Integrated governance - Effective business continuity management
How to move forward
A hybrid governance structure
The steering committee comprises people responsible for approving budgets and making major decisions. The BCM manager, supported by the BCM team, functions as a liaison between the business units and the decision-makers. The working committee comprises people responsible for implementing the BCM program, with guidance from the BCM team.
The root causes of common BCM challenges relate and overlap. Because BCM should be a strategic initiative, addressing these root causes should be imperative to senior executives.
Implementing these recommendations as a whole will help organizations develop an integrated and effective governance structure for their BC and DR programs, promoting a better understanding of the organization, reduction of costs, protection of reputation and brand, and sustainment of vital activities.
Establish an effective BCM governance structure
An effective BCM governance program has a well-defined composition and structure. An organization should be aware of where its BCM program fits in the organizational hierarchy and choose the right people to facilitate governance.
A member of the senior leadership team – someone outside of the IT organization, such as the head of risk management, human resources or finance – should serve as the executive sponsor and owner of the BCM program. Establishing this critical role outside of IT will assist in maximizing the support of the business units, whose participation is necessary to implement the program.
We observe three governance models in practice:
- Centralized: a centralized team directs BCM activities globally.
- Decentralized: the business units oversee their own BCM activities.
- Hybrid: a central team develops the global framework, and the business units implement it.
Integrate efforts between business and IT
BCM initiatives across an organization are often executed in silos, potentially leading to a fragmented program with misaligned priorities. A successful program leverages its integrated governance to promote effective communication among the businesses, between the business and IT team, and between the BCM team and the decision-making executives.
The BCM manager and team take responsibility for defining processes that facilitate the incorporation of the BCM effort into the organization. The nature of the working committee, with representatives from different areas of the organization, promotes partnership in defining the BCM framework. At the executive level, the steering committee must make sure that BCM is integrated with other related disciplines, such as enterprise risk management and security.
Having executive sponsorship to align the BCM effort with overall company goals provides the foundation for the challenges of managing the varying priorities of the organization. It is through BCM team and steering committee collaboration that priorities become aligned.
Create a culture of quick change adoption
BCM is an ongoing process, and the planning activities should keep up with the ever-changing needs of your business. This should take into account:
- Changes within the organization
- Changes in the IT infrastructure
- Turnover of BCM professionals and business unit leadership
The governance model should support the quick transitions these changes demand through a change management process. This helps ensure that changes are identified, risks are revisited and essential modifications are made to the BC and DR plans.
A sustainable BCM program continuously identifies and manages its organization’s risks. On a regular basis, BIAs and strategies are revisited, threats and risks are reassessed, plans are reviewed, exercises are conducted and metrics are reported to help ensure the BCM program is addressing the current environment and future state of the organization.
Governance must facilitate knowledge transfer and awareness across the organization and promote a culture of proactive risk management.