Business Crisis and Continuity Management – “The business management practices that provide the focus and guidance for the decisions and actions necessary for a business to prevent, prepare for, respond to, resume, recover, restore and transition from a disruptive (crisis) event in a manner consistent with its strategic objectives.” (Shaw and Harrald, 2004)
All organizations in all sectors, whether public, private or not-for-profit, face the possibility of disruptive events. Those events can have impacts ranging from mere inconvenience and short-lived disruption of normal operations to the very destruction of the organization.
Organizations establish and resource those functions supporting business continuity, preparedness, response and recovery – such as risk management, contingency planning, crisis management, emergency response and business resumption and recovery – based on the organization’s perception of its relevant environments and the risks within those environments. If there is no top-level recognition, support and coordination, however, these BC functions may receive minimal or even no attention. And even when they are recognized and supported, organizations may still implement and manage them in a non-integrated manner with dispersed authority and responsibility.
The reality of business is that increasing and dynamic threats, business complexity, government regulation, corporate governance requirements and media and public scrutiny all demand an integrated approach to business crisis and continuity management (BCCM) and its supporting functions. Organizations continue to create and fill executive level and non-executive level positions to lead and manage their image of a sufficient BCCM program. But without a widely accepted framework for an enterprise-wide BCCM program, one with an understanding of functional relationships and an inventory of the program that includes the specific competencies necessary to do the job well, the success of any BCCM program can be left to chance – even with the noblest of intentions.
Ellis M. Stanley, the Director of Los Angeles’ Office of Emergency Management, said in 2003: “I’m in charge of Emergency Management for the city of Los Angeles and I need to work with 60 different agencies, from Aging to Zoos, to coordinate what we are going to do. I need to know something about each of them; the question is what do I need to know?” Complementing Stanley’s ‘what do I need to know’ question (what are the competencies necessary for job performance?) is the ‘how much do I need to know’ question (what is the required level of mastery for each competency?).
To answer those questions for BCCM executives, we conducted a research study to identify candidate competencies from multiple sources, selecting and validating the competencies by expert review and, through an online survey, asking BCCM practitioners to rate each competency according to an executive level manager’s required level of involvement (LOI) and level of mastery (LOM). The data we collected and analyzed resulted in a prioritized inventory of competencies, grouped by functional areas and functions that we presented in a 2006 article in the Journal of Homeland Security and Emergency Management.
In 2004, we published research in the Journal that made the case for an enterprise-wide BCCM plan. In our new article, we have updated that research using a number of new sources, including documents and initiatives from both the government and within the private sector.
The general tone of these new sources we researched is to convince businesses to establish readiness programs and take steps to protect their operations. From the private sector perspective, the Business Roundtable, an association of chief executive officers of leading US corporations with a combined workforce of more than 10 million employees, recently published Committed to Protecting America: CEO Guide to Security Challenges which makes several recommendations related to the structure and governance of business crisis and continuity management programs. Specifically, the Business Roundtable document says:
- “Evolving security threats and the potential for devastating damage following a terrorist attack require an enterprise-wide governance model to develop crisis management, business continuity and disaster recovery programs.”
- “Without direct CEO involvement, crisis planning and recovery programs might not be elevated to a high enough level across the corporation.”
Reflecting this growing recognition of BCCM as a strategic program requiring top level management attention and involvement, the 9/11 Commission chartered the American National Standards Institute (ANSI) to develop a consensus on a national standard for preparedness for the private sector. Based upon its collaboration with the National Fire Protection Association (NFPA) and the research of the 9/11 Commission, ANSI recommended to the 9/11 Commission that NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs be recognized as the national preparedness standard. NFPA 1600 includes a list of 15 disaster/emergency management and business continuity programs elements and a relatively high level description of each of the elements.
A Functional Framework for BCCM
The intent of our research is not to be critical of NFPA 1600; rather, it is to recommend possible areas of expansion and specificity for improvement. NFPA 1600, the result of a consensus process representing multiple constituencies from all sectors, is a logical and necessary first step to develop national, detailed standards the industry can use to define and measure compliance.
The current edition (2004) of NFPA 1600 provides relatively broad descriptions of the program elements with minimal detail and is open to very liberal interpretation as to what actually constitutes compliance at the program and program element level. The standard’s list of the program elements is useful, but a graphical presentation of the elements, their hierarchy, temporal sequencing and interdependency can help us understand and market a comprehensive program that truly integrates the component parts.
The functional framework accompanied by functional area and function definitions (included in our Journal articles), provides such a graphical presentation. The framework, a product of the synthesis of existing frameworks and two levels of expert review and critique, displays the hierarchy of functional area responsibility from top to bottom, both within and across the time periods of before, during and after a crisis event. In general, higher order managerial and leadership responsibilities are placed towards the top of the framework with more operationally focused responsibilities located towards the bottom.
The expert reviewers we spoke with found the framework to be complete and understandable, and recommended that it be related to the NFPA 1600 program elements which are gaining widespread acceptance and are evolving into the de facto national standard.
Taken together, the BCCM framework, functional area, function definitions and prioritized list of supporting competencies (described in the next section) provide a model for structuring and evaluating an enterprise-wide business crisis and continuity management program that organizations can customize to their specific requirements. Additionally, the competency inventory can serve as a guideline for the selection and professional development of organizational leaders with business crisis and continuity management responsibilities.
 |
BCCM Executive Level Competencies
Accompanying a position of executive level BCCM responsibility is the need to attain and maintain certain program and function-specific knowledge and abilities (competencies) that complement the general management competencies expected of any executive level manager.
While our survey identified 137 core competencies that executive level managers must have, we have broken out the 20 highest rated competencies below. Those listed are across all of the different functional areas and functions we studied as part of the BCCM framework. You can find these 20 competencies in Figure 2, below. For a full list of the 137 competencies, you can read the article we wrote for the Journal of Homeland Security and Emergency Management at www.bepress.com/jhsem.
Through our research, we were able to develop and present an expert reviewed conceptual framework inherent in an enterprise wide BCCM program, as well as identify an inventory of executive level focused competencies grouped within the functional areas and functions of the framework.
At the standard-setting level, the framework and competency inventory complement the NFPA 1600 Standard on Disaster/Emergency Management Program. As we present in our 2006 Journal article, organizations can cross-walk the BCCM framework to the NFPA 1600 program elements to provide a means of displaying, organizing and linking myriad functional areas and functions supporting NFPA 1600. This visualization is essential to establishing and organizing a truly integrated BCCM program. The competency inventory provides a level of detail that organizations can use to define their BCCM program and select and develop their executive level BCCM leadership.
Recommend0 recommendationsPublished in Enterprise Resilience
Leave A Comment
You must be logged in to post a comment.