Image links to the Table of Contents for this report.
BC Management's BCM Program Management Trending Report has been Distributed to those Professionals who Participated in our Annual BCM Program Management Assessment.
Highlights from the BCM Program Management Trending Report:
Business Continuity Management Program Advancements
In assessing the data results from 2009 to 2017 we noticed the following business continuity management program advancements that indicate a shift to an enterprise-wide resiliency focus with increased executive support and acknowledgement of increased standards that will more than likely continue to evolve the profession in the future.
- Improved integration of the business continuity management program with other corporate functions with crisis management/ incident management, disaster recovery and information technology showing the greatest improvement.
- The business continuity program is increasingly being placed underneath risk management with the data results indicating a 10% increase from 2009 to 2017. In comparison, IT dropped as the department owner from 27% in 2009 to 18% in 2017.
- Risk management and a dedicated business continuity office received the highest approval ratings for where to position the business continuity program for maximum visibility.
- From 2009 to 2017 an increasing number of respondents noted the Chief Risk Officer as the program sponsor (8% increase); while less noted the Chief Information Officer/ Chief Technology Officer (3% decrease).
- An increasing number of respondents are placing the program from zero to one level of separation from their executive committee (4% increase from 2009 to 2017).
- More respondents indicated an increase in conducting an annual BIA for critical (44% in 2009 to 52% in 2017) and non-critical business functions (34% in 2009 to 40% in 2017). More respondents also believed they are leveraging the BIA findings more so in 2017 compared to 2009.
- An increasing number of respondents are conducting an internal audit of their program. Those who indicated “Never” conducting an internal audit of the program decreased from 23% in 2009 to 11% in 2017.
- Average number of dedicated program personnel (directly being managed by the study respondent) increased from 3 in 2014 to 8 in 2017. At the same time, total dedicated program personnel in 2017 (14 personnel) stayed consistent with the data findings from 2009 (15 personnel).
- Risk management continues to converge with business continuity with an increase in respondents either considering an enterprise risk assessment for the board and/or senior management (13% in 2009 to 23% in 2017) or incorporated a full enterprise risk management program with controls in place to avoid or mitigate potential risks (33% in 2009 to 45% in 2017).
Business Continuity Management Program Deteriorations
The first and second edition of our Trending in Business Continuity focused on a lack of financial support for business continuity planning initiatives. This still tends to be the case somewhat; however, it appears that a majority of the respondents indicated no change in budget revisions (76%) and less respondents are decreasing their program expenditures (12% in 2009 to 6% in 2017). Additionally, a majority of respondents (32%) indicated a program budget of $200,000 - $750,000 USD and the study results also highlighted a 5% respondent increase with budgets between $500,000 - $1,500,000 USD between 2014 and 2017. It is important to note that program budgets vary tremendously based on the size of the organization and industry. Some other disconcerting trends are:
- Average number of anticipated new hires to be dedicated to the program in the next year dropped from 3.3 in 2011 to 2.0 in 2017. This is a minimal drop and still above the 2009 data findings of 1.3. Additionally, more respondents were unsure if headcount would be approved.
- Less respondents noted no downsizing of program personnel, which decreased from 79% in 2011 to 69% in 2017. This decrease could be attributed to more respondents being unsure about potential downsizing.
- Less respondents noted having a full functioning pandemic preparedness policy in place (74% in 2009 to 59% in 2017), but at the same time more respondents did indicate that they were either currently developing or implementing a pandemic preparedness policy.
- There was a decrease in respondents noting a full functioning Emergency Operations Center in place (51% in 2009 to 42% in 2017) and additionally there was a decrease in policies and procedures in place to interact and coordinate with external agencies in times of a disaster (63% in 2009 to 54% in 2017).
Other Business Continuity Management Program Notable Trends
Our data analysis indicated other noteworthy business continuity management trends. These trends could be viewed as having a positive, negative or neutral impact to the future of the business continuity management profession.
- 66% of the study respondents noted a centralized program as it pertains to budgeting and staffing and 77% of those individuals agree that the organizational structure contributes to the success of the program, this is an increase from 54% reporting the same in 2012.
- Organizational restructuring and financial pressures were the leading reasons behind the downsizing of dedicated program personnel.
- 57% of the respondents indicated that they keep consultants for 12 months or less.
- There was a significant increase from 2009 to 2017 for audit results, customer requirements, contractual agreements/ service-level agreements and insurance policy recommendations as the drivers for developing and maintaining a business continuity program.
Using the Data
How Can this Report Benefit Your Program and Your Organization?
This summary is a broad analysis of a segment of the data offering an illustration of how the business continuity profession is viewed and what we can learn from these study results. This is simply a baseline of the trends in our industry. The report can be leveraged to provide you with facts to present to your executive management to help justify continued emphasis in key areas of your business continuity program.
Enclosed you will find a great deal of data, though it is impossible to display everything, which is why the customized reporting (view sample report) by organization will be essential if an organization wants to obtain a clear understanding of other “similar” organizations. A feature of the customized reports is providing a detailed analysis specific to your industry which not only allows you to benchmark your own program against very mature programs specific to your demographics, but also is an opportunity to create a roadmap for your program based on effective peer-based models and supporting data.