A person wrote on the DRJ Forum "Seeking business continuity industry recommendations - Should U.S. businesses begin developing a BCP that addresses impacts associated with economic decline?"
Gregg Jacobsen, a planner who has been around the block, correctly responded to the query. The question was "Should U.S. businesses begin developing a BCP that addresses impacts associated with economic decline?"
Gregg's answer was "No."
I went off on a tangent and explained HOW an economic downturn could impact an organization.
But I agree whole-heartedly with Gregg.
We do NOT need an "economics" specific plan any more than we need a "pandemic" specific plan or any other specific risk plan.
We do need to consider economic risks, but not in isolation.
Risk management, which is what business continuity is all about, must consider ALL risks, from whatever source.
We all know about "the usual suspects" as Capt. Louis Renault (Claude Rains) called them in Casa Blanca: environment, human error, and technology. (OK, Rains was referring to people off screen, but it's a good line.)
But there are others, many off the short range radar of business continuity, but very obvious when the focus is enterprise risk management.
Risks, to name just a few, include but are not limited to the following sampling::
- Financial - the lender failing in the middle of a construction project or acquisition
- Government regulations at all levels
- Image - before general public, financial audience, stockholders, customers, vendors, industry
- Legal - Law suits against the organization for any number of reasons including trademark infringement, copyright violations, intellectual property theft (either way), employee retaliation, and more
- Military call up or conscription, even if only for local deployment
- Municipal events that disrupt traffic (police, fire activity, parades)
- Neighbors that may be targets of strikers, picketers for any reason
- Vendors' vendors
- Work actions - primary and secondary
A down turn in economics is a very real threat to all organizations.
Charity or non-profit? There is a mandate to do something. Feed the hungry from a food bank.
As the economy tanks, people give less and less. The number of hungry, at the same time, increases as people lose their jobs and with that their income.
The mandate did not "go away," it increased.
A number of lending institutions failed or were forced out of business by the government. Some of these lenders provided organizations with lines of credit so the organizations could expand.
True story. A Washington DC area contractor had a contract with the Federal government to construct an office building within a specified time period.
Like most contractors, he used a line of credit from his bank to buy materials and pay the workers before the government funds trickled in. Standard Operating Procedure (SOP) for many businesses, big and small, but particularly the small business.
Unfortunately, the contractor's bank failed and with the failure, his line of credit was no more.
No line of credit, no more materials purchases and no more paychecks for the employees.
Bottom line: construction is halted.
But wait. The government has a contract and that contract has financial penalties if the contractor fails to finish the project on time.
Seven words come to mind:
Some organizations that have a captive or near captive client base simply up their prices or nickel and dime their customers; some, like airlines, do both.
Even if the practitioner's organization is considered more or less safe from the downturn, consider what an economic meltdown does to the customer base.
Bank of America is slated to lay off 30,000 - thirty thousand - employees. That's 30,000 more people on the dole and 30,000 more people who will be hard pressed to pay their mortgage and buy all the groceries they were accustomed to buying, or filling up the flivver as often, or - pick an expenditure.
An economic downturn is very much a risk, but it is "just another risk" in the grand scheme of things.
The organization deserves an enterprise risk management plan, not an economic downturn plan or a pandemic plan or a strike plan or any other one-risk plan.
A risk is a risk is a risk (unless it's a threat, which is just a risk spelled differently).
Practitioners ferret out risks.
Practitioners find ways to avoid or mitigate (or transfer) the risks.
Practitioners prioritize the risks according to probability and impact.
Practitioners present their recommendations to management so management can
- decide which recommendations to accept
- set an implementation schedule for the accepted recommendations
- establish a budget to accomplish the implementation
Creating a plan focused on a single risk is foolish on many fronts.
It ignores other risks.
It duplicates response documentation and, perhaps, training.
It's wasteful of time - the practitioner's time, the Subject Matter Experts' time, management's time.
If I wrote it, you may quote it.
GREGG JACOBSEN comments:
Economic downturn as a risk is like sea level: it goes up, it goes down, as do all the boats thereupon. The real threat is making sure yours isn't leaky.
The leaks come in many forms, but going into business is itself a risk. The entrepreneur is betting he or she has that better mouse trap concept and gets friends and family, or a venture capital outfit to fund the boat-building effort. All risky stuff, but at the end of the story, it comes back to something Dunn and Bradstreet have been tracking for decades, and the year-to-year figures vary little: about 80% of business failures are the result of "mismanagement."
That word takes in a broad range of opportunities to screw up the enterprise, and yet it comes down to the most basic aspect of what I learned as a quality assurance practitioner in another life: PEOPLE are the single most cause of variability in any process. And variability means defects and failures, whiter in products or services. Th creepy thing is, it comes back to our old friends on the Blue Collar Comedy Tour: "You can't fix stupid."