According to Investopedia.com, governance is defined as “the system of rules, practices and processes by which a firm is directed and controlled.” Governance is a vital part of every organization because it ensures that employees and management at all levels of the organization are doing the right things and working to reach the same common goal.
Unsurprisingly, governance also plays a key role in Business Continuity Management (BCM) Programs. An effective BCM program needs to be a part of the organization’s “way of life”. To succeed, BCM cannot be treated as a project that terminates at a given date, but rather a practice that must be continuously integrated into the organization’s operations. Ensuring that an organization’s governance is aligned with the BCM Program is one of the key considerations during development, implementation and maintenance.
One of the most widely used resources of Business Continuity professionals is the Professional Practices for Business Continuity Management developed by the Disaster Recovery Institute International. The professional practices outlined in this document serve as an excellent foundation for successful BCM Program implementation.
Governance is brought up numerous times throughout professional practices because it comes into play at multiple stages of the planning process. The existing governance structure of an organization must be taken into account when assessing the organization’s BCM current state. However, the organization could be required to make changes to the governance structure to maximize BCM Program effectiveness.
BCM Program requires a strong Governance model
Governance spans all levels of an organization, and different approaches must be implemented at various levels. The integration of BCM must start at the top of the governance structure and then work its way into all the other levels in various capacities.
It is impossible to effectively integrate BCM into the governance structure without the commitment of an organization’s top-level executives and or Board of Directors. Achieving this commitment will usually require the Business Continuity professional to spend time communicating directly with at least some of the executives assigned as BCM Program sponsors.
Once the top-level executives commit to incorporating BCM into the organization’s structure, the BCM Steering committee should be formed and a formal governance process (BCM policy) should be introduced. The BCM steering committee will be responsible for ensuring that BCM is compatible with the strategic direction of the organization, and to provide resources to establish, implement, operate, monitor, review, and improve the BCM Program outcomes.
Once the BCM Steering committee is operational, BCM leads, champions or coordinators shall be appointed depending on the organization structure and size. A BCM champion/lead is responsible for a specific team or division and must ensure that all relevant policies, documentation and training materials are updated and distributed to the team or division.
Right stakeholders are a key
BCM ‘champions’ should be appointed at each division or functional level. A large organization with multiple business lines, many divisions within each business line, and various functions for each division will require the involvement of more stakeholders than a small organization with only a handful of functions.
Regardless of the size and complexity of the organization, the key focus is always on ensuring that employees at all levels are aware of changes to the governance and have access to any relevant information. They must be aware of any changes to the processes and functions they may need to carry out.
In summary, poorly structured and implemented BCM governance can lead to a lack of direction for the organization as well as inconsistencies across departments or divisions. Failing to maintain and update the organization’s governance during the BCM Program implementation or maintenance phases will reduce the BCM Program effectiveness and reduce operational readiness during the crisis.
Alextec Advisory is a Licensed DRI International Partner. We offer a number of Business Continuity Management Courses and Workshops.