How a Bank Organization Handles Robberies a Question of Crisis Management

J ÖNKÖPING I NTERNATIONAL B USINESS S C H O O L JÖNKÖPING UNIVERSITY

How a bank organization handles robberies A question of crisis management

Paper within Business Administration Author: Daniel Andersson, [email protected] Maria Gustavsson, [email protected] André Waldén, [email protected] Tutor: Börje Boers Jönköping January, 2008

Acknowledgements We would like to thank our tutor Börje Boers for his support and guidance throughout the work with our thesis. Further we would like to thank the Bank organization and all the respondents that have made this thesis possible.

Daniel Andersson Maria Gustavsson André Waldén Jönköping International Business School, January 2008

Bachelor Thesis in Business Administration Title: How a bank organization handles robberies - A question of crisis management Authors: Andersson Daniel, Gustavsson Maria, Waldén André Tutor: Börje Boers Date: January 2008 Subject terms: Bank organization, robbery, crisis, crisis management, crisis management team Organizations are in today’s business society faced with an increasing number of crises. The knowledge about how to manage a crisis has become an important tool for competitive advantage. The question is no longer if or when an organization will experience a crisis, but rather in what form and how prepared it is when a crisis actually occurs. The many networks of today’s business society make organizations even more vulnerable to the possibility of indirectly being affected by a crisis. This paper focuses on the banking industry as banks form an important part of many business networks. Furthermore, focus is put on the immediate form of a crisis and specifically robberies. The immediate crisis re- flects the importance for an organization to be prepared as the immediate crisis by its nature gives little or no warning, following that it is more difficult to prevent these types of crises. The banking industry is often discussed in terms of stability and security whereas the crisis brings instability and uncertainty and challenges the organization’s structure. The purpose of this thesis is to understand how and why crisis management concerning robberies is implemented within a bank organization. This paper looks into the current theories discussed in the literature and the field of crisis management, the authors have chosen a qualitative approach and have performed a number of interviews, both with internal and external parties. Through the research performed the conclusion was drawn that the bank organization is very professional in their handling of crisis management concerning robberies. The bank has identified the importance of having a well prepared plan as a crisis situation such as robbery occur and the policies on crisis management concerning robberies has, for an extensive time period, continuously been processed and developed. The policies developed include all aspects of a crisis, both educational program in the Pre-crisis stage, aspects to consider and how to act when a robbery occurs, and also how the organization responds in the Post-crisis stage. The bank organization has in their approach chosen to a great extent to handle the work with crisis management internally. It was concluded that, since the bank organization has, during an extensive period of time, identified the risk of being robbed as a constantly relevant issue, the policies has been processed and developed repeatedly to cover all aspects of a crisis. The implementation of the policies is in the Pre-crisis and Crisis stage performed without any flexibility as they are explicit in their design and covers every aspect of a crisis. Con- trary, the implementation in the Post-crisis stage has a more flexible approach as the Crisis group is working with people that experiences a situation of trauma. It is acknowledged that the bank organization is following the different stages of crisis in their policies, divid- ing the responsibility of the implementation of crisis management in each and every stage.

Table of Contents

1 Introduction...... 1 1.1 Background ...... 1 1.2 Problem ...... 2 1.3 Purpose...... 3 2 Frame of reference...... 4 2.1 Risk and Risk Management...... 4 2.2 Crisis and Crisis Management...... 4 2.2.1 Public view of a crisis ...... 5 2.2.2 Types of crisis ...... 5 2.2.3 The seven typologies of crisis ...... 5 2.2.4 Crisis defense mechanisms...... 6 2.2.5 How to manage the stages of a crisis...... 7 2.2.5.1 Mitroff’s three-stage model – The chronology of a crisis...... 7 2.2.5.2 Pauchant and Mitroff’s five-stage model – managing the crisis ...... 8 2.2.6 Crisis management teams...... 9 2.2.7 Leadership during a crisis...... 10 2.3 Summary of theoretical framework...... 11 3 Method...... 13 3.1 Methodology...... 13 3.2 Quantitative vs. Qualitative...... 13 3.3 Primary data ...... 14 3.3.1 Interviews ...... 14 3.3.2 Our interview approach ...... 15 3.3.3 Secondary data ...... 16 3.4 Type of Sampling...... 16 3.5 Validity and Reliability...... 17 3.6 Confidentiality limitations...... 18 3.7 Analyzing the collected data...... 19 3.8 Conducted interviews ...... 19 4 Empirical findings...... 21 4.1 Interview with Eva Johansson ...... 21 4.2 Interview with Lisa Gustavsson ...... 22 4.3 Interview with Mona Svensson ...... 24 4.4 Interview with Lotta Larsson ...... 26 4.5 Interview with Lars Björk and Håkan Grahn ...... 28 4.6 Interview with Ronny Bergström...... 29 4.7 Interview with Louise Stork...... 29 5 Analysis...... 31 5.1 Public view of a crisis ...... 31 5.2 Pre-crisis ...... 31 5.2.1 Crisis defense mechanisms before a crisis ...... 32 5.2.2 Crisis management teams before a crisis...... 33 5.3 Crisis ...... 34 5.4 Post-crisis...... 34 5.4.1 Crisis management teams after a crisis...... 34

iii

5.4.2 Crisis leadership in the Crisis management team ...... 36 6 Conclusion ...... 37 7 Discussion...... 39 7.1 Further discussion ...... 39 7.2 Reflections...... 40 7.3 Further research...... 40 References ...... 41 Appendix 1 – Questions to the local Security Directors...... 44 Appendix 2 – Questions to Security Officer of the Security group...... 45 Appendix 3 – Questions to Head of the national Crisis group ...... 46 Appendix 4 – Questions to the police...... 47 Appendix 5 – Questions to the union representative...... 48 Appendix 6 – Questions to the robbery victim...... 49

Tables Table 3-1 List of interviewees...... 22

Figures Figure 1-1 A combined figure of the Three-stage and Five-stage model ...... 7

1 Introduction In our introduction we want to introduce the reader to the chosen topic of the study by presenting the background, problem discussion and the purpose of the thesis.

1.1 Background The business environment of today is highly interconnected and subject to a high degree of change. The change on economic related activities in the last decade has been drastic and the reason for these changes is: globalization, changes in demographics and also change in social structure, and it is believed that this level of change is set to continue (Pollard & Ho- tho, 2006). Due to the new level of interconnection in the business environment, a crisis that occurs in one part of the world or organization is no longer an isolated event affecting one specific location, instead the consequences will affect the whole organizational network and all stakeholders involved. As Mitroff (2000) puts it “Today, the world is so interconnected in space and time that any event around the globe can potentially affect other events in ways of which we are only dimly aware. In light of this fundamental alteration of ordi- nary space and time as well as the sheer uncertainty of knowing which improbable events out of thousands will connect to affect our lives, organizations, and world, how do we manage institutions?” As the business world increases in interconnectivity, a crisis poorly managed can have devastating consequences for the businesses involved. In the current globalized world, it is important that organizations prepare and organize for potential crisis. Mitroff (2000) emphasized this by arguing that the question is not how , when and why the crisis occurs but rather in what form and how prepared the organization is. The discussion of the importance of effective crisis management and increased attention to the subject must be viewed in the light of the increased occurrence in crises during the last twenty year. Mitroff (2000) even argued, that it has become an integral feature of the information/system age of today and the crisis can no longer be seen as rare or random, but rather occurring in increasing frequency. Today, no industry, no institution, no segment of society is out of danger, everyone is at risk of being subject of a crisis. A crisis previously only struck against one industry, but due to the interdependence that today’s society a crisis now overlaps many different industries (Mitroff, 2004). The importance of crisis management first gained recognition when the well known Tylenol crisis occurred in 1982. The history tells how the pharmaceutical giant Johnson & Johnson was faced with a crisis when their main product, Tylenol, when consumed by its customers caused death. Since the Ty- lenol-crisis a number of diverse crises have come to public attention (Mitroff, 2000). This paper will explore the crises that in accordance to Parsons (2006) are of the immediate nature. The immediate crisis can be defined as a crisis that gives little or no warning signals. One of the most widely known immediate crisis was the attack on the World Trade Center in New York on September 11 th 2001. Crises of the immediate nature that are more applicable to the Swedish context are the media high-lighted robberies towards cash transport companies and a number of different bank offices. One example is the robbery against Handelsbanken in Bankeryd 2006, which is one of the most widely media covered robberies in recent years (Ulla Andersson Jarl, Public Relations Department, Jönköping Police Department, personal communication, 2007-10-08).

1.2 Problem Many of the earlier studies of immediate crisis such as terrorist attack and criminal acts have been studied from a macro-economic perspective . When looking at an organization from the micro-economic perspective the immediate crisis discussed are often linked to other risks than those of criminal acts; for example the loss of market shares, not being profitable or technological break-downs (Seeger, Sellnow & Ulmer, 2003). To fulfill the gap of research conducted on immediate crisis at an organizational level, we have decided to take on the perspective of the banking industry and robberies towards their bank offices. But why is the banking sector is of interest? First of all, there has been an increase of financial transactions in favor of the traditional trading market. Providing good financial services is vital and often these services are offered by the banking industry. The link between banks and the business world in today’s society makes the banks a central part of the wellbeing of the economy as a whole and a source of funding that needs to be stable and reliable in order to create incentive for businesses to invest with loans as a source of funding. The central role that the bank organization has in today’s society leads to the issue that if the organization is not well prepared for the crisis that faces them it will not only affect the organization as such but also the surrounding stakeholders. Another reason why the banking sector is of interest is that when looking at concepts such as stability, reliability and trustworthiness, terms that often people relate to the banking industry, you understand the importance of good crisis management. Traditionally people, as well as private business trust the bank to take care of their savings with the belief that the money will be safe and secure. When this notion of stability breaks down, in the event of a crisis, the customers of the banks face the choice of continuing to trust their bank or to find other financial institutions to handle their funds. Therefore, the nature of crisis challenges these assumptions of stability and trustworthiness and is characterized by ambiguity, uncertainty and instability, as well as being disruptive and unanticipated. (Seeger et al, 2003) When the bank faces a crisis the reestablishment of the bank’s reputation and rebuilding the confidence of its stakeholders needs to be on the bank manager’s agenda. The crisis threatens the integrity and reputation of the organization and it challenges the public’s sense of safety, values or appropriateness (Sapriel, 2003). Implementing a well working crisis management plan will rebuild the confidence of the stakeholders and bolster the opinion that the bank is reliable and secure, minimizing the perception of uncertainty that occurred during the crisis. It is also important for the organization to establish well working communication channels with external bodies such as emergency organizations (Quarantelli, 1986). Even when the crisis is not preventable, Mi- troff (2000) argued that they can be handled effectively or ineffectively. The damage can be minimized and the time required to recover can be shortened if the organization has a crisis management plan. The reputation and brand image is an important asset for every organization; therefore the crisis management plan that an organization might have, upholds the notion of trustworthiness and stability in the occasion of a crisis. There is a need for the bank organizations to have a well established plan to minimize the direct and indirect consequences of a crisis. The indirect losses caused by such an unforeseen event are usually greater than the direct losses (Ashcroft, 1997). This is also applicable in the occasion of a robbery where the direct losses, the loss of money, are usually less than the indirect losses, since the customers and employees experience a trauma. Additionally, the customers could loose their trust for the bank organization when it is not seen as reliable and safe after the robbery.

As previously stated, there is a lack of studies performed on banks and on the occurrence of crisis such as robberies. We often connect robberies with banks which can be supported when looking on the yearly reports from The Swedish Council of Crime Prevention where one type of robbery is categorized and referred to as bank and post office robberies. In general only a small percentage of the total number of robberies occurs in banks and post offices (Retrieved from Brottsförebyggande Rådet, 2007-10-08). However, the banking sector itself cannot neglect to identify this type of crisis since there is a contradictory relationship between the instability and uncertainty of a robbery and the stability and reliability of a bank. Crisis management involves the research from many different disciplines including economic, technological and psychological aspects. The organizational crisis can be studied within a wide range of research areas (Shrivastava, 1993). This paper explores how a bank acts when faced with an immediate crisis, especially a robbery. This paper focuses on what policies exist and how the bank organization implements crisis management concerning robberies. Fields of interest within these objectives is the stages of a crisis, leadership, and the banks cooperation with external parties during a crisis. The aim of this paper is to create a greater awareness about crisis management within the banking industry.

1.3 Purpose The purpose of this thesis is to understand how and why crisis management concerning robberies is implemented within a bank organization. The following research questions will help in achieving the purpose:

• How is the bank organization’s crisis management organized on a local and national level?

• How important is the public view of the bank organization’s security in the occurrence of a robbery?

2 Frame of reference The chapter will present the relevant theories that are used as a framework to fulfill the purpose of the thesis. First there will be a short section on risk and risk management as banks face many risks that might evolve into a crisis. This will be followed by a section explaining and exploring the concept of crisis and crisis management and on how to manage a crisis. Furthermore a discussion of leadership styles in the context of a crisis will be presented.

