Government Executive - Authors - Robert Charette

On The Look Out

Robert Charette — Sun, 01 Mar 2009 00:00:00 -0500

If government's job is to protect the people, it must be able to manage risk-before disaster strikes.

A Continental Airlines turboprop plane crashes outside Buffalo, killing 50 people. Salmonella-tainted peanut butter kills nine and sickens more than 500. Bernard Madoff is arrested for bilking investors out of $50 billion. The financial industry melts down as subprime mortgages go into default, starting a financial contagion that threatens to tip the nation toward Great Depression II. These are events Americans faced just within a four-month span. While the frequency and severity of the tragedies may seem atypical, this nation is no stranger to unfortunate events. Now Americans are looking to their government, unlike at any other time in modern history, to reduce the chances that catastrophes like these will happen again.

And they do so with trepidation. Citizens believe many of the risks they face have been unevenly managed at best and horrendously botched at worst. No wonder a September 2008 Gallup poll found that only 42 percent of people said they had at least a fair amount of trust in the executive branch-the lowest since the Watergate era, when the poll was first taken.

Americans want life to be less risky. But the problem is government isn't being managed to reduce risks. Without realizing it, federal officials are risk managers at their core. That means they should weave risk management strategies and tactics into their everyday operations and strategic decisions at the highest level. Agencies need to weigh the probabilities of what could go wrong, the price of reducing the chance that it will and the costs if it does. All that should be discussed, evaluated and fed into an agency's strategic plan and budget, whether it's defending the nation against terrorists, keeping food safe, fighting disease, avoiding economic meltdowns or reducing crime. It even plays a role in managing national parks.

"Government has always been involved in managing risks, even as risk management has not generally been recognized as being a fundamental function of government," says David Moss, a professor of business administration at the Harvard Business School and author of When All Else Fails: Government as Ultimate Risk Manager (Harvard University Press, 2002).

But government executives don't manage that way. Agencies don't mention the word risk, and if they do it's in a mish-mash of incoherent policies and misplaced budgets. Take the Food and Drug Administration. It estimates that one in four Americans are sickened by food-borne diseases each year at a cost of $44 billion in hospitalization and lost productivity. Yet FDA inspections have fallen by nearly 15 percent during the past five years. "Citizens are increasingly calling on government to prevent bad things from happening and to ride in to help when they do," says Donald F. Kettl, a political science professor at the University of Pennsylvania and author of The Next Government of the United States: Why Our Institutions Fail Us and How to Fix Them (W.W. Norton & Co., 2008). "That increasingly has led to calls for quick action from Washington."

A response calls for a dramatic shift in how agencies manage themselves and how they decide to meet their missions, both of which require using risk management techniques.

What Is Risk?

Politicians and government managers typically don't think of managing agencies with a focus on reducing the public's risk. But it is impossible to find a time in American history when politicians weren't wrestling with some "nettlesome risks," as Moss calls them, and crafting policies aimed at either reducing or reallocating the risks.

Government first got into managing risk in a big way in the late 18th century when it began to develop policies to deal with risks thought to undermine trade and investment. A second wave occurred at the beginning of the 20th century and lasted until the 1960s, when government began passing laws to protect workers from unfair or unsafe workplaces. A third phase, which continues today, focuses on averting consumer and personal risk.

The consequences of not managing risk have hit Americans squarely in the jaw. It started with the recession brought on when the dot-com bubble burst, and then quickly led to the Sept. 11 attacks, Hurricane Katrina, the wars in Iraq and Afghanistan, and the current financial crisis that is testing the limits of government response. Throw in volatility in oil prices, airline overcrowding and delays, drug recalls, lead in children's toys, salmonella and E. coli outbreaks, and it is understandable why the public feels risks are out of control and wants government to offer relief. "The problem now is the rapid pace of the challenges-that whatever it is that happens punishes and punishes instantly," Kettl says. "Problems are coming from a lot of different directions at once."

The public not only demands that government manage the consequences of risk, but that it deals with problems before they turn into catastrophes. Merely reacting to risk is eroding the people's trust in government.

Time for Change

President Obama has promised to hold government accountable for its performance. In his inaugural address, he broke away from how past presidents defined the role of government, steering clear of the big-versus-small debate. He chose to focus on what works and what doesn't. "Those of us who manage the public's dollars will be held to account-to spend wisely, reform bad habits and do our business in the light of day-because only then can we restore the vital trust between a people and their government," he said.

