A pair of business continuity planning (BCP) experts recently voiced concerns about their profession. Tim Armit from the U.K. recently observed that the scope of business continuity too often gets restricted to physical disasters and IT failures. Ken Simpson later weighs in from Australia with an observation that BCP is becoming more fixated on management systems and certifications, rather than the holistic ability to manage incidents and recover.
We who focus on crisis/reputation management should echo their concerns.
To Tim’s point, we witness far too many organizations that restrict crisis management capabilities down to media management and, increasingly, reacting to the blogosphere. This approach falls far short of a comprehensive crisis management approach that (re)evaluates threats to/from employees, customers, business partners, regulatory authorities, politicians and other stakeholders and publics.
To Ken’s point, far too many organizations fixate on crisis management plans – sometimes, to satisfy Board member requirements or to “certify” that a preparedness program exists. A plan, however, is not a capability. Training, testing, monitoring, analyzing threats, mitigating threats and making ongoing improvements to your systems and approaches – those are the ingredients required for a robust crisis management capability.
Sadly, I’m aware of a fraction of organizations that dedicate enough attention and resources to manage crises comprehensively. Tim and Ken, you’re not alone in your lament.
What are your thoughts?
Not sure i can call myself a brother in BCP, but anyway…You're right about the fixation on plans. Very few seem to remember the words of General Eisenhower that "the plan is nothing, but planing is everything", or if they do remember, they certainly don't seem to live by it. In one of my previous jobs, when I was auditing the crisis management plans of local government authorities it struck me how many (authorities) that had hired external consultants to do the job (because they didn't have the capacity or manpower themselves). The plan itself was a brilliant piece of work, but there was no ownership to it, no personal reflections as to the actual local threats and how to handle them. Crisis management is an ongoing continuous process, it never ends, especially not after you have made a plan or complied with some regulations. The plan needs to be in he heads and hearts of every employee, not on the shelves of the management. That is only possible through, as you say it, training, testing and monitoring.
It sounds like I struck a chord, janhusdal! Thanks for reading and participating.
As long as we’re quoting generals, I believe General Patton said, “A good plan violently executed today is better than a perfect plan executed next week.”
A solid plan is important, but it better be executable today by the people in position to carry it out (which echoes your point on training, testing, monitoring, etc.). One of the biggest challenges I’ve faced is getting executives/decision-makers to actually execute the plan. Once the “crisis” happens, it becomes paralysis by analysis in the C suite – everyone is too scared to act out of fear of making the wrong decision. This of course only compounds the problem.
I agree, John. We see this a lot. That's why FOCUS is one of the three key attributes of great crisis managers (along with CREDIBILITY and IMAGINATION). Focus is the element that drives decisive action. Thanks for contributing. Now, go work on that golf game!
Three key attributes: Focus, Credibility and Imagination.
True in crisis management and golf.
/Off to the range to work on my credibility.
I've seen your game. There's certainly no lack of imagination. ; )
Anyone else super psyched given that Tiger has returned? I am optimistic he and his family can put this all behind him and get back to the job of ripping up the the game of golf all over again. Could he win the Masters … I am doubtful .. however you can never turn your back on a tiger, haha.