Gartner Blog Network


The Gartner Analyst Perspective: The Benefits and Costs of Business Continuity Management

by Roberta J. Witty  |  March 18, 2014  |  6 Comments

Some Observations for BCI’s Business Continuity Awareness Week (Click here to see the full set of FlashBlog posts)

Gartner has been covering business continuity management (BCM) for many years, and we’ve learned a lot of important lessons from our research and from our client interactions. For BCI’s Business Continuity Awareness Week, we asked the Gartner analysts and consultants who specialize in this area — John Morency, Robert Naegle, Belinda Wilson, Roberta Witty and Werner Zurcher — for some top-of-mind thoughts on BCM.

“When your business is down — and only your business — you’ve got a very serious problem on your hands.” Sometimes operational failures are spread across an industry, or a geographical area. When that happens, stakeholders — customers, clients, employees, whoever — are likely to accept operational delays. But it’s a different story when your enterprise, and only yours, is down. That’s why you’d better have a good recovery plan for business disruptions that impact only you.

“Getting a new job is easier than getting a new family.” Your family is more important to you than the company you work for, isn’t it? Well, the same is true for everybody else, so you can’t expect people to come to the aid of the business when they’re impacted by the same event. That’s why you need redundancy built into your recovery plans, so that you have workforce “bench strength.” And that’s why you have to be aware of your employees’ personal needs and allow them the time to take care of their personal lives — before, during and after an event. Red Cross personal preparedness training, or something similar, should be a part of every BCM program’s awareness and education program.

“Recovery, restoration and resilience cost money. Get over it.” All of your BCM efforts mean some level of redundancy, and that inevitably leads to increased costs. Backups, data replication, retainer contracts, spare inventory, cross-training — they all cost money to implement. But without them, all you have to look forward to is single points of failure all over the business. That’s not a good operational model, or a good career plan.

“BCM is part of risk management. You can’t separate them, and you shouldn’t try.” BCM is increasingly seen as a component of the broader operational risk management (ORM) function. We’re seeing more and more cross-pollination of risk management practices between BCM and other ORM domains, and more and more long-overdue acknowledgment of the value of BCM programs. One important observation: Nothing delivers better business impact analysis than a good BCM program.

“Poor contract management quality can be fatal to the business. Not just damaging. Fatal.” Your business — every business — needs to pay much more attention to the contractual commitments you make to your customers. (For one thing, they can dictate your internal recovery needs.) You also need to be able to document and enforce the service delivery recovery needs specified in supplier and partner contracts – those you depend upon.

Now, those are all words to live by. But BCM professionals also need to understand the business and IT trends and issues impacting BCM in their industries and their enterprises — and their benefits and costs. Here are two quick-reference charts that show how Gartner sees BCM today.

BCI BCAW Business Issues Editted

BCI BCAW IT Issues Editted

Category: advisory  bcm-process  event-2  itscore-for-bcm  standardsframeworks  technology  

Tags: bcaw  bci  bcm  bia  business-continuity-management  business-continuity-planning  business-impact-analysis  business-resiliency  it-disaster-recovery  it-service-continuity-management  itil  operational-risk-management  


Thoughts on The Gartner Analyst Perspective: The Benefits and Costs of Business Continuity Management


  1. Dag Alfheim says:

    I fundamentally disagree with the notion of making BCM the responsibility of the Operational Risk group. BCM capabilities should be embedded into the costs of doing business and owned by the lines of business. The Op Risk group should assess the level of risk that exists if there is no BCM plan, or it is weak or not tested. The resulting situation should then be addressed as part of the risk reporting processes. Having Op Risk own the BCM has them acting in the first line of defense role.

  2. Danny Kellett says:

    I have a genuine respect for Roberta and Gartner but I think it is fair to say that having “Increase expenditure” in all the IT Trends costs column is probably the easy way out but one that is not achievable.

    If I were to present to a client that Gartner said just increase expenditure, then I would expect to asked how long have I been in ITIL/ITSM consultant. My advice, and one that has held me in good stead to date, is to balance increase expenditure with a heavy hand of cost reduction in what you have today. E.g. learn when to call it a day on those projects that just bleed; outsourcing is good but not when quality is compromised and finally, my favourite in fact, make vendors work harder for your money. Get reassurances, hold them to penalties and above all review regularly.
    Thanks and kind regards
    Danny

  3. D. Matte says:

    In regards to: “BCM is part of risk management. You can’t separate them, and you shouldn’t try.” BCM is increasingly seen as a component of the broader operational risk management (ORM) function.”

    I agree with this statement if we are referring to the BCM program. However, separating/isolating the Business Continuity Planning responsibility from operations is taking away the operations manager’s responsibility and accountability.

    As for costing money, it will always be seen as an additional line item until risk management and BCM is part of the organization’s modus operandi at all levels or in other words its culture.

    Denis



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.