2.1 Risk and Risk Management An organization is exposed to several risks that can lead to a crisis. An organization that creates policies and procedures does not label these as ‘identified crises’, instead they will discuss the different risks that could face the organization. Being exposed to these risks could possibly evolve into a crisis. An identified risk that is always present for banks is the risk of being robbed. A robbery is a risk that could develop into a crisis for a bank organization, therefore it is important to first introduce the reader the topic of risk and risk management. Risk management was developed in the 1940s as the American industry was about to change focus. During the war years the American industry experienced limited competition, but the following years of peace lead to a reorganizing of the industry and the competition intensified. The companies sought decreased insurance premiums from the insurance companies, but as the insurance companies did not want to comply with these demands, the organizations instead tried to reduce the risks they were facing. Specialists within the economic administration department were appointed to work with these issues. After a few years these specialists were labeled ’Risk managers‘ (Hamilton, 1985). In the 1980s and 1990s, risk management became a subject of identifying and eliminating risks; the design and implementation of control frameworks, managing insurance portfo- lios, as well as meeting corporate governance standards has been of great concern (Frost, Allen, Porter, & Bloodworth 2001). There has been a tendency to use science, where one tries to support the decision with calculation of probabilities. Recently however, there has been a recognition of the social and political dimensions which has been stressed in much of the literature discussing risk perception and communication (Hester & Harrison, 1998). Fishkin (2006) identifies risk management as an ongoing process in which organizations identifies, measure, monitor and take actions to manage their various risks. Hamilton (1985) defines risk as the fear of experiencing a randomly occurring event that might negatively affect the possibilities to reach the organization proposed goal.

2.2 Crisis and Crisis Management As discussed above, when the bank organization has identified the potential risks, it will lead them to implement crisis management. Due to this fact, crisis management has become a more integrated part of the organization. Within the banking industry the risk of a crisis is always present and crisis management is of high importance. To fully understand crisis management one first has to grasp the concept of crisis and how this can affect an organization. Pearson and Clair (1998) stated that, “An organizational crisis is a low-probability, high-impact event that threatens the viability of the organization and is characterized by the ambiguity of cause, effect, and means of resolution, as well as by a belief that decisions must be made swiftly”. A crisis can hurt or even destroy an organiza-

tion, as discussed in the problem, the meaning of crisis and the stability that bank organizations stand for is in total contradiction. Whether the crisis is large or small, organizations will eventually face one. Organizations always strive to develop themselves and plans for success are always on the agenda. Al- though, many organizations fail to recognize the importance of being well prepared for a crisis and this mistake can lead to an organization’s failure. Therefore, if the overall strategic planning process does not include crisis management it “…is like sustaining life without guaranteeing life” (Kash & Darling, 1998). Crisis management can be defined as the importance of being well prepared to handle the adversity of crisis, minimize the impact in the most effective way and facilitating the management process during the chaos that a crisis produces (Sapriel, 2003).

2.2.1 Public view of a crisis Regester (2005) stated that in the United States it would take two Boeing 747 airplane crashes per week to match the number of people killed on the American highways every year, yet these airplane crashes would garner much more media attention. Hence from a public view, if a big crisis occurs and it is handled badly it can lead to many complications for the organization (Regester, 2005). Mitroff (2000) recognized the importance of reputation and brand image in his discussion of being a victim instead of a villain in a time of crisis. A victim is to someone harm is done, intentionally or unintentionally, whereas a villain inflicts harm to another person and is seen as the ‘bad guy’. A victim can also be someone who caused harm but took responsibility and acted in order to reduce damage, however a villain would not care to take any actions. To be viewed as a victim in the public eye is of high importance when a crisis has occurred because a crisis can potentially lead to both positive or negatives outcomes (Seeger et al 2003). No matter the result, there is a low probability that the crisis occurs without coming to the public’s attention.

2.2.2 Types of crisis Parsons (2006) distinguishes between three different types of crisis; sustained, emerging, and immediate. The sustained crisis often last for weeks, months or even years and are often prospering on pure speculation, gossip and rumor. An emerging crisis is slow, but even so, it is often hard to put all pieces together in order to predict the coming of the crisis. The last crisis that is discussed is the immediate crisis. The focus of this paper is on the immediate crisis which provides managers with little or no warning. It is hard or even impossible to predict this type of crisis, but the importance of being well prepared is essential for an immediate crisis scenario such as a robbery. As Augustine (1995) argues, “Almost every crisis contains within itself the seeds of success as well as the roots of failure, finding, cultivating and harvesting the potential success is the essence of crisis management.” This further highlights the importance of being well prepared for the unpreventable and unpre- dictable.

2.2.3 The seven typologies of crisis In addition to the view of the three main types of crisis, Mitroff (2004) divides the crises in- to seven different typologies. These typologies identify crises that can offset the organization. Furthermore Mitroff (2000) argues that an organization has to prepare a plan for one crisis from each typology as a minimum since every typology of crisis can hit an organization. Just the fact that an organization has thought about a crisis will make them better

prepared and respond in a more efficient way instead of being paralyzed. The seven typologies that Mitroff identified are: 1. Economic – labor problems, hostile takeovers, market crash etc 2. Informational – false information, loss of data, computer crash etc 3. Physical – Loss of key equipment, loss of facilities, product failures etc 4. Human resources – loss of key personnel, corruption, workplace violence etc 5. Reputation – gossip, rumors, damage to the general reputation etc 6. Psychopathic acts – kidnapping, terrorism, criminal acts etc 7. Natural disaster – Flood, fire, earthquake etc These seven typologies cover all different crises. Within these typologies a robbery repre- sents an example of a ‘psychopathic acts’ and land under the ‘criminal act’ part. Psycho- pathic acts are, such as immediate crises, difficult to predict and prevent.

2.2.4 Crisis defense mechanisms Mitroff (2000) highlights the importance of the psychological aspect of crisis management and the preparation for crisis that has not yet occurred. It has been discovered that organizations, just like individuals, put up defense mechanisms to disallow and deny their vulnerability to the always existing threat of crisis. For an organization it is essential to highlight and deal with these types of defense mechanisms which in turn will create better crisis management. Mitroff (2000) has identified different types of defense mechanisms that can exist in the culture of an organization. These types go hand in hand with the individual defense mechanisms that Freud developed (Mitroff, 2000): Denial – Crisis only happen to others. Our organization is invulnerable. Disavowal – Crisis happen but the impact they will have on our organization is small. Idealization – Crisis do not strike a good organization. Grandiosity – We are such a large organization so we will be protected from crisis. Projection – If a crisis happens, it is because someone is out to get us. Intellectualization – We do not have to worry about crisis, the probability for it to happen is small. Compartmentalization – Crisis can not affect the whole organization since the parts are in- dependent of one another. Ignoring the probability of crisis “as an ostrich in the sand” and simply ignore the occurrence of crisis will not make them disappear (Kash et al 1998). It is critical for an organization to evaluate itself and identify if these kinds of defense mechanisms are present within the organization. These defense mechanisms have to be taken seriously and dealt with. It would be disastrous to have these defense mechanisms present within the organization, since it will lead to poor crisis management and the response time to recovery will increase (Mitroff, 2000).

2.2.5 How to manage the stages of a crisis In order to fully understand and manage a crisis the bank organization must recognize the different stages of the crisis. Since a crisis never occurs as the organization has planned for, it is important to be flexible and adaptable in the preparation for the crisis . Mitroff (2004) developed a three-stage model which creates a structured view of the chronology of the crisis, and in 1992, together with Pauchant, he developed a five-stage model that can be combined with the later three-stage model because the five stages fit inside the chronology of the three stage model. These two combined will better guide the organization in finding the appropriate actions in each of the three chronological stages. It will also help the organization to understand which actions are appropriate in managing a crisis. To give a better overview of how these two models can be combined we have constructed the model below (See figure 2-1).

Figure 1 – A combined figure of the Three-stage and the Five-stage model

2.2.5.1 Mitroff’s three-stage model – The chronology of a crisis This model was created to show a greater overview of the chronology of a crisis. The three stages in the model are called: Pre-crisis, Crisis and Post-crisis. In the three main stages the smaller sub-stages are included. Stage one, the Pre-crisis stage, is the time of normal operation before the start of a triggering event and includes the sub stages: Signal detection, Preparation/prevention as mentioned in Pauchant & Mitroff’s (1992) five stage model for better crisis management. This first stage deals with how an organization can reveal the internal weaknesses in the organization that can lead to a crisis and build capabilities that the organization will need in a crisis situation before it actually

occurs. A crisis is a confusing and difficult situation that brings out powerful emotions that are extremely difficult to react to without the right preparation and training (Mitroff, 2004). Stage two, the Crisis stage, is where there is an event that triggers the crisis. In this stage the organization needs to use the capabilities that were built in stage one in the three-stage model before the crisis occurred (Mitroff, 2004). The sub-stage from Pauchant & Mitroff’s (1992) five stage model is Containment/damage limitation. Stage three, the Post-crisis stage, is the postmortem and leads back to the near normal operations after learning and adjusting in the organization. It is now that the organization will have to look back on what happened and learn from the actions made. The crisis capabilities integrated in stage one will need to be redesigned where there were flaws (Mitroff, 2004). In this stage the last two steps, Recovery and Learning, in Pauchant & Mitroff’s (1992) five stage model are included .

2.2.5.2 Pauchant and Mitroff’s five-stage model – managing the crisis To know how to handle a crisis situation one must first understand how the different stages of a crisis work. When discussing robbery the main focus is not put on the actual occurrence of the robbery. Instead it is important for the bank organization to identify the risk and work efficiently during the entire lifecycle of a crisis. As mentioned above, Pauchant & Mitroff (1992) has developed a five stage model which describes the phases in which the manager can prevent or affect the course of action of the crisis. They argue that a crisis is a question of effective organizational management. This view explains that the actions of the organizations’ participants are of great importance in a crisis situation because of these actions the crisis could be anticipated, avoided and prevented (Seeger et al 2003). The five phases in a crisis are Signal detection, Preparation/prevention, Contain- ment/damage limitation, Recovery and Learning. The Signal detection phase shows that there are early warning signals or forewarnings that can be detected. In the case of a crisis situation for a bank such as a robbery the warning signals may not come in the same way as other crisis situations, but the management still needs to consider this stage because there might be characteristics of one bank office that make it attract robberies more than another. It is when the management fails to perceive and act on these signals that a crisis might occur. This brings out the need for a well upwards working communication system in the organization (Seeger et al 2003). The second stage in the model is Preparation/prevention. This stage is possible if the signals in the first stage have been detected and the management is able to control the crisis. Prevention means that the organization adjusts its strategy in activities so the risk or the occurrence of a crisis decreases. Preparation means planning for scenarios and having a se- quence of actions for imagined crisis to make the organization ready for a crisis (Seeger et al 2003). The third stage involves Containment/damage limitation. Although an organization might have comprehensive preventative actions some crises may still occur. It is then important to have a well planned damage limiting mechanisms which are designed, in outline with the Preparation part of stage two, to contain and limit damage. If the crisis happens suddenly then there will be less opportunity to contain it or limit the damage (Seeger et al 2003). The fourth stage in the model is Recovery which is also connected to Preparation described in stage two. It focuses of recovering what has been lost and returning to normal business

operations as fast as possible. This is where the Preparation from stage two comes in; the crisis management plan is now implemented (Seeger et al 2003). The final stage in the model is the Learning stage. Learning is the process of improving what has been done in the past (Seeger et al 2003). Pollard & Hotho (2006) argues that when normality within the organization starts to return it is essential to as soon as possible start an evaluating process.

2.2.6 Crisis management teams One factor that is of high importance is how to prepare for a crisis by creating a crisis management team (CMT). The size and structure differ and are influenced by the nature of the organization. The team has to be created well in advance of a crisis with a clear chain of command (McKenzie, 1994). A large and immediate crisis such as a robbery will require a larger effort and the close coordination of different people with different resources and capabilities (Seeger et al 2003). Their main function is to construct an overall organizational understanding about crisis but the CMT should also develop the plan and do all the preparations for the occurrence of a crisis. The CMT in addition evaluates the potential crisis and develops response programs to be even better prepared. It is important to create a team that can function under the stress that a crisis will create (Seeger et al 2003). Since there are a range of crises it is important for the CMT to evaluate what crisis could occur, and to consider all imaginable crises. Furthermore, the CMT has to evaluate the crisis and the potential of them occurring, if the potential is high a full crisis plan should be developed, for a bank organization it is essential to develop a full plan for handling robberies. In contrast the crisis that is not as likely to occur, the creation of only a small contingency plan would be enough (Kash et al 2003). Additionally, the CMT has a variety of functions to fulfill and Coombs (1999) argues that a CMT “is responsible for (a) creating a crisis management plan, (b) enacting the crisis management plan, (c) dealing with any problems not covered in the crisis management plan (cited in Seeger et al 2003). In other words the CMT deals with all aspect possible in the areas and stages of a crisis. When a crisis has occurred it is important for the CMT to be flexible, since decisions have to be made within the highly uncertain frame of a crisis (Seeger et al 2003). Seeger et al (2003) further highlights the importance of having a cross functional team with representatives from all different areas, examples of these could be lawyers, accountants, emergency-response professionals, marketing professionals, security personnel etc. The importance and the impact of these members depend on the crisis that the organization faces. The members included and the structure of the CMT has to be matched with the organization and the crisis that is most likely to be faced. Furthermore, the crisis team has to meet on a regular basis because it is important to have continuity in the preparation for crises. Often this is overlooked by organizations since this is viewed as a waste of money. The mindset is that the crisis management plan is already developed, why waste time and money for more meetings. However this could be a massive mistake, the crisis management team has to be constantly updated to gain crucial expertise in handling crises due to the fact that the environment that organizations operate in are not static (Kash et al 2003). Also this continuity increases the understanding and cohe- sion of the individuals. When faced by a crisis why is it important to have a CMT instead of just one single individual? Seeger et al (2003) has identified three main arguments that a team will work more efficiently than an individual in a crisis situation. Firstly, within a team there is a higher like-

lihood that someone has the specific knowledge and experience of tackling the crisis at hand. Although, even if this individual does not exist the interaction of the group will scru- tinize the crisis from several different angles and in that way develop an accurate response. Secondly, a team can give constructive feedback of the group members’ individual knowledge and in that way prevent an incorrect response. This is of most importance when facing a crisis since a response needs to be implemented quickly, hence the hazard of responding without evaluating the situation entirely. Finally, a team will have a surplus of resources and capabilities and the importance of this lies in the reality of the crisis phenomena. The occurrence of a crisis is impossible to prophesize; it can strike an organization at any time, hence the possibility of the CMT’s members being occupied or unavailable.

