Rothstein Home: Your Source for Disaster Recovery, Business Continuity Books, Service Level Agreements & More Rothstein: Management Consulting Services Rothstein: Business Survival Newsletter Rothstein: Original Feature Articles Rothstein: Disaster Recovery Forum Rothstein: Today's Industry News Rothstein: Links to Industry Web Sites Contact Rothstein Associates

Pitching Preparedness Disaster Recovery & Business Continuity & Contingency Planning & Disaster Prevention Bookstore
Service Level Management & Service Level Agreements Bookstore

by  Philp Jan Rothstein, FBCI

When it comes to contingency planning, what does an organization really have toshow for its money and effort? For those sophisticated enough to realize it, the much-maligned yet ubiquitous three-inch red binder simply does not cut it any more. More and more companies are looking for tangible, quantifiable results from their business continuity efforts and expenditures.

As appears in the March / April, 1996 issue of
Contingency Planning & Management Magazine.

Key Points

  • Justify on tangible results, not emotions
  • Point out specific, direct benefits
  • Recognize top management may have other conflicts
  • Speak top management's language

Business continuity and disaster recovery have gained somewhat in the eyes of top corporate management since the start of the 1990's. As the industry has slowly evolved from what could almost have been called a 'black art' to something starting to resemble a disciplined science, basic business principles have begun to become increasingly relevant. These principles include cost-benefit analysis, project planning and management, accountability and auditability.

In many organizations disaster recovery has been exempt from these
'sound business practices' for at least three reasons:

  • the image of disaster recovery has been as much emotionally charged as rationally driven, with commitments and decisions driven by the presence or lack of either a 'champion' or of a traumatic event to spur action
  • the skills and abilities of many struggling contingency planners to effectively present and document their requirements, accomplishments and efforts and to successfully build business cases for resource or dollar expenditures have been limited at best
  • the tools, methodologies and processes of the business continuity / disaster recovery industry have been evolving rapidly but even now exhibit omissions
    or inconsistencies.

Consider if you will the engineering discipline as a model for the contingency planning discipline. Engineers have resources and structures which have evolved over decades: professional standards; certifications of competence; proven and accepted processes, practices and tools; standardized methodologies; specific areas of specialization as well as core competencies; extensive data bases and information sources; budgeting, planning and forecasting tools and templates; standardized models; and so forth. These are well documented for the engineer,
with numerous case studies and examples to relate to in any new situation. By comparison, The contingency planner, by comparison, has limited resources and structures to rely on

Making A Case
For top management to dedicate funds and resources to contingency planning,
more than a demonstrable need must be shown: some basic, common-sense questions must be answered to put this effort in perspective with other organization investments, priorities and initiatives. In other words, the contingency planner
must learn to compete for scarce resources and funding. To be successful,
the contingency planner must be able to succinctly and precisely answer
these questions:

  • What are we getting for our money and time?
  • How can we be assured that it will be effective?
  • What are the consequences if we do not do this at all, or put it off for a while?
  • What are the alternatives?

The first of these questions is often the most daunting in that the classic outcome of even the most effective contingency plan is, bluntly, theoretical: the ability to successfully recover and continue business operations without unacceptable damage or loss from an event which may or may not ever occur. To typical executive management, this is unlikely to be a compelling argument in the face of day-to-day crises and, as often as not, business continuity / disaster recovery are considered back-burner projects which do not ever achieve viability.

       Second, the likelihood that the investment will pay off in a contingency capability that will actually work when it is called upon is a question that may be difficult to answer, short of an actual disaster. The contingency planner's job is, in part, to provide top management with specific, credible evidence to support any claims of effectiveness and, even more important, to be totally candid about any constraints, weaknesses, exceptions or ongoing vulnerabilities. A contingency planner who sets out to convince top management that their efforts will result in a 'bulletproof' recovery capability is going to lack credibility.

       Third, the contingency planner must realize that top management is constantly juggling priorities, crises and demands from many sources. No matter how compelling the argument for investment in business continuity, top management is always going to consider the option of doing little or nothing. The contingency planner's job is to objectively spell out the consequences of inaction, delay or minimal investment in unemotional terms.

       Fourth, the contingency planner must be honest with themselves as much as
with top management about alternatives. Given the myriad conflicting demands for corporate resources, it is quite possible that one of those alternatives may prove
to be more appropriate. Executive management is likely to be most impressed
by the contingency planner who presents a business case with viable, carefully analyzed options.

Investment Justification
To the top corporate executive, funding a project or, more properly making an ongoing investment in business continuity, should happen for at least two reasons:

  • As a function of the organization's mission and commitment to that mission: "how can we continue to deliver on our mission in the event something terrible happens to us?"
  • What measurable, tangible, direct results are the organization gaining from
    this investment?

In practice, the first issue is thorny enough after all, many organizations are either not precise in their mission or not truly focused on an explicit mission statement. Even where the mission is clear, the top executive has to also consider the impact on and perceptions of stakeholders and other interested parties including customers, employees, stockholders, suppliers, competitors, the public and press as well as legal and regulatory implications.

       The second issue is where many contingency planners may have neither the acumen, experience or ammunition to present a business case and to gain management support. The typical contingency planner learns, through education and experience, to develop (and hopefully exercise and maintain) the contingency plan. "Disaster Recovery 101" does not prepare them for the rigors of justifying their work (or, in some cases, their continued employment) through executive presentations. Unfortunately, without this latter skill, they may never get the opportunity to become effective at contingency planning. Top management invariably expects any significant request for resources or expenditures to be accompanied by a business justification demonstrating measurable, tangible results. The contingency planner is in fact selling something inherently intangible, unmeasurable and indirect.

