Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
The post-crisis recovery phase is one of the least addressed in planning, training and simulations. This is an area that, if not properly managed, can cost financially, reputationally and operationally. Communications, internal and external are, at best, misjudged. Guidelines for recovery are lacking and most entities lose focus when it comes to discussing recovery operations. It may be that recovery is one of the most complicated of the lifecycle elements and that no two recoveries are going to follow the same pattern.
However, the recovery process can be segmented into manageable bits that can be undertaken using a project management approach.
Business Continuity Lifecycle – A Perspective on Recovery
Figure 1, entitled, “Business Continuity Lifecycle” provides a top level graphic depiction of the typical cycle of event response, management, recovery and resumption of operations. I have added the emergency response and crisis management elements as they intermingle with business continuity. I have simplified the cycle to four major transition points. Transition point 1 is the reactive response phase, where we react to events and invoke emergency response actions. This phase is characterized by activation, reactive response and chaos control.
Transition point 2, I have titled “Unplanned Disruption”. This is the phase where we begin to identify and address the unplanned developments that result from the event and the reactive response to the event. Unplanned disruption would include those elements of surprise that the planning effort did not directly address or completely overlooked. During this phase it is possible that crisis management becomes the lead element in the business continuity process.
Transition point 3, I have titled “Planned Disruption”. It is in this phase that the plan is actually working as it was written (well perhaps). This phase is critical to recovery as the recovery planning, based on actual reentry assessment activities, should commence and the recovery team should be transitioned in to the organization.
Transition point 4, I have titled “Termination”. It is in this phase that recovery activities are in full swing. Restoration and resumption of business operations are underway. The resumption activities may still be conducted at an alternate location (if an evacuation has occurred). During this phase the recovery team is moving dislocated units, entities, etc. back to the normal work area. It is critical in this phase to get it “right” so that the transition back does not create a new event/crisis. Note that on figure 1, I have differentiated the Recovery Management aspect, as well as the “Business Recovery” and the “Systems/Information Recovery” activities.
Business Recovery involves more than the recovery of systems/information. Activities, such as Finance, Marketing, Legal, Production, internal support and external support (“Value Chain”) have to be reset and integrated back into the organization. Depending on the severity of the event, realignment of operations, reorganization and resetting of corporate goals/objectives may be necessary. While too numerous to delineate in this space, one should have a plan that outlines the functions and areas within the organization. This plan should establish timelines for recovery of these activities and reintegration into the business operation. To ensure smooth transition from event termination to recovery and resumption of “normal business” operations a touchpoint assessment should be part of the recovery process. This assessment would identify the various touchpoints that major units have in order to incorporate them into the recovery timeline. For example, if a production unit is coming back on line and new or altered processes are being put in place; training may be required for operators/staff. The touchpoint with Human Resources would be the training program and certification of staff to operate in the new/altered environment.
Concluding Thoughts
While I have highlighted some aspects of the recovery process in this brief article, I think it is necessary to offer a suggestion regarding recovery plan validation activities. Some may use the term “drills and exercises” or “simulations” or “war gaming” to describe the validation process. Designing, developing and implementing a “Recovery Exercise” is, in my experience, a very rare occurrence. I would recommend that planners take a moment to assess the actual recovery capabilities of their organization. Design, develop and implement a drill or exercise; whether tabletop or full scale, to see if recovery operations can actually be undertaken and carried out as described in the plan or in the thought process of the organization. This is an ideal situation for involving the public sector and the “Value Chain” components within your planning framework. The focus should be on identification of flawed decisions to establish a context for correcting flaws within the risk assessment, business impact assessment process.
About the Author
Geary Sikich – Entrepreneur, consultant, author and business lecturer
Contact Information: E-mail: G.Sikich@att.net or gsikich@logicalmanagement.com. Telephone: 1- 219-922-7718.
Geary Sikich is a seasoned risk management professional who advises private and public sector executives to develop risk buffering strategies to protect their asset base. With a M.Ed. in Counseling and Guidance, Geary’s focus is human capital: what people think, who they are, what they need and how they communicate. With over 25 years in management consulting as a trusted advisor, crisis manager, senior executive and educator, Geary brings unprecedented value to clients worldwide.
He holds a B.S. in Criminology from Indiana State University and a M.Ed., in Counseling & Guidance from the University of Texas at El Paso. A well-known author, his books and articles are readily available on Amazon, Barnes & Noble and the Internet.
Leave a Reply