Friday, April 18, 2008

Some thoughts about certification

Certification, like professional licensing, is supposed to attest to a practitioner's level of expertise.

But, as there are "universities" and "universities," there are, in the risk management (a/k/a business continuity and COOP) discipline "certifying organizations" and "certifying organizations."

For risk management (as I define it, anyway) there are several "name" certifying organizations. These are, alphabetically:

Truth in blogging: I am certified by the BCI (MBCI) and Richmond (SRP).

There are others, but the above are the "Big Three" and have been around the longest.

Each has a vetting process in an attempt to assure the people awarded the certifications have at least a basic understanding of the business to the level at which they are certified; that is, an "A" certificate - typically an "Associate" - is a tyro in the field who can at least spell "BC"; an intermediate certificate - MBCI, CBCP, CRP as examples - are practitioners with at least a couple of years' experience; while higher-level certificates such as FBCI, MBCP, and MRP are awarded to practitioners who have been around the block a bit longer and, frankly, who are willing to pay a premium for the honor.

Most certifications are awarded following successful completion of a multiple question test. Mid- and upper-level certifications require some indication of experience.

Does that mean the person knows what they are doing?

Not necessarily. Some people simply are good at short-term knowledge retention and test taking; we all know people in that category. Certifications for these people only indicates that they know how to read (to their credit) and pass tests.

I know some certified planners who I would not trust to plan a safe way to cross a deserted road. I also know some planners who, albeit lacking certification, are excellent planners.

Still, a certification from a legitimate organization (such as, but not necessarily limited to, the "Big Three" - caveat emptor) provides some level of confidence to the person engaging the planner).

Who needs it?

Consultants, mostly.

An InfoTech associate called certification "eye candy," and it may be that - especially if the consultant depends solely on the paper rather than curiosity and common sense - but in the consulting world, people are expecting paper. At one time, a high school diploma could get a person through the door, then the entry was via the bachelor's degree; now, anything less than a master's makes getting some jobs a challenge. (Security clearance is another "prestige" issue: "confidential" won't open any doors; "secret" barely gets someone inside; "top secret," or "TS," is the current base requirement.)

Unfortunately, my discipline (profession, trade: check one) lacks an apprenticeship or mentoring program, so the degree (certification) must be suspect until it can be supported by real-world experience.

If that sounds like a "Catch 22," it is, but one which a planner's employer can overcome with minimal cost and less effort.

More on that next.

Considerations before engaging a risk management practitioner.

  • Besides reviewing a practitioner's resume and making an independent reference check - would anyone offer bad references? - make an effort to test the practitioner's interviewing skills.
  • Does the practitioner ask open questions or questions designed to elicit a specific, desired answer?
  • Does the practitioner listen to the responder? Does the practitioner follow a tangent suggested by a responder, and then return to the main line of questions when the thread's end is reached?

John Glenn, MBCI, SRP
Enterprise Risk Management/Business Continuity
Planner @

No comments: