Whose job is business continuity?
John Stagl weighs into an ongoing debate which is taking place on Continuity Central about what the role of the business continuity planner is.
We have over the past couple of decades developed an entire industry of business continuity planners and planning trainers to help companies deal with unanticipated events that can impact a company’s performance in the market place. This entire effort is founded on the assumption that companies will go out of business without these plans in place. Too often, these plans are developed by individuals who do not have access to, nor completely understand the strategic goals and pressures impacting the company. In most cases these well intentioned individuals do not even understand the dynamics of the competitive market in which the company functions every day. Even more importantly, these ‘planning individuals’ have not been trained to look for external factors that may influence the success of their company as part of their planning efforts. They have been educated to believe that all of the information they need is present within the company and known by the various levels of management in that company. The consequence of this naïve orientation is a business continuity plan document that is obviously lacking in fundamental information to achieve the company’s goals and long term success.
For years these planners have been trying to find ways to convince upper management that this planning effort is valuable to the company. At the same time professional and certification groups staffed with individuals who have also been trained with this inadequate planning method have created ‘standards’ of best practices for companies. Auditing firms, sometimes with a profound lack of complete business understanding, have embraced these planning methods and standards as critical factors that must be present in order for a company to be managed effectively. The result is a planning process within a company that is still, after all of these years, viewed as a necessary expense and not an asset.
I know that this sounds very critical of the individuals who started this type of planning decades ago and have tried to update it over that period of time. They were obviously well intentioned, but lacked the experience to do the job completely. In spite of the lack of senior management’s enthusiastic acceptance of this planning effort, planners have persisted in doing the same thing year after year. They remind me of the doctors back in the 1960s who gave cream to ulcer patients in hospitals (I worked as an orderly in hospitals to pay for college). Obviously if cream coated a glass, it would be good to coat a stomach and help cure an ulcer. Today doctors know that logic is flawed. Dairy products are very hard to digest and therefore not good for ulcer patients. Consequently, doctors no longer use this treatment for ulcers. The medical community did a self-analysis of the treatment it was using and discovered that it was ineffective and so they changed. In the disaster recovery and business continuity planning community we continue doing what has been done for decades and the only change is the way we ask the question: why are we perceived as an expense and not an asset? We ignore the obvious fact that what we do may fulfill some audit requirement, but has very little value to the individuals trying to keep the company working and profitable. For years planners have quoted studies that confirm that business continuity and disaster recovery plans are important for companies to survive disasters. Yet when both Mel Gosling and I tried to collect empirical evidence supporting these studies, those studies could not be found. Mel refers to them as an ‘urban legend’ in disaster recovery planning.
In order to change our image as planners, we must conduct an objective analysis of our planning methods and the value of the resulting plans for the senior staff, not some auditing group. The first step in this self-analysis is understanding the results of disaster recovery and business continuity plans within a company. As I pointed out in a recent comment to a LinkedIn question on this topic, let’s keep this simple – disaster recovery is the plan to deal with an interruption in operations. That’s it. If you did not have an interruption in operations, you do not need a disaster recovery plan. Business Continuity is a plan that is used every day to help the company stay in business and achieve its corporate goals. Keep this in mind, it’s important, the only reason to test a plan is to make sure it works when you need it. That presumes you are not using it now, but might need it in the future. If you are using a plan every day, you know if it works and testing is not necessary. You may need to alter it to make it effective or more effective, but you do not need to test it: instead you use it every day.
As an individual who was a strategic planner for many years, and an officer in the local strategic planning chapter then later a member of the board of directors for the North American Society of Corporate planners, I dealt with senior officers every day. I tell you from those years of experience that there is only one criterion that is important when discussing a plan and that is ‘Did, or Does, It Work”? Nobody cares how it was prepared, how big it is or what format is used. Senior officers only care that it works! From time to time you will hear of discussions regarding a common definition of terms. This is the effort of individuals trying to make planning simple. Planning is never simple.
The same is true of individuals who suggest the idea that there is a ‘best practice’ in planning and plan format. Again this is the result of individuals trying to make this effort simple. Many of the people who suggest the use of ‘best practices’ don’t even know the origins of this concept. Yet they suggest it as an important part of company planning today, without regard for the actual impact that could result. When you think about it, a single methodology of planning or a single format for a plan that will work for all companies is a ridiculous idea.