Obama's plans include appointing a chief performance officer to scour the federal budget line by line, eliminating what doesn't work and improving the things that do. Approached properly, that is risk management. The CPO's job will be to find those programs that manage the people's risks the best. That calls for agencies to follow proven risk management techniques. But exactly what are those?

A good place to start is with Moss' three approaches to managing risk: reduce it, spread it or shift it. One notable example is how the government has mitigated the risks of driving a car. It has tried to remove the risks of defective automobile parts by shifting the responsibility to auto manufacturers to make safer products. It has spread accountability for and the cost of car crashes by requiring drivers to buy insurance. And risks are reduced by enacting laws such as speed limits, requiring drivers to pass tests for licenses and manufacturers to install airbags, and so on.

Therefore, one success indicator for government programs could be how well they spread, shift and or reduce a public risk as defined by the agency's mission statement. Another measure could include whether the benefits of mitigating the risk outweigh the program's cost. In addition, if a program is to be closed down because it doesn't work, the CPO could reason that the government was mismanaging the public's risk or that the agency wasn't equipped to oversee the risk in the first place.

Few agencies think of their mission as reducing the people's risk. But the National Transportation Safety Board has begun to view its job that way. "We've done a pretty good job of mitigating the results of accidents; why can't we start to look at the philosophy of accident prevention?" says Mark Rosenker, the agency's acting chairman.

While NTSB comes in after a transportation accident (when the risk already has become reality) it has put more management time into prevention. The board has developed guidelines to reducing travel-related risks, which in the case of car crashes, take the lives of 40,000 people and injure 3 million others every year.

In its 40-year history, NTSB has investigated 124,000 aviation accidents and 10,000 crashes involving trains, ships, trucks and cars. Because the board investigates accidents after they occur, it might not seem to be in position to decrease any risk. But NTSB issues safety recommendations after its investigations, totaling more than 12,000, and uses these reports as a way to reduce the public's risk when flying, driving, boating and traveling by rail. In 1990, NTSB created its annual Most Wanted List, which includes dozens of suggestions on how to make travel safer for agencies ranging from the Federal Aviation Administration to the Transportation Department's Pipeline and Hazardous Materials Safety Administration to the National Highway Traffic Safety Administration.

The list has reduced risks. In 2002, NTSB investigated a car accident on the Washington area Beltway in which a Ford Ex-plorer veered across the median into oncoming traffic and crashed into another SUV and a minivan, killing five people. The board concluded the crash could have been avoided if the Explorer had been equipped with electronic stability control, which relies on computer-assisted brakes to allow drivers to maintain control of their cars on slippery roads and to avoid rolling over when turning quickly. Automobile safety researchers say electronic stability control is the most important safety innovation since seat belts, estimating that if all cars were equipped with the technology, as much as 25 percent of auto fatalities could be prevented. NTSB put electronic stability control on its Most Wanted list of safety improvements in 2003. Four years later, the highway safety administration issued a rule that all cars built by 2012 must be equipped with the technology.

Rethinking Risk at FDA

If any federal agency is squarely in the business of managing risk, it's the Food and Drug Administration. But its focus hasn't always aligned with that mission.

A case in point is how the agency managed the adverse effects of the arthritis pain reliever Vioxx, which FDA approved in 1999. By 2004, the widely prescribed drug was withdrawn after cases showed that there was an increased risk of heart attack, stroke and death associated with the drug. FDA so poorly managed these risks that one of its former scientists, David Graham, told a Senate committee in 2005 that the agency was "incapable of protecting America against another Vioxx."

FDA admits it has had problems with many drugs after approving them and that it needs to better track the side effects of pharmaceuticals once they hit the market. But during the agency's 100-year history, officials didn't view their mission as managing the public's risk once drugs came on the market. "Talking about the risks was not a priority," says Julie Zawisza, director of communications for FDA's Center for Drug Evaluation and Research. "Second, there wasn't the infrastructure to support it, and third, there wasn't the cultural shift needed internally to say this is important, we need to do it."

Now the public demands it, she acknowledges. But it's a trade-off. Communicating drugs' risks quickly could undermine research into the causes, which might be incomplete or inconclusive. "When we come out sooner about risks, we know less," Zawisza says. "The science isn't as good. If it turns out to be wrong, we lose our credibility. Then, if we come out late, we may also lose our credibility, because we look like we are hiding something, when all we may be doing is trying to get the science correct."

