Business continuity is not the same as crisis management
Any organisation that imagines that a business continuity plan makes it ‘crisis prepared’ is due for a big and costly surprise, says Dr Tony Jaques
Crisis management should be recognised as both a tactical and a strategic responsibility, which extends far beyond just business continuity and must be fully integrated into the highest ranks at a strategic level (image: Jozef Micic/123rf)
Business continuity is just one element of strategic crisis management, and failure to recognise this leaves you dangerously vulnerable to operational and reputational risks.
Part of the problem is confusion over terms – business continuity planning, crisis management, business recovery, incident management, emergency response, risk management, crisis prevention, crisis preparedness... the list goes on.
But the risk is not just definitional. The real danger is putting a business continuity plan in place and then starting to relax – imagining that your organisation is ready to face a crisis.
While arguing about definitions can be unhelpful and unproductive, recent social media debate on this topic exposed just how mistaken some communications professionals can be.
No. Crisis management is not ‘part of business continuity management.’ No. Crisis management is not ‘the mode that strategic managers must enter when protective processes fail for whatever reason.’ And no, crisis management is most definitely not just ‘how to respond to the crisis after it has happened.
Crisis management is a strategic management process that begins long before the triggering event and continues after the triggering event has been brought under control. It embraces:
Identifying and proactively managing potential crisis issues before they happen
Getting the organisation ready for when a crisis does occur
Responding effectively to the event
Restoring business as usual
Responding to the highly damaging risks that often arise when the dust has settled (sometimes called 'the crisis after the crisis') and, finally
Learning from what happened and incorporating this into future planning
As Singapore-based crisis consultant Kim Yang Lim has previously commented: “The business continuity management, risk management and crisis management functions require different approaches and have different objectives. To use BCM, RM or CM as an umbrella term is misleading to company managers, who may then perceive the three functions as interchangeable and, consequently, may cherry pick what capabilities to develop and so omit an important part of preparedness. All three functions are essential but they are all different and require different skill sets.”
It's this focus on roles and responsibilities that is critical. Business continuity is often perceived as a largely tactical or operational role to help restore 'business as usual' as quickly as possible, and that it's carried out by logistics and technical people deep down inside the organisation.
Even worse, business continuity is sometimes positioned as synonymous with recovering from IT failure. Indeed, some experts have introduced the term Technology Continuity Management (TCM) to reinforce that it is a technical responsibility.
But effective business continuity planning should address much more than just IT and other technical disasters. More importantly, crisis management should be recognised as both a tactical and a strategic responsibility, which extends far beyond just business continuity and must be fully integrated into the highest ranks at a strategic level.
Without top executive commitment to Crisis Proofing, organizations will continue to be unprepared, and crises will continue to destroy organisations and reputations.
This series of blogs is written by CRJ Australian-based crisis expert, Dr Tony Jaques, Managing Director of Issue Outcomes Pty Ltd and a Member of CRJ’s regular international blogging team