Same old scenarios, lack of any real challenge, no real objectives – do these common BCM challenges and complaints feel all too real?
4C Strategies Principal Consultant, Ben White, brings his top solutions for bringing exercises and testing to life.
Get all the expertise and insight you need to give business continuity management exercises the momentum to make a real, lasting impact.
When working with organizations that want to improve their Business Continuity Programs, we often hear about their end goals:
With this focus on the end result, an organization’s current challenges and pain points often don’t get enough attention, which can lead to exercises that lack the desired impact. We address these common challenges and offer actionable solutions, so that organizations can take business continuity exercising in their stride and get the results they hope for with an invigorated, energised BCM exercise.
Participants can be wary about taking part in an exercise due to a fear that they will need to ‘perform’. This can lead to a lower level of engagement in exercise planning and preparation, and participants won’t fully engage in the exercise. Ultimately, it’s a missed opportunity and you won’t achieve your initial exercise goals.
Scenarios can become tedious after a while because it’s easy to reuse the same old scenarios that help you explore the top threats on your risk register. This repetition is often due to a lack of imagination, but also because experts are not directly involved. These risks can seem to go through thematic cycles. Not so long ago, every exercise was terrorism related, now we see the same awareness for cyber-attacks. It’s good to take these topical risks head on, but we need to freshen them up and bring a new approach.
A lot of exercises take place that involve decision making, but these are made based on information provided to participants on the day. This means that when the exercise presents a particular problem, such as an office building being completely flooded, the response may be that teams will move to remote working. In reality, it takes several hours for people to travel home and get set up at a new location. With this assumption of resources or scenario, what at first seems like straightforward continuity can, in a real-life situation, be more disruptive than it appears.
We often see exercises where participants are able to make decisions or respond to the scenario without any significant challenge. For example, a Crisis Management Team conducting a desktop exercise where they make decisions to ‘shut down this’ or ‘halt production’. Whatever the decision, if there is no dialogue with the appropriate experts to challenge the implications and consequences of a particular decision, then how can useful real-world lessons be identified?
In some organisations, the level of testing and exercising only meets the requirements laid down in the business continuity policy. However, too many of the same people are required to be in all of the small desktop exercises, leading to ‘exercise fatigue’. This can come down to a lack of interest, resources, or know-how from the organisation to deliver a large-scale exercise which could see multiple scenarios tested and challenged as part of one single, holistic exercise.
Exercises typically come with some key objectives or desired final outcomes, but often these will be to simply ‘test the ability to respond to a given scenario’. Objectives that have no related measurements can leave organisations without a clear picture of success or understanding of how they can improve moving forward. So, the key here is measurability.
If these challenges and common pitfalls sound familiar, the good news is that we have plenty of solutions that address these pain points and ensure you can tie business continuity exercises to your desired outcomes. These include:
To alleviate some of the repetition associated with exercises, defining your purpose is key. Each exercise must have a distinct purpose, and this should be clearly communicated to all participants. A purpose should answer the question ‘why?’ – the reason and source to the exercise. Once the purpose is set the objectives can swiftly follow.
Objectives are vital to inform participants of what you aim to measure during the exercise. They should not be confused with the aim or purpose. The key difference here is that they are measurable. I would recommend that each objective has some key performance indicators which measures what ‘good’ looks like and what evaluators should monitor, including any conditions required for the objectives to be met. To summarise:
Objectives must be clear, concise and focused on player performance. They should contain:
It is crucial to determine which type of exercise – table top, simulation, live – is right for your purpose.
If the exercise purpose is to increase confidence in crisis management plans, then it doesn’t need to be a comprehensive simulation exercise, but, instead, confidence can be built through open discussion. Scale and complexity (in terms of numbers of participants or scenario) and budget also play a large part in this decision. They key message here is to select the appropriate exercise format based upon the purpose and objectives.
4C have developed the “Gaming Exercise” which stops the participants from assuming resource availability and makes for a far more interactive experience for all involved. By assigning two teams, one counteracting the other, the Gaming Exercise can also allow the facilitator to effectively focus on identifying lessons and meeting the purpose of the exercise.
Over the last two years, we have all had to learn how to do things remotely and, in many ways, this did enable us to reinvigorate our exercise programme. It gave us the feeling that our exercises were somehow different now, closer tied to real world events and immersed in a new way of working.
As a result, we see much more of a hybrid approach as we simulate reality. With this new-found hybrid approach, we can bring to bear new and exciting tools for capturing thoughts and ideas. This can include creating digital whiteboards that capture root cause analysis or the decision-making process, all in ways that seemed unimaginable just a few years ago.
At 4C strategies we use several different digital tools to enhance the exercise experience for our participants. Ultimately, we all now have a greater opportunity to make our exercise more interesting using hybrid delivery methods that we have become accustomed to using in our day-to-day work.
Helping Shell better prepare for larger-scale, Tier-3 incidents that require an international response team. To be best-in-class at this, they identified a need for the Exonaut Resilience platform that would provide them with the structure and intelligence to constantly improve.
Exercises don’t have to be limited to sheets of paper and PowerPoint slides. Most exercise scenarios will take place in the context of the real world and, in today’s world with external factors like social media, most scenarios will inevitably result in reputational impact.
Using pseudo-media to bring your scenarios to life is a fantastic way to reinvigorate your exercises. A colleague recording a mock radio interview can be just as impactful as a highly-edited lunchtime news item with roaming reporters. At 4C we utilise our professional team of ex-journalists, news broadcasters and producers to create realistic news clips to bring the scenario to life, and in some cases deploy them at the exercise to practice tasks like journalist interviews in a realistic safe-to-fail environment.
Ultimately, exercises should be a fun and enjoyable experience for the participants. Exercises become enjoyable when people understand why they are there and know that they are in a safe-to-fail environment. Participants should enjoy being challenged and stretching themselves.
Allow time in the programme to reflect. In most table top or gaming exercises, it can come down to the facilitator to ensure the discussion is fun and enjoyable. Many of the areas highlighted above will ensure that your participants enjoy the experience of exercising and have fun along the way.
What can the aviation industry do to protect the smooth running of operations? Here are five BCM considerations all aviation companies should consider
With the deadline looming for CIRMP compliance we take a deeper dive into the Australian regulation, and look at what you need in place by 18 August 2023.
Find out how Madison Dishman got her start as a Software Developer and Team Lead at 4C Strategies, Orlando and learn how her role has developed and progressed with her.
Discover how you can build your risk, business continuity and crisis management capability with our expert services. Book a free consultation with one of our consultants to discuss your requirements.
