Succession Planning Plays a Role in Business Continuity

When we think of the topic of risk management we may not immediately think of succession planning. I believe the two topics do go together. Unfortunately, in my experience, risk and managing a crisis are rarely part of a leadership curriculum.

Succession planning is a strategy to prepare today’s employees and managers to be tomorrow’s leaders. Managing risk involves understanding hazards, impacts, statistics, people and their attitudes and reactions to emergencies, urgencies, and crisis. I submit that some of the attributes that make a crisis/risk/continuity leader also are found in how we prepare and train future leaders. In particular, succession planning done well can help ensure continuity of the culture of a business.[1] Continuity of a business culture outlasted generations as Collins and Porras (1994) learned in their research of the most successful companies who achieved perennial growth over decades.[2]

Further, a company should care very much about the capabilities of their leaders to handle stress, crisis, and how to make strategic risk decisions for they will certainly encounter such challenges during their career.

Textbooks and training programs are replete with dozens of qualities and attributes that help an individual grow in ability and contribute as a leader. I believe that our leadership programs should include at least a facile understanding of risk management – the new global expanded world of business demands it, I think.

A successful succession plan begins with the future – understanding and in some cases guessing what lies ahead for a company, an industry, and the workforce that will support that future state. Smallwood et al (1999) refers to this as results-based leadership.[3] In my experience working with Mr. Smallwood and a high tech computer company’s human resources function, I found that this approach has great validity. One approach can be to connect the nature of the business and industry to performance-based criteria. For example, oil industry leaders should be trained and prepared to manage a potential oil spill, scientists at NASA should be ready with contingencies for a space-born rescue mission, a college level school district should partner with local industry to understand how to train future leaders, etc.

Collectively, we as a society can nurture and focus on the future leaders instead of adhering to traditional, static methods of training managers to ‘just do a job’.

I offer a few suggestions here to businesses that may help with succession planning:

  • Share the vision
    • educate the workforce with the ‘why’ of training and not just the ‘what’
    • demonstrate why particular measurements, training aids and topics can help the candidates be more productive and ready for the future
  • Show you care
    • invest in your internal talent by providing ongoing, but focused training
  • Provide tuition reimbursement
    • reinstate (some now defunct) tuition reimbursement programs
  • Build competencies specific to risk and crisis management
    • include one module with practice on crisis management

And finally, one of my favorite mantras (which sometimes got me in trouble with management and sometimes reward myself and my team) is:

If we always do

what we’ve always done

we’ll always get

what we always got.”

Therefore, we should listen to both the pundits speaking of the future as well as the next generation of primary workers (ages 25-45) for together we can build future leaders that can actually make a positive difference.


[1] Byham, William C, Smith, Audrey B., Paese, Matthew, J., (2002). “Grow Your Own Leaders-How to identify, develop, and retain leadership talent“. Prentice Hall, New Jersey 357

[2] Collins, James C., and Porras, Jerry Il, (1994). “Build to Last-Successful Habits of Visionary Companies“. Harper Business New York

[3] Ulrich, Dave, Zenger, Jack, and Smallwood, Norm, (1999). “Results-Based Leadership-How leaders build the business and improve the bottom line“. Harvard Business School Press, Boston 207

SWOT for Utilities Sector

Well the first thing I noticed when performing an online search for information about utility company SWOT analysis is that the vast majority of information is about the stability of the companies for investing and from a financial perspective. While that can be interesting, I am looking more for the infrastructure capability issues.

There is a superb source for the infrastructure perspective found in a report by the World Economic Forum-WEF (2008) on building resilience in response to natural disasters.[1]  The WEF report highlights two important considerations regarding utilities: 1- continuous water sources is both a critical infrastructure service as well as vital to support most other service, as in, water for human consumption for workers in the utility sector and water to generate electricity that powers other sectors; 2- a connection to the transportation sector, as in, moving people and supplies that support, operate and distribute other utilities.[2]

A proper utility SWOT analysis would be quite involved, so here is a glimpse of the significant issues:


  • Provides key services that assure business continuity of other sectors [3]
  • Revenue generator
  • Provides jobs and employment
  • A ‘green’ industry catalyst and/or incipient user


  • Disproportional impact of disasters on the industry [4]
  • Increased vulnerability due to nature of large expanse of source and networks
  • Out of date monitoring systems (many have been updated since 9-11, but others may still be exposed


  • Large contribution to water management (dams/sea walls, irrigation, desalination, flood management, sewage draining etc) [5]
  • Maintain revenues [6]

Threats (challenges)

  • Susceptible as high priority terrorist target
  • Where sectors are not privatized there is an increased burden on the public sector (i.e. funding and support), especially during a disaster which overtaxes the response from public sector [7]
  • Regulatory constraints may threaten ability to generate revenue or implement all safeguards

Possible Initiatives

At a high level, I’d recommend the following actions.