2.2.7 Leadership during a crisis As the organization is being exposed by a crisis, such as a robbery, it is essential to have a management team and leaders who can guide the people of the organization. In today’s society the importance of good leadership is well known. Without well working leadership a democratic society would not work effectively. Leaders are required on all levels to create stability, give directions, create teamwork and inspire people to perform to their maximum level (Adair, 2003). Leadership is not a new concept, it has been used throughout the history of mankind, although what makes a great leader has long been debated. Leadership is also seen as a wide and very complex concept, the range of definitions is massive. It has been defined in terms of traits, behavior, influence, and role relationships to name a few. Usually researchers build their individual definitions of leadership upon their own perspective in respect to the aspect that is of most interest to themselves (Yukl, 2006). Many argue that the whole concept of management is leadership and for them leadership centers on management tasks and techniques. The main role of the manager is to lead the group in a way that makes the organization activity time controlled and programmed (Fairholm, 1998). Bolman & Deal (2005) highlight the importance of motivating the employees and through this motivation the employees work together with determination and enthusiasm to reach the common goal. Further, they state that leadership can be seen as a social process that builds upon the relationship between the leader and the employees; the importance is put upon motivating the employees to work together as a group and create a good atmosphere instead of striving for dominance and total obedience. It is essential to have a great leader and this becomes even more crucial in a crisis situation. The link between the manager and the subordinates has to be strong, so that information runs smoothly within the organization. Madzar (2001) takes it even further and argues that the manager is seen as the major link for the employees to their entire information environment. The better information the subordinates get from the management side, the more likely they will feel empowered, hence fueling their working effort. For a leader in a crisis situation choosing a leadership style is not crucial, a mix is necessary. The intention is to understand which leadership style leans towards the best option when a crisis occurs. The theories we have chosen to present are contingency theory and the theory about transformational leadership. The contingency theory is based on the notion that there is not a best way of leading, and that a leadership style that worked in one situation might not work in another. Therefore, the optimal leadership style is dependent on different internal and external constraints. The

theory brings out the importance to match the right leadership style to the right situation where this style will be able to be effective ( Seeger et al, 2003 ). In this theory there are two main leadership styles: relations-oriented and task-oriented. The relations-oriented leadership style is characterized by someone who seeks status in in- terpersonal relations and who believes good relations with others are important for good leadership. The task-oriented leadership style on the other hand is characterized by someone who puts relations to others on a secondary position and focus more on the task in itself (Hill, 1969). Contingency theory pushes the notion that the leadership style most suited for a crisis situation is a more-directive leadership or an authoritarian type of leadership. In a crisis situation the task situation is more unstructured and the relations with subordinates are often strained. Also the relationship dimensions of leadership are very important even though there might be a reduced timeframe for consultation, and explaining or justifying decisions (Seeger et al, 2003 ). Among post crisis leaderships’ the most important aspects are supportiveness, understanding, expressions of concern, and empathic responses. Crisis leadership requires a strong task orientation but also needs to deal with important relational concerns and according to contingency theory there needs to be leader flexibility in such a dynamic situation as an immediate crisis (Seeger et al, 2003 ). Bass (1985) is more specific concerning leadership during crisis situations; he states that a transformational leader is better suited for leading in a crisis situation (cited in Madzar, 2001). This is because a transformational leader tends to be of higher importance in an unstable, dynamic environment. The people working within this environment need to be flexible and encouraged to make their own decisions and to develop their own solutions and innovations (Yukl, 2006). The transformational leadership style emphasizes upon the relationship between the manager and the subordinate (Madzar, 2001). The interaction is high, the subordinate can more easily influence on the managers motives and goals. Yukl (2006) argued that if a subordinate is put under a transformational leader he/she will have more trust and respect for the leader, the motivation level will rise and the outcome of the work done by the employee will exceed the initial expectancy level. This is crucial when a crisis occurs.

2.3 Summary of theoretical framework There are many ways of managing a crisis. The organization must consider the risks in their business and also be aware of its environment. An organization that is not aware of the surrounding risks will have difficulties anticipating a crisis and the consequences could be disastrous. Because an immediate crisis is such an unstructured incident, theories about crisis management have been focused on making the organization prepared for an event which it does not have much knowledge of. Looking at the type of crisis and the seven typologies of crisis it can be learned that a bank robbery will not give the manager much warning and to be able to gain any control of a future crisis situation the organization must examine the stages of the crisis discussed by Mitroff (2004) and implement corrective actions for each and every stage.

This paper will look into theories about the public view of a crisis in order to understand if this is one of the incentives for creating a well working crisis management plan and also how it affects the organization in the actual occurrence of a robbery. Will the crisis destroy the reputation of the organization or will the way it managed the crisis increase the confidence of its customers? A subject of high importance is that the organization must achieve an organizational culture where there is no denial about the vulnerability of the organization or how exposed it is to a crisis. Ignoring the organization’s weakness and having defense mechanisms concerning the psychological preparation of a crisis can turn out to be a costly mistake. Mitroff (2000) explains that it is essential to highlight and deal with these defense mechanisms before a crisis, thereby improving the organization’s crisis management. When looking at the Three-stage and the Five-stage models it can be seen how a crisis is structured and what actions that can be taken in the different stages of a crisis. The Three- stage model creates an overview of the chronology of the crisis and it will be used when analyzing the data in this paper with all the theories included in this thesis. The Three-stage model is a good tool but it does not tell us how to handle the crisis. To do this we need to look at the Five-stage model which was developed to build a general action plan for most crisis situations. It does not tell us what specific actions to take but gives guidelines of what should be in managements’ minds in a crisis situation, from the beginning in a Pre-crisis stage to the end at the Post-crisis stage mentioned in the Three-stage model. Another way to be prepared and to handle a crisis in the best possible way is to create a specific CMT with the mission to deal with a crisis when it appears. This team must have the capabilities needed to ‘cover all bases’ and also create a general understanding in the organization about the crises it might face. It is the CMT that is in charge of handling the general action plan that deals with all the steps in the Five-stage model. They might also guide the organization and lead its employees in the event of a crisis and therefore we want to use the theories of leadership during a crisis to show that the leadership before a crisis usually is not the same as during a crisis. This is dealt with by the contingency theory that argues that different situations call for different kind of leadership. And Bass (1985) also argues that the best leadership during a time of crisis might be the transformational leadership which is very flexible (cited in Madzar, 2001). We have included the theories we believe will create an understanding of how a crisis works and what actions will be needed from the employees and the management of the bank organization in the crisis.

3 Method This chapter will present the methodology undertaken by the authors in order to fulfill the purpose of the thesis. Different research approaches, the process of collecting data as well as types of sampling used will be presented and discussed. Additionally, the reliability- and validity implications and the problematic issue of confidentiality will be discussed.

3.1 Methodology Methodology is the theory of how research should be undertaken, including the theoretical and philosophical assumptions upon which research is based and the implications of these for the method or methods adopted (Saunders, Lewis & Thornhill 2003). Researchers dis- tinguish between two ways to approach theory. The first way is the deductive approach in which one through theory creates a hypothesis and then develops a research strategy to test if the hypothesis is correct. The deductive approach is often used when collecting quantitative data, the nature of a deductive approach is limited to its highly structured research design. The opposite of the deductive approach is the inductive approach where the theory is developed after the data has been collected. The full nature of the problem is studied using this approach (Saunders et al, 2003). This paper will use an inductive approach in order to fully understand and analyze the situation that occurs within a bank organization when hit by a robbery. Because there has not been extensive research about how crisis management is integrated with robberies the inductive approach will allow the exploration of the topic to occur with open minds and without structural limitations.

3.2 Quantitative vs. Qualitative When conducting a study the researcher can approach the problem using either a quantitative or qualitative method. These methods are used in order to generate, arrange and analyze the information and data that have been collected (Patel & Davidson 2003). When deciding on what approach to use one should identify the purpose of the thesis, if the purpose is to get an overview and a total perspective of a situation the quantitative approach is applicable. If the purpose is to get an in-depth understanding of the situation at hand the qualitative approach would be the best option. The choice should be based upon the problem that one wants to understand, the purpose of the thesis and also the theory that will be used when conducting the research (Trost, 2005). A quantitative approach assumes that it is possible to quantify the data at hand. According to Aliaga & Gundersson (2002) quantitative research explains phenomena by collecting numerical data that is analyzed using mathematically based methods (cited in Muijs, 2004). The collecting is based on a structured and systematic approach, often using questionnaires or conducting survey. The quantitative data can be seen as being restrictive in the way that you cannot use this approach to fully understand the richness of the subject you are exploring when the problem at hand are ambiguous and elastic (Saunders et al, 2003). Qualitative research will create a greater awareness on one specific subject compared to the quantitative method (Patel et al, 2003). The flexibility of a qualitative research is high, when questions are asked sub questions will emerge, these questions are essential for gaining a deeper understanding of the problem at hand (Repstad, 1999). When exploring how the bank faces a robbery and organizes in order to re-establish itself there is a high degree of social and culture undertones which will make it hard to analyze the empirical data collected in a standardized way. The qualitative approach is better suited for the purpose at

hand and it will enable us to grasp a rich and in-depth description of the situation. Also, the qualitative approach turned out to be the best one to use since many restrictions of confidentiality in the collection of our data were encountered and this approach allowed the research to be more flexible.

3.3 Primary data Primary data is defined as being collected specifically for a particular research project (Saunders et al, 2003). May (2002) stated that the qualitative approach often means an en- counter with the ‘word’, and with this approach, and by emphasizing the ‘word’ in the analysis of the problem, interviews were chosen to be the best option for the collection of data and they were used as the primary data. The collection of empirical data by interviewing people who work within a bank organization was found suitable since the thesis aimed to get a deeper understanding about how and why a bank organization, through the use of crisis management, can handle an ambiguous robbery situation.

3.3.1 Interviews Kahn & Cannell stated that an interview is a purposeful discussion between two or more people (cited in Saunders et al, 2003). An interview can be formed in several different ways, they can be highly structured and formalized built on prearranged questions or they can be unstructured and informal. The choice of interview technique has to be built upon the purpose and research strategy of the thesis (Saunders et al, 2003). The researcher has to have a great ability to understand and analyze the answers that the respondent gives. Furthermore, it is of great importance to be able to understand how the respondents experience a certain situation and by doing so follow up with relevant questions that will result in non-biased answers. For the interview to be spontaneous it is important for the interviewer to be open and attentive (Solvang & Holme, 1991). There are three main approaches on how to conduct an interview:

• The approach of a structured interview is that the interviewer has a standardized or identical set of questions that is used on all respondents during the interview. The questions are asked and answered without any flexibility. The structured approach is often used when conducting quantitative research, hence this is often referred to as a quantitative research approach. A structured interview will not have as many problems with reliability and validity since the questions asked are standardized (Saunders et al, 2003). One could say that a structured interview can be viewed as a personal questionnaire.

• The unstructured approach is chosen when the interviewer is not certain of what information is wanted from the interview at hand. The interviewers have a clear vision about what they want to explore, but there is no structured list of questions. This will encourage the respondent to freely and without limitations ponder about beliefs within the specific topic. These interviews are used in situations where one wants to in depth explore a specific topic area (Saunders et al, 2003).

• The semi-structured approach can be seen as a mix between the previous two types of interviews. The interviewers have a predetermined set of questions that should be covered during the interview. The order of these questions does not have to be followed, instead the interviewer has the opportunity to search for answers by asking sub-questions in order to get the respondent to answer a specific question more

in detail, and this may also lead to new aspects that were not considered before the interview took place. The main negative aspect of both semi-structured and unstructured interviews is the lack of validity and reliability (Saunders et al, 2003). Most qualitative interviews are conducted through face-to-face interviews and this approach is often seen as the best approach since personal contact is established. In a face-to- face interview the level of trust is higher and the respondent feels obliged to both answer the questions during the interview and also answer follow up questions done on the phone or through mail. Due to time restrictions this approach may not be applicable in some cas- es, then telephone interviews could be conducted. Telephone interviews have disadvan- tages such as difficulties to build trust in the same extent and make interpretations of body language. On the other hand telephone interviews are time saving, low cost and they give easy access (Saunders et al, 2003).

3.3.2 Our interview approach We have chosen to conduct our interviews using a semi-structured approach. As in a structured approach there will be questions prepared but as the interview develops extra question will be asked, while the interviewer adapts to the situation continuously. The reason for our choice of semi-structured interviews is that the prepared questions will act as guidelines for the interview, as well as getting a more accurate picture through the efficiency and advantages of applying the unstructured flexible approach. Since our purpose is to get a detailed understanding on what crisis management exists within the bank organization and how these are implemented this approach has been chosen. Furthermore, we want to research a topic that is restricted with confidentiality and we feel that the chosen approach will help us overcome this problem. The result is that questions can be reformulated and angled differently to tackle poor and thin responses. To the greatest possible extent we will conduct face-to-face interviews. Face-to-face interviews have, as we see it, several advantages in solving our purpose. First, when conducted at the interviewee’s location, it has the advantage of making the person more relaxed and comfortable, this is of high importance since the issue of confidentiality permeates this research topic. It will also result in a more personal interview where the interviewers are able to interpret body language. The research will be constrained by time limitation and geographical location, therefore the face-to-face interviews might not be possible for all people chosen to be interviewed. For these occasions the face-to-face interviews will be replaced by telephone interviews. Although, performing telephone interviews is a poorer approach since the researchers will not be able to interpret body language and to build trust to the same extent as in face-to-face interviews, nevertheless this approach will facilitate in the process of collecting the data through talking to individuals with expertise. Due to that the respondents have knowledge in different areas of interest and possess different visual angles of the issue, the compiled questions for the interviews will vary. This could in some extent negatively influence the reliability and validity but to acquire the information needed this still is the most suitable option. If new questions arise when analyzing the empirical findings it is important to have continuous contact with the respondents and in that way assure that further questions will not go unanswered. Therefore, apart from the performed interviews there will also be continuous contact made through e-mail with our respondents.

