DRJ's Spring 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 31, Issue 4

Full Contents Now Available!

For many years now, corporate contingency planners have been agonizing over the questions,

“How can I get the attention of senior management?” and “Why are our (pick one) disaster recovery/business continuity/emergency planning/crisis management initiatives always at the bottom of the budget allocation list?”

Virtually every industry conference has at least one speaker confidently instructing attendees on “how to get management commitment” or “how to guarantee funding for your planning needs,” or something similar.

Often times overlooked in this wailing and gnashing of teeth are the more serious and fundamental questions: (a) Is what we are trying to “sell” to our executive “buyers” what they actually want; (b) If not, what do they in fact want; and (c) If it is what they want, why is it often so difficult for us to “sell?”

We are consultative salespeople, trying to sell a product that in all too many instances is ill-defined, using outdated sales tools and frequently failing to make the connection to prospective buyers between spending scarce budget dollars on our products and achieving their corporate goals and objectives. We as an industry reached a “plateau” years ago, and we will not achieve our goals and objectives until we acknowledge the root causes of this semi-stagnation and fix them, thereby putting us back on the path onward and upward to status as a true and critical component of sound corporate governance.

 

 The First Challenge: Creating A Compelling Message

How many times have practitioners in this industry complained, “I can’t even get in to see our (again, pick one) chief information officer/chief financial officer/chief executive officer?”

We must be careful what we wish for here – putting an ill-prepared planner in front of one or more senior executives to ask for a larger piece of the corporate budget “pie” is often a recipe for disaster.

The typical corporate planner is usually about as well-prepared to fight with senior sales executives for budget dollars as Einstein would have been to climb in a boxing ring with Mike Tyson.

We somehow must craft a compelling message for Professor Einstein that would have armed him with a “knockout punch” to win the bout – and the budget dollars. Otherwise we will continue to be flattened and carried out of the executive ring, only to awaken and groggily speculate on what hit us and how the big bullies managed to take our budget money.

The key here lies in translating our products and services into the achievement of strategic corporate goals and objectives – the real ones, the ones the achievement of which puts bonus money into executive compensation packages.

We must speak in terms of not only meeting regulatory requirements, but also taking steps to fortify corporate governance/practices and establishing preparedness as a potential competitive advantage.

In short, we have to “walk a mile in their shoes” by putting ourselves in the position of a senior executive faced with funding either a revenue-generating corporate growth program or a robust business continuity planning effort, but not both.

As most experienced practitioners know only too well, the pressure on senior executives in most businesses to increase revenues and profit-per-share amounts is intense and unrelenting; any tactical approach that could re-position corporate contingency planning in their minds from a nice to-do project in the “pure expense” bottom half of the spreadsheet to either a “need-to-do” (“just a part of running a business”) expense or even a competitive advantage in an ultra-competitive marketplace.

The Second Challenge: Developing Common Industry Terminology

In the beginning, there was the computer – that marvelous, time-saving device designed to make our lives easier. Within minutes after the creation of the computer, another new term came into being: the computer crash.

In its earliest versions, computers were as temperamental as today’s professional sports superstars, prone to unpredictable fits and sudden stops. Hours of painstaking data entry were erased in the blink of an eye. Backing up data became an integral part of computer usage, followed quickly by backing up the computers themselves with alternate processing capacity. Recovery from computer failure disasters became “disaster recovery planning” (DRP) and our industry was born.

Over the following years, “disaster recovery planning” evolved to encompass databases, applications, and even related user functions. “Disaster recovery planning” evolved into “business continuity planning,” a broader concept that included DRP as a subset. Soon other terms began to be coined and “contingency planning,” “emergency response planning,” and “crisis management planning” joined the industry lexicon. Lines between the various types of planning began to blur in the minds of nonpractitioners and confusion set in.

Today, any survey of the top corporate executives about the meaning of these terms would produce an interesting variety of responses – a variety that limits effective communication between practitioners and nonpractitioners as well as between practitioners and other practitioners.

This lack of widely-accepted industry definitions has become a substantial impediment to the establishment of true industry standards, the absence of which continues to hold back acceptance of crisis management/business continuity disaster recovery/emergency response planning as a true component of sound corporate asset management (and now corporate governance) policy.

Ladies and gentlemen, we must resolve this terminology problem or face a future in which we are constantly defining our “products” as a prerequisite to “selling” them – with the accompanying “language” barriers standing in the way of our next evolutionary steps.

The Third Challenge: Integrating Planning ‘Silos’

As the business continuity manager for your company, you’ve just completed a plan to develop business continuity plans for all 12 company facilities throughout the United States. You submit your project plan to your boss, the corporate risk manager, and she agrees to take it to the chief financial officer for consideration. You begin the process of laying out timelines and task assignments – only to be called into the risk manager’s office and told that your plan was not approved. Your boss appears irritated and tells you that your plan was not approved because it conflicted with the “security and crisis management plan upgrade” project already submitted by the corporate security director and approved by the executive committee.

She then asks you why you either (a) knew about this project and sent her into her supervisor’s office with a plan that had little or no chance for approval, or (b) didn’t know what the corporate security people were doing that clearly overlapped with your project plan.

As you walk back to your office in shock with your plans in tatters around you, full of self-righteous indignation at the audacity and lack of cooperation shown by the security planners, another unpleasant experience awaits you in your office – an angry disaster recovery planner from the IT department who wants to know why he was never included in the planning meetings you held to develop your now-defunct project plan. Suddenly that vacant position in accounting seems much more interesting.

Now imagine yourself as the chief financial officer of that corporation, faced with separate funding requests from the risk management department, the corporate security department, and the information technology department. Your frustration grows as you review these requests since there are clear instances of overlaps and task duplications. Don’t these departments coordinate their activities, or at least talk to each other occasionally?

As our industry has grown, this “planning silo” problem has grown with us. The problem now threatens both our credibility as planners and, more importantly, the effectiveness of our corporate contingency plans.

Where these silos exist – which in reality is in most larger businesses in America, perhaps even globally – they create the potential for disjointed and possibly even disastrous responses to events, with larger events maximizing the chances of a confused and ineffective response.

All corporate contingency plans should be coordinated from the emergency response plans (typically owned by facility managers) to disaster recovery plans (usually an IT responsibility) to business continuity plans (frequently a risk management function) up to and including corporate crisis management plans (often housed within corporate security).

Without communication between these planning functions and cooperation between corporate silos, planning gaps and overlaps will almost inevitably occur – not to mention plan function problems arising from the frustration and irritation of corporate executives faced with apparently conflicting or duplicative project plans.

Breaking down these planning silos, or at least building a bridge between them that promotes effective communications, is critical to the continued growth of corporate contingency planning as a whole.

Conclusions

This article is admittedly a collection of the opinions of just one person, and thus admittedly not an authoritative discourse. It is, however, a starting point for those in our line of business to look toward the future, and toward moving the industry upwards off the plateau we have been occupying for years now. We must continue to evolve or face extinction – in this case, most probably absorption, dissolution, or slow starvation from lack of corporate attention and funds.
Now as never before, our services should be (or become) a critical component of sound corporate governance. But now as never before, this acceptance is up to us. Let us hope that we are up to the task.


John Copenhaver is senior vice president of Marsh Crisis Consulting. He is responsible for development and delivery of broad-spectrum contingency planning, crisis management and emergency response services to Fortune 1000 clients. Previously, Copenhaver served as CEO of Contingency Management Group, Inc. and director of Federal Emergency Management Agency (FEMA) Region IV in Atlanta.