Any organization which imagines a business continuity plan makes them “crisis prepared” is due for a big surprise.
Business continuity is just one element of strategic crisis management, and failure to recognise this reality can leave organizations dangerously vulnerable to operational and reputational risk.
Part of the problem is confusion over terms – business continuity planning, crisis management, business recovery, incident management, emergency response, risk management, crisis prevention, crisis preparedness. The list goes on. But the risk to organizations is not just definitional. The real danger is putting a business continuity plan in place and then starting to relax – imagining that the organization is prepared for a crisis.
While arguing about definitions can be unhelpful and unproductive, recent social media debate on this topic exposed just how mistaken some communications professionals can be. No. Crisis management is not “part of business continuity management.” No. Crisis management is not “the mode that strategic managers must enter when protective processes fail for whatever reason.” And no, crisis management is most definitely not just “how to respond to the crisis after it has happened”
Crisis Management is a strategic management process which begins long before the triggering event and continues after the triggering event has been brought under control. It embraces
• Identifying and proactively managing potential crisis issues before they happen
• Getting ready for when a crisis does happen
• Responding effectively to the event
• Restoring business as usual
• Responding to the highly damaging risks which often arise when the dust has settled (sometimes called the crisis after the crisis) and finally,
• Learning from what happened and incorporating it into future planning.
As Singapore-based crisis consultant Kim Yang Lim commented: “The Business Continuity Management, Risk Management and Crisis Management functions require different approaches and have different objectives. To use BCM or RM or CM as an umbrella term is misleading to company managers, who may then perceive the three functions as interchangeable and, consequently, may cherry pick what capabilities to develop and so omit an important part of preparedness. All three functions are essential but they are all different and require different skill sets.”
It is this focus on roles and responsibilities which is critical. Business continuity is often perceived as a largely tactical or operational role to help restore “business as usual” as quickly as possible, sometimes synonymous with recovering from IT failure. In fact some experts use the term Technology Continuity Management (TCM) to reinforce that it is a technical responsibility.
But effective business continuity planning should address much more than just IT disasters. More importantly, crisis management should be recognised as both a tactical and a strategic responsibility which extends far beyond just business continuity and must be fully integrated into the highest ranks of the organization at a strategic level. Without such top executive commitment, organizations will continue to be unprepared, and crises will continue to destroy organizations and reputations.