Today was the second attempt at this webinar, I posted on the earlier attempt, so have dragged myself out of bed at 05:00 again.
The panel consisted of Michael Miora, John Orlando (Norfolk Masters Program) and Linda Nelson (ICOR).
The first topic of conversation was the Nathaniel Forbes article (which has appeared everywhere recently). Around the issue of Risk Management compared to BCM, comments that they are not the same thing and that of course you need to have both programs. RM was seen to cover a much more diverse range of risks than BCM (e.g. in Financial Institutions you have Market Risk, Credit Risk, Country Risk, etc).
It was somewhat surprising at times to hear the panelists effectively argue for BC to limit its scope. Although later comments did seem to highlight what I would call some very old-fashioned views of what BC is.
From here discussion moved on to the inevitable topic of standards. Should we have one or several, voluntary or regulatory? Michael made a good point about the need to recognise different regulatory regimes around the world as an argument for multiple standards. Actually it should be the most compelling argument for the non-binding standard. Others disagreed, John commented that a single standard should be universal (like in Accounting) as a BIA is/should be the same. Linda observed a single standard was the way, then you could have certification that is accepted by your customers and use it for competitive advantage.
Michael’s response was that BC is not as clearly defined as Accounting so it was not really able to be applied the same way. This lead to some chat around the profession. Linda asserted that the 3 things that had most helped the profession were;
- the Professional Practices (which were effectively aimed at individuals)
- Certification (it was observed that this was becoming essential to get a job, so therefore must be aimed at employers)
- Degree Programs (as the ICOR is part of the Norwich Program this must be aimed at profitability)
Sorry, but nothing new (or frankly interesting) had emerged to this point.
The next topic related to the convergence of BCM and Information Security. Michael observed that he is seeing this happening more. As somebody who has never seen it this certainly got my attention. The label of “Information Assurance” was used a couple of times to perhaps relate to this converged discipline. While the two groups would certainly need to work together, and if we are talking about the merger of InfoSec and DR – both IT areas, then it would be understandable.
I know that CERT have produced a resilience model that talks about merging/converging things such as this (and also includes IT Operations) – but they are also in the IT space so I can understand it, the suprise was hearing what I thought were non-IT people advocate this. I have a draft article relating to the CERT model which I will post soon.
Even after the conversation moved on I was still confused about why anybody thought this convergence was a positive thing – moving BC back into the IT Department. However my interpretation of some of the comments made are that at times these panelists seemed to see that BC had often not moved out of IT, or was just a spare time activity for somebody. I guess if there is no BC Management Program in place, then anything would be progress.
A lot of this perception flowed from discussion around the need for the BC people to have business knowledge and how they did not have it today – perhaps due to their background, the location of BC within IT or that BC is a part-time, compliance only activity. Not relevant and often not included in business-related initiatives as one of the presenters observed.
The final topic was Organisation Resiliency. It took a while but eventually highlighted that everybody used different terms and concepts that did not mean the same things to other people.
Linda defined resilience in terms of the ICOR “10 Disciplines”! She also described it as “being able to provide your goods and services under all conditions” – and applicable to public/private and profit/non-profit entities. John referred to it as instilling a “survival reflex” into the organisation.
Most importantly it was highlighted that this was NOT just a renaming of BCM. It is about effective integration of a range of things – RM, BCM, Info Sec, Security (the non-IT kind), IT DR, Crisis Management, etc).
Did I get value for the hour and the early rise? A little but not what I had hoped. However from where I am sitting I have a great view to the east and got to see the sunrise, that was good. Thanks to John and Norwich for sponsoring this event, I will probably attend future sessions, but it would be nice to sometimes have something targeted above base.
My summary. There was a moment of clarity when Linda spoke about the difference in perspective between those who have been in the industry for a long-time and those just entering. I tend to forget that most (my quantification) BC people are not doing BC Management. They are still stuck in those BC Planning roles, they do not understand the business they are in. If we want a profession, then that has to change.
The talk about convergence and resilience has a totally different set of meanings to me, and no doubt to others, who have been working in that wider space, the true BCM space, for many years.
In the interests of disclosure I should point out that I am a paid up member of, and hold certification from, ICOR.
Did you attend the session?
Please post your own comments – different perspectives and perceptions should be expected – what is yours?
Leave a Reply