3.3.3 Secondary data Data that originally was collected for a different research project to fulfill another purpose at hand is labeled secondary data (Saunders et al, 2003). Due to the fact that our purpose is to analyze the crisis management within a bank organization, which is heavily restricted by confidentiality, we try to triangulate our data through interviewing external parties instead of using secondary data such as newspapers, since we have found this information to be very limited and not suitable for our purpose. Also, no banks release any official material concerning their crisis management.

3.4 Type of Sampling The purpose of this thesis is to gain a deeper understanding of the implementation of the crisis management within a bank organization. In choosing this purpose it was acknowledged to be too time-consuming and a comprehensive task to find out the crisis management program for several banks, therefore the focus of this thesis will be on one single bank organization. To fully grasp the implementation it is important to understand the need of taking several different perspectives into consideration. How one employee at one level in the banking organization perceives the crisis implementation may not be the same as another employee working on a different level. To avoid making a biased conclusion we will use our own judgment in selecting our sub-sample. This sub-sample will be employees on different levels in the bank organization. Saunders et al (2003) stated this to be a non- probability way of sampling and more specifically; a purposive sampling. The pros with the purposive sampling method is that it will be a useful tool as it will enable us to interview people who are working within our area of concern, crisis management on a daily basis. These people will provide us with more informative and accurate information. The cons are that the conclusion may be biased because usually only a small sample of opinions about the researched topic is gathered. The researchers of the thesis decided to interview people that are in charge of security at the local bank office, employees that work with the issues on a regional level and also employees who work with crisis management at a national level within the bank organization. Additionally, interviews will be conducted with internal parties within the organization, such as a member of the crisis management team, which might be able to provide benefi- cial information on the subject. In addition, an interview will be conducted with an employee at the local level who has been subject to a robbery. This is done since it will help us analyze if the bank organization’s policies and procedures about crisis management are implemented in an efficient way. Furthermore, we understand the importance of interviewing external parties outside the bank organization in order to get different approaches of the subject at hand, since external parties are not influenced or constrained by the bank organization and its culture. Contact will be made with the Police and the Union since these external parties will help create greater knowledge on the problem at hand. When deciding on the sub-sample size it is on one hand depended on providing the reader with a trustworthy picture on how the bank works with crisis management and on the other hand to adapt the selection in accordance to existing resources and time scheduled. Between ten to twelve interviews of the people mentioned above will be conducted in order to solve our purpose with satisfaction.

3.5 Validity and Reliability Validity and reliability deals with to what degree a study accurately assesses the concepts studied by the researcher and how to uphold the quality in measuring the data collected (Östbye, 2004). According to Yin (1994) it is important to use many different sources of data in order to establish validity and reliability and to minimize errors and biases. Reliability refers to the consistency and stability of “scores”. If one were to replicate a certain hypothetical measurement process several times, the consistency would result in similar scores within an acceptable margin of error. Stability often refers to the obtained scores consistency over time (Lee, 1999). According to Robson (2002) there are four major threats to reliability (cited in Saunders et al, 2003). First, there can be subject or participant error, the answers that the respondents provide might be influenced by external factors such as the time of the week. Second, subject or participant bias might occur, meaning that the respondent may answer the questions not from their personal opinion but instead from the view of what they think is best for the organization. For this thesis the question of subject, or participant bias was a greater threat since focus was put on one particular organization. More importantly, due to the fact that questions concerning a bank’s crisis management policies are sensitive and that much of the data needed to fulfill this thesis purpose is confidential, it was necessary to be as thorough as possible in the preparation of the interview questions and also in selecting whom to interview. Errors and biases can also come from the researchers actions. One way errors could occur in this thesis is due to the fact that the interviews were conducted by multiple people. Therefore the questions could be asked in different ways depending on who is doing the interviewing, in turn leading to different answers depending on how the questions were asked. Biases from the researcher’s side also can occur due to the fact that different individuals interpret data in different ways. Furthermore, the interviews were done in Swedish and the thesis was written in English which increases the threat of observer bias in the stage of translating the interviews. Validity refers to the shared true variance between a researcher’s phenomenon of interest and its scored measurement (Lee, 1999). In short, are the findings really what they appear to be about? (Saunders et al, 2003). According to Creswell & Miller (2000) validity is used to determine if the findings are accurate and precise from the researcher’s standpoint (cited in Creswell, 2003). Robson (2002) has distinguished six threats that can weaken the validity of the research conducted. These are history, testing, instrumentation, mortality, matura- tion and ambiguity about causal direction (cited in Saunders et al, 2003). For this thesis the history and the experience of the people within the organization is the most likely threat to weaken validity since some of the interviewees had never experienced a crisis. The lack of true crisis experience of some interviewees makes effectiveness in the crisis management an ambiguous issue since the existing policies and procedures for some of the interviewees only exists on a theoretical level. Testing is also an issue of concern as the focus of this thesis is on one specific bank organization and how and why it implemented crisis management. This scrutiny may influence the participant to give biased answers and refrain from providing answers that are of a disadvantage to the organization. One of the most important aspects to consider in gathering interview data with great validity is that the questions that are asked must be non-biased. This is important since a biased question could guide the respondents towards the answer that the interviewers want to hear. Furthermore, the questions should be easy to interpret so that the risk of misunder-

standings between the interviewer and the respondent is at a minimum (Saunders et al, 2003). To assure the validity and reliability of this thesis multiple sources and interviews both with internal and external parties will be conducted. The interviews aim to cover all the interesting parts of the banks organizational structure. As discussed before in this thesis interviews will be conducted with two people at each level of the bank organization. By doing so we will avoid receiving answers that are biased due to external and internal factors, such as location and size of office, issues that could influence the results. To avoid observer error by the researchers the interviews will be tape-recorded, in this way making sure that the compiled empirical data is accurate and trustworthy. The questions asked during the interview will be processed so they are neutral, they will also be sent to the respondents in advance in order to make the interviews more efficient. Ongoing communication through e-mail will be established after the interviews in order to allow further investigation of doubtful data or unclear questions that are revealed while compiling the empirical data. To minimize researcher bias when summarizing the interview data the process of compiling the interviews will be conducted by all three authors of the thesis. External validity is used to show how studies reflect reality. This is sometimes referred to as generalizability (Lundahl & Skärvad, 1999). When generalizing, or using external validity, it is necessary to bring out theories that can be used on entire populations (Saunders et al, 2003). External validity threats arise when the researchers draw incorrect conclusions from the data that has been collected (Creswell, 2003). Generalizability is an issue in this thesis because only a small number of interviews with managers were conducted from the total number of offices in the bank in question. Therefore, it is important to be positive that the data we collect is applicable for the entire population of bank offices. Further, a generaliza- tion will be drawn when interviewing external sources since they will be questioned on the effectiveness and the cooperation with banks in general, during crisis situations, instead of the specifically chosen bank.

3.6 Confidentiality limitations Due to the nature of the research topic, investigating a bank’s crisis management implementation, it was acknowledged that problem of confidentiality within the bank would affect the reliability and validity of this thesis. Confidentiality means that certain information is not available for the public because it is commercially or industrially sensitive (Encarta world English dictionary, 1999). In the context of the banking sector the legal aspects of confidentiality are important. In the case of crisis management it is also in the bank’s own interest to avoid the researcher accessing certain information and thereby fulfilling the bank’s confidentiality standards (Retrieved from Ombudsman News, 2007-10-05). Much of the information needed could be classified as sensitive, especially when issues such a robberies were involved. It has been acknowledged that for the research in this thesis the issue of secrecy about confidential information could be problematic in the sense that the person being interviewed would not be able to give all the information necessary to fulfill the purpose of this thesis. Because of the secrecy issue the authors have decided to use synonymous names for the respondents instead of their real names, this was done so respondents would feel more encouraged and free to answer the questions without the fear of being recognized. If the real names would be used the responses given would probably not be as comprehensive. Fur- thermore, the thesis is focusing on one specific bank organization and neither in this case

will the organization’s name be mentioned due to the same concern as the synonym names. Throughout the thesis “bank organization” will be used instead of the actual name. Additionally, the respondents will be given the questions beforehand to allow them the chance to find out what information and data can be given without violating confidentiality. Hopefully this will enable the respondents, if they are not really sure, to provide us with open answers in a subject that in reality is not confidential. In general questions will be asked in a way that makes it possible for the participant to respond without revealing confidential information. By not asking about the technological aspect of the security and crisis management, and instead focusing on the functional aspect of the problem at hand hopefully many problems with confidentiality can be overcome.

3.7 Analyzing the collected data Miles and Huberman (1994) divided the process of analyzing the data into three sub- processes; data reduction, data display and drawing and verifying conclusions (cited in Saunders et al, 2003). After the interviews have been performed, the data collected will be written down word for word then processed and reduced in order to emphasize what are of importance to this thesis. Since the interviews were performed in Swedish this documentation will also be done in Swedish. This will be followed by translating the interviews into English before reducing the data and a compiling a summary. To assure the reliability of the data all authors will read through and reflected on the Swedish compilation of the individual interviews compiled by a single researcher. Furthermore, this reassures the significance and accuracy of the documentation of the interviews since all the researchers have taken part. Since the respondents have different positions in the organization and possess specific knowledge on different subjects the best way to structure the empirical findings is one respondent after another. Furthermore, the empirical data will be structured in accordance to internally and externally performed interviews. In the next step, the collected empirical data will be analyzed by discussing the stages of a crisis, combining them with defense mechanism and CMT. Public view of crisis and leadership will be analyzed outside the framework of the three-/five stage model. After the comparison and analysis of the theoretical framework and the empirical findings, a conclusion will be drawn.

3.8 Conducted interviews In the table below the researchers present the interviews that have been conducted during the study.

Table 3-1 List of interviewees Name of respondent Date - 2007 Time Category Title Eva Johansson* 31-okt 48 min Face-to-face Bank Manager / Security Director on local bank Lisa Gustavsson* 01-nov 82 min Face-to-face Security Director on local bank Mona Svensson* 21-nov 38 min Telephone Security Officer in the national security group Lotta Larsson* 22-nov 44 min Telephone Head of national Crisis group Lars Björk* 30-nov 21 min Face-to-face Inspector in the Police department

Håkan Grahn* 30-nov 22 min Face-to-face Superintendent in the Police department Ronny Bergström* 3- dec 20 min Telephone PR-representative for the Union of Finance Louise Stork* 3- dec 33 min Telephone Bank employee that was present during a robbery

*Names have been changed due to confidentiality

4 Empirical findings Collected empirical data will be presented to the reader, building upon a number of performed interviews with internal parties of the chosen bank organization as well as interviews performed with external parties.

4.1 Interview with Eva Johansson Eva Johansson has been working with security issues for the last fifteen years within the bank organization, and today she is the director of one of the local offices in a small city in Sweden.

Ms. Johansson thought that the new threats towards banks that have appeared the last years, following the development of computer and the ‘money free bank’, has not resulted in that less weight has been put on the possibilities of robberies. She stated that, “Robber- ies have been and always will be a great threat for a bank organization”. Ms. Johansson told us that the bank organization puts much emphasis on being well prepared for a robbery and said that, “…one of the most important things for me is to keep my co-workers aware of the constant risk of that a robbery can occur.” Ms. Johansson further explained that it is really easy to fall into the mindset that ‘this will never happen to me’ or ‘this office will never get robbed’ and to minimize this mindset among the employees Ms. Johansson continuously talks to the staff concerning these issues. She further explained that the bank organization has developed policies on how to educate the personnel of each bank office and in that way be prepared for the occurrence of a robbery. These policies are developed at the head office in Stockholm and then handed out to the head of the region that forwards it to Ms. Johansson. It is her job to implement these policies within her office. The policies state everything that an employee needs to know and also how often the personnel should be educated. Because these documents are confidential, Ms. Johansson could not answer any questions about them. The policies concerning robberies are always close at hand and available for her and her co- workers. Since the office is small, Ms. Johansson is the only one that handles the security issues, but over the last couple of years she has delegated the work of educating the personnel to others. Although the education of personnel has been delegated to other, Ms. Jo- hansson still supervises the education, because it will further enhance the knowledge about how to handle a robbery. When asked about how she felt about the communication with her superiors that give the local offices the policies concerning robberies she states that, “…it works excellent and I am always updated about any changes being made in these policies.” The whole organization works very closely with questions concerning robberies, if a robbery occurs at one office all other offices will take part in the evaluation of how the policies had been implemented. If any improvements are made all offices within the organization will then take part in them. If a robbery were actually to occur, Ms. Johansson knows the correct people to contact. She explained that the organization has a certain Crisis group that works for the whole organization; this team is always prepared and will come to the location where the robbery has occurred. The Crisis group will take over the responsibility for the entire bank office and take care of everything related to the work in the Post-crisis stage of a robbery. On the local level Ms. Johansson will deal with the education of the co-workers in the Preparation stage and also how to behave when a robbery occurs. In the Post-crisis stage of a robbery she will step back and the national Crisis group will take over . The local personnel are in-

structed to be passive after the occurrence of a robbery. They are told not to talk to the media because this should be done by the PR-representative. Ms. Johansson does not believe that a robbery of a local office will hurt the whole organizations image, since the mindset of the public is that the bank that has been exposed to a robbery and therefore is always seen as a victim . In the past, the local police department had worked closely with the banks in Ms. Johans- son’s vicinity in the education of handling a crisis such as robberies. This education in part- nership with the local police was done through scenario planning. Currently, this cooperative education with the police no longer happens and in Ms. Johansson’s opinion the cooperation with the police today is very poor and almost nonexistent. A network between the local bank offices does not exist concerning a robbery. In small cit- ies though, Ms. Johansson recognizes that, “…there might not be a need to have this network because you know the employees that work in the competitive banks. Instead of sit- ting down in a meeting to address security questions there is always an open dialog and a phone number to someone at the competitive bank.”

