The Magic of Metrics: How Using Metrics Can Transform Your BCM Program
Metrics are a down-to-earth tool that can have an almost magical impact on your organization’s business continuity management (BCM) program. However, getting their full benefit requires differentiating between meaningless volume metrics and metrics that can provide true insight into your company’s situation and practical guidance for improving its resilience.
Related on MHA Consulting: BCM by the Numbers: The Metrics That Matter Most
Everyday Metrics
Metrics are a familiar and important part of everyday life. When we go to the doctor, the nurses collect the metrics of our temperature, pulse, and blood pressure. In the car, dashboard instruments provide metrics on our speed, RPMs, and fuel supply. Our children’s report cards are a metric of how they’re doing in school, and portfolio reports measure the state of our financial investments. These everyday metrics provide insight into the current state of affairs and can offer sound guidance for our future actions. Business continuity metrics, provided they are of the right type, can perform the same critical function for our organizations’ business continuity position.Missing Out on the Power of Metrics
Quality BCM metrics have the potential to deliver enormous insight and leverage into the hands of company leaders. Despite this fact, most executives squander the opportunity to avail themselves of this power. Relatively few companies use metrics widely or well. As business continuity consultants, we at MHA Consulting frequently ask our clients about their understanding of metrics and why they don’t use them. Here are some of the responses we hear most frequently:-
- “We don’t know what to measure.”
-
- “Management isn’t asking, so why bring it up?”
-
- “We don’t want to know how the program is doing.”
-
- “It takes too much time to measure effectiveness.”
-
- “I think our process would work, so why waste time measuring it?”
-
- “We already know our program is a disaster; why would metrics be helpful?”
Meaningless Metrics
In some cases, we encounter organizations that do employ metrics but of the wrong sort. They gather data on such topics as the number of recovery exercises conducted, the number of plans that have been updated, and the number of business impact analyses (BIAs) completed. These are what I call meaningless metrics. They measure the volume of work completed by the BCM office but tell you nothing about how well the organization will be able to recover from an event. Nor do they provide any useful guidance on the best next steps the organization can take to improve its resilience. To learn more about meaningless metrics, read “You’re Doing It Wrong: BCM Metrics.”Measure and Manage
Measuring something over time and comparing it to reliable benchmarks improves your ability to manage it. When an organization comes into possession of solid BCM metrics, it gains the ability to tell how its BC process is functioning and know how it would fare in the event of a disruption. It also acquires a basis for identifying what aspects of the program are working and which need improvements. Metrics serve three important functions with regard to BCM program management:-
- Metrics serve as a control and feedback loop. If an assessment determines that you are at 50 percent compliance with your chosen BCM standard, you know right away you are vulnerable and have a lot of work to do. If you are at 90 percent, it means you are doing a lot of things right and might be justified in diverting your resources to another area rather than continuing to invest in improving compliance.
-
- Metrics add objectivity to the evaluation process. We often encounter managers and BC staff who claim their BC program is in great shape, then reveal under questioning that this conclusion is based on a vague impression rather than data. Metrics provide solid evidence on which to base claims about program condition.
-
- Metrics are the foundation for improvement goals. Using numbers makes it easy to assess condition and set goals. If your program scores a 61 on a 0 to 100 scale, then you are in a position to set a measurable and definite goal, such as getting to 80. You can then outline a strategy to reach that goal, determine the steps needed to reach it, and determine afterward whether your strategy worked.
Meaningful Metrics
To measure the effectiveness of your BC process, you need metrics that focus on two key areas: the foundation of the program and the execution of the program. Evaluating these will provide true insight into how a program will perform when it’s needed. Metric Area #1: Alignment With Standards This area measures how aligned your program is with industry standards, such as FFIEC, ISO 22301, or NFPA 1600. (For more on the leading BC standards, see “Standard Time: The Best Time to Choose a Business Continuity Standard Is Right Now.”) This area looks at how, on a scale of 0-100, your program measures up to those standards in terms of:- Program Administration
- Crisis Management
- Business Recovery
- Disaster Recovery
- Supply Chain Risk Management