If you’ve been working in the Business Continuity Management (BCM) or Disaster Recovery Planning (DRP) industry for some time you’ve probably been through a Business Impact Analysis (BIA) project; either from the very first initiation or through a maintenance phase. And if you’re honest with yourself, it probably didn’t go as well as you would have liked. It never goes to plan 100% as you’d hoped. Well-experienced consulting firms always say they have a proven methodology for BIA’s yet I’ve worked with some of these firms and it doesn’t always go as well as expected. Each organization is different and has a different culture so how can one single cookie-cutter approach work for every company? It can’t. Eventually, you’ll get it working and people will provide the information expected of them and they’ll contribute where/when needed, but what kind of things tend to hamper the BIA start-up?
- No Buy-In: A big problem where no one in the higher-ups actually promotes BCM…let alone the BIA initiative that starts it off.
- Miscommunications: Even though varied and multiple communications go out, most don’t get read by the intended recipient, intercepted by assistants and/or don’t convey a clear message that everyone understands.
- Delay Tactics: People are busy with other priorities (see #4) and will do anything to delay the BCM/BIA project. These can range from ignoring emails and communications long enough that new dates need to be negotiated or simply stating that they didn’t receive the communications you sent and now will need more time. Oh, and of course the one where ‘no one is available to do the BIA’ excuse.
- Other Priorities: Sometimes people have deadlines they have to meet that are just around the corner from the time you need your BIA information and since their performance is based on delivery of those priorities, BCM and the BIA project fall by the wayside.
- Previous BCM Representative Hardship: If you’re not the original BCM person, you may find that they didn’t have a good relationship with corporate leaders and thus, when you come along that negative attitude towards the previous resource carry’s over.
- Tool of Choice: No matter what tool you use – spreadsheets, software applications, document questionnaires – there will always be someone that doesn’t like the tool you’ve chosen. Just get used to it…it’s a kind of delay tactic.
- Approach: If you’re in an environment that has many remote workers you’ll adapt you’re approach to meet that cultural atmosphere but then suddenly everyone will want to meet face-to-face. Again, it’s a bit of a delay tactic.
- Lack of Support: Nothing will kill the BIA faster than no support from anyone; not Senior Management or even from you’re manager. This could be because it’s just a thing to do to meet compliance with no real intent to continue with the BCM program, which means providing support is just a waste of time. Why bother with communications and support for something that is perceived as being temporary…or a tick box on a compliance report.
From experience, the BIA doesn’t always work the first time you try it and usually one or more of the previously mentioned items will contribute to that. What will help rectify it?
When you’ve completed the first BIA – or the first run through of the BIA – you sit down and be honest with yourself (and/or your manager) and review the comments you’ve received from participants and refine your approach. You can’t meet everyone’s demands – some will be just ridiculous – though some will provide some great insight on how to make the BIA initiative better and stronger, which will only help when the 1st review period comes due. You want to make the BIA the most effective it can be and at the same time be as easy as can be for BIA respondents.
So don’t freak out too much if you don’t get it right the first time; learn from it and keep building the BIA stronger and better.
© StoneRoad 2015
A.Alex Fullick has over 18 years’ experience working in Business Continuity and is the author of numerous books, including “Heads in the Sand” and “BIA: Building the Foundation for a Strong Business Continuity Program.”