4.2 Interview with Lisa Gustavsson Lisa Gustavsson has been working within the bank organization for the last ten years and during these years she has been at a few different local bank offices and is presently director of customer service and security issues at the local office in a middle sized city in Sweden.

In her daily work with security issues, Ms. Gustavsson sees that the area of concern and job description for each individual in the staff plays an important role when conducting a risk analysis and discussing which type of risk they will most likely be exposed to. Those who work with customer service are at greatest risk and directly affected if a robbery would occur. The staff at the office once a year takes part in an educational program about security issues where Ms. Gustavsson, as a director of security, is in charge of handling the program. Ms. Gustavsson stated that, “…the aim is to provide a general and broad picture on the security aspect and issues discussed range from threat, frauds to black-mailing and robberies.” When the bank has recruited new personnel it is mandatory that they are provided with information on the daily work with security and it is Ms. Gustavsson’s responsibility to see to that this is done. The policies about security, on how and when the educational programs are conducted, from the national office are precise. There is, as Ms. Gustavsson stated, “…not much room for flexibility.” Every time the bank hires a new employee, she has a checklist of every security aspect that the new employee needs to be informed about. The information will be designed and presented slightly differently depending on which role the personnel has in the organization, putting more or less emphasis on certain issues. For example, the employee leaving the building last or the employee arriving first might be told about the risk of being taken as hostage, since they are at a higher risk then, in comparison to other employees. The bank has developed different forms for each specific role. In addition to the education that the employees receive about the policies, the policies are also on the intranet so that the employees have access to them at all times. When the researchers wanted to access these documents it was not possible due to the issue of confidentiality. It was discussed how Ms. Gustavsson, being responsible for security, works in order to re- assure that the employees always embrace security and see it as highly important instead of falling into the pitfall of thinking; “The risk at this office is low. I have been working here

for ten years without any incident.” She stated that, “…it is important to point out that all existent regulations, rules and procedures, such as avoiding displaying large amounts of money to the customer, are there to protect the very same people that needs to make sure they are being carried out – the employees.” Ms. Gustavsson herself goes through an educational program in crisis management once a year. On these occasions she is provided with updated information in the field of crisis management, and moreover a risk analysis of the current situation. In addition to the yearly meetings, she has a more informal net-meeting every month with the Security Directors in charge of security issues at the region’s local offices. The regional bank manager is the link between the Security group in Stockholm and the local office concerning security issues and is responsible for spreading information given by the Security group. The information that he/she provides will often be the foundation and act as guidelines during the yearly educational program with the employees. In general, much of the crisis management is handled internally and there is little involvement from external parties, such as the police and state government. There are rarely seminars or forums or other similar educational programs about security that are provided by the police or in cooperation with the police authority. Ms. Gustavsson recalls that two or three years ago the police held a seminar for the bank where they invited people who had experienced a robbery to share and talk about their experiences. Ms. Gustavsson stated, “I look back on this occasion with great satisfaction, for me the issue of crisis management became more vivid and personal through listening to people that had actually experienced a robbery.” Although, she does not see the need to have this type of seminar more than every fourth or fifth year as it leaves clear marks. Furthermore, it needs to be adapted to the current situation, for example the employee turnover rate. Ms. Gustavsson believes that in addition to a question of small police resources, the knowledge and the well-developed work with crisis management within the organization shows there is little need to involve external parties such as the police in the prevention and the recovery work. In the event of a robbery, every employee at the local bank is required to fill in a prewritten witness statement and leave a description of the robbers before discussing the event with their colleagues. The instructions during the robbery from the management of the bank direct employees to not act heroically. After the robbery is over, a phone call will be made to the security department in Stockholm who will send out a crisis management team consisting of people from other banks with special training and expertise in managing a crisis situation. The team will be cognizant to the seriousness of the present situation and the size of the local bank office. The crisis management team is supposed to arrive on the scene within a few hours of the robbery. The people within this Crisis group are always on-duty should a robbery occur in any part of the country . The crisis management team will make contact with employees on the same day as the crisis occurred and discussions will begin in relation to the crisis event. Also there will be a series of five discussions in the next twelve month following the crisis. If necessary, the crisis management team may also be present in the event that employees are being called as witnesses during a court trial. As well, employees that wish to be transferred temporary to another office have the possibility to do so. A principal that the Crisis group abides by is that employees that live alone should be accom- panied home, since they could be traumatized. Ms. Gustavsson, as head of security at the local office, stated that a lot of emphasis is put on the Prevention stage in the educational program that she is responsible for since the crisis management team gives extensive instructions and takes over responsibility when the Post-crisis stage starts. There are clear instructions that the employees are not to talk to the media, this is handled only by the Crisis

group or the director of the local office. Ms. Gustavsson recalls that not to long ago, there was an incident at a nearby local office and the Crisis group came to handle the situation. She talked to the colleagues that worked at this office and found that, “…they had no complaints; they were satisfied and very content with [the crisis management teams] services.” At the local office, a Business Continuity Plan has been developed, in addition to the policies that come from the national office. The Business Continuity Plan is an open document that is supposed to act as a guideline on how to get the bank up and running again following a crisis. There is no official educational program about its content; instead it is supposed to act as a supporting document that every employee has access to. The policies from the national office are very clear and specific according to Ms. Gustavs- son. She stated that, “… it is positive to have people whose work is devoted to certain specific security issues within the organization and I believe that this increases the quality of the directives and policies.” Ms. Gustavsson see that a different focus is put on the risks that the bank face, all calcu- lated and depended on the probability of their occurrence. In the public view she also believes that different crises will have different impact on how much the image of the bank will be harmed. In the discussion of robberies she believes that the public will feel sorry for the employees and feel that they are victims of a crime committed by heavily criminalized people. Therefore, the image of the bank as stable and secure will not be challenged to the same extent as if the crisis where to be an inappropriate handling of a transaction or something similar. In this situation the public view would put the blame on the employees of the bank who failed to act professionally.

4.3 Interview with Mona Svensson Mona Svensson has been working within the bank organization for the last seventeen years and has been working with the bank’s security for the last ten years. She is now the Security Officer in the bank organization’s Security group.

In Ms. Svensson’s job as a Security Officer in the Security group she works with the development of bank policies. The Security group is responsible for the overall security of the bank organization and their job entails visiting the local offices, looking over their security and also working with security measures such as situations where an ATM has been robbed or a money laundry situation. The local offices can reach the Security group twenty-four hours a day through a help desk number if any kind of crisis should occur. The Security group has a great deal of contact with the local offices and they deal with the feedback on how well the policies have been working and if there should be changes made to improve them. Ms. Svensson stated that, “…the contact with the local offices is important because they are the bank organizations so called internal customers and they are the ones that should implement these policies in their everyday work.” Furthermore, she feels they have great knowledge about how well these policies actually work and therefore they are an important part of the development process. The policies are continuously updated. If any new information appear concerning the polices that might make them more effective the Security group goes through the policies right away in order to implement changes and improve.

Ms. Svensson told the researchers that she has regular contact with the managers of the local offices and she visits the different regions in order to go through their present security. She performs a yearly visit to the different regions and looks over their security statistics and goes through their procedures in the occurrence of a security breach. In addition, they also discuss organized crime and how this threatens the organization. Furthermore, she educates the local bank managers on how they should behave if a staff member is cor- rupted or threatened. To distribute the policies the Security group has chosen to upload them on the intranet where all employees in the entire organization can access them, allowing employees easy access to the material whenever they need information. Ms. Svensson argued that these policies are so detailed that it is difficult to misunderstand them. When the bank organization recruits new personnel it is the local bank manager’s responsibility to make sure that the new employees know the bank organization’s security policies so they do not make mistakes that will jeopardize this security. The new employees receive an educational starting package and will thereafter be educated by the local bank manager. The bank manager on the other hand receive an educational package at the national office where they learn how to tackle different situations like robberies, fires and other security related situations. Ms. Svensson told the researchers that she thought there was not much to do to prevent a robbery, but the employees should always be on their guard and look for people that might seem suspicious. “In many occasions the customers have noticed suspicious people before the employees and thereby diverted a robbery or a threat of some kind”. Ms. Svensson stated that, “…in the occurrence of a robbery there are different steps that the local bank should follow. First of all the policies about a robbery state that the money should always be given to the robbers and when the robbery is over the help desk should be called to guide them through a checklist of actions that the local bank should take before the Crisis group arrives.” The organization’s crisis policies deal with what the local bank should do before and during a crisis and then the Crisis group takes over in the Post- crisis stage. Ms. Svensson thinks that the geographical location of the bank is very important. The robbers usually target smaller banks far from police stations where there are not many employees. Because of the higher risk level among these banks the bank organization puts more effort into security and educating these smaller banks on how to handle crises such as robberies. After a robbery the Crisis group follows up on how the employees feel. They evaluate how the crisis situation was handled and if something should have been done differently to get a better result. Because a robbery is a very traumatizing situation the Security group tries not to interfere in the work of the Crisis group, except when the local office specifically asks them to come out and discuss the robbery and instead they let the Crisis group do all the follow up. If the Security group does go out to the local office they will wait until everything has calmed down and all the employees feel comfortable again. Ms. Svensson stated that, “…the primary concern for the Crisis group is the employees at the local office and how they feel.” She also explained the importance of taking care of the customers that were inside the bank during a robbery, but that they do not deal with the customers’ therapy after the incident.

Ms. Svensson acknowledged that it is vital for the bank to be perceived as a safe and secure bank because if the customers do not feel the bank is secure they will take their money and go somewhere else where they believe their money will be safe. This would be extremely bad for the bank in the long run. They deal with this problem by informing their customers in commercials and on their web page about the measures they take to uphold a well working security system, and create a general feeling of safety about their brand name. Ms. Svensson stated, “I think that if one specific bank organization gets robbed and appears in the news papers over and over again this will weaken the image of the bank and its security.” Additionally, she believes that this is something that influences people when they chose their bank.

4.4 Interview with Lotta Larsson Lotta Larsson is head of the Crisis group in the banking organization. She is responsible for the recruiting process of the Crisis group, furthermore it is her responsibility to make sure that there is a sufficient number of employees forming part of the Crisis group and that they have all the requirements that are needed to be able to work in accordance to the developed program of action. As well, she works closely with the security department. The incidents that the Crisis group handles are robberies and threats.

The Crisis group consists of employees from local offices all over Sweden, who perform their everyday banking activities, but are always on emergency standby and always prepared to leave their office immediately if a hostile situation has taken place, such as a robbery at another office. The idea behind this emergency duty is that the Crisis group should be at the location the same day as the robbery has occurred. The Crisis group within the bank organization has existed for fifteen years. In the recruiting process of employees to form a part of the Crisis group there are certain parameters that Ms. Larsson perceives as important. She informed us that they, “...try to form a team with a balanced distribution of age and gender and as well with a geographic spread. It is important to have a wide geographical spread since the Crisis group needs to be in place quickly after a robbery.” After the particular individual has been recruited to the Crisis group they will be given an educational introduction on the program of action, how to handle a crisis and what happens during a crisis. This education consists of theoretical seminars, group exercises and general information. If the employee shows a high interest in being a part of the Crisis group and are actively involved during the education program they will be included in the team. There is no existent rule for how long you will form part of the Crisis group, it is up to the employee to decide how long he/she feel encouraged to be a part of the Crisis group. Ms. Larsson stated that since the Crisis group works with such a sensitive and emotional subject and that the members of the Crisis group share these experiences, the team becomes closely connected. Furthermore, she explained that the people in the Crisis group are not educated therapists; the emphasis of their education is instead focused on how to guide, support and work with the exposed employees during and after a crisis situation. When an incident occurs the Crisis group tries to be on the location as soon as possible. On the other hand, if one region has experienced many incidents within a short period of time they may send people working on locations further away in order to avoid that the same people will be sent out too often during a short time period. Ms. Larsson recognizes and understands the importance of supplying the Crisis group within the bank organization with a sufficient amount of resources and that the resources should be used in the most effective way.

