The 5 Real Reasons your Employees Don’t Care about Business Continuity

An excellent, recent article in Information Week online, entitled “5 Reasons Your Employees Don’t Care About Business Continuity” dealt with what I might categorize as ‘symptoms’ of non-participation.

There are some fundamental problems in many organizations (and in their Business Continuity Management programs) that discourage participation – and often assure its failure. Those are the true root causes.  Here are my 5 Real Reasons your Employees don’t give a hoot about BCM:

1)      Management doesn’t demonstrate any interest

It’s all about organizational charts.  Thousands of words and hours have been spent giving advice on ‘getting Senior Management buy-in’ for BCM.  That’s great.  But an assumption (stemming from the CEO’s memo declaring the urgency of BCM planning) that the entire organization will immediately fall in line, is wishful thinking.  Unless every C-level executive gives BCM instructions to the next level of management no amount of CEO flag-waving will have impact.

I may read the CEO’s memo.  I may ask my manager about it.  But unless she gives substantive and specific instructions – what to do, how to do it, what its benefits are and when it’s due – I’ll put it down at the bottom of my To Do list.  Without line management support, a BCM program will languish – because the people who’ve been tasked with the effort have been given the impression (by their own managers) that it’s not a priority.

How to fix it:  Penalties or Incentives/Praise or punishment.    Choose your weapons.  Executive Management must use their position to assure that each successive level of Management understands the goals and objectives of the program, follows through on its development and maintenance – and understands the penalties for non-compliance.

2)      No one asked them to participate

Former Majority Leader of the US House of Representatives Thomas P “Tip” O’Neill said “you have to ask for their votes” to get people to vote for you.  The same applies to BCM.  The people who know how day-to-day operations work – and are therefore best equipped to understand what would be needed to continue or recovery them under adverse conditions – won’t participate unless they’re asked.  They’re often ignored (perhaps because the boss thinks he knows everything and doesn’t need their help), or they’re simply told what to do -without asking them to help or asking for their input.

How to fix it:  Involve line employees.  Give them a role on the team creating the plan – not just on the recovery team.  They know a lot more than you might think.  Not only will you get better plans, but you’ll also have an opportunity to capture their knowledge (which may come in very handy if they leave the organization!).

3)      They assume it’s about IT – and they don’t work in IT

For decades, Recovery Planning efforts have been led by IT in many (if not most) organizations.  That has led managers at all levels to assume that recovery is an IT issue.  So when the CIO declares that IT has a viable and tested Disaster Recovery Plan, Senior Managers breathe a collective sigh of relief and move on to the next subject.  Down the management hierarchy, everyone assumes that IT’s got everything under control – including everyone in IT who didn’t participate in creating the DR Plan.

Business operations folks assume that when something hits the proverbial fan, IT will tell them where to go and what to do.  Even the IT folks who aren’t part of DR planning will assume that they’ll just go home and wait for a phone call.  Nobody sees much point in putting any effort into BCM – since the people in charge say they’ve got it all under control.

Of course, what IT has “under control” is often limited to what they believe the organization needs to do to survive.  And that may be a very different perspective than what ‘the business’ really needs.

How to fix it:  Make it clear that IT is a component of recovery, but that ‘the business’ must determine IT’s recovery goals, and must participate in planning.  Not every disaster’ will impact IT, so ‘the business’ must determine what’s important, and plan for how they will continue/recover their critical operations if they are suddenly disrupted.  That takes participation by leaders and line workers in ‘the business’ – with well-defined objectives.

4)      It’s not in their Job Description

One might expect that government and unionized employees would shy from participating in BCM because their job descriptions are generally narrow.  But the same efforts to avoid BCM participation shows up in private enterprise too – even though almost every job description has that “and other duties as assigned” clause.

When that job description belongs to a Department or line Manager – and any of the previous 3 reasons are also present – participation will be like pulling teeth.  Managers have priorities and, whether or not those priorities have direct P&L implications, they’ll only take on other responsibilities when the addition is perceived as having a positive impact – either leading toward promotion or resulting in a bigger raise or bonus.  If not, that “other duty as assigned’ will be placed as low as possible on the To Do list.

