Five Common Mistakes Made in Business Continuity Management
Imagine an unexpected disruption to your company’s business activities. It could be a fire destroying a warehouse filled with inventory, an IT incident that compromises the network, or being flu season, picture a flu epidemic that takes 20 percent of your workforce offline.
Every minute business operations slow or stop costs the company money. That’s why organizations employ business continuity management (BCM). BCM is defined as the planning and preparation to ensure the company overcomes serious incidents or disasters and resumes normal operations within a reasonably short period.
Companies consult their business continuity management plans for any number of reasons, including natural disasters, severe IT incidents, vendor mishaps, even cases of employees committing fraud or embezzlement. However, accessing the plan isn’t the time to discover the plan’s shortcomings. It’s better to get it right during the development process.
Read on to learn the five common mistakes made with business continuity management.
The business continuity plan collects dust
The business continuity management plan was created in a flurry of activity, documented in a three-ringer binder, and filed away on a shelf that’s rarely if ever visited.
That’s a mistake because business continuity management plans involve people, procedures, and scenarios that change over time. People change roles or leave the organization. Procedures update and often because of new technology. Scenarios frequently change with mergers and acquisitions.
Whether your plan lives on paper or in the cloud, it needs continuous review and updating. In the event of a major incident or disaster, your business continuity management plan must be current and the go-to resource for guidance.
The business continuity management plans and teams are never put to the test
Business continuity management plans are developed and updated regularly based on new information and changes. However, the plan and the people involved in carrying it out are never put to the test. If an adverse event occurs, team members are placed in high-pressure situations without scenario training. Lack of testing also means missing out on learnings to create a better plan.
It’s a mistake to use an untested business continuity management plan. Many organizations use tabletop exercises that bring together participants to discuss their roles in an emergency for one or more scenarios. It’s best practice to test your business continuity management plan every six months or at least annually.
The business continuity management plan is managed by one person
There’s nothing wrong with having a point person for a business continuity management plan. It’s a better idea to have a diverse group of people across the company to account for everything. It’s a mistake to empower one person who lacks visibility into the risks and processes across the organization.
A better approach is to form a business continuity management team that encompasses multiple departments and functions. A cross-functional team brings a company-wide perspective to business continuity management planning. Diverse views help address issues and contribute to a better business continuity management plan.
The business continuity management plan fails to account for third parties
Business continuity management plans cover scenarios involving IT security, weather calamities, and other possible adverse events, but plans often miss scenarios involving third parties. Case in point: the medical supply chain disruption in Puerto Rico in 2017 when hospitals could not source IV bags due to a concentration of manufacturers on the island. business continuity management plans that don’t account for third parties are less effective in helping the organization recover. That’s a mistake to avoid.
In business continuity management planning, take time to deliberate among team members the business-critical activities that involve third parties. Look for what could bring operations to a standstill and account for it in your scenario planning.
The business continuity management plan doesn’t consult risk management
Many BC examples start as unidentified risks that go untreated to become adverse events or incidents. For example, Ransomware can knock out critical computer systems at city governments, which interrupt operations and endanger public services like 911. Reputation risk can come into play if an incident occurs that’s publicly damaging and spreads socially. It may not knock out critical systems, but it can still slow operations and hurt the bottom line.
One of the biggest mistakes made by business continuity management teams is a failure to engage risk management during the plan development process. By identifying major risks that could turn into adverse events and disasters, you can proactively include them in your plans and tabletop exercises.
Business continuity management is as vital to your organization as the strategic plan for achieving objectives. Business continuity management plans get your company back on its feet after a serious incident or disaster. Now that you know the top five common mistakes made with business continuity management, you’re ready to build a high-performance business continuity management plan.
Learn how the government shutdown affected business and the countermeasures needed to address the risk to remedy the situation.
Let’s continue helping the millions impacted by Hurricanes Harvey and Irma. Let’s also help business prepare for the next disaster with better BC/DR plans.
In case you missed the news story, Delta experienced a systems outage on Sunday, January 29. As a result, around 150 flights were canceled with many more delayed.