Last year's salmonella outbreak involving jalapeño and serrano peppers illustrates FDA's juggling act. First, the agency suspected tomatoes were the culprit, and issued warnings in June 2008 to New Mexico and Texas consumers to avoid eating certain types of raw tomatoes. A few days later, FDA expanded its warning nationwide. Just one month later, however, the agency announced the cause for the outbreak was more likely peppers, not tomatoes. Growers complained that FDA's early warnings cost them millions of dollars.

FDA also is working on the Sentinel initiative, a network to improve monitoring of adverse drug side effects. When fully launched in 2015, the nationwide computer network will track the safety of all medical products FDA approves.

But the agency can do just so much. FDA is bound by laws, regulations and policies that limit the disclosure of confidential or proprietary information. The agency's enforcement powers also restrict the information it can reveal. FDA can sue a manufacturer to prevent it from shipping its products, or even seek criminal charges against companies, as it is doing in the peanut salmonella case.

Even Parks Have Risks

Do all agencies need to manage risk? Why do agencies like, say, the National Park Service have to worry about it? After all, what risks do parks have? Plenty, it turns out.

The obvious ones are the health and safety of visitors, a metric the agency tracks by tallying injuries and lives lost or saved when hikers, skiers and other park visitors find themselves in trouble. But there are less obvious risks that drive strategic planning. The most significant ones, park officials say, include losing segments of the nation's heritage.

"You have this great conflict in public policy," says John Hennessy, chief historian of the Fredericksburg and Spotsylvania National Battlefield Park in Virginia. "You have national parks that are supposed to be here for as long as there is an America, remain largely unchanged, being preserved and protected during that time. But they are sitting within a local community that wants . . . development, employment and economic growth, which are also all good. So how do you reconcile that?"

Balancing the public's risk of ruining historical landmarks with economic development includes analyzing the worth of preserving land versus the value of new jobs. And the risk of making the wrong decision is increasing.

"What we're finding now is that while acquisition is hugely important, it is not the end of the story, because what goes on outside a park can ultimately destroy what has been preserved inside, by virtue of traffic, roads, noise and all those things," Hennessey says. For example, Wal-Mart wants to build a 141,000-square-foot superstore at the edge of the Wilderness Battlefield in Orange County, Va., about 65 miles southwest of Washington. It was on this battlefield, the second-largest military park in the world, where Ulysses S. Grant and Robert E. Lee first faced one another during the Civil War. The store promises to bring badly needed jobs and tax revenue during the depths of a recession. But also it poses a risk of development that could threaten the character of the park.

The park service, Civil War historians and preservationists would like to see the Wal-Mart built farther from the battlefield, but the county council, developers and property rights advocates argue that landowners have a right to develop their property as they see fit-even if it threatens the park. To manage the risk, Hennessey and other park officials are working with many groups, including both preservationists and developers, to ensure the best possible outcome for everyone. "We are trying to move away from a stovepipe approach to a more comprehensive plan to allow for development to occur without the incremental destruction of the park," Hennessey says.

The Risk of Risk

There are risks to risk management. Or at least too much of it. The public might indeed call for the government to manage more of its risk, but "it is unclear where the endpoint is," Kettl says. "We obviously don't want to get to a state where the government is running everything." But with no clear definition of the limit, the number of public risks the government should manage appears endless. "During normal times, many believe that it is better for the government to stay out," Moss says. "But during bad times, the public demands that the government comes in. This may not be an entirely viable combination."

The United Kingdom may offer an example of a government trying to manage too much risk, contends Michael Power, professor of economics at the London School of Economics and the author of Risk Management of Everything (Demos, 2004). The U.K. began to employ risk management as part of decision- making after several mismanaged governmental crises in the 1990s, such as an outbreak of mad cow disease, failure rates on school exams, and an expensive botched attempt to develop a passport applications system, to name a few.

Compliance with risk management, however, has become the ends for many agencies, rather than actually reducing the public's risk, Powers argues. U.K. government workers have been admonished for not performing risk assessments, and in more than one documented case, police have been chastised for not conducting a "dynamic risk assessment" before saving a person from drowning, to make sure they would not drown themselves.

Finding the proper balance of what risks government should manage is a debate that has been waged since the nation's founding. Abraham Lincoln wrote in 1854:

"The legitimate object of government is to do for a community of people what they need to have done, but cannot do at all, or cannot so well do, for themselves- in their separate and individual capacities. In all that the people can individually do as well for themselves, government ought not to interfere."

The first step is to realize government is in the risk management business and to manage accordingly. And then define how far to go.

Robert Charette is president of the consulting firm Itabhi Corp. and has advised federal agencies, written and lectured extensively on risk management strategies in the United States and internationally.