  1. Monitor, inspect, and institute quality assurance procedures. Knowing what we know and don’t know is the first step toward determining risks, threats, and vulnerabilities.
  2. Perform regular maintenance of substations, dams, levees, and distribution systems. This action helps prevent needless outages due to inattention.
  3. Create backup plans through co-ops and partnerships. When one region is experiencing problems or disaster other regions can more readily be prepared to take on some of the burden.
  4. Develop business continuity plans (or COOP plans for public sector utilities) and conduct practice exercises to ensure the plans work when needed.
  5. Implement security where there is none and bolster security in the most highly vulnerable locations (this includes redundant protections so that if one part of the water system or utility is contaminated another part can still be functional).
  6. Create training and education programs for all utility employees relevant to the role they play in protecting our infrastructures.
  7. Assign liaison duties to a key representative of the utility organization to build relationships and stay up to date with local governments and commissions.

Further detailed actions would result from each of these high level initiatives.


[1] World Economic Forum, (2008). “Building Resilience to Natural Disasters: A Framework for Private Sector Engagement“. Retrieved 6-22-10:

[2] Ibid. 15-16

[3] Ibid.

[4] Ibid.

[5] Ibid

[6] Ibid.

[7] Ibid

How Useful is SWOT Analysis?

SWOT Analysis is an analytical tool/methodology used to evaluate an organization’s strengths, weaknesses, opportunities, and threats within their internal and external environment and is often the foundation of a company strategic plan.[1] [2]

Over the years, the SWOT method has been attributed to many different origins and authors, however, I could not find any absolute citation that directly attributes its invention to a particular person or group. Friesner (2010), a senior lecturer in marketing at the University of Chichester, West Sussex, UK, conducted research into SWOT origin as far back as the 1950’s, but similarly could not make a final determination.[3]

I think it’s important to consider origin simply because it would be interesting and possibly insightful to learn whether we are using the tool in its intended manner. I wonder if there is more to this simply tool or have the plethora of modifications actually improved and enhanced the tool. For example, Sikich (2008) presents an additional element ‘Hazards-H’ for evaluating risks.[4] Also, in the early 1920s Harvard Business School introduced the word ‘Challenges-C’ [as in SWOC] in their education programs (prior to ‘Threats-T’ being used). [5] Understanding intent might help us gain perspective in the value of SWOT. Nevertheless, the SWOT tool is ubiquitous in business and has many applications.

I have used SWOT analysis on several projects during the past 20 years and find it very useful. Some of the projects were at the strategic level of the business, others at the organizational level, and still others I applied at the functional (tactical) level.

One example was the use of the SWOT tool for a volunteer county rescue team. While facilitating the discussion among the officer staff, I found that strengths and weaknesses were quite easy to obtain, but opportunities and threats were more difficult. I think that is because we are all very used to looking at pros and cons, what’s good and what isn’t. However, opportunities and threats force us to look into the future and consider ‘what might happen if’ this or that occurs, ‘what forces (unknown) external to our company, organization, or business, might exist that directly impact us’ and ‘how might we react/prepare’ for such a situation.

Another example was the use of SWOT for a functional (silo-ed) organization. The purpose was to focus only on our internal environment and build a strategy related to improving our process. This exercise was well received and quick work was made of using the tool and creating the strategy. Obviously, it was naive to think that we could actually ignore (by design) external factors within the larger enterprise. Nevertheless, the exercise was useful to indentify how we might perform our work better in ways that would not have been found had we not had the discussion.

SWOT, like many tools, is limited by who participates and how broad the scope is, with better representation and broader considerations being of great help to the validity and analysis of the results. Some critics conclude that the output of SWOT can be too broad or too trivial depending on the participants and prejudiced expectations.[6] I like SWOT and also understand it has limitations.

Perhaps the salient point about SWOT and its usefulness is it stimulates a guided discussion that would not normally take place in the same manner as getting together to make improvements without a tool as guidance.


[1], (2009). “What is SWOT Analysis?“. Retrieved 6-22-10:

[2] Bartolomei, Kyra, 2010. “Weaknesses in SWOT Analysis”. Retrieved 6-22-10:

[3] Freisner, Tim, (2010). “History of SWOT Analysis”. Retrieved 6-22-10:

[4] Sikich, Geary W. (2008). “Risk Analysis: Methods, Resources, Techniques“. Norwich University MSBC Seminar 4, Lecture Week 3.

[5]  Florida International University (2009) . “SWOT Analysis Defined“. College of Architecture-FIU. Retrieved 6-22-10:

[6] Ibid.

Effects of ‘Unrelated Risks’

An unrelated risk is a situation perceived to be directly related to and as a result a significant impact on an entity, company (etc) which in retrospect is determined to be irrelevant. Sikich (2003) points to the preoccupation of some competent risk managers (in the area of pandemics for example) with dwelling on and precise measurement of  threats, hazards, and risks that are actually dissimilar and have not significant effect on outcomes. [1]

There is evidence of pitfalls to risk management caused by unrelated influence on those making risk decisions. In some cases, information which truly has no bearing on the understanding or measurement of risk has been found to raise alarm where there may be no reason or under-react to more significant threats, especially to fear of pandemics, loss of a company asset, or other situation.


