Is your management team aware of your true recovery capabilities? Are you transparent on what the BCM program can really do in a disruption? Or, is management under the misguided interpretation that whatever the situation is, they will make it through and be a recovery superhero?
Tragically, even as the BCM and risk management industry continues to mature over time, we are finding that management is often still living under a misguided belief that their recovery capabilities are much better than what they really are.
But, why is this happening? Who should we blame? Is the BCM Office not being transparent, is it lacking the right knowledge/lack of information or is it being ignored by management? Or, much worse, is management turning their heads away, saying nothing is going to happen and/or as an organization too big to fail.
We have worked across all kinds of organizations; those with seamless, proven capabilities and others with pieces and parts in place or nothing at all.
A recent example was a client who had the majority of the proper pieces of the recovery vehicle in place (a working backup data center, contract for alternate business workspace, resilient network, documented plans, etc.). However, what was missing was the documented proof that these individual pieces had been exercised individually and together to prove that the organization could recover what it said it could in the required timeframes.
Management was upset that we concluded that even though the organization was well on its way to a decent program, we could not confirm it could recover its business and therefore was deficient. I use the example: If I had a Porsche sports-car that I took you in and drove to prove it could meet all of its speed specifications is a lot different than me saying I have a fast Porsche but the parts are laying in the garage and the car needs to be assembled first.
The bottom line is you and your executives must be transparent, knowledgeable and willing to attest to the real capabilities; not what is imagined or believed can be accomplished when a disruption occurs. As the old saying goes, “the proof is in the pudding”.