By Geary Sikich .
When I was asked to write this article for Business Continuity Awareness Week (BCAW) a caveat was given that this must actually be my position (they stated that they are not looking for a BC practitioner to offer what they believe is a CFO perspective). So, with that caveat in mind, here is my position on counting costs and benefits for business continuity.
How does one define the costs, benefits and intangible value of business continuity? Do we apply standard arguments, such as Return On Investment (ROI)? Or, do we embrace a definition that is vague and can mean whatever a person wishes it to mean? Let us take a look at value. Value can be defined as:
The regard that something is held to deserve; the importance, worth, or usefulness of something.
The material or monetary worth of something.
The worth of something compared to the price paid or asked for it.
A person's principles or standards of behavior; one's judgment of what is important in life.
So how do you justify the costs for Business Continuity and express its benefits in terms that make sense to senior executives, middle management and employees in general?
To start one must look critically at business continuity. This entails asking questions, critical questions as to the definition of business continuity and what business continuity promises. An interesting phrase in Croatian is: “U laži su kratke noge”. The phrase U laži su kratke noge basically means that a lie has no legs or that one can't get away with a lie; the truth will always come out. A literal translation is: A lie has short legs and can be appropriately used for any number of political promises made, especially pre-election, which are short-lived.
In my view, business continuity as currently practiced promises a lot and delivers very little. Software is abundant and generally lacks any depth in terms of value, short of an inventory list of “mission critical” processes; workstation components and call trees. We fail to ask critical questions regarding the “continuity” of the business and therefore generally provide little of value in respect to business continuity. Most programs are no more than enhanced systems recovery or enhanced emergency preparedness masquerading in the guise of “business continuity.” Dissecting process becomes a means to an end defined as “Mission Critical.” Yet, we fail to ask: “Is the process still relevant after a disaster?” The research that is done is very prescriptive, there is little in the way of creative problem solving and critical thinking. Our knowledge base contains a wealth of potentially inaccurate “False Positives” cloaked in the veil of “Business Impact Assessment” jargon. The alignment of the business continuity program is along “Defined Boundaries” and departmental turf; that is only crossed with extreme trepidation. Business continuity is not embraced as well as we think – which leads practitioners to believe that they are making headway and that they talk the language of the C-Suite.
Plans are accepted on a prima facie basis. Prima Facie is defined as: “What appears to be true and is accepted as a fact, until evidence to the contrary is presented.” The value received from planning is often overshadowed by the lack of scope in the planning process. We fail to ask critical questions regarding where the organization (enterprise) needs to be in the future. That is not to say that we can predict the future. Far from it; but we need to look to the future instead of relying on the past as the predictor of success. ROI is a measure of past performance not future performance/value.
Plans generally are tactical and not strategic. We talk about business continuity, but in fact, build evacuation, systems recovery and other tactical documents. At first sight; before closer inspection: They had, prima facie, a legitimate plan.
Business continuity is about making difficult decisions. CVS recently decided to stop selling tobacco products. Tobacco products represent a “cash cow” for most businesses. However, CVS is a healthcare enterprise. Will their decision affect the continuity of the business? The answer is, of course. But this was a strategic business decision that reflects the continuity of the business operations of CVS.
Planning takes effort. Look at a map and the distance between places does not appear all that far. Take for example, Hong Kong to Tokyo or Istanbul to Kuwait City. Yet, having taken flights from these places, I can tell you that these are long and painful on parts of the body.
Most business continuity programs end up putting the bullseye over the bullet holes. In other words, if you don’t have a target you are bound to hit something. Ask a few simple questions, “What are the goals and objectives for the organization in the next year?” “What is covered in the business interruption insurance policy (if one exists)?” “What customer represents more than 10% of your business revenue?” “Where is the competition for your organization (enterprise) materializing?” What you generally get back, beyond the blank stare are answers that can be summarized thus: “That is not my job and not the within the scope of our business continuity program.” Reflect on this: Continuity is being there in the future providing the goods and services that your markets demand. Continuity is not a narrowly focused initiative that is tactical in nature and fails to ask the right questions for fear of failure.
In a recent article written for McKinsey & CO. Professor Philip Rosenzweig (The benefits—and limits—of decision models) writes:
The growing power of decision models has captured plenty of C-suite attention in recent years. Combining vast amounts of data and increasingly sophisticated algorithms, modeling has opened up new pathways for improving corporate performance. Models can be immensely useful, often making very accurate predictions or guiding knotty optimization choices and, in the process, can help companies to avoid some of the common biases that at times undermine leaders’ judgments.
Yet when organizations embrace decision models, they sometimes overlook the need to use them well.
I think that this summarizes my position on business continuity well – we need to embrace the model and we need to not overlook how to use the model well.
By Geary Sikich – Entrepreneur, consultant, author and business lecturer
Contact Information: E-mail: G.Sikich@att.net or email@example.com. Telephone: 1- 219-922-7718.
Geary Sikich is a seasoned risk management professional who advises private and public sector executives to develop risk buffering strategies to protect their asset base. With a M.Ed. in Counseling and Guidance, Geary's focus is human capital: what people think, who they are, what they need and how they communicate. With over 25 years in management consulting as a trusted advisor, crisis manager, senior executive and educator, Geary brings unprecedented value to clients worldwide. Geary is well-versed in contingency planning, risk management, human resource development, “war gaming,” as well as competitive intelligence, issues analysis, global strategy and identification of transparent vulnerabilities. Geary began his career as an officer in the U.S. Army after completing his BS in Criminology. As a thought leader, Geary leverages his skills in client attraction and the tools of LinkedIn, social media and publishing to help executives in decision analysis, strategy development and risk buffering. Geary has a passion for helping executives, risk managers, and contingency planning professionals leverage their brand and leadership skills by enhancing decision making skills, changing behaviors, communication styles and risk management efforts. A well-known author, his books and articles are readily available on Amazon, Barnes & Noble and the Internet.