Every successful business person wants to apply some level of effort and investment to protect the company that they and so many others depend on. This is precisely why many efforts to garner support for business continuity planning fail!
While everyone would agree that we should have a firm grip on every risk the organization faces, few would support the notion that every risk needs to be addressed with a plan. Fewer still would buy into the argument that a “plan” is the answer.
You don’t need plans for everything. It is a fool’s journey to attempt to do so. Plans can never outperform a well informed and organized team. This is not to say that there is no place for planning in business continuity. But it is making the point that a comprehensive management process may well be more effective, efficient and economical.
Business continuity management is the business process of managing and responding to risks that can result in the disruption of an organization’s ability to continue to deliver its products and services to the market.
The core of this approach is to put the emphasis on management and preparation while applying more traditional business continuity planning efforts where, when, and to the extent warranted.
In boxing, they say that it’s the punch you don’t see coming that hurts the most. The same is true in business. Too many managers focus on planning for the most obvious issues in the most obvious places. What happens when you get hit in less obvious places with less obvious issues or with an issue your plan doesn’t contemplate? In reality, few organizations who have experienced disruptions report that they “followed” the plan. Most report that the plan was used as a reference, and unfortunately the answers needed were too hard to find or the data was out of date.
Real life experience supports the case to focus limited resources on management and preparation over written plans. Focus on gathering and organizing facts that can support better decision making. Leverage your own and industry best practices for executing specific responses rather than forcing business managers to document whatever comes to mind. Design your program to enable and empower you to execute rather than on gathering checkmarks based on documents.
Similarly, manage your supply chain to the same standards. Risk assessment should focus on determining how reliable a given operation might be. When considering the ability to continue to deliver a product and service, be sure to include dependencies within and outside the organization. A specific product or service has its own supply chain which is comprised of internal departments, IT services, vendors, and public services and infrastructure. Beware that the presence of a “plan” is a very long way from being prepared.