To main content

Risk governance deficits revealed by the Oslo terror attacks


July 22, 2011 was a day that shook the Norwegian
society. A lone terrorist single-handedly launched an
attack on a government facility and proceeded to a
youth camp, killing 77 people in total. It was a day
of realization for society at large that Norway is not
exempted from events of this proportion. As is usually
the case after such events, the two key questions
in the wake of the disaster were "How could this
happen?", and "how can we make sure that this never
happens again?"
An investigation was launched (the Gjørv Commission),
and the report pointed out various risk
management shortcomings, some addressing the
fundamentals of Norwegian public governance. We
analyze the causes identified by the Commission
from a risk governance perspective. The shortcomings
in risk management can be categorized according
to the theoretical framework of the International
Risk Governance Council (IRGC). The risk governance
framework consists of 5 different phases,
which must be adequately executed and interconnected.
Deficits in any of the phases in the risk governance
process may prevent effective and sound
risk governance (IRGC, 2005, 2009).
The study demonstrates that there were several deficiencies
in the Norwegian risk governance strategy.
Severe delay in the implementation of security
measures, confusion in the responsibilities and roles
of the various agencies, and failure to communicate
important issues were among the contributing factors
that resulted in a tragedy that has affected society.
The analysis of the Oslo terror is used as a case to
discuss strengths and weaknesses of the Risk Governance
approach. The paper underlines that the
findings of the Commission (NOU 14: 2012) coincide
with some of the common deficits in risk governance
identified by the IRGC. Moreover, the paper
identifies challenges in implementing the risk governance
framework from an overarching societal
safety and security perspective. These challenges include
effects of fragmentation between governmental
institutions on risk governance, incremental
changes at the end of each governance cycle, and
dealing with concurrent and complex risks at a societal
The key learnings from Oslo concern issues that
straddle or fall between organizational and institutional
boundaries in the patchwork of governance.
The sectorial mode of governance more generally
contrasts with the idea of a unified and centralized
risk governance. Rather, what we refer to when we
speak of risk governance is a multitude of efforts
(and non-efforts) from different agencies and institutions.
The failure to close Grubbegata (the street in
front of the government buildings, a known terrorrisk)
illustrates how even quite straightforward
measures may not be implemented even though
they, seen from an isolated risk governance perspective,
are obviously pertinent. In an intricate web of
reality, risk governance requires a nexus, a means of
linking the different actors within and across organizations
and interests, in order to face the challenges
in uplifting societal safety and security to a higher


Academic lecture


  • Research Council of Norway (RCN) / 234391




  • Marie Nilsen
  • Petter Almklov
  • Eirik Albrechtsen
  • Stian Antonsen


  • NTNU Social Research
  • Norwegian University of Science and Technology
  • SINTEF Digital

Presented at





07.09.2015 - 10.09.2015


European Safety and Reliability Association



View this publication at Cristin