Learning From Experience
In one client organization, a line manager recently presented top executive management with a professional, carefully constructed proposal for enterprise-wide business continuity. Recent 'near-misses' had heightened awareness and concern. The proposal addressed extending contingency planning beyond the data center to at least the most vital business units of this medium-sized, New England-based service organization.

       Top management's response was lukewarm. Business continuity was viewed as desirable but, as is often the case, 'urgent business priorities' had to be handled first. As most contingency planning professionals have learned, this is a management euphemism for "that's nice, but don't waste our time." Clearly, this manager had not struck a responsive chord in the presentation. Working with the disheartened manager, it was learned that this client organization's top management emphasized consistent, timely achievement of specific, measurable objectives. Service quality and consistency of service delivery were core business planning issues. The manager agreed with the consultant's recommendation to center the pitch on these themes.

       A second meeting with the executive group was requested and an alternate strategy developed. Instead of emphasizing recovery from disruption as the exclusive objective, enhanced recoverability was acknowledged as just one benefit. The principal benefits of the proposed business continuity investment were specifically focused on the service quality and service delivery.

Getting Graphic
Since Executive management regularly employed graphic service delivery reports as management tools, the second presentation utilized these commonly accepted graphic and report formats. First, 'near-miss' events over the prior thirty months were briefly summarized. Then, two variations of the graphs and reports were presented:

  • Actual service delivery over the prior thirty months
  • Estimated service delivery if 'near-miss' events during that period had escalated into 'real' disruptions.

Since the 'near-miss' events were based on actual experience, they were believable. They included a train derailment on the freight line behind the company's offices, involving a chemical spill (which had actually occurred about five miles up the line); an electrical power outage lasting four hours from a transformer failure; a one-day work shutdown because of heavy snow and icing; a half-day work stoppage; a half-day closure because of flooding in the area; and, a two-hour total telephone outage when a truck knocked out an overhead line.

Re-Focus Improves Focus
The next step was to present a detailed service delivery and bottom-line analysis for a single month, based on a specific, hypothetical event. The event chosen was one which actually had occurred recently to a comparably sized competitor: a fire in their corporate offices. The anticipated bottom-line impact in this case was close to a million dollars although it was emphasized that the estimates were rough and that a business impact assessment would help to identify the likely exposure to loss as well as the sensitivity of various business functions in more specific terms.

       At this point in the presentation, executive management began asking perceptive questions. Already, the level of interest was noticeably higher than during the
previous presentation. The first line of questioning was about the business impact assessment: how long it would take, what kind of effort, what would be the outcome and results. The consensus was that this assessment should be made a
near-term priority.

       The second line of questioning was about protecting the corporate offices: what kind of preventive or containment measures might be prudent, who should have that accountability, and what to do if, despite these efforts, a disruption occurred. The executive management group delegated this aspect to the corporate facilities manager and directed him to report back in one month with initial recommendations.

       The focus was then turned to development of a company-wide continuity plan. No longer was the focus on disasters: the conversation centered on service quality and the bottom line. The issues of employee safety and payroll obligations were raised. The line manager was now in the enviable position of executive management pressing him for an effective business continuity program a solution to a problem they had not previously recognized.

Ready For Results
This time, the line manager was better prepared. He pulled out a time line which summarized at a high level a prudent project plan, with specific, achievable deliverables. Each deliverable was accompanied by a manpower estimate and cost estimate expense and capital. One of the executives immediately noticed that the time line and expenditures were configured to mesh with fiscal year objectives as well as two vital, current corporate initiatives. The ensuing discussion centered around funding and staffing, but, unlike the first presentation, the theme was 'who well do the best job?' rather than we can't spare the people.'

      The outcome of this session was encouraging. The line manager was given a clear mandate to proceed with planning and implementation of a corporate-wide business continuity program. Executive management designated specific resources on which he could draw and invited him to requisition other resources as needed. They agreed to act promptly on a corporate policy statement the line manager was to draft. They agreed on specific objectives and timeframes:

  • a specific project work plan with milestones, budget, staffing plan and deliverables, within one month
  • a draft corporate policy statement for adoption by the executive committee, within one month
  • within one month, identification and prioritization of significant vulnerabilities and threats and a near-term action plan to reduce these vulnerabilities
  • publication of a periodic newsletter beginning within three months quarterly executive briefings
  • within six months, identification and prioritization of mission-critical business operation and essential resources
  • within eight months, an action plan to minimize the identified vulnerabilities and threats of disruption
  • within nine months, a strategy for continuity of business operations in the face of the identified threats
  • within fifteen months, a target date and action plan with specific objectives for an initial corporate continuity exercise.

The line manager was elated with the outcome of this session, although he felt that some of the timeframes could have been more aggressive. On the other hand, it was agreed that the tasks were achievable and he was explicitly granted access to the necessary resources.

The Bottom Line
Developing a contingency plan is enough of a challenge. The art of eliciting top management support is not taught in "Disaster Recovery 101," yet it is assumed that the contingency planner is versed in the essential skills. Too many contingency planners learn the hard way that top management expects a persuasive business justification before investing funds or resources in contingency planning before 'paying for preparedness.'

Copyright (c)1997-2003, Rothstein Associates Inc. All Rights Reserved.

Site Map | The Rothstein Catalog on Disaster Recovery | The Rothstein Catalog on Service Level Books

Contact Us | Management Consulting Services | Business Survival Newsletter | Original Feature Articles

Disaster Recovery Forum | Today's Industry News | Links to Industry Web Sites | ‘Keep Me Posted’ | Privacy Policy

 

E-mail Rothstein Associates Inc.