The Business Continuity Institute - May 06, 2016 16:08 BST
Return on investment… a dilemma for business continuity practitioners. How to demonstrate the value of something that is designed for events which (hopefully) never occur? How to access, then budget, resources, organizational importance and leadership, as this ROI is potentially a part of the 'beauty contest' with resource competing disciplines? Providing concrete numbers is obviously challenging… so what could be the solutions?
Understanding the budget approving audience is a major prerequisite. What are current business and/or personal requirements and agendas? How would you concretely respond when being asked “what is in there for me” by this audience?
Important to know: the behavior of human beings can be influenced best with personal, immediate, certain, positive consequences… respective innovation and adaption considering the psychological background are therefore the key for designing the 'right' (personal) ROI strategy (mix).
Potential ROI types:
The emotional ROI
It requires the generation of emotions in particular fear of significant and specific events where a BC program could return a 'better sleep' or the avoidance of any form of reprimand or career impact.
And it works… however usually for a small time window only utilizing the post-event felt urgency for action, and with limited success over time. Human beings tend to normalize scenarios and fall back to the 'will not happen to us' and 'business as usual' reflex especially when the projected apocalypse does not occur in their own backyard. As a matter of fact, the dose of bad news has to be increased over time for achieving a constant attention level. At a certain point credibility may be impacted as a function of the risk appetite. This ROI approach should be used therefore economically and selectively.
The competitive ROI
BC Intelligence means collecting consistently concrete data on external incidents, good practices, business strategies, and BC activities and benefit, in particular concerning explicitly the same industry or major business competitors. Data is consolidated and illustrated provoking a 'why don`t we' reflex by generating the perception of a competitive disadvantage when not implementing a similar or even superior BC program. The return is a (perceived) competitive advantage with respective business consequences (market share, revenue etc) which may be qualitatively illustrated for supporting the ROI design.
The monetary ROI
Concrete numbers are challenging, however an indirect approach could work. BC should not be limited to the classical disastrous event role, but the view should be expanded to regular incidents by taking the discipline out of the fateful special and rare event corner. Joining forces with incident management and/or business functions in the frame of a resilience approach could facilitate the collection of respective and concrete data.
There is a variety of direct and indirect costs linked to incidents which could be (examples):
- Event management, alternative resource, recovery
- Product / service / process incl. for downstream - rework / penalties
- Clients / contracts - fines / reputation
- Revenue / billing / investment
- Cash flow / discounts / credit rating
Cost aspects should be formally recorded, if possible quantitatively (or at least estimated or qualitative statements if not). Taking all eventual costs into consideration may lead to surprising findings setting the breeding ground for BC ROI illustrations.
Records should then be explicitly checked for potential BC support aspects. Could, or have, plans, plan parts or linked action, the mapping of processes and business impact (BIA), interface processes (like crisis management, emergency response, and crisis communication) directly or indirectly mitigated the cost impact? If yes, to what extent? What is needed for optimizing this? What are quick wins? These findings are consolidated and illustrated bearing in mind the interests and requirements of those assigning resources. Found 'bright spots' could be used for driving change. Costs could be defined as a certain form of 'loss' which links the ROI to popular business strategies e.g. 'lean'. For tailoring this a sound understanding of business initiatives in particular of those dragging currently the interest of the budget and resource approving audience is beneficial.
Resource competition games require usually ROI strategies. The rules are set directly or indirectly by the business and budget owners, and apply to all disciplines competing for the resource pool. Practitioners need to be able to sell the BC value to those in the driver`s seat for budget and resources approval by tailoring innovative language, communication channels and ROI scenarios according to personal and business requirements and capabilities. Joining forces via a resilience approach might facilitate the designing of business cases.
Thomas Schildbach MBCI Ph.D. is the Risk and Business Continuity Manager at Post Technologies
In 2014, the federal government was the victim of 61,000 cyber security breaches. If the government is so vulnerable, what are the cyber security risks for businesses, whether large or small? Revisit the cyber security threats facing modern businesses to learn how to best protect your business from threats.
Cyber Security Threats Facing Businesses
Businesses in all industries face a growing range of cyber security threats. Companies must understand the barrage of threats coming from attackers in order to implement a comprehensive security plan that addresses their vulnerabilities. Pressing concerns for small and large businesses include:
The BCI has announced that Lorraine Darke is to stand down as Executive Director of the Institute after 12 years in the post. Applications are being invited for her replacement.
BCI Chairman, David James-Brown FBCI, commented: “Since Lorraine’s appointment in 2004, the Institute has been through a dramatic period of growth and modernisation, and we are now seeking an experienced and inspirational leader to drive the BCI forward in the next stage of its development. We will be appointing a new Executive Director who has a thorough understanding and experience of the challenges facing contemporary professional bodies, and the skills necessary to triumph in this competitive environment. The successful candidate will be a dynamic, energetic and enthusiastic leader, with excellent people skills and the ability to engage and develop lasting, positive relationships with a range of stakeholders. They will have proven capabilities in identifying and capitalising on commercial opportunities through original solutions.”
For more details about the role click here.
(TNS) - Pittsburgh public safety officials have promised to review and seek improvements to how they handle all major events hosted by the city in the wake of two events that generated complaints from the police union.
Two recent events — the mid-April Donald Trump rallies and Sunday’s Pittsburgh Marathon — created concerns about the public safety department’s preparedness to handle major events and will be the subject of reviews.
“We’ll be doing more after-actions on every type of event, whether it’s a scheduled event, whether it’s an unexpected event,” city Public Safety Director Wendell Hissrich said Wednesday. “There will be after actions across the department of public safety to include EMS, fire and police, not to hang anybody, but to figure out how we can make the improvements down the road.”
When laying down the foundation for employee safety and communication, one of the most essential resources to establish within your organization is a secure emergency phone number. A reliable place where your employees can go to hear pertinent information, retrieve updates, and understand how the information on the other side of the phone affects their well-being, their day, or their job. A number your employees can call or text to report information, raise concerns, present questions in one centralized place for the employer.
In 1967, the President’s Commission on Law Enforcement and Administration of Justice worked to implement a universal phone number nationwide for anyone reporting emergencies. That’s why 9-1-1 exists today, so we can report emergencies relating to crime, accidents, and medical issues, and request assistance.
As mobile people living among an increasing population, subsequently producing a rising number of incidents, the methods of reporting and responding to incidents are changing. The resources to keep people informed and connected are becoming smarter, more useful. The technology to monitor, communicate, and resolve a situation faster is readily available to us.
Every business comes with a certain amount of risk. Although difficulties and challenges can’t be avoided, they can be mitigated with the proper precautions, planning and insurance coverage.
In support of National Small Business Week (May 1-7) and to help business owners understand insurance, the Insurance Information Institute (I.I.I.) developed this infographic that focuses on business interruption insurance which is also posted on the I.I.I’s Business Pinterest Board.
Did you know that after a catastrophe or other disaster 40 percent of businesses do not reopen and another 25 percent fail within a year?