The Crisis group works after the earlier mentioned action plan which is a program continuously developed by the Crisis group and the Security group in order to support the members of the Crisis group during their work with a crisis. The program is explicit, it starts with the emergency day or in other words the first day of arrival, when the team comes to the local office and performs certain activities and starts the dialog with the employees. Ms. Larsson tells us that, “One of the most important tasks for the Crisis group is to think about the small details, including which employees were absent that particular day, how is the employee getting home, is someone there waiting for the person when they are coming home, and also helping employees that are in need of therapy to get in contact with an educated therapist. These are details that the employees and the local management easily could forget as they experience a crisis.” The program of action goes for one year and offers support in case of a trial. If the trial proceeds for over a year there will of course be continuous support offered, expanding the program of action. The reason for having a program of action continuing for a year is that when an individual has experienced a crisis this individual can experience post-traumatic stress syndrome, hence the importance of the length of the program. Ms. Larsson stressed throughout the interview that it is the personal experience that is crucial. It is not the Crisis group’s job to decide whether there is a crisis or not, but to assist and support the employees. Ms. Larsson stated that, ”It is essential for the Crisis group to adapt to the reaction of the employees and the situation at hand, due to earlier experiences the individual reactions could differ widely and the Crisis group will need to take that into consideration.” Furthermore, she identified the word ‘crisis’ within the bank organization as when an individual face a situation where one’s earlier experiences and the patterns of reaction are not working efficiently in facing the feelings that are experienced. This defini- tion implies, that it is important as discussed before to understand that it is the employee that decides upon when there is a crisis or not. When a year has passed the work of the Crisis group is evaluated, this is performed in order to evaluate what could have been done in a more efficient way. First, a discussion and an evaluation from all employees at the local office is made. Secondly, the members of the Crisis group perform their separate evaluation where they further discuss and evaluate the work that has been done. Ms. Larsson stated that, ”...all the discussions and evaluations are important as you always learn from each other.” Additionally, the team meets every quarter where they discuss new discoveries in crisis management as a whole. They also share experiences and practical issue that might have arose during the past quarter of a year in order to further improve the work with crisis management. When asked about the importance of the Crisis group and the fact that the bank organizations of today are working with less cash and that this might offload the focus on robberies towards other risks that the bank faces, Ms. Larsson answered that, “…as long as the bank organization has money in their offices the risk for a robbery is always present, therefore the importance of a well organized crisis team.”

4.5 Interview with Lars Björk and Håkan Grahn Lars Björk and Håkan Grahn works within the police department in a middle sized city. Mr. Björk is an Inspector and has been working within the police for 32 years. Mr. Grahn is an superintendent that has been working within the police for 43 years, he is also assigned to the PKL (Psykiatrisk Klinisk Ledning) group.

In the middle sized city there is collaboration between the Police department, the bank organizations and cash transport companies in form of a consultation group. The function of this group is that the different organizations are cooperating and this creates a close connection between each other. If a threat, fraud or robbery should occur at one organization this information will quickly reach the other organizations so that they can be prepared and on their feet when the risk of a crisis has increased. This information flows quickly through prepared telephone- and mailing lists. Furthermore, the group meets a couple of times each year, where they discuss issues on how the collaboration can become more effective. They also evaluate the events that have occurred and how the collaboration functioned during these events. This evaluation is important since it will help the group in developing an even more effective collaboration. Mr. Björk stated that he, “…believes this group is unique for our middle sized city and that this collaboration does not exist in other locations around the country.” In the case of the bank organizations’ policies for handling a crisis such as a robbery, the involvement from the police is nonexistent; these issues are handled internally within each organization. This has not always been the case, in the past the police did simulated robberies together with the organizations so that the personnel could practice on how to behave in such a situation. This is no longer done since these simulations got heavily questioned. When asked if the police think that a stronger collaboration should exist, Mr. Björk told the researchers that, “…in the work of Preparation/prevention the bank organizations would benefit from a better collaboration, since the police have a vast knowledge and experience concerning crisis.” When discussing the post robbery evaluation Mr. Björk explained that the police are involved, especially with security issues that could prevent a new robbery. When asked about if they from the polices’ side could see any weaknesses within the bank organizations’ crisis management plans, the answer from Mr. Björk was that, “…it is impossible for me to answer this question since the bank organizations want to handle these issues internally. Therefore we do not know what they look like or how they are implemented.” The most important part is that they should have well working plans of action and crisis management plans, which the police are confident that the bank organizations have. When a robbery occurs the police explained that the main concern is to take care of their own personnel. Furthermore when asked about if collaboration between the police and the bank organization’s Crisis group existed, Mr. Björk stated that, “…the police are confident that the bank organizations’ crisis teams are working in a professional manner and have the ability to control the situation.” Additionally, Mr. Björk explained that crisis handling is not the police’s primary concern, and the bank organizations’ personnel are not their responsibility. Even though the customers and the bank organizations’ personnel are not the police’s primary concern, they help out when needed. Mr. Björk identified a problem where the customer can ‘get stuck in the middle’ since the primary concern for the police and the bank organization is to take care of their own employees and that there is no predetermined policy on who is going to look after the customers. At the same time he explains that other groups could step in to support the customers. This group goes under the name

PKL (Psykiatrisk Katastrof Ledning) and includes different departments at the state hospi- tal that might be needed at a crisis situation. This group is put in action if a crisis is too large to handle for the involved parties. So if a robbery occurs, this group will get in contact with the involved parties and will give help if needed. This group up to now has never needed to step in to help after a robbery. Since a robbery is something that is almost impossible to prevent for a bank organization, the police do not believe that the image and reputation could be damaged. Mr. Grahn stated that, “…robbers do not take into account what bank they target. If they decided to rob a bank at a certain location I believe the bank organizations’ name is of less importance.”

4.6 Interview with Ronny Bergström Ronny Bergström has been working within the Union of Finance for the last twenty years as head of public relations.

When asked about how the bank organization handles and work with crisis management Mr. Bergström responded that, “…the bank organizations in general work very professionally concerning the issue of crisis management.” Furthermore, Mr. Bergström stated that this has been the case for a long period of time. The Union of Finance is not involved in the process of developing the specific policies for crisis management, but they form a part of the security committee, consisting of the Union and all the large bank organizations, that develops general guidelines concerning security issues. Even if the Union of Finance always followed up on how the bank organization handled the personnel in a crisis situation, they have not made any changes concerning the personnel since the bank organizations, in the Union of Finance opinion, has a well developed program that covers all aspects regarding crisis management. Mr. Bergström highlighted this even further through the statement; “…earlier through the membership in the Union of Finance an insurance was included to cover any psychological treatment that an individual needed following a robbery. But this insurance was withdrawn since practically nobody made use of this insurance since the bank organizations handled the situation professionally.”

4.7 Interview with Louise Stork Louise Stork has been working within the bank organization for six years, X years ago the bank office that she was working at in the Stockholm region was exposed of a robbery attempt. At the time of the robbery attempt she was working at the counter.

Ms. Stork explained that she had received an education when she started at the bank organization concerning security issues. This educational program covered aspects on what to be aware of before a robbery occurred, and also how to behave when a robbery actually occurred, specifically to do everything that the robber wanted and not act like a hero. Ms. Stork explained that before the bank she worked at was a victim of the robbery attempt, “…the security manager was always reminding us of the security routines but it was still easy to fall into a false sense of security and the mindset that ‘a robbery would never occur here.’” After this incident she has become more aware and attentive concerning this

issue, she further tries to tell and remind her co-workers about that the risk of being hit by a robbery is always present. When the robbery attempt occurred, the personnel evacuated the bank before the robbers could even get in. The Crisis group was at the scene within one to two hours and she felt that the group took over the entire office. She thought that this was a good routine since the personnel did not have to have any concerns about job related issues. The first thing the Crisis group did was to have a long individual conversation both concerning what had happened and more importantly thoroughly go through how the individual felt in the situation. After these individual sessions the personnel were encouraged to go back into the office together with the Crisis group, this was done so that a mental barrier of being back at the scene would not arise. When walking through the scene it was the members of the Cri- sis group that talked and calmed down the local personnel. Throughout the first day the Crisis group was present and the local personnel were encouraged to have conversations with anyone from the Crisis group if needed. The bank reopened the next day with the Crisis group present. Before the opening a recon- struction of the robbery was done and the personnel told the Crisis group where they were located and how they felt during the robbery. Even though Ms. Stork was back at work the next day, she did not feel forced to come back right away. She knew that if she felt traumatized the Crisis group encouraged her to stay home and, if that was the case, call in extra personnel from other offices. The Crisis group stayed at the location for two days, but then returned the next week to have new conversations with the personnel concerning how they felt. They also returned again after one month, three months and finally after six month to make sure all the personnel were feeling well. Furthermore, all personnel were given a phone number that they could always call in case they needed to talk to someone. When the Crisis group’s work was done the personnel did an evaluation on how they thought the Crisis group worked and if they had any complaints, this made Ms. Stork feel encouraged to show her own opinion of the situation. When asked about if there were any negative aspects of the Crisis group’s work she responded, “I cannot complain about anything, everything that the Crisis group did was done in a most professional way.” Ms. Stork believes that this was the case since bank organizations have always been victims of robberies, which has resulted in the policies being continuously updated during such a long time period, making them close to perfect.

5 Analysis In this chapter the collected empirical data will be analyzed in relation to the theories presented in the frame of reference. There will be a discussion on the stages of a crisis, combining them with defense mechanism and CMT. The issue of public view of crisis is used as a general discussion concerning the bank organization and its environment. The discussion on leadership will be analyzed outside the framework of the Three- /Five-stage model since this will provide the reader with a better understanding of leadership in a crisis.

5.1 Public view of a crisis The public view of a crisis can lead to many different outcomes and according to Mitroff (2004) an organization needs to consider the importance of being perceived as a victim instead of a villain in the incident of a crisis. Through the research conducted it has been noticed that the general public view is that the reputation of the bank will not be influenced in the occurrence of a single robbery. The respondents believe that the public will feel sorry for the employees and perceive the bank organization as a victim of a criminal act. One of the most vital aspects of the bank organization’s policies is that the employees are not allowed to have any contact with the media after a robbery since this is a sensitive subject. The organization believes this should be handled with care so that only the appropriate information gets out to the public. This is handled by specially assigned PR-representatives so the perception of the bank organization as a victim is stressed even further. The only way a bank organization could be perceived as a villain in a robbery situation is, as Ms. Svensson stated, “I think that if one specific bank organization gets robbed and appears in the newspapers over and over again this will weaken the image of the bank and its security”. This could influence the customers when evaluating what bank organization they will choose to handle their funds. This would lead the public to believe the bank is neglecting security and they may start to question the bank organizations’ view of the importance concerning the security issues and their implementation of existing policies. The public view is difficult for the bank organization to be in control of. According to Ms. Svensson the best way to uphold the general notion of safety in their bank organization is to share through their public informational channels that they uphold a well working security system. Although the bank can influence the public about the bank’s general safety, the view of the public is not the main concern since robberies are almost impossible to prevent. As Mr. Grahn stated, “Robbers do not take into account what bank they target. If they decided to rob a bank at a certain location, then I believe the bank organizations’ names are of less importance.” The bank organization identifies the importance of precisely follow all their policies so that in the occurrence of a robbery no blame can be put on the bank organization or its employees. In comparison, a situation where the bank has higher risk of being viewed as a villain is in the occasion of a fraud or the inappropriate handling of money. In these situations the actions of the employees are in direct correlation to the crisis, and their professionalism could be questioned.

5.2 Pre-crisis The Pre-crisis stage in Mitroff’s (2004) Three-stage model is the time of normal operation before the triggering event of a crisis. In Pauchant & Mitroff’s (1992) Five-stage model there are two stages that can be identified in the Pre-crisis: Signal detection and Prepara- tion/prevention. In the Signal detection stage the organization must detect warning signals

that show a crisis is on its way. In order to communicate these signals a well working up- ward communication is also needed because often these signals appear on low levels of the organization. In the Preparation/prevention stage, if the signals have been detected, the organization responds right away in order to better handle or abort a crisis. On the local level the security managers implement the policies that have been developed by the CMT. When new personnel are recruited it is mandatory for them to go through an education program concerning security issues. Throughout the education the security manager goes through a checklist of what the new employees have to be informed about, the education checklist varies slightly depending on what position they have been assigned. The checklist shows that the policies are precise and easy for the security manager to follow, also it shows that the CMT is confident that the policies that have been developed work in an effective way. This educational program is developed so that everyone at the local office will have the knowledge needed to maximize their efforts in the stage of Signal detection, but even more importantly be better prepared if a robbery would occur. The local bank managers are also instructed to have a continuous education of their employees once a year concerning security issues.

5.2.1 Crisis defense mechanisms before a crisis Before a crisis has occurred, it is easy for employees within organizations to put up defense mechanisms to disallow and deny their vulnerability to external threats facing the organization (Mitroff, 2004). These defense mechanisms must be dealt with so the crisis management does not get undermined. Through this study it was found that the defense mechanism the bank organization in question is working to eliminate the most is Intellectualiza- tion; where the organization believes that the probability of being the subject of a crisis is so small that they do not need to worry about it. The security group is well aware of the importance of always keeping the employees alert of the risk of being robbed and actions of what the employees should be thinking about in their daily work is included in the security policies. The responsibility to keep the employees alert has been delegated down to the security manager at the local level, and therefore it is his/her responsibility to minimize these defense mechanisms. Furthermore, it is important for the employees to understand that these reminders are there for their own protec- tion. It is important that the employees that have been working at the bank for a long time do not perceive these safety reminders as unnecessary and excessive. We have identified these actions of being a part of the Signal detection stage in the Five-stage model by Pauchant & Mitroff (1992). The security managers that we interviewed were of the opinion that it is essential to continuously talk and remind the employees on a daily basis that the risk of the bank being robbed is always present and should not be taken lightly. In addition, the security managers believe it is important to point out that the regulations concerning security matters, such as avoiding displaying large amounts of money, have been developed to protect the employees performing the tasks. This further prepares the employees for a robbery according to the stage of Preparation/prevention in Pauchant & Mitroff’s (1992) model. During the research it was discovered that on many occasions it has been the customers of the bank instead of the employees that have noticed suspicious acts or people and thereby diverted a robbery or a threat of some kind. In this way the customers have acted without defense mechanisms which might have been present among the employees of the bank. This fact

gives evidence that even though work is done to minimize defense mechanisms, they are still always present. One of the local security managers recalled a procedure that affected her greatly; this was a seminar held by the police where people that had experienced a robbery shared their thoughts. This created a more vivid picture of the scenario when a bank is being robbed. These seminars could be identified as a tool to minimize the existing defense mechanisms, Intellectualism, that the bank organization is presently facing. These seminars could both increase the Signal detection and also the Preparation/prevention of a crisis. These seminars together with the police department do not exist within the bank organizations’ policies so they are not something that occurs on a regular basis around the country.

