Business continuity is broken: three reasons, three paths

Published: Thursday, 03 September 2015 07:51

By David Lindstedt, PhD, PMP, CBCP.

Business continuity is failing us all.  Here's why:

1. It isn't evolving

Project management launched agile. Quality control embraced Six Sigma. Authors like Daniel Pink, Malcolm Gladwell, Daniel Kahneman, and the Heath brothers have made great contributions to leadership and decision-making theory. Yet in the last two decades, business continuity:  

Ten years after Hurricane Katrina, and we have made few improvements in our business continuity best practices, methodologies, and standards. The best practices from my 2003 DRI guide remain mostly unchanged.  

2. We can't engage executives

Year after year, journal articles and conference presentations offer up the same lamentations. Executives don't get it. We don't have a voice in leadership. We don't have a seat in the C-suite. We don't have the money and resources we need. These problems are due largely to the fact that current industry best practices put practitioners into a position where they:

In addition, we:

3. We have no meaningful metrics 

As Peter Drucker said, "What gets measured gets managed." 

We have spent years counting but not measuring. We have counted numbers of plans, numbers of documents, numbers of exercises, dates last updated, and other things that are easy to count. These do not tell us to what degree our organizations are more (or less) recoverable. These do not tell us (or executives) how prepared we are to recover from disaster.  
Sometimes we don't even count; we just tick the yes/no boxes pursuant to compliance: Did you do an RA? Did you do a BIA? Do you have a governance structure? Do you have documented goals? None of this provides a measure of quality, effectiveness, or recoverability of our preparedness efforts.  We must develop and use metrics that allow us to:

Three paths

To try and deal with these problems, we have seen two paths in the last few years. 

One path has been to further standardize and enshrine traditional approaches. This has not and will not fix the problems noted above.

The second path has been to abandon the continuity discipline altogether. This is generally accomplished by demeaning and diminishing the value of continuity planning in favor of a separate but related activity.  Roughly five years ago, many sought to cannibalize continuity and transfer into enterprise risk management. More recently, the move to resilience, with its near-immeasurable scope and indistinct goals, has been the more popular path for abdication. 

Continuity 2.0

The third path is a difficult one.  It involves defending the need for business continuity while significantly reforming it. It involves reworking continuity planning but not abandoning it.  

Continuity planning must continue as a discipline. Organizations must continue to demonstrate a standard of due care, provide an affirmative defense, and manage their fiduciary risk. They must be able to know what their people will do in times of loss, and to trust that the resources, procedures, and competencies exist to continue to provide services following disaster.  

But this discipline must provide more value to more leaders within shorter timeframes. It must find ways to demonstrate progress against measurable benchmarks and provide meaningful metrics for action. It must encourage practitioners to develop business acumen and engage at many more levels of the organization.

This third path is a very challenging, and probably very unpopular one, but I believe it's the right one nonetheless. I'll term it Continuity 2.0.

Make a comment

The author

David Lindstedt, PhD, PMP, CBCP is the founder of Readiness Analytics, an organization focused on providing meaningful metrics for preparedness practitioners. Readiness Analytics is home to The Readiness Test, a simple on-line tool to measure an organization's readiness to recover from disaster. Dr. Lindstedt is the creator of the RPC Model of Organizational Recoverability, author of ‘Measuring Preparedness and Predicting Recoverability,’ and co-writer of the Continuity 2.0 Manifesto. He has published in international journals and presented at international conferences. He taught for Norwich University's Master of Science in Business Continuity Management. He serves on the Editorial Board for the Journal of Business Continuity & Emergency Planning. Dr. Lindstedt also serves as Director of Program Management with the Office of Distance Education and eLearning at The Ohio State University, inspiring innovative instruction through emerging technologies.

Reader comments

Further comments: