Business continuity is not the same as crisis management
Business continuity planning, crisis management, business recovery, incident management, emergency response, risk management... the list is endless. So where should a business start? Tony Jaques explains.
Any organisation which imagines that a business continuity plan makes them ‘crisis prepared’ is due for a big and costly surprise.
Because business continuity is just one element of strategic crisis management, and failure to recognise this reality can leave you dangerously vulnerable to operational and reputational risk.
Part of the problem is confusion over terms – business continuity planning, crisis management, business recovery, incident management, emergency response, risk management, crisis prevention, crisis preparedness… the list goes on. But the risk is not just definitional. The real danger is putting a business continuity plan in place and then starting to relax – imagining that your organisation is ready to face a crisis.
Photo by Jametlene Reskp on Unsplash
While arguing about definitions can be unhelpful and unproductive, recent social media debate on this topic exposed just how mistaken some communications professionals can be. No. Crisis management is not “part of business continuity management.” No. Crisis management is not “the mode that strategic managers must enter when protective processes fail for whatever reason.” And no, crisis management is most definitely not just “how to respond to the crisis after it has happened.”
Crisis management is a strategic management process which begins long before the triggering event and continues after the triggering event has been brought under control. It embraces:
• Identifying and proactively managing potential crisis issues before they happen
• Getting the organisation ready for when a crisis does occur
• Responding effectively to the event
• Restoring business as usual
• Responding to the highly damaging risks which often arise when the dust has settled (sometimes called the crisis after the crisis) and finally,
• Learning from what happened and incorporating it into future planning.
As Singapore-based crisis consultant Kim Yang Lim has previously commented: “The business continuity management, risk management and crisis management functions require different approaches and have different objectives. To use BCM or RM or CM as an umbrella term is misleading to company managers, who may then perceive the three functions as interchangeable and, consequently, may cherry pick what capabilities to develop and so omit an important part of preparedness. All three functions are essential but they are all different and require different skill sets.”
It’s this focus on roles and responsibilities which is critical. Business continuity is often perceived as a largely tactical or operational role to help restore ‘business as usual’ as quickly as possible, and that it’s done by logistics and technical people deep down inside the organisation. Even worse, business continuity is sometimes positioned as synonymous with recovering from IT failure. Indeed, some experts have introduced the term Technology Continuity Management (TCM) to reinforce that it is a technical responsibility.
But effective business continuity planning should address much more than just IT and other technical disasters. More importantly, crisis management should be recognised as both a tactical and a strategic responsibility which extends far beyond just business continuity and must be fully integrated into the highest ranks at a strategic level.
Without top executive commitment to crisis proofing, organisations will continue to be unprepared, and crises will continue to destroy organisations and reputations.
Tony Jaques is the managing director of Issue Outcomes P/L.
Well said Tony. Confusion reigns in this space. You have unpacked it very nicely.
User ID not verified.