business continuity program should start with a well presented business
case and a clear roadmap. Mark Carey explains.
Do you want the budget, resources, and management support for your
business continuity program to be a success?
Then, be strategic.
In my more than 10 years in the field of risk, I have observed that
strategic planning does not seem to be an area where many risk professionals
excel. However, in a recent conversation I had with a Fortune 50
CFO, the key question on the table was, “How should my company
align and integrate our risk management activities into the strategic
planning processes used by our businesses?”
I have conducted many interviews with risk professionals to ask
them what challenges they face, and I consistently hear the following
1. “I am always struggling to get adequate budget, people,
and tools necessary to do my job.”
2. “It is difficult to get the attention of our executive
management team until something bad happens.”
Sound familiar? If so, rest assured, you are not alone.
Effective strategic planning, especially the process that you have
to go through to develop a strategic plan, will go a long way toward
helping you address these challenges. The plan itself is not as
important as the process, the thinking, and the garnering of management
Your strategic planning should accomplish the following:
* FOCUS: Which risks specifically will your business continuity
program focus critical resources on managing? What business continuity
management capabilities (processes, investments, resources, and
related activities) will be required? How will they be coordinated
across the enterprise?
* VALUE: How should you measure the results and demonstrate the
value of business continuity management, investments, resources,
and related activities?
* OBJECTIVES: What are the goals of your business continuity program?
How will it benefit your organisation and its key stakeholders?
The benefits to your business continuity program when going through
a strategic planning process and developing a well thought out development
plan are many, but here are several that my clients have benefited
* The information gathering portion of strategic planning provides
an excellent opportunity to interview and receive input from executives
that you may not often interact with. This will give you exposure
with those executives while allowing these executives to participate
in the development of your program and ‘buy in’ to the
ultimate outputs of your strategic plan because they've had a stake
* It forces you to rationalise your current and future activities,
investments, hiring plans, etc.
* Strategic planning enforces professionalism, rigor, and discipline
around the budgeting process.
* Strategic planning provides a vehicle for you to communicate your
vision for the program to your staff, team, partners, management,
and other key stakeholders.
In my experience, risk professionals that have taken the time to
go through the process have had much more success getting their
budgets approved and head count requests supported; and they are
better able to articulate the need, value, and return on investment
of their business continuity program to their executive team.
So what are you waiting for? A strategic plan can help your business
continuity program in so many ways - you'll be glad you did it!
Strategies that work
Developing a strategic plan for your business continuity program
can be formal or informal. Just make sure you consider all of the
following areas. You want your strategic plan to create a business
case and a roadmap for your program.
* Establish context and scope. You need to set parameters
for your program and for the planning process. What risks will be
covered? What parts of the risk management process? Which business
units? Which geographies?
* Assess the current state. You must be able to clearly
describe where your business continuity program currently stands.
Where are you today? What is working now and what isn't with the
way you currently manage risk? What has changed in your risk and
business environment that warrants a change in your business continuity
program? What are peer organisations doing?
* Envision the future. You will need to articulate where
you believe the business continuity program needs to be and why.
Where do you need to be? What are your stakeholders' needs and expectations?
What will your program look like and what will it be able to do?
How will this benefit your organisation? What are the consequences
to your organisation if you don't do these things?
* State goals and initiatives. You will need to declare
what your business continuity program is there to achieve and how
it will get there. What are the objectives for your program? What
are you trying to accomplish, change, or affect? What initiatives
or projects will get you to those objectives? How much will they
cost? What are the ongoing costs? What are the benefits?
* Frame the implementation. Lay out a roadmap for implementation
of your program. It doesn't need to be a detailed project plan (that
can come later) but it has to demonstrate that you have thought
things through. What sequence will the projects occur in? Which
need to happen first? When will they begin and end? How will they
rollout across your organisation? Who will do them? What are the
* Measure performance. This is an area often missed by
many business continuity programs. Demonstrate the value of your
program. How will you and your stakeholders measure success? Where
do you currently stand? Where do you need to be in six months, one
year, or even five years in order to achieve your stated goals?
How often and in what manner will you report results to your program's
Mark Carey is CEO, DelCreo, Inc.
DelCreo has a free ‘Strategic Plan Workbook for Risk Programs’
available. This 25-page workbook serves as a step by step guide
for a complete strategic plan for risk professionals and risk programs.
To get your workbook, please visit www.delcreo.com/free.html
Mark is the CEO and founder of DelCreo, Inc., an enterprise risk
management company. He specialises in the areas of enterprise risk
management, strategic planning for risk managers, risk appetite,
and critical infrastructure protection. He has worked with a diverse
range of global companies as well as the federal government. He
has also been active developing the infrastructure protection approaches
and strategies at a national level, using an ERM context.
Previous to DelCreo, Mark was the founding member of the Ernst
& Young US Enterprise Risk Management practice, and was the
Global Product Development Leader.
17th Dec 2004 •Region: US/World •Type:
Article •Topic: BC
this article or make a comment - click