5.2.2 Crisis management teams before a crisis Seeger et al (2003) stated that the CMT’s main function is to construct an overall organizational understanding about crisis by distributing information downwards within the organization. It should develop the crisis plan and do all the preparations for the occurrence of a crisis. They also develop response programs for how to deal with a crisis situation. Kash et al (2003) identifies the importance of the CMT meeting on a regular basis to ensure proper function. This thesis identified the security group within the bank organization as the CMT in the Pre-crisis stage. This group has the main responsibility for developing the policies that should be followed in the occurrence of a crisis. In the Preparation stage a crisis team is organized to deal with stage four and five in Pauchant & Mitroff’s (1992) model. To be further prepared the Crisis group has a great geographical spread, because the importance of quickly be on the scene in the occurrence of a crisis situation. In the Post-crisis stage the Security group has delegated the ‘CMT’-function to the Crisis group and they develop the Crisis group’s plan of action together. How the plan is enacted will be dealt with in the Post-crisis stage of the analysis. The security group has the responsibility for the overall security of the organization. Through interviews it has been discovered that many of the bank organization’s policies are restricted by confidentiality but the information gained shows that these policies are precise and there is no room for flexibility. Although the bank organization believe that there is no need for external involvement in the crisis management, the research in this thesis has shown that the cooperation that existed earlier with the police was greatly appreciated and that the capabilities within the police could be used to improve the bank organization’s security even more through a cooperation with the Security group before a crisis. In distributing the policies about the crisis management plan the organization works in two different ways. First of all they have regular contact with the managers on the local level. The leader of the Security group visits the local offices once a year and look over how these policies are being followed, during this visit a discussion about security issues in general is carried out. The local security managers are also being educated once a year in a more structured educational program concerning crisis issues, also they are educated in how these are going to be distributed to their employees. Furthermore, the security group has a great deal of contact with the local offices and are open for feedback on how well the policies are working on the local level and also listen to suggestions that could further improve the policies. The second way to distribute the crisis policies is that every security manager on the local level gets written documents of the policies and instructions on how these are

supposed to be implemented. These policies are also distributed on the intranet so everyone in the organization has easy access to them.

5.3 Crisis In Mitroff’s (2004) Three-stage model Crisis is stage two and in this stage the event triggering the crisis occurs; therefore, this is the event where the robbery occurs. In this stage the bank organization has strict policies on how the employees should act. The primary aspect of their policies is that the employees should be cooperative with the robbers and not try to become a hero. The bank organization stated that this is primarily done to protect the employees but it could be further acknowledged that, because a robbery is an ambiguous situation, not being cooperative could make the situation more hostile. These actions could be identified within the Containment/damage-limitation stage of the Five-stage model. The Security group has also developed policies that are available through the help desk and the local bank should call them right after the robbery and this aspect of the policies could be identified within the Containment/damage-limitations stage of the Five-stage model. These policies include a checklist of what the local office should do before the Post-crisis CMT arrives at the scene. This checklist is developed so the local employees will be supported so they do not increase the damage of the crisis in their traumatized state.

5.4 Post-crisis Post-crisis is the last stage in Mitroff’s (2004) Three-stage model. It is the postmortem of the crisis and will lead the organization back to normal operations. In this stage the last two stages in Pauchant & Mitroff’s (1999) Five-stage model, Recovery and Learning, are identified.

5.4.1 Crisis management teams after a crisis The Recovery stage in Pauchant & Mitroff’s (2004) Five-stage model is also connected to the Preparation stage because in this stage the organization implements the policies for the post-CMT so that the organization can return to normal operations as quick as possible. The concept of returning to normal operations for a bank organization after a robbery primarily means helping and supporting the employees to cope with the trauma they have been exposed to. This thesis has identified the bank organization’s Crisis group as the CMT in the Post-crisis stage. When a robbery has occurred it is the Crisis group that steps in and acts as the CMT, as discussed in the Pre-crisis stage. The Crisis group is built of employees from local offices that have gone through an education in crisis handling. They have normal working tasks, but are always on duty if a crisis such as a robbery should occur. The importance of the geographic spread of the members of the team is now realized, since the team will be on the scene within hours. The organization has a large resource pool of employees so if many crises are occurring in the same area the organization can still send new people in the CMT to the different locations. It has been shown that the bank organization has realized the importance of the Preparation stage and the results will be shown when all the policies regarding post-crisis is put into action. The recovered resources discussed in stage four in Pauchant & Mitroff’s (1992) Five-stage model is, in a robbery, not primarily the cash being stolen. Instead the recovery of the sto-

len cash is handled by the police department. The resources that the bank organization focuses on are their employees at the local offices. Since the timeline and the actions of the CMT are confidential we have limited analyzing possibilities concerning the specific actions taking place when the CMT arrives on the scene of the crisis. Interviews have shown that the CMT is very flexible in how long they stay at the location of the crisis since the occurrence of a robbery can traumatize people in different ways. It was also shown that the primary concern of the bank organization is the local employees and providing them with support. The CMT does this by helping the employees that are in need of therapy to get in contact with therapists. The way the bank organization’s policies are structured around the employees and their wellbeing shows that the bank organization has realized that the actual robbery is not first and foremost the crisis that needs to be managed but also the human resources at the local bank. Although it is not the primary task of the CMT, the group will support the local office in getting all the functional areas up and running again, and bring- ing in new personnel if needed, allowing the bank to return to normal business operation as quick as possible. Therefore, with the help of the CMT the Recovery stage in Pauchant & Mitroff’s (1992) Five-stage model will be shortened. The standard amount of time for support given to the employees from the CMT is one year due to the fact that someone experiencing a robbery can have post-traumatic stress disorder. However, if an employee still needs help after a year the CMT will continue with its support. In the Learning stage of Pauchant & Mitroff’s (1992) Five-stage model Pollard & Hotho (2006) argued that as soon as normality returns to the organization it has to start an evaluation process because learning is the method for improving what has been done in the past. It is the Crisis group that has the main responsibility in the Learning stage, if it is needed the security group will also be at the location, but this is rare and only happens if this is re- quested from the local offices. Since a robbery is such a traumatizing situation it was realized that the employees feel more confident to talk to a member of the Crisis group that was around during the crisis instead of a new person. The bank organization has identified the importance of continuous learning, and an evaluation program has been developed. The first step the team will take is to have a conversation and discussion with the local employees in order to get an understanding on how they perceived the work that was done during the crisis. When this has been done the Crisis group will meet and have a discussion on what the employees thought was positive/negative, also the member of the group are motivated to bring forward their own thoughts and opinions. This discussion is crucial for the Learning stage since humans will perceive the same situation differently. Through this evaluation the policies, both in the Pre-crisis and the Post-crisis stage, can be updated and become more effective. The policies are updated continuously and are distributed quickly to the local offices so that they can take part in the changes made and be able to implement them within the local office as quick as possible. One of the managers on the local level stated when asked about how the information flow concerning the policies works within the bank organization that, “It works excellent and I am always updated about any changes being made in these policies”. This further shows that the bank organization is effectively using the last stage, Learning, in the Five-stage model. When interviewing the police it was found that the Recovery stage and Learning stage after a robbery are handled internally by the bank organization and cooperation is kept to a minimum. The only part that the police are involved in within the Post-crisis stage is the practical security issues that could prevent a robbery. An increase in the collaboration with the police could help the bank organization in areas where their policies are not meeting their goals because of the fact that the police have great experience of crisis situations.

5.4.2 Crisis leadership in the Crisis management team Crisis leadership is of great importance and the contingency theory stresses the significance of adapting to current situations and to be flexible in the leadership style, meaning that an optimal leadership style will be dependent on internal and external conditions. In an ambiguous situation such as a crisis it is recognized that a more-directive and authoritarian leadership style is more suitable. A task-orientated style is needed but the leader needs to look to the relational concern as well. There are aspect to consider in the relationship such as supportiveness, understanding, expression of concern and empathic response (Seeger et al, 2003). Also stressing building relationships is the transformational theory (Madzar, 2001). Since a crisis creates an unstable and dynamic environment, these circumstances call for a transformational leader that has a flexible approach to the situation (Yukl, 2006) . In the Post-crisis stage the handling of the crisis is the responsibility of the Crisis group. The local manager should recognize their authority as leaders as they possess the necessary knowledge on how to handle these situations. Through their work with the Crisis group, the bank organization has recognized that strong leadership is important during the management of a crisis such as robbery. The complexity and uncertainty of a crisis can make the employees and more importantly the local manager forget about the important small details and in this way weakening the leadership. To address the threat of weak management and to assure the strength and quality of leadership, the Crisis group who are educated experts in the field on how to handle a crisis becomes an important resource as they temporary take over the lead and control of the local office. The local manager Ms. Johans- son addressed the authority of the Crisis group by saying, “When the Crisis group comes in they will handle the entire situation. The Crisis group works as a centre of communication and support and facilitates in such a way so that the organization can run smoothly again.” Even if the plan of action in the Post-crisis stage is explicit, being flexible in the approach on how to handle the crisis is important since the Crisis group is working with people. The bank organization is working in accordance to the ideas of the contingency theory where the leadership should be adapted to the current situation at hand. As their prime responsibility is to support the employees, the Crisis group will structure their support differently depending on how the employees at the local office react and how they experience the robbery or threat. The developed program of action continues for one year but is flexible and can be prolonged for more than a year if it is required by the current situation. The developed program of action can be seen as task-oriented as it is explicit, the task of the Cri- sis group coming to the local office are clearly formulated and the Crisis group could be confident about the actions that needs to be taken. Even so, the relational aspects are also of importance and it is not neglected in the leadership style. As the program of action continues over a time period of one year, the Crisis group has a continuous dialog and through this ongoing relationship they gather knowledge on how to best support the employees of the local office in their trauma. Ms. Svensson recognized the Crisis group as taking the leading position in the Post-crisis stage and in the follow-up and evaluation process. The Security group will leave it to the Crisis group to handle the issue and will only interfere if asked by the local office, which rarely happens. The recruitment to the Crisis group is on a voluntary basis and empathy and the desire to support people in their trauma are important traits the Crisis group is looking for. Empathy and supportiveness are seen as important aspect of the contingency theory and a relation- oriented leadership style. The relational dimensions are also stressed in the transformational theory where a leader captures the emotions of the employee and supports and encourages them as an approach to leading.

6 Conclusion In the following chapter the authors will present the reader with the main conclusions of the study, relating them back to the theories and the purpose of the thesis.

The purpose of this thesis is to understand how and why crisis management concerning robberies is implemented within a bank organization. When exploring the implementation of the crisis management program, both the internal and external respondents gave an image of a well working and efficient program. Since the internal respondents were assumed to give in some way biased answers the importance of the external respondents were high. Their positive responses concerning this issue, combined with our research of the bank organization, have further given us the perception of a well working and efficient crisis management within the bank organization. Exploring our purpose and our first research question about how the bank organization’s crisis management is organized on a local and national level we see that the bank organization’s way of working with crisis management concerning robberies is continuously processed and developed. Also it is the Security group that concentrates on the development of the policies about crisis management on a national level and the local security managers are responsible for the implementation. The policies include all aspects of a crisis: educational programs in the Pre-crisis stage, how to act when a robbery occurs, and also how the organization responds in the Post-crisis stage. The implementation of the policies that the security group has developed is performed without flexibility in the Pre-crisis and Crisis stage. This is because the policies are very precise and cover every aspect of a crisis. The policies are the same on all locations within the bank organization. It is the security manager at the local office who is responsibility to implement these policies on the location in the Pre-crisis and Crisis stage so that the personnel is well prepared for the occurrence of a robbery. Here there is a clear connection to the theories used in the thesis when the organization has differentiated between the three stages of a crisis and divided the responsibility of implementation of crisis management in each and every stage. This is seen in the Post-crisis stage where the responsibility of implementation is transferred from the local manager to the national Crisis group that is specifically trained to handle a crisis situation. The implementation in the Post-crisis stage has a more flexible approach, even if the plan of action is explicit, as the Crisis group is working with people that experience a situation of trauma. Why the bank organization has chosen to work extensively with crisis management concerning robberies is because the risk of robberies is perceived as higher in the banking environment than in other industries. The bank organization has in its approach chosen to a great extent to handle the work with crisis management internally. The conclusion that can be drawn from this is that, since the bank organization during an extensive period of time has identified the risk of being robbed as a constantly relevant issue, the policies have been processed and developed repeatedly so that today they have a well working routine concerning crisis management. Instead of relying on external parties, the bank organization has identified the importance of being internally prepared for robberies by an extensive crisis management plan. Interviewing the Union of Finance and the police further highlighted the impression of a professional approach to crisis management in the occurrence of a robbery, since both parties had no complaints at all and were confident of the quality of their crisis management concerning robberies. On the other hand, it can also be argued that their opinion of not being in need of support from external parties such as the police, is not accurate because of the fact that the police is society’s most important guarantor of se-

curity. Cooperation with the police could give an external perspective on the bank organization’s crisis management and could increase the effectiveness of the existing policies. Because of the higher risk factor for bank organizations of being robbed, and the fact that they are responsible for the publics’ assets, we believed that it was of high importance for the bank organization to effectively work with the public’s perception of the organization in the occurrence of a robbery. Therefore we addressed this issue in the research question, “How important is the public view of the bank organization’s security in the occurrence of a robbery?” Through our research the conclusion was drawn that the public view of the bank organization will always be that of a victim. The reason for this is that since the threat of being robbed is always present and the fact that it is impossible to fully prevent attempts of robberies, the robbers will always be seen as the villains and the bank organization as the victim. Due to the automatic role of victim, the bank organization does not have to put as much weight on the public’s view of the organization after a robbery.

