|
03 InFocus
|
This issue of BFM is focused on "Business Continuity Governance": how to ensure that your business will be able to cope with unforeseen events with minimal disruption and minimal additional costs with a continuous, knowledge-based re-assessment of your needs.
Business Continuity is quite often considered an offspring of Disaster Recovery, to be managed using frameworks coming from either System Integration or Crisis Management. Our approach is that Business Continuity is neither a project nor an event, but a continuous improvement process; therefore, it requires a structural oversight, embedded inside the core processes of the company.
A correct definition should begin with the identification of the intrinsic features of the processes and the corporate culture.
Only introducing approaches that ensure the constant update of the information will allow to govern Business Continuity, instead of just defining basic services to deliver should uncontrolled anomalies arise.
Since mid-90s, repeated events raised awareness on the side-effects of the fragmentation of processes that was introduced to reduce costs. The increased efficiency is coupled with an acceleration of the increase in complexity of connections between activities, that started at the beginning of the XX century.
As discussed in the previous issue, focused on Strategic Outsourcing, transferring outside the organization processes that belong to the core activities progressively weakened the capability to control, removing flexibility and redundant resources that were in the past used to solve temporary crises.
Over the last three years the optimal cost-benefit balancing in managing corporate processes has been revised, and government agreed on a common approach to raise the awareness of businesses; this has been more evident in countries that over the last few years transferred a significant quantity of the state economic assets to private businesses.
Being unable to require a change of the internal cost management policies of businesses, the government major industrialized countried tried to use the indirect approach, suggesting to multinational companies to set the example in managing risks at a systemic level, not at a company level.
Business Continuity is becoming yet another service offered to companies, but we think that external support can produce positive results only if the customer develops a governance capability.
Once this capability is available, external resources can be involved, but in the context of a sound framework of guidelines, to deliver support to the implementation of strategies vs. replacing the customer in their definition.
Should the governance aspect be missing, the technological aspect of Business Continuity will just risk to generate additional costs, to introduce processes and resources as an answer to previous crises, instead of adapting resources to the risk evolution.
As for outsourcing, our approach is to suggest methods and processes that should be integrated inside your corporate structure, linked to the knowledge of the strengths and weaknesses of your own internal structure, as we believe that any chain (of processes, etc) is as strong as its weakest link.
First and foremost, Business Continuity Governance should dinamically identify the weaknesses to be removed, or at least to design how could be avoided should the need arise.
If there will be sufficient demand, a future issue of BFMagazine could focus on specific aspects of Business Continuity (managing continuous improvement, supply chain assessment of Business Continuity/due dilegence, etc).
The section "CoverStory" describes the suggested approach to introduce both Business Continuity and Business Continuity Governance, limiting the additional and ancillary costs that are usually connected with a non-systemic identification of the areas of intervention.
Some interesting side-effects include:
- allowing the management of the knowledge network derived from the first Business Continuity project
- increasing your operational flexibility
- improving the corporate-level coordination of processes
- simplifying the distribution of knowledge for processes that involve multiple organizations (also not belonging to your company)
|
2003-2005 edition