Business Continuity Management (BCM) and the Denial of Responsibility

Recently I was presenting to an executive team the status of their program; what was completed, what was in progress and what was yet to be developed.  A senior member of the team spent the time reading other material and not paying attention – this was very clear with some of the questions the executive asked when I completed.  They hadn’t bothered to pay attention to anything that was said or any questions asked by other executives.  What was interesting is that this executive was in charge of the largest group within the organization; the group that has contact with the external customers.  In other words, one of the main divisions (and departments) that needed to be up and running as soon as possible – and always stated as such.

            From previous history, this same executive was asking lots of questions – via email – about the program but when any attempt was made to respond in person or address through a face-to-face meeting with the exec’s direct reports, the executive shied away from any contact or acknowledgement.  It was like they ran into the room, asked a bunch of questions and then ran out not wanting to know – let alone hear – the responses.  Kind of reminded me of the “Mighty Mouse Principle” I describe in my book. 

            After broaching the subject with the BCM program sponsor, I found that this was common practice for some of the executives who feel they don’t have a responsibility in an area; ask questions that give them the appearance of probing for information but not really pay any attention to it.  This is a common theme for BCM; something I believe many of us have experienced through our careers. 

            I have even experienced the ‘slight-of-hand’ method of approaching BCM where a manager or executive will schedule meetings themselves to discuss the subject but continuously reschedule or cancel the session of other priorities.  Once again, it looks like they are addressing the subject of BCM but their just stringing people along; dancing around the subject as one person said to me. 

            So it got me thinking; what is it they don’t understand?  Is there something that BCM isn’t conveying in our message and why might they be feeling as though they don’t have a part of play in BCM?

            I thought I’d capture some of the reasons I’ve found over the years through personal experience and through conversations with others in the BCM, Disaster or Emergency Response fields.  See if any seem familiar to you.

