Anyone contrasting the different levels of preparedness of city and state authorities to deal with hurricanes Katrina and Rita can’t have failed to notice that, for instance, Galveston in Texas was somewhat better prepared to handle the imminent disaster than was New Orleans. Sure, the experience of Katrina in New Orleans galvanised everyone from the White House down, but there’s no way that Galveston’s level of continuity and disaster recovery planning could have been put in place in the interval between Katrina’s strike and Rita’s emergence.
This is a good context within which to ask the question: “Is business recovery planning a key governance responsibility?”
Governance is, in a sense, about the preservation and stewardship of an organization. Boards of directors are supposed to be uninvolved in the day-to-day struggle to turn an honest penny and, therefore, to be in the ideal position to take a strategic view of the risks faced by the organization. And continuity risks – which range from ‘Acts of Nature’ through terrorist attacks to IT system failure – have to fall within the range of issues to be considered. Most continuity risks are characterised by a combination of relative unlikelihood and possibly catastrophic impact.
In my book, that makes business continuity planning (here is a collection of resources) a key board responsibility. The sad truth is that very few boards address it properly and that, consequently, most organizations that experience a continuity-threatening event don’t survive – they might struggle on for a year or so but they ultimately fail. Continuity planning is key to the long term survival of all organizations – both big and small.
Galveston treated it as a critical governance responsibility and made appropriate contingency plans far in advance – so should you.