In the first two of this short series of blogs, we looked at what business continuity management (BCM) is, and how it differs from disaster recovery. To conclude, let’s consider where BCM fits into the corporate organogram.
Most organisations have considered and gone a long way to implementing IT disaster recovery and so when business continuity appears on the horizon it gets assigned to the IT department. As discussed in the previous blog, business continuity and disaster recovery are interconnected but should not be owned by the same executive. This reason for this is simple: disaster recovery is IT-focused and requires technical insight. Business continuity is founded on business processes and decisions regarding recovery times and associated resources. Business continuity decisions need to be made by the business owners themselves.
So what’s the logical place for BCM to be located within the enterprise, where it will deliver the maximum benefit to the company?
There’s no correct answer to this question. In fact it’s safe to say that many hours of debate—sometimes quite heated—have gone into finding it. In our experience, we have found that the correct home for BC depends on the culture of the organisation. Most often it resides with the risk management department. Although it is relevant to risk reduction, placing business continuity may make it seem like a once-off event and not a continuous improvement process.
In other instances, business continuity is assigned to the COO. The advantage of this approach is that buy-in is likely to be wider, and there’s a greater chance that business continuity will become ingrained in the organisation. On the downside, it’s likely that the risk-reduction component might not be implemented correctly.
The reality is that BC is a key governance requirement and ultimately accountability should reside with the CEO and/or the Board. The implementation of the project beneath this should then be the responsibility of the department best suited and skilled to achieve the objectives of the BC programme.
Where does your business continuity management function fit?