EDITORIAL ADVISORY BOARD
Are you a Zealot?
Kathleen Aris, CMP
SunGard Availability Services Inc.
By ROBERT GIFFIN, CBCP, CISA
Linda R. Garcia, ABCP
Sandia National Laboritories
As business continuity pro- fessionals, we are often asked to “lead the charge” in establishing a business
continuity capability throughout our
organization. It’s a task we take seriously because we know the result
should we fail. We’ve studied everything from hurricanes and fires to
workplace violence and pandemics.
However, in our passion for business
continuity, it’s very easy to lose sight
of what we’re trying to protect: an
organization that must take risks to
deliver value to its stakeholders.
When an executive thinks about
business continuity, only one of the
50 things currently on his/her mind,
most likely, he/she wants to achieve
maximum protection for the minimum cost. When presented with
requests or proposals, the executive
must assess what these costs will be
and what organizational protection
this request will provide.
Try applying that reasoning to a
request to purchase a generator for a key building
for $50,000 (a frequent request in my past experiences). The cost component is pretty straightforward, but the protection component isn’t!
For your executive to understand how much
protection a $50,000 generator will provide the
organization, they must first understand the criticality of the teams that use that building, deferred
or permanent impact should the location be unusable, the frequency of power interruptions, and the
viability of alternate workspaces.
So let me ask you, do your requests address all
of these issues? If not, you are likely appearing as
if your primary goal is redundancy and “blanket”
availability, not managing risk. In the eyes of your
most important stakeholders, you’ve become a
business continuity zealot.
Executives can’t rely on a zealot for a balanced
cost-benefit analysis, because they see you as only
focused on blindly improving availability and
adding redundancy.
Once the perception of a zealot is established,
it’s hard to lose. Your participation in determin-
Once the perception
of a zealot is
established, it’s
hard to lose.
Your participation
in determining
organizational
strategy related to
business continuity
will quickly
disappear.
“
“
ing organizational strategy related to
business continuity will quickly disappear. Why? Because the executives
already know your perspective and
don’t trust your ability to evaluate
risk and reward objectively.
However, you have the power to
stop being perceived as a zealot! The
solution is simple, yet challenging to
implement: forget about “leading the
charge.” Instead, define your role as
having two parts:
1. Understand the risk tolerance of
your executives (risk takers, risk averse,
or somewhere in between)
2. Build a business continuity program
that seeks to align business continuity
capability with your executives’ risk
tolerance
Robert Giffin, CBCP, CISA
Avalution
Timothy P. Ging
IBM Business Continuity and
Resiliency Services
Louise Lachapelle, M.Sc., CBCP
Desjardins Financial Group
J. Frank Lady III,
CBCP, CISSP, PMP, MA, MSt, MBA
Bank of America
Peter Laz, MBCP
Forsythe
In short, your role is to manage
availability-related risk, not eliminate
it! Instead of just summarizing the
results of a business impact analysis survey, get out of your office and
have a discussion with your department contacts about their requirements – and push
back on them when you think they are unreasonable.
Your work may include reducing the likelihood of key risks (like a generator to improve the
availability of a facility) and developing the processes to react when events occur. But remember,
some risks must be accepted based on a cost-benefit analysis. Also remember, your executive
sponsor thinks about risk as an effect on objectives, not just events. So plan your messaging
appropriately. When you apply this perspective
to your work, you will begin to be perceived as
“strategic” and “speaking the language of an
executive.”
W. Martin Myers, MS, MBCP
Bank of America
Dr. Tom Phelan
Strategic Teaching Associates, Inc.
James O. Price Jr., CBCP, ITIL
3J Contingency Planning Services
Ken Schroeder, CBCP
Southeast Corporate
David A. Shimberg, CBCP
Premier, Inc.
Sue Simpson, CBCP
DRI International
v
Robert Giffin, CBCP, CISA, is a director and co-founder of Avalution
Consulting. Giffin specializes in the development of business continuity programs and solutions for organizations in the manufacturing,
financial services, healthcare, and consumer products industries. In
addition to serving as a consultant, Giffin is a frequent author, speaker,
and serves on the Disaster Recovery Journal Editorial Advisory Board.
Giffin can be reached via e-mail at robert.giffin@avalution.com.
Michele Turner,
MBCP, FBCI, CISA, ITIL
Microsoft Corporation
Sara Williams, CBCP
Jack Henry & Associates
David H. Ziev, MBCP, MBCI,ITIL
PPBI
