As a ERM practitioner, am I expected to be an SME of everything ?
Am I expected to be an HR guru?
Perhaps a CPA to develop a plan for Finance, AP and AR?
Do I need to be a member of the IFMA to create a plan to protect the facility?
So why do people, especially InfoTech folks, think an Enterprise Risk Management (a/k/a Business Continuity and COOP) practitioner should be an InfoTech maven?
Certainly it helps if I know something about what goes on behind the data center doors. But unless this data center is identical - down to the last patch and "tweak" - to the last data center, all my InfoTech expertise has to be discounted - not ignored, discounted.
As an enterprise planner, I depend upon Subject Matter Experts (SMEs) in each functional unit. I also depend upon a personal network of SMEs from various disciplines.
I wear enough hats as it is.
- Manager and mentor
- Writer and editor
Consider if the practitioner needed to be expert in each discipline covered by a plan. How could any normal person manage to keep up with all the procedural and technological advances; who can stay au courant with all the rules and regulations governing different functions. Extend that to an international audience with an even greater number of controlling authorities.
Organizations looking for a planner are well advised to look for a planner who is a Subject Matter Expert in planning, not InfoTech or HR or Finance or pick a discipline. Look for a person who lacks the baggage of prejudice ("I think 'A' is better than 'B' because I'm accustomed to 'A'.")
Find a planner with an open mind; one who knows how to ask questions and, equally important, knows how to listen to the answers (and seek clarification whenever necessary).
Next: About certification.
John Glenn, MBCI, SRP
Enterprise Risk Management/Business Continuity
Planner @ JohnGlennMBCI.com