Resilience Ninja

Coaching and ideas to help build agile and resilient practices.

You are here: Home / BC Practice / … how often we mistake the tool for the process.

… how often we mistake the tool for the process.

I have been catching up with my reading over the weekend, and came across a Risk Management related blog Riskczar. This post about risk management technology caught my attention and started me thinking.

How many times do we see people mistake the tool for the process, especially in areas such as Risk and BC Management?

I remember back in the early days working in BC, the organisation I worked for bought a commerical BC/DR methodology and tool. It was called DP/80. You entered a whole bunch of stuff into a database, ran what amounted to a mail merge – and by magic out came your plan.

It was good to know that we had so quickly established a plan for Hurricanes and Tornadoes – especially as you dont get either where we were based.

Likewise we often mistake a particular output for a management process. In this context I am thinking Business Unit Recovery Plans and Risk Registers. No management, just artefacts.

I would suggest that it is more common to see the Risk Identification and Assessment process undertaken – leading to a Risk Register. And often there will be a wonderful series of mitigation strategies listed.  I have to say that I have rarely seen the subsequent process of implementing those mitigations and the ongoing day-to-day management of the risk situation done as thoroughly.

Generally a similar thing happens with Recovery Plans – too often in the IT DR space. We identify a new DR strategy and get a plan written to support this new strategy. Unfortunately nobody invests in the capability to actually execute against the strategy.

The tools often work to “dumb down” the process and the people who are assigned to do the work.

Personally I dont see a lot of difference between using those old-fashioned “mail merge” plans and downloading a standard with skeleton headings, or buying a template on the internet – if we are just blindly following the tool.

  • Do you do Project Management in your organisation without professionals?
  • Why then do we often think that a tool can replace the need for BC professionals?

Comments

  1. What I found is that one has to continue doing ongoing threat analysis as part of a crisis management discipline. Doing a standard plan is one thing, but its those strategies around threat scenarios that will be used when the time comes.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *