| The unexpected benefits of good business continuity
For many organisations the cost of comprehensive business continuity and disaster recovery programs can be significant. Few realise that the benefits of a business continuity management programme extend far beyond the ability to recover from unpleasant events. In order to determine continuity related risks, critical business processes and critical resources as part of the business impact analysis (BIA) process it is necessary to analyse the subject organisation in some detail. For many organisations this sort of scrutiny, extending across every aspect of the business, will never have been done before. The discoveries made as a result of business continuity related analysis could come as quite a surprise to executive managers. It is often the case that an unexpected output of the BIA process is the identification of opportunities to enhance, through optimisation or rationalisation, various high-level and low-level business processes. Organisations may realise that they have duplicate functions or functions which overlap. They may find illogical workflows through the organisation or, in more cases than you could imagine, evidence that the organisational model itself is not fit for purpose due to such factors as segmentation and misalignment with core business processes. While such issues are often set aside as ‘out of scope’ or passed to others to address, it should be realised that these outputs are not side effects of the business continuity management process but are fundamentally important outputs of the process. Indeed, the business efficiencies that can be achieved through addressing such identified issues can be significant. These efficiencies can be so substantial that the benefits may be used to cost justify a significant portion of the business continuity programme. The benefits are also great publicity for your business continuity initiative because they are often simple to relate to stakeholders and are seen as particularly tangible in terms of the day-to-day business of the organisation. While a business continuity cost offset is a great thing to have, it needs to be better understood that in holistic business continuity terms, the rationalisation of business processes can be seen as a necessary step in building organisational resilience. A poorly defined and inefficient process is usually more prone to failure than a well thought out and optimised one. Poorly defined processes can also be more complicated than optimised processes. As is the case with technology systems, an overly complex process is more difficult to successfully replicate or recover than a more streamlined one. Simply put, complexity of process is inversely proportional to probability of successful recovery in a crisis or disaster situation. The most common, and fundamental, example I can offer is that of significant misalignment of the organisation with its critical business processes. For all types of business it is possible to create a normalised model, which essentially represents the core business process at its most fundamental level. In a manufacturing company, for example, this may consist of several steps such as product development, marketing, sales, procurement, production, logistics, billing and customer care. As you can see these essentially represent the business lifecycle. We design the product, market it, receive orders, build it, deliver it to the customer and bill them for it, and we also look after the customer in terms of after sales support. From this fairly obvious business model we can arrive at the top layer of the organisational structure. More detailed analysis of the business plan will reveal the necessary lower layers of the structure. Across this we map some standard support and governance functions and we have our complete structure. While this seems fairly obvious I have rarely found an organisation that has, in recent times, had a meaningful discussion about the design of their organisation’s structure. Most structures simply grow organically over extended periods of time until no one exists anymore that remembers why or how the structure was arrived at. The larger the business, the more prevalent this problem can be. The associated risks with this scenario arise largely from a lack of definition around communication, authority and responsibility, and can result in the failure of critical business processes, thus impacting the overall continuity of the business. If such issues are identified as part of business impact analysis efforts then these should be addressed as part of the subsequent strategy, with changes or controls being put in place prior to the implementation of recovery capabilities. A lean, optimised organisation is generally more robust and resilient in a crisis situation. We are all familiar with the saying, the ‘left hand not knowing what the right hand is doing’. This saying was born out of the prevalence of this issue and is most frequently used when referring to government agencies and large-scale corporations. It describes, better than I can, the business continuity risks associated with poor organisational, and business process design. In the case of government, efficiency gains arising out of business continuity management efforts should be particularly welcome. Optimising the machinery of government may not only reduce the impact of an event on our critical community infrastructure, but could have the unexpected benefit of lowering taxes through increased process efficiency! Andrew McCrackan is the author of a Practical Guide to
Business Continuity Assurance, Artech House, Boston, 2004.
•Date:
10th Dec 2004 •Region: N.America / World
•Type: Article •Topic:
BC general |