In multiple surveys conducted by the Association for Psychological Science,  it was found that those surveyed immediately after seeing or hearing (witnessed) a person sneezing were much more likely to perceive a chance of falling ill or of thinking it a good idea to support raised funding for production of flu vaccines. “The researchers suggest that the public sneeze triggered a broad fear of all health threats, even ones that couldn’t possibly be linked to germs.” [2]


In a recent Haifa University study it was found that reading stories of successful investing seems to cause some financial advisors to over rate the underlying company stock value in the article. The concern is that people can be influenced by unrelated information which can mask the true risk of a situation.[3]


Insurance companies avoid writing policies on unrelated risks and use an ownership test (the company owns more than 50% of the asset) to determine insurability. [4] As businesses prepare for risk prevention and mitigation they would do well to work with their insurance companies to ensure that all assets are accounted for in the plan.


Risk management of chemical and biotechnology often involves a paradigm from established and direct models. The European  Joint  Commission suggests that the paradigm of does measurements of “…precise dose-response” does not match reality. [5] Uncertainty factors used to “…derive human safety standards …” may result in an inaccurate does assessment [6]. “Indeed it is often acknowledged that quantifiability and relative seriousness are often unrelated ” (Cohen and Pritchard, 1980.) [7]

We can prepare for unrelated risks by considering an approach that addressed uncertainty in a more broad manner and offers challenges to traditional paradigms. [8] Enterprise risk assessment will need to expand its view beyond previously successful business models and learn to be more adaptable. [9]


[1] Sikich, Geary W. (2008). “Protecting Your Business in a Pandemic“. Praeger Publishers, CT. Chapter 1.

[2] Association for Psychological Science, (2009, November 2).Sneezing in Times of a Flu Pandemic: Exposure to Public Sneezing Increases Fears of Unrelated Risk“. Retrieved June 7, 2010, from

[3] University of Haifa (2009, April 28). “Reading Reports Involving Risk-taking Affects Financial Decision Making“. ScienceDaily. Retrieved June 7, 2010, from­ /releases/2009/04/090427091120.htm

[4]Westover, Kate and Whitehead, Bill (2010). “Unrelated Risk: What are Captives Writing, Why and How?“. 2010 Western Captive Round up. Retrieved 6-7-10:

[5]European Science and Technology Observatory. (2001, November). “On Science and Precaution in the Management of Technological Risk Volume II Case Studies“, Report EUR 19056/EN/2 edited by Andrew Stirling (SPRU University of Sussex), 61

[6] Ibid.

[7] Ibid.

[8] Sikich, Geary W. (2003). “Integrated Business Continuity-Maintaining Resilience in Uncertain Times“. Penwell Corp OK, Chapter 1

[9] Sikich, Geary W. (2010). “Introduction to Risk: How it Applies to Your Enterprise“. Norwich University MSBC Seminar 4, Lecture Week 1.

Inherent Company Challenges Evaluating Risk Probability

There are challenges to completing a probability and consequence graph for an organization. We must first overcome the propensity to give attention to only the most probable threats, hazards, and then risks that may impact our company.  Often, the highest probable failure factor gets most of the attention and is the easiest to understand. While that factor must, of course, be planned for (prevented, mitigated,  prepared), other failure factor may produce unexpected consequences. Not being ready for the unexpected could prove more catastrophic than the occurrence and impact of the highest probable risk event. [1]

During the course of consulting with various organizations, I’ve found the most common reaction to the discussion of risk assessment is complacency. There is the usual litany of reasons (excuses) many of which are well-founded. For example, a typical comment is ‘ we’ve never had a natural disaster here and probably never will – the data just doesn’t support even a remote possibility, so why bother ‘(waste time or money)’.

Others suggest that they fully recognize the myriad of threats and hazards, but they have previously determined those risks and instituted preventive actions. In one case, I found that the organization had actually performed a good probability study of internal and external risks, but ignored the airport 1 mile away. An open discussion with that company helped them ask more specific questions that eventually modified their thinking about being unprepared for unexpected consequences.

The accuracy of the outcome depends on what an organization has done to fully understand a complex set of factors and influences. A study should be balanced to understand the impact of influences from internal capabilities and assets from the assets and capabilities of others, i.e. supply chain, service vendors, and others. Understanding what is within our control and balancing that with constraints can help ask the right questions. [2] For example, we learned that the pandemics are virtually outside our control and stop from occurring (cannot prevent), but organizations  can understand the complex impacts of exposure and implement mitigations, educate a workforce, and practice for contingencies to lessen either the time impact or the number of people impacted. [3]

Some business areas may be more susceptible to inherent risk assessment challenges than others. Areas of the business which use metrics and have systems in place to measure critical factors may be better equipped to understand the influences in terms of risk factors. Those areas might include IT, supply chain, customer service and finance. Other areas less likely to have consistent and formal metrics might be human resources, sales (other than revenue and quota), and ancillary support functions.


[1] Sikich, Geary W. (2008). “Protecting Your Business in a Pandemic“. Praeger Publishers, CT. Chapter 1.

[2] Ibid

[3] Sikich, Geary W. (2010). “Introduction to Risk: How it Applies to Your Enterprise“. Norwich University MSBC Seminar 4, Lecture Week 1.

Uses wordpress plugins developed by