Recently I was talking to a colleague about the role of BCM in an organisation – as often seems to be the case the discussion was around the role of a BCM Group in the day-to-day operations and all those issues that do not amount to catastrophic outages.
Too many BC people see themselves as only being required to engage in these extreme cases. It is sad when you see publications such as the Draft ANZ Standard on BC supporting this position. (The standard highlights that BC is for situations where routine management cannot deal with the impact).
I tend to encourage people to reframe that debate into a different context. Do you want what you do to have any relevance to the management of your company (especially in these downsizing times)? If so then take an interest in the numerous, less than catastrophic, outages that occur.
People will react and respond in a real crisis the way they learned to respond during these numerous non-crisis outages. They will also instinctively engage the people who helped them during those outages – if the BCM Group are irrelevant to the management and the response to an outage then what use are they.
The conversation made me think about three earlier posts and how the message just does not seem to be getting through. Perhaps worth a review given it is BC Awareness Week!
- Nathaniel Forbes was concerned about the lack of a career path in BCM.
- Not surprising as he was talking about BCM as the “Department of Extraordinarily Unlikely Events”
- Is this your view of BCM too?
- This type of BC Dept is generally engaged in routine, underfunded and often meaningless work
- Rarely, if ever, are they engaged in any strategic dialog
- Not surprising as he was talking about BCM as the “Department of Extraordinarily Unlikely Events”
- Tim Armit lamented the UK FSA and their apparent rejection of incidents that have proven to put institutions out of business (such as credit and liquidity) and instead chosen to focus BC on things that rarely put big companies out of business (floods, fires, server failure).
- I suspect that asteroid impact will be on their list and they would encourage all UK institutions to plan for this risk.
- There was also an earlier post about the need for new skills in BCM.
- Here we had an article that asserted the BC Profession needed new skills in order to follow a new path. The total opposite in some ways to what Forbes is describing, these new resilience professionals being seen as partners with the business and providing strategic advice.
- Most importantly – these new BC/resilience Managers are engaged in improving the day-to-day operations.
- Not just dealing with day-to-day incidents
BCM is about being proactive and looking at reducing the likelihood and impact of disruptions. How can you do that if you are not engaged at some level in these BAU incidents. Sure the BCM Team are not going to be called to fix these problems but you can be engaged. The key issue is that you need to be an activist BCM Department, not just the purveyor of templates and a governance/compliance framework and process.
There are a number of ways you can productively engage in these day-today incidents;
- Engage with line of business’ management about the operational disruption issues that matter to them on a day-to-day basis
- This provides ongoing verification to your BIA and Critical Function analysis
- Management, is not the local ‘BC Coordinator’, it is the real people accountable for the business staying operational
- When an incident occurs establish a “Watch Desk” to escalate the situation if the responders do not deal with it quickly enough
- Yes, you may have to tread on some toes when you escalate
- IT are often the worst offenders of not escalating quickly enough
- Conduct “After Action Reviews” of every significant incident – apply the learning to your BC Program, perhaps the outage can be avoided or reduced next time
- Do some real ‘management of risk’ instead of ‘risk register maintenance’
An activist central BC Department does not assume that each business unit has to “do BC” for themselves. That just makes you a Corporate overhead – and then you get cut in the tough times.
Do you want continuity of your business (read income)? Are you ready to change the way you think about what BCM needs to be?
Ken, I fully agree with your comments. It is energy sapping stuff, but there is nothing wrong with a BC putting their nose into normal operational issues. By doing this, the BC actually stays in the forefront of what is happening within the organisation. Effective monitoring of the environment is extreemly important for any BC. This will also help raise the awareness of BC and bring the BC closer to the attention of senior management.
Im for the activist Role!
Not as energy sapping as skiiing I am sure 🙂
Keep active Pat.
An interesting topic, Ken, and one that has come up in my own conversations recently. When you think that the list of “worst case scenarios” is fast becoming the list of “accidents waiting to happen”, there are increasingly fewer events that this type of BCM practioner will be ever be called upon to 'fix'.
More importantly, I think, practioners need to figure out whether they are comfortable being policy and paperwork generators, or men (and women) of action. Traditional BCM vs Resilence semantics aside, I think I would far better enjoy getting my hands dirty with operational issues than working exclusively with the paperwork around dealing with catastrophes. But then I also believe that the BCM department has a sometimes-unique position where it is able to not only understand the linkages and interdependencies of the business departments, it is also able to (or should be able to) look for common issues, in an effort to make business run with fewer (albeit operational) disruptions. And one has to ask whether business is cheeky to ask such a department to get involved with these solutions, or if BCM departments are cheeky to think they shouldn't be obliged to! And if doing it has the added advantage of making your department indispensable, well…
In the end, however, if the “worst case only” BCM practioner thinks that it makes sense that a department is kept funded for the sole purpose of dealing with meteor showers and zombie attacks, then he should also not be surprised if the powers-that-be decide to give the department the boot…
Thanks for joining the discussions Marzia.
Perhaps we must learn to be both action oriented and planners for the worst case.
I Look forward to further comments from you.
I agree with what Marzia has said regarding that BC set their own destiny or masters of the universe.
To ensure that one does not write the “Masters of the Universe”, it is important that BCM departments become active in all operational issues, at least from a register and monitor state. This way, the orginastion will at least help uplift the BCM department.
Hi Ken
I agree with you that, as BCM professionals, we need to increase our relevance and value to the business in being proactive and building resilience by focusing on reducing the likelihood and impact of non-catastrophic incidents. However, I believe that is actually the responsibility of the operational risk professionals, and they are not fulfilling this obligation. It is, therefore, definitely an opportunity to exploit this to our advantage, but becomes very challenging when organisations are not willing to give you the additional resources to manage this (and it does take huge time and effort to play in this space), especially when you are a team of one.
Jace Mudali
Hello Jace, welcome to the discussion.
No doubt being a team of one makes most things a challenge.
It is interesting that the BCI's new Good Practice Guide also supports this idea that BCM is not just about the High Impact/Low Probability events.
Your point about the role of risk management is well made, the relationship between RM and BCM has always been defined in terms of BC as a subset of Risk.
I am coming to the view that they are actually peers disciplines, perhaps addressing different parts of the risk continuum. ISO31000 has changed risk to be about the impact, not the likelihood, which makes the overlap with BC more significant.
Perhaps the convergence of the two into a bigger idea of resilience will progress this aspect.