In fact, the concept of best practices was developed at the beginning of the 20th Century by Frederick Taylor (the father of scientific management). He developed this concept to help owners of factories run them more profitably. It was developed for the manufacturing industry. Today our economy is primarily a service based economy and best practices are of very limited application. Companies today have so many differences, they sell different products or services, they support different customers, they have different investors, their management has different values, the organization structures are different, their financial strengths vary and their goals are not all the same. In this environment, some individuals would have you believe that there is a best practice. In today’s results oriented business environment, how the plan was built is not important. The critical criterion for disaster recovery plans is “DID IT WORK?” In the case of business continuity plans, the criterion is “DOES IT WORK?” If the answer to either of those questions is “No”, the method of plan development or the format you used will not save your reputation.
The two primary plans most planners develop for companies are disaster recovery plans and business continuity plans. Each of these plans has a different purpose, and therefore are the responsibility of different levels of management within the company. Senior officers understand the need for both capabilities within the company, but they do not manage the development of both plans. They delegate the disaster recovery plan to middle management, and they retain responsibility for the business continuity plan. Since disaster recovery planning deals with operational interruptions and those interruptions happen infrequently and seldom result in the failure of a company (contrary to the ‘urban legend’) this is a middle management responsibility. Business continuity is oriented to those factors that impact the company’s strategic plan and therefore its ability to achieve it strategic goals this year and next year, and ultimately if it will survive in the market place.
As a strategic planner it did not take me long to realize that my company title did not reflect my responsibilities. I was not responsible for achieving any of the company goals and I did not have the authority to reorient any of the company assets to new operations. These were exclusively the jurisdiction of the senior officers. Don’t be confused by titles, if we are discussing strategic impact or company success, we are talking about senior officer responsibilities. Business continuity is one of those topics that addresses the effectiveness of the company’s strategic plan and is therefore a senior officer concern.
As the business continuity planner it is your job to assist senior officers as they manage the company’s strategic plan. In order to do that effectively, you must gain their trust, know what the company strategic goals are and you must learn to speak the ‘senior officer language’. While the way they speak may sound the same as the way you speak, it is not! Their language is oriented to profit, competitors, investors, customer image, employee strengths, budgets, financial strength of the company, regulations and economics just to name a few issues. Once you understand the language, you will understand why discussions with senior officers are short and to the point and expressed in terms of strategic plan objectives. Business continuity planners should start with the company goals and then forecast factors that could impact those goals both positively and negatively. During the year those forecasts are monitored to determine their accuracy and adjusted as needed. The whole purpose of the continuity plan is to help senior officers anticipate changes that need to be made in order to achieve the company’s goals.
Don’t be confused by individuals who tell you they met with senior management. There is a difference between meeting with senior management and having senior officers seek your help regarding company goals. Many individuals are now writing about making a paradigm shift in business continuity planning and then start talking about how to change your testing methods. They are talking about disaster planning even if they are using the wrong terminology. You will know that your business continuity plan is in ‘senior officer’ language when you no longer have to ask for the opportunity to meet with them. Instead the senior management team will come and ask for your input. You will then know that you are actually part of the business continuity team. Only senior level officers truly have the job of business continuity planning.
John Stagl is a Certified Business Continuity Professional and corporate consultant for BELFOR USA, the largest disaster response company in the United States and part of BELFOR the largest disaster response company in the world.
Mr. Stagl works with corporate clients in the planning for and actual response to disasters. He uses his 18 years as an executive in the insurance industry and more than 20 years in the disaster response industry, to assist companies in the development of the most cost effective recovery strategies for their companies.
Mr. Stagl has been a vice president of strategic planning as well as a consultant in the field of business continuity. He was on the board of directors for the North American Society for Corporate Planning from 1982-1984.
He has taught 'Financial Economics' at the University of Baltimore, lectured on strategic planning and speaks and writes regularly on the subject of strategic business recovery planning.
Mr. Stagl worked in Army Intelligence collection for three years including one year in Vietnam. He received his BA from John Carroll University in Cleveland and his MBA in Finance from DePaul University in Chicago.
•Date: 25th October 2013 • World •Type: Article • Topic: BC general