Mark Mahoney, MBCI, responds to an article published recently on Continuity Central in which it was claimed that ‘business continuity is broken’. This is far from the case says Mark…
I find it a very interesting and thought provoking debate as to whether business continuity is purposeful or ‘broken’. It also highlights the differing perspectives that people have, giving healthy challenges, which ultimately lead to improvements within our industry.
I do not feel that business continuity is ‘broken’ per se, and neither do you: otherwise you would not be practising! However, there are always areas for improvement, which is something I believe that most people are aware of and take an interest in.
My comments on the ‘three problem areas’ highlighted in the article by David Lindstedt are below.
It’s a problem that business continuity is not evolving
I’m certain that many people would think that it has indeed evolved, and indeed, is still evolving: incremental changes or improvements are effective and, incidentally, reflect the practices of Agile and quality improvement. Systematic critique has improved business continuity at the wider level, in effect the improvement of standards, and also at the individual corporate level where conscientious business continuity managers always strive to improve corporations’ business continuity capability year on year.
So business continuity is evolving and, indeed, improving although I can see, and have experienced, how different sectors and organizations improve and evolve their capabilities at different rates.
Where practitioners should take responsibility in improving the industry-wide practices is: engaging in forums, symposiums, newsgroups etc. and offering up their own ideas and practices. In time, the best working methods will ascend to the top and become woven into general industry best practice.
Whilst changes are occurring there is evolution; what I see generally is that people are looking forward - to identifying how we can operate in a changing business landscape.
It’s a problem that we can’t engage executives
It most certainly is a problem, and one which lies squarely on the shoulders of the business continuity practitioner!
It is the practitioner’s responsibility to engage the C-suite and to ensure they understand the business continuity programme; if they don’t, then the only planning is for failure!
It is not industry best practice that places us in this compromised position, it is ourselves. You know your stuff: make your voice heard! Be clear, concise, engaging and ensure that the C-suite understand.
Business continuity practitioners are encouraged to improve themselves continually and having the ability to learn the business and to be flexible are, or should be, staple capabilities.
Problem easily fixed. It’s down to us my friends!
I’m in agreement with establishing a return on investment (ROI), yet it’s not always so clear, but then again what service is? Where ROI can be determined, to an extent, is in the measurement of metrics, which brings us to the next problem…
It’s a problem that we have no meaningful metrics
Again, not a difficult problem to overcome.
Metrics can be derived from the rigorous application and use of the risk analysis and business impact analysis data, both of which add value to, and can be used by, other capabilities within the organization.
It is agreed that ‘lip service’ is often paid to business continuity and the existence of business continuity artefacts are, sometimes incorrectly, accepted as proof of the effectiveness of the capability. Measurements can be made against our metrics during testing which of course determines how resources are to be managed, costs assigned and value added to the process.
Ultimately business continuity practitioners have to have, in addition to their specific business continuity skills, a cross functional outlook, the ability to understand the business at a high level (the MBA toolkit?), effective communication skills, a wide horizon which is in effect a move out of the silo mindset and active engagement and empathy with complimentary corporate capabilities such as security, risk management, compliance etc.
Business continuity, broken? No, but what a title to get people thinking!
Mark Mahoney, MBCI, MBA, is a Business Continuity and ITSC Programme Manager.