The Total Business Metrics Special Interest Group met monthly to assist business continuity professionals connect, share challenges and best practices and improve their work, led by business continuity consultant John Robinson.
We began the SIG talking about hard and soft metrics for business continuity management, hard metrics being things you can count, a result anyone could physically verify with a low chance of error, soft metrics the qualitative outcome of a judgement or opinion, often based on an aggregation of hard(er) lower-level metrics. Soft metrics are therefore potentially less reliable but more valuable, since they may be concentrates based on subordinate layers of mixed soft and hard metrics. The added wisdom promises greater apparent decision value but the judgmental component makes them correspondingly less reliable.
Perhaps because of this organisations resort to counting prescribed activities, placing coverage above decision value, relevance or meaning of what they are doing. We do this because we know we need to show that BCM is performing but can’t be seen to be ‘guessing’; we look for substantive evidence. However the metrics we are able to collect, despite being accurate, don’t yield results the organisation finds useful. They often don’t point in the direction in which everyone else is moving or support the corporate strategy. They become inconsequential.
One particularly insightful participant suggested we should express resilience and recoverability in terms that have recognisable strategic relevance and value. He went on to say that most organisations have well-defined strategic KPI, scorecards or success criteria, showing deviations against plan for product revenue, customer service, and that recoverability would have more board-level relevance if expressed in these terms.
He suggested we should be able to repeatably estimate the probability of each strategic KPI being met under a set of agreed scenarios. This amounts to a statement of confidence whose foundation contains our current hard measures of recoverability. Yes, we would need business continuity software, specific to each organisation. However, it will deliver resilience and recoverability metrics in board-relevant terms.
