5 Common Mistakes Made in Business Continuity Management

Imagine an unexpected disruption to your company’s business activities. It could be a fire that destroys a warehouse filled with inventory, an IT incident that compromises the network, or even another pandemic disease like COVID-19 that forces some of your third parties to suspend operations or requires you to furlough some or all of your workforce.

Every minute business operations slow or stop costs the company money. That’s why organizations employ business continuity management (BCM). BCM is defined as planning and preparation to ensure the company overcomes serious incidents or disasters and resumes normal operations within a reasonably short period.

Companies consult their business continuity management plans  for any number of reasons, including natural disasters, severe IT incidents, vendor mishaps, even cases of fraud or embezzlement. However, these moments of crisis are decidedly not the time to discover a plan’s shortcomings. Though there is a path from disaster recovery to business continuity planning, it’s better to get it right during the development process.

Read on to learn the 5 common mistakes made with business continuity management.

The business continuity plan collects dust

Too often, the business continuity management plans are created in a flurry of activity, documented in a three-ringer binder, and filed away on a shelf that’s rarely if ever visited.

Business continuity management is as vital to your organization as the strategic plan for achieving objectives. 

That’s a mistake, because business continuity management plans involve people, procedures, and scenarios that change over time. People change roles or leave the organization. Procedures update and often because of new technology. Scenarios frequently change with mergers and acquisitions.

Whether your plan lives on paper or in the cloud, it needs continuous review and updating. In the event of a major incident or disaster, your business continuity management plan must be current and capable of acting as the go-to resource for guidance.

The business continuity management plans and teams are never put to the test

Business continuity management plans are developed and updated regularly based on new information and changes. However, the plan and the people involved in carrying it out are never put to the test. If an adverse event occurs, team members are placed in high-pressure situations without scenario training. Lack of testing also means missing out on learnings to create a better plan.

It’s a mistake to use an untested business continuity management plan. Many organizations use tabletop exercises that bring together participants to discuss their roles in an emergency for one or more scenarios. It’s best practice to test your business continuity management plan every six months, or at least annually.

The business continuity management plan is managed by one person

There’s nothing wrong with having a point person for a business continuity management plan. It’s a better idea to have a diverse group of people across the company to account for everything. It’s a mistake to empower only one person, as individuals lack visibility into all the risks and processes that exist across the organization.

A better approach is to form a business continuity management team that encompasses multiple departments and functions. A cross-functional team brings a company-wide perspective to business continuity management planning. Diverse views help address issues and contribute to a better business continuity management plan.

The business continuity management plan fails to account for third parties

Business continuity management plans cover scenarios involving IT security, weather calamities, and other possible adverse events, but plans often miss scenarios involving third parties. Case in point: the medical supply chain disruption in Puerto Rico in 2017, when hospitals could not source IV bags due to a concentration of manufacturers on the island. business continuity management plans that don’t account for third parties are less effective in helping the organization recover.

When developing your business continuity management plans, take time to deliberate among team members to uncover all business-critical activities that involve third parties. Look for what could bring operations to a standstill and account for it in your scenario planning.

The business continuity management plan doesn’t consult risk management

Many BC examples start as unidentified and untreated risks that evolve into adverse events or incidents. For example, Ransomware can knock out critical computer systems within city governments, interrupting operations and endangering public services like 911. Reputational risk can come into play if an incident occurs that’s publicly damaging and spreads socially. It may not knock out critical systems, but it can still slow operations and hurt the bottom line.

One of the biggest mistakes made by business continuity management teams is a failure to engage risk management during the plan development process. By identifying major risks that could turn into adverse events and disasters, you can proactively include them in your plans and tabletop exercises.

Business continuity management is as vital to your organization as the strategic plan for achieving objectives. Business continuity management plans get your company back on its feet after a serious incident or disaster. Now that you know the top 5 common mistakes made within business continuity management, you’re ready to build your own high-performance business continuity management plan.

Download our Business Continuity Toolkit

Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.

The Element of Surprise Keeps Things Honest

How to Conduct Remote Investigations During a Pandemic

Business investigations must continue – even during a global pandemic, when they must be conducted remotely. See how to ensure documents are authentic, ensure witnesses aren't being coached, and more - all over video or phone interview.

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

3 Ways to Boost Organizational Trust for Post-Pandemic Business Recovery

Organizational trust isn't a warm, fuzzy "nice-to-have." When times are tough, organizational trust is necessary for many business corrective measures to work at all. Here are 3 ways to build that trust for a post-COVID-19 recovery.

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.