]]>

Don’t Risk It

Robert Charette — Fri, 01 Aug 2008 00:00:00 -0400

Information technology can help agencies meet their most important mission-protecting the public.

Nearly 200 years ago, Thomas Jefferson said, "The care of human life and happiness and not their destruction is the first and only legitimate object of good government."

According to Jefferson's theory, government's first duty is to manage the public's risk, giving everyone the opportunity to pursue individual happiness-the second duty of good government.

Government manages people's risk in three fundamental ways: first, as a regulator when individuals or businesses impose risks on others; second, as a risk manager, when individuals or businesses cannot manage risk themselves; third, as a provider of services to the public, which often entails risks that the government itself needs to manage effectively.

Consider the Securities and Exchange Commission. Its duty is to protect investors; maintain fair, orderly and efficient markets; and facilitate capital formation. Without SEC's regulatory authority, how comfortable would people feel about investing?

Or take the Food and Drug Administration, whose duty is to protect and promote public health. Since May, FDA has tried to track down a salmonella outbreak that has sickened more than 1,100 people. No private organization could easily take on that role.

The risks agencies manage today are more varied and complex than Jefferson ever imagined. FDA, for instance, is responsible for monitoring potential dangers involving food, drugs, medical devices, cosmetics and radiation-emitting products, to name a few.

Consider food safety. Risks have changed as the food supply has expanded globally and the amount of imported food FDA regulates has more than tripled in the past decade, straining its ability to conduct adequate inspections. In addition, more foods are genetically engineered, increasing from just one in 1994 to more than 50 today. FDA must ensure they all are safe to eat.

With risks becoming more complex, the use of information technology is essential for managing the public's safety. For instance, to improve health care and reduce costs, the Bush administration set a goal to provide interoperable electronic health records for most Americans by 2014.

While technology can help agencies manage risk, the IT solutions themselves frequently are not managed well. The FBI's first attempt to develop a virtual case file system is one example. The bureau canceled the project in 2005 after repeated budget overruns, missed deadlines and performance issues. The snafu with developing handheld computers to support the Census Bureau's 2010 count is another example. The agency canceled its plan to use the devices when it became clear that it wouldn't be able to properly test them by census time and development costs began to increase.

When the agency announced in April that it would not use handheld computers in the next decennial count, top officials blamed poor communication between the government and its contractor, Harris Corp. But that explanation is merely a euphemism for enterprise risk mismanagement.

With so many IT project blunders, it's not surprising that federal agencies have been slow to embrace enterprise risk management. More businesses, however, are using ERM, a holistic approach to managing the full spectrum of risks. They are integrating strategic, operational, financial and insurance risk management practices to better understand the risks that confront them. That way, risks become transparent to everyone in the organization, and a coordinated and cost-effective approach to managing them is possible.

ERM also helps with managing the strategic and financial risks associated with major IT programs, which many agencies typically don't take into account. At Census, a strategic decision was made to use handheld computers for door-to-door census takers to capture and transmit data for the 2010 count. This was a reasonable decision. But the risks it created-operational, financial, contingency and, especially, how those factors interacted with one another-were not accounted for.

A robust ERM approach would have increased the chances that the bureau's handheld project would have been successful. Given all the types of risks the project faced, however, it is doubtful that even a robust IT risk management plan would have been sufficient to ensure success.

Adopting ERM at a federal agency is much harder than in business. While the fundamental business of government is the management of risk, its basic practice revolves around politics, which is about power and control. Also, identifying risk in government is viewed as a negative. Who wants to be on the Government Accountability Office's high-risk list? So, making myriad risks transparent isn't a priority for most agencies.

Still, launching ERM in government is possible. The best way is to take a middle-out approach that concentrates on managing operational risks-those posed by people, processes and technology. Chief information officers, in cooperation with chief financial officers, are well-placed to begin the process because IT touches on not only operational, but financial and strategic risks, too.

CIOs can help identify the different types of risk IT creates and mitigates. With help from CFOs, they can begin to create the underlying processes necessary to manage risk not only within IT, but throughout the agency.

Agencies will find it progressively difficult to create the complex solutions necessary to protect the public without an agencywide approach to managing risk. Without one, Jefferson's goal of good government-the public's happiness-will be at risk as well.

Robert Charette is founder of ITABHI Corp., a risk management consulting firm.

]]>

The Politics Of Technology

Robert Charette — Fri, 01 Dec 2006 00:00:00 -0500

Lawmakers must consider the ripple effect of legislation on agencies' IT systems.

