Since the early days of Business Continuity Planning, many organizations have chosen to focus efforts on “Worst Case” and “Hole-in-the-ground” scenario planning, and Departmental Continuity Plans. The value of Departmental Continuity Plans is a myth. Planning for an artificial, organizational construct ‘the Department’ shifts emphasis from the real reason BCM exists: to resume delivery of the organization’s critical Products & Services.
The effort expended to create a Departmental Business Continuity Plan often has two negative outcomes:
1) To accommodate every function, Departmental Continuity Plans are ‘vanilla’ -neither robust, nor detailed enough to focus on the resumption of the most critical functions or Processes.
2) Planning for resumption of non-essential functions reduces the available time for highly critical functions or processes which require greater thought and effort.
After a disruption, will you really need to restore functionality of your whole department? Will you need all the department’s Business Processes (functions), people, and resources restored simultaneously? The answer to both questions is: No. Your BIA results should have told you which Business Processes are most critical to restoring delivery of critical Products & Services.
For instance, which of the Finance department’s Business Processes assures the delivery of P&S to its key customers? Perhaps Payroll (Employees are its Customers) or Treasury (management of funds – for which every critical Process may be a Customer) or Accounts Payable (suppliers and external customers are both their Customers). What about General Accounting, Financial Reporting, Planning & Budgeting and Accounts Receivable? They are important to the organization, but might not be essential in the delivery of Products & Services to your key customers/stakeholders.
A “Process’, by definition, can also span multiple departments and organizational boundaries. As such, planning for Departmental recovery – by its inward focus – is unlikely to meet the needs of restoring complex critical Processes.
But what if your Auditors demand to see your Departmental Continuity Plan? You can provide one – without actually spending much time to create it. Start by creating a folder containing document with all the common stuff (Mission Statement, Testing Requirements, etc.). Add to that the detailed plans you create for the resumption of critical Business Processes. Then create a 1 or 2 page ‘plan’ for each of the other Processes deemed-non-essential (mostly lists of resources and alternate site strategy information). Now the collection of documents in the folder is the Departmental Continuity Plan for your auditors. Unlike that typical ‘vanilla’ Department Continuity Plan, the collection of Plans will cover everything – without sacrificing the proper emphasis on continuity of the most critical Business Processes.
Departmental Continuity Plans may be an audit requirement or a management mandate – but that requirement shouldn’t result in a dumbed-down Plan. By starting with Planning for the continuity of the most critical Business Processes (and adding smaller plans for less-critical Processes), you can meet audit requirements without losing sight of the true intent of BCM: planning to support continuity of delivery of your organization’s critical Products & Services.
The Departmental Continuity Plan myth just got busted. Check out the next Myth Buster article – the Myth of Planning for Resources over Time.