  1. Limited or No Awareness – I’ve actually met some managers (one was even on the “C” level) who had no idea if their organization had a BCM/DR program in place.  They simply assumed that something was there because they’ve never been approached by anyone giving them any direction or heads-up about a program.  Obviously – to me anyway – those that were part of their BCM programs had not involved the executive level and were working on their own instead of involving various groups within the organization. 
  2. Not Part of Decision Making – Often we simply make all the decision for upper management and don’t include them in the process of building the program.  This doesn’t mean that they are able to attend every single meeting – highly improbably – but they may be able to attend the odd one.  They may even be able to schedule you in on their own Executive Committee meetings so you can give updates, which would help them know what is happening and provide some guidance – and help them understand their roles and responsibility.  It’s their butts on the line so-to-to-speak, so  they need to know what is going on. 
  3. Fear / Scared – OK, except for those of us in the industry, who likes to talk about disasters, crisis, emergencies and catastrophe’s?  Anyone?  Not too many people want to talk about such things.  It makes do difference what a person does – we are the same after all – so it’s not surprising that sometimes even executives or Board members don’t want to talk about BCM and approach a subject that can (and sometimes does) assume people have died in an organization as a result of some sort of disaster.  It’s tough enough to deal with these kinds of things in our personal every-day lives, let alone having to go to the office and discuss it and build plans for it.  In a way, it’s a morbid subject.  That fear of death or discussing the potential of disaster is apparent when many executives – or others – don’t want to talk about disasters and side-step the issue or continually try to distance themselves from responsibility.  Executives may not be responsible for the lives of people (we have been known to do some silly things over the years) but executives are responsible to ensure the safety and maybe even their employee’s livelihoods continue if the organization experiences a disaster.
  4. IT Knows – This one executive may be under the belief that IT ‘knows’ what’s needed and thus there isn’t any role for them to be a part of.  So wrong.  IT should be tailoring their recovery strategy to the needs of the business (non-IT) units and their requirements.  To often it’s assumed IT knows the core processes in every department and how it all works together but that isn’t always the case.  Sure, some do but many don’t.  If any executive believes, IT ‘knows it all, they are gravely mistaken.  How can IT know if they haven’t been provided an approved (and agreed-to) RTO listing for processes so they can then build their strategy around it?  They can’t.  No executive should just assume everyone in IT ‘knows’… You know what they say when you assume… 
  5. No Progress Update (including pressing issues) – How many times have you seen a project get started only to find that it fizzles our after a ‘spectacular launch’?  Sometimes – not all the time – it’s because the executive isn’t involved.  They help set the expectations but somewhere down the line, it drops off the radar because they haven’t been updated on its progress, which means they’ve lost involvement and momentum (and interest).  They don’t know the issues being encountered and end up focusing on things that do need their attention.  In a large part, this isn’t really their fault.  If I asked you to do something and never hear or any issues, I might assume that things are progressing well with no problems.  So, there’s no need for me to keep following up with you – I don’t want to micro-manage.  Executives have bigger fish to fry sometimes and will focus on what needs to be done now – along with seeing that strategies are carried out (the future path of the company).  It’s up to the BCM professional to make sure they get ‘face time’ with executives.  The more face time BCM gets, the more support the program will get because executives are involved and are providing guidance (when required).  They can make some tough decisions when needed to…heck, they didn’t get there by doing nothing.  If you want support for you program, then make sure you’re giving them support by speaking up and meeting with them. 
  6. Deliverables Not Understood – Sometime and entire program is considered the Business Continuity Plan (BCP) or the Disaster Recovery Plan (DRP) and many executives believe that once they’d performed one or two components of the program, they have a plan in place.  Well, not necessarily so.  There are many deliverables that eventually lead to a plan or plans but a single deliverable isn’t really possible – and when it is a single deliverable, it needs to be maintained which means the following year a new deliverable is required.  Many don’t’ understand – and its never been explained to them – that a Business Impact Analysis (BIA) isn’t an actual BCP, it’s a tool that will be leveraged to help build plans down the road and what the various plans need to address (among many other things it will provide). 
  7. No Clear Direction – If the executives don’t see how all the various components fit together, then why would they want to be responsible for the program?  It’s just a bunch of jigsaw pieces with no idea what the final picture is supposed to look like.  If you haven’t shown them what the final picture is to look like and how it will add value, then of course no one will want to take responsibility for something they can’t see or understand.  Responsibility for what; a bunch of documents, processes and procedures that will only collect dust in the end and/or draw resources away from projects and initiatives they do understand.  Make sure the picture is clear and know that over time – through BIA workshops and other discussions – that picture may change but that the change in the picture will be what the organization needs, not what it wants to see.  They are different and the BCM professional must make this clear. 
  8. BCM Isn’t Part of Operational Planning/Performance Review – If I’m not mandated to do it or have it as part of my operational plan, then why would I direct resources towards it?  Admit it, you’ve thought about that at some point with another initiative – we all have at some point in our careers (and maybe in other areas too).  The adage “what’s in it for me?” comes to mind in some cases.  If there’s no foreseeable or understood value that BCM offers, then what incentive is there for people to pay attention to it.  I even knew one Director who didn’t participate too often in other departments initiatives unless it had impact on his departments bonus / incentive program.  If it didn’t touch that, he had no real care for projects outside his own area.  I was told by one PM that the only way you got the director involved was to ‘confront’ him.  Many people can feel this way, especially if they’re working in a toxic environment.  BCM must help show each department lead the value that BCM brings to their organization. 
  9. Disaster Discussions are Depressing – Well, to some degree I have to aggress with this one.  Not everyone like to chat about disasters – not in their personal lives or professional lived.  Yet, they are an eventuality.  I don’t know a single person that hasn’t’ experienced some sort of issue in their lives – some event that ‘knocked them sideways’ or thrown them for a loop.  I’ve even been told by one of my friends that what I do – in some ways – is rather, well, morbid.  But that’s an extreme view, as not all crises and disasters involve casualties.  Still, that is an opinion and viewpoint we have to address to get people (execs, mgrs, employees etc) to get engaged with, and participate in, the BCM program.

 

Based on your own experiences, I’m sure you can come up with a list of reasons why your executives or management representatives don’t appreciate or understand BCM.  Some of the items I noted can be rectified by us – the professionals and practitioners – while others may need to be changed at the executive level itself. 

            BCM is everyone’s responsibility, it’s not just one or two people within the organization. It isn’t in place to make BCM look good (though that’s a bonus if what you have does make you look good); it’s in place for everyone in the organization and everyone associated with the organization.  The responsibilities may be larger for some but everyone has a responsibility when it comes to BCM.  Even if it is just to check a phone line for a status update, it is still a responsibility.  Executives are responsible for the organization and it meeting its targets and they are still responsible for the operation of the organization during disasters.  You can’t feign ignorance or deny responsibility when the office around you is crumbling. 

 FOLLOW UP:  This was written some time ago and thought I’d add a quick follow up.  After a second presentation and some other discussions, the executive I noted earlier has become a big champion of BCM, as the exec realized how BCM and the related plans and processes added value to their area.  Sometimes it takes more than one (1) discussion to get people to understand – just don’t give up.  Eventually, every pebble hits the beach…

**NOW AVAILABLE**

 “Heads in the Sand: What Stops Corporations From Seeing Business Continuity as a Social Responsibility” and “Made Again Volume 1 – Practical Advice for Business Continuity Programs”

by StoneRoad founder, A.Alex Fullick, MBCI, CBCP, CBRA, ITILv3

Available at www.stone-road.com, www.amazon.com & www.volumesdirect.com 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s