Effective information technology systems are essential to the nation's business, from collecting Social Security to providing for national defense. These systems must interconnect, and changes to one spawn changes to many others. As a result, every time Congress passes legislation that has a strong IT component, it creates profound technical and financial risks.

A year ago, the Centers for Medicare and Medicaid Services launched Medicare Part D, mandated by Congress to alleviate the often crippling cost of prescription drugs for the 43 million elderly and disabled Americans eligible for Medicare. But the rollout of the program by any measure was less than stellar.

With promises of a seamless transition, the first few weeks were "pure hell," as one pharmacist put it. Many Medicare beneficiaries discovered they were being overcharged for their drugs, assigned to inappropriate plans, or denied benefits altogether. The situation became so bad that more than 20 state governors had to step in and order temporary payment of drug benefit claims for their senior citizens.

Most new large-scale programs suffer from teething problems in their infancy, but Congress helped turn this one into a root canal-without Novocain. The legislation required upgrades to the IT systems of pharmacists, insurance companies, state governments and CMS alike. Upgrading disparate systems that handle huge volumes of data is difficult enough, but it becomes harder still with a political deadline for implementation looming.

More than a dozen critical IT systems at CMS alone had to be upgraded, a process that typically would take 24 months or longer, according to its administrator, Dr. Mark B. McClellan. CMS had 12 months. The tight deadline left no time to test the Part D enrollment process before going live on Nov. 15, 2005, even though CMS admitted there were at least five areas where the process could go wrong.

Making a bad situation even worse, Congress required 6 million low-income seniors and people with disabilities to switch from Medicaid to Medicare on Jan. 1, 2006. Lawmakers wanted Medicare beneficiaries to have the option of choosing from at least 20 insurance drug plans-the actual number varied by state-resulting in mass confusion. Many beneficiaries had to sift through more than 50 plans-Oregon had 70-to find the one that best met their needs. Even Medicare specialists were confused: Beneficiaries who called the help lines received wrong answers 41 percent of the time.

The confusion meant that many beneficiaries didn't decide on their drug benefit plan until just before the program went into effect. This created a flood of enrollment paperwork, which overwhelmed CMS and the company responsible for processing and verifying eligibility.

Medicare Part D is only the latest case of what happens when Congress passes legislation that is critically dependent on information technology without considering the full impact on the people, processes and technology needed to implement it. Other examples abound.

Many of the problems with IT modernization at the Internal Revenue Service, for instance, can be traced to Congress. Every change to the tax code creates ripple effects on myriad IRS information technology systems. Every piece of tax legislation, which is usually vague and complex, must be interpreted, defined into a process that can be automated, coded, tested and made operational by the next tax season, if not sooner.

At least 84 new tax laws and more than 14,000 changes to the tax code have churned through Congress since 1986. It's no wonder the IRS modernization project has been on the Government Accountability Office's high-risk list since 1995.

It is probably a forlorn hope that Congress can stifle its desire to play systems engineer or software architect in such situations. One way would be to require an IT impact statement, modeled after the Environmental Protection Agency's environmental impact statement, for every major piece of legislation being considered. The statement would provide full and fair discussion of significant effects on information technology, informing decision-makers and the public about alternatives that could avoid or minimize adverse technical, financial or social consequences. It would help Congress recognize realistic IT goals and expectations, rather than ones based on political wishes-no matter how well intended.

The next big thing that is on the congressional IT agenda is electronic health records. President Bush has set a goal for all Americans to have interoperable electronic health records by 2014. Cost estimates for implementing such a system range from $100 billion to $300 billion. But none of the estimates currently takes into account Congress' penchant for software design by legislation. There are nearly 50 pieces of legislation before Congress that affect electronic health records, the passage of any one undoubtedly having major IT design, operation and cost implications.

As officials in the United Kingdom discovered, politically inspired technical decisions on electronic health record implementation are spinning off billions in unexpected costs, putting the entire effort at risk.

]]>

Organizational Hypocrisy

Robert Charette — Mon, 01 May 2006 00:00:00 -0400

Every agency is two-faced at some point.

"Brownie, you're doing a heck of a job." Not only have these words come to symbolize the dysfunctional nature of the government's response to Hurricane Katrina, but they are destined to become the catchphrase for future failures. Katrina exposed what Swedish economics professor Nils Brunsson calls "organizational hypocrisy" at the Federal Emergency Management Agency and the Homeland Security Department.

