Reading Time: 4 minutes
We all know this. The business is always busy, and because of this, it comes up with a myriad of justifications for ignoring Business Continuity Planning efforts.
Some of the reasons are more reasonable than others, but none are excusable at the end of the day. This problem is common for organizations of all sizes and across all sectors.
To make matters worse, even those organizations’ that implement Business Continuity Plans (BCP) are not necessarily protecting their entire organization.
Top justifications why Business Continuity Plan is not implemented
Listed below are some of the most common justifications for not implementing a robust Business Continuity Management (BCM) Program:
1. We have business interruption insurance
Proper business interruption coverage is a significant part of your risk management strategy and the vital part of the overall organization’s resiliency plan, but your organization should not solely rely on it.
The business interruption insurance will cover actual business loses and expenses associated with the restoration of business services.
What business interruption insurance will NOT cover is the loss of your clients, overall market share, or any project related delays associated costs. Business insurance is not a business continuity strategy.
Business interruption insurance also doesn’t cover any damages a disruption will have on your organization’s reputation. The bottom line, no insurance policy will protect you against that!
And speaking about business interruption insurance, your policy might even require your organization to implement a business continuity plan. It could be hidden in plain sight somewhere in the policy’s fine print.
2. We outsourced everything, so we don’t need a Business Continuity Plan
Your organization made a strategic decision to outsource most of the services which are not your business differentiator. This is a great strategy, and it will ensure that you focus your business efforts on what you do the best.
Additionally, this approach shifts some of the business continuity risks away from the organization to third-party vendors.
Are you sure that these vendors implemented business continuity plans and that those plans meet your organization’s requirements?
The miss-alignment between your organization’s business continuity requirements and third-party vendors’ capabilities will be amplified without the implementation of BCP.
3. We have a data backup, so we’re safe
OK, so your organization has a data backup. Is it up to date? Is it aligned with your business continuity requirements (Business Impact Analysis - BIA anyone)? Will it be accessible, especially when it is needed? Is it aligned with your IT Disaster Recovery Plan?
Even if you can guarantee access to the backups, incidents can have many consequences worse than just a data loss. Your workspace may become inaccessible; you may lose contact with your staff, clients or suppliers, or some other mission-critical infrastructure.
A data backup alone is not enough to ensure resiliency for the entire organization.
4. We haven’t had a problem in years, so we probably won’t have one any time soon
Just because something hasn’t happened yet, doesn’t mean it never will. You cannot rely on luck to protect your organization.
Many disasters are caused by unpredictable events like human errors, extreme weather events or random equipment failures. No length of problem-free time in the past guarantees the continuity of operations in the future.
In many cases, organizations that haven’t faced a severe emergency in a long time end up in worse shape because their employees are entirely unprepared to handle the crisis.
5. We’ll accept the risk if it means cost savings
If your focus is only on this business quarter, then creating a BCP is easy to dismiss as an unnecessary cost. The instant savings are very tempting, and it seems like the right choice if the quarter goes by without an incident.
But what if your organization has to deal with significant disruption in a year from now?
Consider how much you’re “saving” compared to the amount you could potentially lose in the future. Will the “savings” outweigh the potential cost of a loss of life during an emergency, your organization’s reputation, or inability to provide services to your business clients?
6. We hired a consultant to make a plan a few years ago, so we’re OK
This is somewhat valid justification as long as there haven’t been any changes in your organization over time. Some of the changes that require regular BCP updates are as follows:
- Changes in organization structure (e.g. new business services, business processes, business lines, etc.)
- Key BCM Program stakeholders moving into new positions or leaving the company
- Third-party service providers changes (e.g. IT cloud organization)
- New regulatory or compliance requirements
BCP documents that are collecting dust are usually accompanied by a lack of regular tests and exercises. That typically means that even if the BCP is still up to date, most employees will have no idea of what exactly they are supposed to do while in an emergency or crisis.
Maintenance of your Business Continuity Management Program components is imperative for the long-term viability of your organization.
7. What’s Business Continuity Management?
You may have never heard the term “business continuity management,” which is understandable. But even those that don’t know the term should think about preparing to handle disruptions to their business.
The goal of this article isn’t to convince you that you should live in constant fear of business failure or that there is a massive disaster waiting to happen around every corner. Still, you can reasonably expect to face some sort of business disruption sooner or later.
Protecting your organization in advance is a much better option
Protecting your organization ahead of time is a much better option than just hoping for the best, mainly because, as outlined, your revenue isn’t the only thing on the line.
The above justifications are only a small sample of the reasons organizations give for their lack of preparedness. They may seem like reasonable justifications as long as nothing goes wrong, but will they still seem reasonable once it does?
Engaging in Business Continuity Planning is similar to installing air masks and lifejackets in commercial airplanes. The chances of a plane crash are very low, but few people can successfully argue that the cost of those safety measures is a complete waste. The impacts of one are very high!
StratoGrid Advisory is a Business Continuity Management (BCM) Advisory firm in the Ottawa/Gatineau region that can provide you with the experience and knowledge needed to successfully implement a BCM Program and a Business Continuity Plan in your organization.