At the end of an exceptional challenging year, business continuity professionals are reflecting on the status, nature, and complexity of their clients’ business continuity management (BCM) programmes. The purpose of the reflection is to summarise the key lessons learnt and use this as a departure point for building better organisational resiliency going forward.
Not supported by formal research, but from experience and exposure to numerous clients the following are some of the current trends and key lessons:
- Compliance and audit requirements: There are still a significant number of organisations that appear to establish, review and maintain their BCM programmes, merely to meet the compliance and audit plan requirements. These BCM programmes are a tick box exercise and may not necessarily contribute to organisational resilience.
- Responsibility and accountability for BCM: Most organisations do not have a governance structure to support BCM, which result in a lack of clearly defined roles and responsibilities. The perception is that general staff awareness and training of those given BCM roles are a quick way to resolve the lack of sound BCM governance.
- Embedding BCM: BCM programmes are often seen as a once off project, with a dedicated sponsor or committee to get the programme in place, within time and budget. This imply that there is not management commitment and buy in to BCM; as result BCM is not embedded as part of the organisational culture.
- Validation of response plans: The exercising and testing of plans are driven by policy and compliance requirements. The outcomes of the exercises and tests are poorly documented and cannot be used to close the gaps identified or improve the plans.
- Current business disruptions i.e. pandemic, cyber incidents, labour unrest, reputational damage and information security are still seen as drivers to establish BCM programmes. This is a reactive response and likely to result in the development of once off scenario-based plans, which are not based on sound BCM principles.
Our reflection highlighted that there is a need for BCM programmes, unfortunately the primary goal to achieve operational resilience, is overlooked.
#to learn or not to learn
- Previous Post