The Overview of Jagiellonian University in Kraków: Risk and Crisis Management Capabilities

by Katarzyna Jurzak

This report focuses on the overview of Jagiellonian University in Kraków risk and crisis management capabilities as a key part of further change of the institutional approach to the way we operate under current risk environment. Main issues which create the current context are the aftermath of the pandemic, war in Ukraine and the current political situation in Poland resulting in:

• 200% increases in the university’s operating costs (utilities, investments etc.) with simultaneous lack of funds (low subsidy levels)
• increased burden on the university support system – eg. refugees, mental health issues of students and staff, low salaries, ‘culture wars’/ political/ value conflicts in the university community, trade unions activity, climate action, scholar activism.

We need to become more resilient and enhance our ‘ability to bounce back from disruptive challenges’ through ‘the ethos of preparedness and strength through planning, training and teamwork’ (Eyre & Easthope, 2019:19). Although there have been numerous business disruptions at Jagiellonian University in the last 10 years and many lessons have been identified, there is still much to be learned. Recent steps taken to develop a system for improving employee competencies must include training in resilience in its broadest sense. Unfortunately, there are systemic/institutional weaknesses and vulnerabilities of our university that may interfere with the ability to act professionally in the changing and challenging context:

• Dispersed documentation related to the incident management, crisis management, business continuity
• Lack of strategic documents, including a risk register, cohesive crisis management policies and procedures
• Multiple university units responsible for security, safety, health (including mental health), such as (a selection): Department for Security, Safety and Equal Treatment, Section for Classified Information and Defence Matters (SCIDM), Health and Safety Department, Fire Protection Service, Security and Events Specialists, Students and Staff Mental Health Centres, Disability Support Service, IT service, Rector’s and 3^rd Campus Guards, Janitors/ porters supervised by different members of the board with the simultaneous lack of the multidepartment cooperation and lack of the coordination
• Lack of clarity on roles and responsibilities (who enables which plan, who owns which plan, who is decisive in which scenarios)
• Strategic/ tactical/ operational integration
• Lack of the system of exercises beyond fire drills and occasional talks conducted by the Kraków police
• Lack of incident management procedures in case of malicious attacks
• Lack of the cohesive communication policy

Although the SCIDM prepared ‘Procedures for action in the event of an emergency’ and they’ve been approved by the strategic level, they still are treated as an internal document and have not been disseminated among students and staff. The tasks of porters and facility administrators in emergency situations are unclear, with the result that an efficient crisis management system at operational and tactical level does not really function. The strategic level mistakenly assumes that, since it has approved the procedures, they are known and implemented at lower levels of management. The communication takes place in ‘silos’ and even if the identification of problems is functioning properly, information about them and potential for ‘lessons learning’ does not reach those responsible for the functioning of the university. The biggest challenge in any incident, emergency, major disruption or crisis is communication – ‘transfer of complex information under pressure between multiple stakeholders’ (ISRM 2021). Also, the legal requirement to establish an emergency telephone on university premises has not been met.

What needs to be done?

We need to address each of the above mentioned institutional weaknesses and vulnerabilities and transform the university into a more resilient organisation. The changes need to address the overall culture and the ethos of the university. We need to prepare a competence development programme (incl. table-top, walk-ins, through drills, and full-scale exercises with external stakeholders) in risk and crisis management in order to achieve a structural and long-lasting change and get rid of a ‘indecisive’ attitude of medium-level management. Further actions are needed to address the prevailing conviction among university decision makers of ‘we managed to reach this point, so it will be OK’ to ‘what can possibly go wrong?’. Also, we must end the practice of risk management carried out on an ad hoc basis without a general view on what we perform as an organisation (Management Control Statement, 2021). One of the biggest challenges in the hierarchic structure of the university is redefining the way of communication, coordination and control from ‘command and control’ towards ‘support and adapt’ (Comfort 2007:190). Our efforts aim at avoiding so common reasons for failure: misinterpretation and ignorance of repeated indications of impending danger (Boin & t’Hart, 2003:547). We have to plan a system of trainings which promotes thinking in categories of ‘unconventional complications’, ‘what if?’, ‘hypothetical issues of safety not normally examined’ (Lagadec 2005, 8-10). We must transform the usual inability to understand ‘What has just happened?’ into a university wide risk attitude and culture which allows us ‘to identify potential crises at the earliest opportunity, to respond in a timely and appropriate manner, and to embody the concepts of organisational resilience that will allow the speediest recovery in the post-crisis period’ (ISRM 2021, Rubens 2022). We need to be able to respond to an event which is outside of planned scenario under time pressure in rapid escalation and lack of information in order to avoid catastrophic consequences. The real crisis management must be a part of the daily way of doing. We cannot afford to misunderstand the threat (its nature and/ or the scale), misunderstand the response (its nature and/ or scale and/ or timing) as well as mismanage the response on any of the levels (strategic, tactical or operational). We need to have a well-trained team who is able to assess, select, and transfer information to the university governing board. We want to become a ‘High Reliability Organisation’ which proactively focuses on things that can go wrong (ISRM 2021). We will closer look into a near-miss data as a source of ‘identified lessons’ and we must learn from them. We will use existing systems and new technological solutions to automate and support our key functions, processes and services in order to remove ‘the most likely cause of systems failure – human error’ (ISRM 2021).

We have to:

• establish clear roles and responsibilities at the strategic (gold), tactical (silver) and operational (bronze) level with a scheme of deputies with the same level of decision-making
• conduct a thorough analysis of key processes from the ‘what can go wrong?’ perspective
• prepare a cohesive communication strategy (incl. media liaison arrangements, a contingency plan (if standard channels are unavailable), templates of the most common notifications (website and social media)
• review and prepare tools: mutual aid agreements, general teaching space, mass notification system, protocols.

All of these actions will be beneficial to the university by providing compliance with laws and procedures and therefore the reduction of risk of personal liability for the rector and other members of the rector’s collegium. Increased capabilities will ensure professionalisation of services and less risk of loss (people, assets, prestige etc.), and ability to maintain business continuity in the event of major and catastrophic incidents.

Notes & Bibliography:

• (Boin & t’Hart 2003) Boin A & ‘t Hart P, Public Leadership in Times of Crisis: Mission Impossible?, Public Administration Review, September/October 2003, Vol. 63, No. 5, ISRM Members library.
• (Comfort 2007) Comfort L K, Crisis Management in Hindsight: Cognition, Communication, Coordination, and Control, Public Administration Review, Volume 67, Issues 1, December 2007, Pages 189-197, viewed 11 November 2022 < https://doi.org/10.1111/j.1540-6210.2007.0082> 
• (Eyre & Easthope 2019), Eyre A & Easthope L (technical author), Resilience in Higher Education: Third Edition, Spring 2019, Association of University Chief Security Officers (internal AUCSO library).
• (ISO Checklist) Enterprise Risk Management Report Template & ISO 31000:2018 Checklist, viewed 28 October 2022
• (Lagadec 2005), Lagadec, P 2005, Crisis Management In The 21st Century “Unthinkable” Events In “Inconceivable” Contexts, Ecole Polytechnique Centre National De La Recherche Scientifique, February 2005, Cahier N° 2005-003, viewed 08 February 2022
• (National Risk Register 2020), National Risk Register 2020 edition, viewed 5 November 2022,
•  (Rubens 2022), Rubens D, 22 April 2022, E-mail invitation to the ISRM Academic Workshop 26/04/2022: Sense-Making + Complexity: Lessons From Covid