-2005

A Conversation with Ian Mitroff, Crisis Management Guru

Nobody likes to think about worst-case scenarios. But for Ian Mitroff, a professor at the Marshall School of Business at the University of Southern California, it's more than just a preoccupation-it's his job.

Mitroff is an expert in crisis management, and given the sheer volume of full-blown crises the U.S. has endured in just the past five years-from Sept. 11 to corporate scandals-the time to start planning for the next crisis is upon us. And the benefits of preparing for disaster go far beyond being prepared when panic sets in. The process can help to identify inherent weaknesses in any organization. CIO Insight Editor Ed Baker and Executive Editor Dan Briody discussed the importance of crisis management with Mitroff.

CIO INSIGHT: How do you define a crisis?

MITROFF: There is no exact definition. A lot of people want to make it predictive, and you can't do that. I deal with academics all the time, and they want an exact definition, but that's not what you're going to get. Different stakeholders define it differently.

So how do you know when you're in a crisis?

In the beginning stages of a crisis, you may recognize the precipitating event. Like at ValuJet, when their plane crashed in the swamp in Florida. You don't know whether events are going to spiral out of control. And that depends on whether you manage, or mismanage, the situation. In the beginning, there is always a huge amount of uncertainty. And the critical thing is whether you take responsibility before it's a full-blown crisis, which may head it off.

If President Clinton had said, "Yeah, I did something I shouldn't have done," then he might have prevented his impeachment. But the more he delayed it, the more he fed into the crisis. Most people do more of the same thing that got them into the crisis, rather than breaking the pattern.

So how can you identify when to intervene?

You have to intervene from day one. And you have to tell the truth, because my assumption is there are no secrets in today's world. The news media are going to get all those secret documents and memos anyway, and they're going to blow them up on the six o'clock news.

Why is crisis management so much more important than ever before?

Because the systems are more complex and the media is more 24/7. In 1984, a very good sociologist, Charles Perrow, wrote a very important book called Normal Accidents, which included things like chemical spills, nuclear meltdowns and airline disasters. The reason they are "normal" is that major accidents are almost guaranteed to happen because the technology being used is so complex, but the management systems are not up to the level of that complexity. And that complexity continues to increase. And now you have things like Sept. 11, which is abnormal, an intentional crisis. So now you've got both: normal accidents due to complexity, and abnormal accidents due to human intention. You have increasing complexity in addition to people who want to deliberately exploit that complexity.

What about something like the Exxon Valdez oil spill?

That's a classic normal, except they wanted to pin all the blame on Captain Joe Hazelwood. He certainly deserved a lot. But it was the system that was flawed. It's always easier to blame one person. But there are stories that Hazelwood, years before it happened, was in a storm and his mast broke on the ship. He came back to port, and he was castigated by his superiors for not staying on the schedule. So you have to look at the whole system. Hazelwood was, of course, a drunken captain, but don't tell me the system didn't know.

Can you do risk analysis to avoid crises?

Exxon Valdez, Chernobyl, Sept. 11-every one of these things wouldn't have happened if six improbable things hadn't coincided. Well, somehow they did. That's why risk analysis doesn't work. Risk analysis is always faulty. You're not going to get a Sept. 11 scenario through risk analysis. It's too high consequence, low probability.

So crisis management is picking at least one low-probability, high-consequence scenario. So crisis management is actually picking at least one crisis in each field, and thinking about the unthinkable. And it doesn't matter what you imagine, because everything gets unique. You just want to be prepared to adapt.

Next page: Discovering a Crisis, Preventing a Disaster

Discovering a Crisis, Preventing

a Disaster">
At what point does thinking about these doomsday scenarios negatively affect your company?

You could ask a similar question of a medical doctor, but they have to look at risk factors as part of their jobs. Take Y2K for example. The wrong attitude is: "We threw all this money down a rat hole, and nothing happened." The right attitude is: "We went through and analyzed all the information flows in our company. And we saw things that we wouldn't have seen, and it was all part of total quality management." So you don't practice crisis management for its own sake, just to be paranoid. You practice it as a part of reengineering.

How many Fortune 500 companies are any good at this at all? What percentage?

Here's something that's truly frightening. Before Sept. 11, I just happened to send out a survey to Fortune 500 companies on what they were doing about crisis management, and one of the issues we looked at was terrorism. They were doing zip. But after Sept. 11, it jumps up because it was the right thing to do. One year later, they were looking at terrorism if, and only if, it was cost-effective. Two, three years later, and it's back to where it was before Sept. 11.

The cycle is that quick?

That's right. Only a small group of proactive companies are doing anything, maybe 10 percent at best. The proactive companies had about nine crises over three years. In the reactive companies, it was 16.

So preparing for the crisis actually wards off the crisis. Yes. The return on assets in the proactive set was 6 percent, and in the reactive set, it was only 2 percent. So it's just good business.

What's an example of a company that you think has a really exemplary culture of crisis management?

A good example is Perrier. A few years ago, benzene got into Perrier. And the CEO took out a full-page ad in the newspaper and said it was a fault of their business culture and structure, and that they hadn't picked up on it. That's almost unheard of. Rather than blame one guy and crucify him, he asked the hard questions.

I'll give you another example of human error. A few years ago, there was a brownout in New York City. Con Edison on a hot day. So the planes up around LaGuardia are in the air because the control tower gets their power from Con Ed, and their communication system goes out. They have an alternate generator, but the generator went out, too. And the alarm wasn't heard until six and a half hours later.

Why? Because all the operators were attending a class on the new backup system, and no one had thought to leave at least one person behind. These are all mistakes made by human beings. I don't believe in technology by itself. Of course we're technology-dependent, but it's run by people and designed by people.

Do you see the emergence of a Chief Crisis Officer?

Well, to be honest with you, I'm really ambivalent about it because I don't want it to be just another designated person that you add to the bureaucracy. But you do need somebody, or something, that looks at this full time. It doesn't cost that much to do this well. It isn't perfect, and you're not going to avoid all crises. It ought to be part of everybody's job. On the other hand, you need somebody who understands crisis management. I mean, you don't leave marketing to chance. You don't leave finance to chance. You don't leave IT to chance.

What is the internal assassin approach?

That's just one of the ways to start thinking about this: controlled paranoia. It's like hiring a hacker to probe your security weaknesses. Only this is much broader because you're not just hacking the data source, you're hacking the organizational structure, learning your vulnerabilities. It's a valuable exercise.


Dr. Ian Mitroff

Dr. Ian Mitroff is the Harold Quinton Distinguished Professor of Business Policy in the Marshall School of Business at the University of Southern California, in Los Angeles. He is also associate director of the USC Center for Strategic Public Relations in the USC Annenberg School for Communication. He is the president and founder of Comprehensive Crisis Management, a private consulting firm specializing in the treatment of human-caused crises. Dr. Mitroff's latest book is Why Some Companies Emerge Stronger and Better from a Crisis (Amacom, 2005).