7 Discussion In this chapter there will be a general discussion and reflection of our study and also what could be included in further research.

7.1 Further discussion This thesis contributed to the discussions of crisis management by highlighting an immediate crisis within the banking industry that has rarely been discussed, in spite of being highly relevant. We have created greater awareness on a subject that is present and needs to be addressed so that managers do not fall into the trap of neglecting the work with crisis management concerning robberies. The thesis will also help managers in other industries in their work with crisis management, guiding them how to build an efficient crisis management program concerning robberies. The researchers knew that when conducting this kind of study, interviewing employees responsible for the crisis management within an organization about how well they manage a crisis, there was a high risk for biased answers. After interviewing all the internal parties our belief of receiving only positive answers was very much confirmed. To receive less biased answers the researchers contacted external parties connected to the bank organization’s crisis management. Since the bank organization to a high degree is working with this issue internally the interviewed external parties possessed little or no knowledge of the actual crisis management of the bank organization. The researchers believe that the bank organization has overlooked and neglected the fact that the police possess extensive knowledge and are experts in a crisis situation. It could be argued that the bank organization should be more open about its policies towards external parties such as the police since they could give creative feedback on the bank organizations policies based on their extensive knowledge within the field. Through our research and through interviewing the police we found out that an informal local cooperation existed in one middle sized city between the police and the different bank organizations. This cooperation is there so that threats, such as frauds and robberies, could possibly be prevented. The researchers believe that the bank organization would benefit from implementing this cooperation and that it should be expressed in their policies; in this way the cooperation would exist throughout the country. Additionally, the researchers found out that one of our respondents had participated in a seminar that had a strong impact on her. During this seminar, which was organized by the police, robbery victims shared what they felt and experienced when the robbery took place. The researchers believe that all the employees within a bank organization would benefit from these seminars since the issue of a robbery becomes more vivid. These seminars are not performed on a continuously basis and are neither included in the work with crisis management concerning robberies. This further emphasizes the opinion of the researchers that cooperation with the police would make the work with crisis management in the bank organization more efficient. Another interesting aspect that came into consideration during one of the interviews was the fact that in some occasions the customers were the ones noticing suspicious people, notifying the employees and in that way prevented a robbery. The fact that even if the employees, who are educated to be on their guard for suspicious people, do not notice any-

thing one can argue that improvements could be made in the Pre-crisis stage education program concerning robberies. In today’s society the bank organizations are constantly under the threat of robberies and even though efforts have been made to minimize the amount of money in the bank offices, the threat is always present. The researchers believe that this could change in the future if the bank organization would succeed in their vision of not possessing any money at the local bank offices, this would decrease the threat of a robbery. But as Ms. Larsson’s stated, “As long as the bank organization has money in their offices the risk for a robbery is always present. Therefore it is important to have a well organized crisis team.”

7.2 Reflections We believed that every aspect of our purpose could be covered when conducting research about a bank organization as an external party. After finishing the thesis we understood that much of the information we were interested in was highly restricted by confidentiality and could not be reached through our approach. This limited the understanding of the policies for crisis management, educational programs and the bank organization’s plan of action during a robbery. All documents concerning these issues were confidential and could not been shown to us. Another problem we faced was that when approaching employees within the banking organization about conducting an interview, the people on the regional level did not feel confident in what information they could reveal so they forwarded us to their superior on a national level. This issue restricted us in conducting interviews on every level within the bank organization which was our original intention. If this had been done the overall picture of how the organization works concerning a crisis situation would become clearer. In our opinion we received what could be seen as biased answers during the interviews as there are few weaknesses recognized by the respondents. Discussing the Post-crisis stage, the researchers would receive a more unbiased overview if interviews were performed with a larger number of employees that actually had experienced a robbery and in this way had experience of being the subject of the bank organization’s crisis management. This was difficult to achieve since the bank organization was unwilling to give out names and reveal the identities of employees that has experienced a robbery.

7.3 Further research When discussing crisis such as threats and robberies, it has been shown throughout this research that the focus as a crisis to a great extent occurs is the employees and the trauma they experience. Hence, it is suggested that further research could put emphasis on the perspective of the employees instead of the perspective of the managers which was chosen in this thesis. If exploring the field of crisis management from the perspective of the employees it could be of further interest to do a longitudinal study and to follow an employee for a longer time period and analyze how they perceive the crisis situation as individuals. Another suggestion is that the same study could be implemented on a different industry. An industry that could be of high interest is cash transportation companies, this industry has been exposed to several robberies and robbery attempts in recent years in Sweden. An- other proposal is to conduct a study within the same bank organization concerning the crisis management and how they handle other crisis, such as frauds or embezzlement.

References

Adair, J. (2003). Inspiring leadership: learning from great leaders . London: Thorogood.

Ashcroft, L. S. (1997). Crisis management – Public Relations. Journal of Managerial Psychology. 12 (5), 325-332.

Augustine, N. (1995). Managing the crisis you tried to prevent. In , Harvard business review on crisis management (p. 1-31). Boston: Harvard business school press

Bass, Bernard M. (1985). Leadership and performance beyond expectations. New York & London: Free Press.

Bolman, L., & Deal, T. (2005). Nya perspektiv på organisation och ledarskap (3rd Ed). Lund: Stu- dentlitteratur.

Brottsförebyggande Rådet, Retrieved 2007-10-08, Last Updated 2007-08-08, http://www.bra.se/extra/pod/?action=pod_show&id=47&module_instance=11

Coombs, W. T. (1999). Ongoing crisis communication: planning managing and responding . London: Sage publications. Creswell, J. W (2003). Research design Qualitative, quantitative and mixed methods approaches (2 nd Ed.) California: Sage Publications. Encarta world English dictionary (1999). London: Blombury. pp 398.

Fairholm, G. (1998). Perspectives of leadership: from the science of management to its spiritual heart . Westport: Praeger publisher.

Fishkin, C. A. (2006). The Shape of Risk: A new look at Risk Management. Basingstoke: Palgrave Macmillan. Frost, C., Allen, D., Porter, J., & Bloodworth, P. (2001). Operational risk and resilience; understanding and minimizing operational risk to secure shareholder value. Oxford: Butterworth- Heinemann. Hamilton. G (1985) Detta är risk management , Lund: Studentlitteratur. Hester, R. E., & Harrison, R. M. (1998). Risk assessment and risk management , Manchester: Royal society of chemistry. Hill, W. (1969). The validation and extension of Fiedler´s theory of leadership effectiveness. The academy of management journal . 1 (12), 33-47. Kash, T., & Darling, J. (1998). Crisis management: prevention, diagnosis and intervention. Leadership & organization development journal. 19 (4), 179-186. Lee, T. W. (1999). Using qualitative methods in organizational research. London: Thousand Oaks. Lundahl, U., & Skärvad, P-H. (1999). Utredningsmetodik för samhällsvetare och ekonomer (3rd Ed). Lund: Studentlitteratur.

Mackenzie, A. (1994). Dealing with disaster. Asian business . 30 (7), 20-24. Madzar, S. (2001). Subordinates information inquiry: Exploring the effect of perceived leadership style and individual differences, Journal of occupational and organizational psychology . 74, 221-232.

May, T. (2002). Qualitative research in action . University of Salford: Sage publications.

Mitroff, I. (2000). Managing Crisis Before They Happen: What Every Executive and Manager Needs to Know about Crisis Management. New York: Amacom.

Mitroff, I. (2004). Think like a sociopath, act like a saint. Journal of business strategy 34 (5), 42- 53.

Mitroff, I. (2004). Why some companies emerge stronger and better from a crisis. New York: Ama- com.

Muijs, D. (2004). Doing quantitative research in education with SPSS. London: Sage publication. Nordea, Retrieved 2007-10-05, Last updated 2007-09-26, http://www.nordea.com/Om+Nordea/Humankapital/815292.html

Ombudsman News, Retrieved 2007-10-05, Last updated 2005-04, http://www.financial- ombudsman.org.uk/publications/ombudsman-news/45/45_bankers_duty.htm

Parsons, W. (1996). Crisis management. Career development international, 1 (5), 26-28.

Patel, R., & Davidsson, B. (2003). Forskningsmetodikens grunder, att planera, genomföra och rappor- tera en undersökning (3rd Ed). Lund: Studentlitteratur. Pauchant, T., & Mitroff, I. (1992). Transforming the crisis-prone organization. San Francisco: Jos- sey-Bass Pearson, C., & Clair, J. (1998). Reframing crisis management, The academy of management review 23 (1), 59-76. Pollard, D., & Hotho, S. (2006). Crises, scenarios, and the strategic management process, Management decision, 44 (6), 721-736.

Quarantelli, E. L. (1986). Disaster crisis management . New York: Disaster research center.

Regester, M. (2005). Risk issues and crisis management: A case book of best practice (3 rd Ed). Lon- don: Kogan page limited.

Repstad, P. (1999). Närhet och distans: kvalitativa metoder i samhällsvetenskap (3rd Ed) Lund: Studentlitteratur. Sapriel, C. (2003 ). Effective crisis management: Tools and the best practice for the new millennium. Journal of communication management . 7 (4), 348-355.

Saunders, M.., Lewis, P., Thornhill, A. (2003). Research methods for business students (3 rd Ed). Harlow: Prentice hall.

Seeger, M., Sellnow, T., & Ulmer, R., (2003). Communication and Organization Crisis. Westport: Praeger publisher. Shrivastava, P. (1993). Crisis theory/Practice: towards a sustainable future. Industrial and Environmental Crisis . 7 (1), 23-42.

Solvang, B., & Holme, I. (1991). Forskningsmetodik om kvalitativa och kvantitativa metoder. Lund: Studentlitteratur. Trost, J. (2005). Kvalitativa intervjuer . Lund: Studentlitteratur. Yin, R. (1994). Case study research: design and methods (2nd Ed.). London: Sage Publications. Yukl, G. (2005). Leadership in organizations (6 th Ed). Upper Saddle River, NJ: Pearson prentice hall. Östbye, H. (2004). Metodbok för medievetenskap . Malmö: Liber ekonomi.

Appendix 1 – Questions to the local Security Directors Can you give us your name and title, tell us how long have you been working in the bank organization, what your job assignments are and how many employees work here? Are there any preparatory actions being done to avoid robberies? What kind of policies and procedures do you have concerning robberies and crises? Can you describe the crises and risks surrounding the bank? Can you describe the development- and evaluation process concerning the policies? How does the information about the policies and procedures get distributed? Do you think the geographical location matter in the risk of being a victim of a robbery? How would a robbery on a local level affect the entire organization? Can you describe how the cooperation with the Crisis group works? Describe the steps you take in the occurrence of a robbery. What external organizations are contacted if a robbery occurs? Does the employees get any psychological support and if yes, from whom? Do you think the concept of a cash-free society has made the risk of robberies decrease? Do you think the customers take into account the risk of the bank being robbed when they chose their bank? What kind of educational program do you have concerning crises? Is there anything the employees can do to abort or avoid a robbery when it is about to happen?

Appendix 2 – Questions to Security Officer of the Security group Can you give us your name and title, tell us how long have you been working in the bank organization and what your job assignments are? Can you describe what the security group does and how it is connected to the crisis management of the bank? Can you describe the crisis management policies in the organization and how these are developed and evaluated? What specific policies do you have concerning robberies and how are these implemented? How are the policies distributed throughout the organization? Does the geographical location of the bank matter in being the victim of a robbery? Do you think a robbery affects the entire organization? In today’s society the banking industry are moving towards the cash-free bank. Has this changed your focus away from robberies? Do you put much weight on society’s view of the bank as a safe bank?

Appendix 3 – Questions to Head of the national Crisis group Can you give us your name and title, tell us how long have you been working in the bank organization and what your job assignments are? What kind of crises do you think affect your organization the most? What steps do you take to identify and evaluate crises? How does the cooperation work between the Crisis group and the security group? How is the Crisis group structured? How are the members recruited and how are they educated? Are the roles in the Crisis group specific? Can you describe what the Crisis group does? Can you describe what the Crisis group does when a robbery occurs? How do you work with the local personnel when you arrive at the local office after a robbery? Does the Crisis group handle the evaluation of a crisis situation? Does the crisis management plan get continuously updated?

Appendix 4 – Questions to the police Does the police department cooperate with the banks regarding crisis management? If a robbery would happen, what do you do when you get to the scene? Who do you first communicate when you get to the scene after a robbery? The local bank manager or the Crisis group sent out by the bank? Can you mention strengths or weaknesses with the bank organization preparation for robberies? Is there any state department that takes care of the customers and the employees and give them the support they need after a robbery? As a police officer, do you have any criticism towards the bank organizations crisis management? Do the police influence the banks in the development of their policies concerning crisis management? Do you wish the police were more involved in the bank organization’s crisis management?

Appendix 5 – Questions to the union representative How well do you think bank organizations manage crises? What actions does the Union do to look after the bank organizations employees in connection to robberies? Have the employees of the bank organizations put forward any wishes to change their situation regarding the security in the bank? Has the Union tried to effect the bank organizations in their policies? Do you think the Union should be more involved in the bank organizations crisis management or less involved?

Appendix 6 – Questions to the robbery victim What was your position the day of the robbery? How long had you been working within the bank organization? Are you still em- ployed at the bank? If not, did you quit in connection to the robbery? Can you give us a general overview of how the robbery occurred and what happened after the robbery? Did you know about the bank organization’s policies regarding what to do in the occurrence of a robbery? How did you get this information? From where did you get the most support after the robbery? How well do you think the policies concerning robberies work? Was there anything that you think the bank organization could have done better? Did you get support from any external organizations after the robbery? Did the bank organization contact the bank that was robbed to do an evaluation of how well the crisis was managed?