As part of an assessment of an operational resilience program, it’s imperative that organizations are capable of identifying and revalidating their most critical business processes.
Especially post-crisis, the ability to react, pivot, and surge forward can be the difference between a company that has a profitable future and one that either goes under or lingers in the margins. A business continuity plan that appropriately inventories and categorizes the organization’s critical business processes is a first step to ensuring operational resilience now and in the future.
Outlining the Essentials: Business Process Management
Critical business processes are those that are mandatory to the normal operation of the business. These are the critical applications, existing process flows, data, information technology architecture, and customer service apparatuses that drive the business.
Without these elements, a virtually guaranteed negative financial impact will occur to the organization, its shareholders, and its customers. Generally speaking, the key processes that animate a healthy, functional business operation are:
- Customer relationship, service, delivery, and strategy.
- Cyber, privacy, legal, and financial risk management.
- Human resources, human capital management, and employee development.
- Accounting, technology, and financial management.
While each business and industry might have varying levels of core processes they consider vital, the above shape some of the most common. Additionally, adherence to and improvement of these processes can drive competitive advantage in the marketplace. Organizations that do more than the bare minimum are also likelier to:
- Maintain a high or acceptable level of business activity despite expected or unexpected disruption.
- Have in place the process improvement, change management, and continuity planning governance that defrays collateral risk after the first shockwave of disruption.
- Carry forward and successfully execute the recovery strategy that’s vital to the information system, critical function, and operational capacity of business unit.
Evaluating the Accuracy of Critical Business Processes
Beyond the identification of the firm’s core processes necessary for normal operation, it’s also important to regularly validate the efficacy, accuracy, and priority of these processes. By conducting a thorough business process analysis (do we have what we need operationally?) weighed against a business impact analysis (does what we have add sustainable value and mitigate future risk?).
Include the following steps:
- Assess any critical changes to existing business processes required to stay operational throughout the disruption. Determine if this new way of working will be in place temporarily or permanently. If permanent, determine if it will require a reassessment and redefinition of the end-to-end process.
- Review incident logs arising from both internal (employees) and external (customers) complaints/issues and map these back to the critical business processes previously identified. Assess if any incidents could be traced back to business processes that were not previously identified as critical and identify the impact – financial or non-financial (e.g., reputational or loss of productivity).
- Examine the list of identified critical business processes that had very few or no incidents raised. Investigate if this was because the operational resilience plan mitigated the risks relating to these processes or if the business process was ultimately not critical.
Because each organizational silo’s operational resilience plan revolves around protecting and responding to threats to business processes and systems, having a firm and accurate understanding of which ones are the most critical underpins the operational resilience framework. Management must understand the internal critical processes and be able to assess if they operated effectively in a crisis environment.
For expert support with business continuity management and process improvement, contact CrossCountry Consulting.
Editor’s note: Updated September 2022