The same applies to line employees.  Unless they see the benefit in taking on extra work, they won’t make much effort.  If there’s a negative impact (a poor performance review, perhaps), they’ll participate – but don’t expect anything more than the absolute minimum effort.

What to do about it:  If your organization is serious about Preparedness, put a statement of BCM responsibility in every Management employee’s job description.  It may not be possible – or advisable – to insert a BCM clause in every line employee’s job description, but it may be advisable for subject matter experts and other critical employees.

And give line Managers the ability to reward their employees (title changes, recognition, etc.) for participating.  A bit of wise spending will reap major benefits.

5)      They think the process is worthless – or too hard

With a few exceptions, most people don’t like ‘busy work’ or bureaucratic waste.  People want to feel their job contributes something of substance.

Run the same BIA survey year after year?  Use a fill-in-the-blank Plan format?  Run the same tabletop walk-thru ‘test’ once a year (with six months’ advance notice)? Even worse: is the only required annual ‘update’ to the Plan updated phone numbers?  The message you send is: it doesn’t require thinking, so it can’t be important

At the same time, a difficult challenge – without proper instruction, preparation or assistance – is just as likely to result in failure.  Asking most managers to develop an ‘all hazards’ or ‘worst case scenario’ plan without context or advice is asking for trouble.  Giving any manager a list of 17 scenarios to include in their plan is plan for procrastination.

Business Continuity Managers walk a fine line between making the process too simple, or making it too difficult.  Lose the balance, lose the participants.  And it’s all made worse by lack of staff or budget.

What to do about it:  Take carefully measured steps to ramp up the viability of the program and its components.  Change the BIA process (add interviews or group discussions for example).  Improve the training and instructions plan owners receive.  Add some subjective segments to the fill-in-the-blank Plan.  Try some creative exercises instead of the same old tabletop.  Challenge participants to think – and give them praise for achieving something more than the same old same old.

Conclusion

A successful BCM program relies on the active participation of line managers and subject matter experts.  Without them the program – and the resulting Plans – can’t be viable or effective.  Remove the barriers to participation and the possibilities are endless.  But if you leave them in place you have no right to complain.

SHARE:
Jim Mitchell

Jim Mitchell

A frequent speaker at Business Continuity conferences, many of Jim Mitchell’s blogs can be found elsewhere on eBRP’s website and has published articles in DRJ, Continuity Insights and Continuity Central. Jim has more than 20 years of experience in Business Continuity; if you don’t agree with his opinions – he won’t be surprised.

Related Posts

Enterprise Resiliency: Navigating Through Disruptions

Enterprise Resiliency: Navigating T...

In today’s threat landscape, the ability of an organization to…
Orchestrating BC/DR Testing: Virtual – Emergency Operations Centers

Orchestrating BC/DR Testing: Virtua...

  Enhancing Planning and Logistics Management  Coordinating BC/DR tests involves…
Insights into creating a successful Disaster Recovery Test – Part 2: Preparation

Insights into creating a successful...

Insights into creating a successful Disaster Recovery exercise – Part 1: Objectives

Insights into creating a successful...

Aligning Cyber Incident Response Planning with Your BC/DR Program

Aligning Cyber Incident Response Pl...

Cyber disruptions – and their impact on both reputations and…
What Can You Do when your BCM software Relationship Falls Apart

What Can You Do when your BCM softw...

“This isn’t working.”  “I’ve changed.”  “I don’t see a future…
Aligning BC/DR to CSIRP Challenges

Aligning BC/DR to CSIRP Challenges

The immediate reaction to a cyber-security incident is the FUD…
Technology Modeling – the eBRP Way

Technology Modeling - the eBRP Way

Definition: Technology modeling is a point-in-time snapshot of an Enterprise’s…
eBIA – The eBRP Way

eBIA - The eBRP Way

Definition: A Business Impact Analysis (BIA) is the cornerstone of…
Threats, Impacts, BCPs

Threats, Impacts, BCPs

Within Business Continuity circles there is ongoing debate about the…