Organizational hypocrisy exists in every organization. It occurs whenever decisions and actions are inconsistent or conflict with previously stated ideals, values or performance measures.

This inconsistency is not necessarily bad, Brunsson argues. Being hypocritical might be the only way organizations can operate, he says, given the often contradictory demands they face. Some are even forced into institutionalized hypocrisy. For instance, the Federal Aviation Administration must address daily the dueling legal mandates of promoting air travel and keeping its passengers safe and secure. Unfortunately, FAA's actions in meeting both mandates have earned it the Tombstone Agency moniker, because FAA rules to increase safety only seem to emerge after a deadly airplane crash.

Organizational hypocrisy comes in two flavors. External hypocrisy involves how credible an organization is perceived to be by the public in meeting its stated mission. Internal hypocrisy is how an organization is perceived by its own employees.

Federal employees encounter large and small examples of their organizations' internal hypocrisy every day. Take the most recent job advertisement for your organization. Does it realistically depict the work environment, or one that is scarcely recognizable? As you read it, did you say to yourself, "If people only knew what really went on here"? Would anyone want to work for your organization if the job ad told the whole truth?

What about when management gives that old pep talk about how good the organization is and how, together, we can make our new vision of the organization come true? Would you rather hear them say they don't have a clue what the vision is or how to get there?

Most private and public sector organizations operate at a Stage 1 level of mild or healthy hypocrisy. This is where the reality gap between the public image and what is actually happening inside its private sphere is fairly narrow. Occasionally, some event causing an inconsistency of word and deed widens the organizational hypocrisy gap, or OHG. This is Stage 2, when the OHG becomes wide enough that employees start questioning the judgment of senior decision-makers. It often portends the start of something more serious.

Consider the recent 25 percent reduction to NASA's space science research and analysis budget, and the 50 percent slash in its astrobiology budget in particular. Senior managers have termed these cuts "temporary speed bumps" that will defer, not forever cancel, affected projects. They insist that these cuts still allow a "vigorous program of astrobiology research and some technology development." NASA's astrobiology employees and the academic community aren't buying into management's version of reality. They don't believe the cuts are temporary, and they do not believe that a vigorous, effective astrobiology program will exist once the cuts take effect.

What's more, employees are questioning how NASA is going to land astronauts on Mars if the research needed to take them there isn't performed. Top managers have characterized such criticism as "a hysterical reaction." It will be interesting to see whether they can keep this burgeoning organizational hypocrisy gap from widening any further, and even more important, keep it from spreading to other parts of NASA.

If a moderate OHG becomes institutionalized, then Stage 3, severe organizational hypocrisy, arises. Here, the organization suffers from a full bout of cognitive dissonance, or Dilbertism, the condition of the famed cartoon character who toils in the shadow of an inept boss. At this point, management descriptions of reality are at odds with the working-level view. Talk, decision and action become disconnected. Employees start wondering aloud what planet senior managers live on, healthy skepticism turns into destructive cynicism, morale sinks to the basement and an organizational meltdown becomes a distinct possibility.

While an organization with a wide internal hypocrisy gap might not be operationally effective, it can muddle through for a long time, especially in the public sector. Since top executives control the public face of the organization, they quite easily can paper over the OHG, or if it becomes inadvertently exposed, blame the problem on disgruntled employees.

That strategy is viable until an event happens outside management's control. A dysfunctional organization cannot perform its mission in the face of an unexpected crisis. In the aftermath, its performance is investigated, exposing the internal organizational hypocrisy. Poor performance also triggers deep public mistrust in the organization, which creates a condition of external organizational hypocrisy.

In the case of Katrina, the juxtaposition of President Bush's statement of support for the head of FEMA and televised coverage of the agency's performance were so out of sync that the damage not only to FEMA but the administration's credibility was devastating.

Once an agency's organizational hypocrisy is laid bare, it is impossible to effectively reduce it. Even honest attempts to set things right will be seen in a cynical light. Just ask New Orleans residents how they felt when DHS announced its plan to hire 1,500 additional people at FEMA to prepare for future disasters. How many would label this a publicity stunt? Or ask FEMA employees, who have seen their once respected organization systematically hollowed out over the past several years. Do you think they believe DHS officials can put FEMA on the return path to the high-performance days of the late 1990s? The time it took to find an emergency management professional willing to take the job as head of FEMA indicates that no one outside the organization believes it can make a comeback.

Organizational hypocrisy is a fact. The trick is to keep it to a minimum by working aggressively to keep the OHG narrow. Once the gap begins to grow, it is devilishly hard to close.

]]>