From Continuity Plans to Continuity Decisions: The Executive Decision Pipeline in Business Continuity Management

Dr Danie Adendorff

1. Introduction

Business Continuity Management (BCM) is often treated as a mature organisational discipline because it produces visible artefacts: policies, business impact analyses, recovery strategies, incident procedures, contact lists, exercises and audit records. These artefacts matter. They create structure before disruption occurs and provide a disciplined basis for preparedness. Yet the existence of continuity documentation does not, by itself, guarantee continuity performance. Organisations may possess business continuity plans and still hesitate when disruption begins, misread early warning signals, delay escalation, fail to prioritise critical functions, or defer executive decisions until consequences have already become difficult to reverse.

The issue is not simply whether an organisation has continuity plans. The deeper question is whether it can convert disruption awareness into validated judgement, accountable decision, coordinated action and adaptive recovery. This essay treats consequence-governance as an executive capability: the capacity to recognise emerging disruption, interpret its organisational significance, make accountable decisions under uncertainty, allocate authority and resources, and adapt action before disruption becomes organisational failure.

The term consequence-governance also connects to wider risk-governance scholarship. Renn argues that risk governance provides a conceptual and normative basis for dealing responsibly with complex, uncertain and ambiguous risks (Renn, 2011). The International Risk Governance Council similarly frames risk governance around identification, framing, assessment, evaluation, management and communication of risks involving multiple actors and uncertain consequences (IRGC, 2017). This essay does not claim to replace that literature. Instead, it uses consequence-governance more narrowly to describe the executive conversion of disruption awareness into accountable continuity decision and adaptive action.

This essay positions Dr Danie Adendorff’s Executive Decision Pipeline as a proposed analytical framework for strengthening BCM. The pipeline is not presented as an independently validated theory of BCM. It is treated more cautiously as a heuristic decision-conversion lens whose usefulness can be examined through continuity practice, crisis-management scholarship and pandemic evidence. It does not replace ISO 22301, ISO 22313, Business Continuity Institute guidance, business impact analysis, enterprise-wide programme management, incident-command doctrine or operational recovery arrangements. Its proposed value lies in clarifying how continuity preparedness is converted into executive judgement and action.

The central thesis is that BCM provides the organisational architecture for preparedness, recovery and resilience. Continuity capability becomes effective, however, only when executive leaders can convert disruption signals into validated judgement, accountable decisions, coordinated action and adaptive correction. The Executive Decision Pipeline offers a useful framework for analysing the gap between continuity plans and continuity decisions.

2. Business Continuity Management: From Preparedness to Enterprise-Wide Operational Resilience

BCM is concerned with maintaining or recovering critical organisational activities during disruptive events. ISO 22301 frames business continuity as the capability of an organisation to continue delivery of products and services within acceptable timeframes during disruption (ISO, 2019). This definition moves BCM beyond emergency response. The phrase ‘acceptable timeframes’ implies prior analysis, prioritisation and judgement: an organisation must know which activities matter most, how long they can be interrupted, what level of degradation is tolerable, and what consequences will follow if recovery thresholds are exceeded.

A mature BCM system normally includes business impact analysis, identification of critical activities, recovery time objectives, recovery point objectives, continuity strategies, response structures, communication arrangements, exercising, review and continual improvement (Elliott, Swartz and Herbane, 2010; ISO, 2019; BCI, 2023a). Business impact analysis identifies the consequences of disruption over time and supports prioritisation of critical activities. Recovery time objectives define the period within which an activity should be resumed. Recovery point objectives define acceptable data-loss thresholds, particularly in information and technology contexts. Continuity strategies then identify how priority activities can be sustained or restored through alternate sites, remote working, backup systems, manual workarounds, supplier alternatives, workforce redeployment or service prioritisation.

BCM is not merely a technical or administrative discipline. It is a management-system discipline. ISO 22301 requires leadership commitment, defined roles and responsibilities, planning, support, operation, performance evaluation and continual improvement (ISO, 2019). The Business Continuity Institute’s Good Practice Guidelines similarly present BCM as a structured professional practice involving policy and programme management, embedding, analysis, design, implementation and validation (BCI, 2023a; BCI, 2023b). The validation function is especially significant because it confirms whether the BCMS meets organisational objectives and supports exercising, maintenance and review.

Practitioner literature reinforces this enterprise-wide understanding. Okolita’s Building an Enterprise-Wide Business Continuity Program presents BCM not as a single plan but as a programme requiring leadership support, programme initiation, planning teams, risk evaluation, business impact analysis, recovery strategies, plan documentation, training, testing, crisis/event management, crisis communications, pandemic planning, life-safety considerations and transition from project to sustained programme (Okolita, 2010). Okolita is best understood as a practitioner source rather than a peer-reviewed academic authority. Its value is not to prove the Executive Decision Pipeline theoretically, but to strengthen the professional-practice foundation of the essay: mature BCM requires enterprise-wide ownership, organisational embedding, exercising, communication, maintenance and readiness.

Herbane’s work strengthens this point from a scholarly direction. Herbane frames BCM as an embedded, organisation-wide process with a strategic orientation rather than merely a technical recovery function (Herbane, 2016). He also cautions against viewing BCM as a narrow toolbox, arguing that resilience depends on people, resources, relationships, organisational culture and C-suite commitment (Herbane, 2016). This supports the central argument of the present essay: BCM becomes strategically meaningful when preparedness is connected to executive judgement, culture, authority and adaptive action.

It would be inaccurate to claim that BCM standards are purely plan-centred or that they ignore leadership, activation, exercising and governance. ISO 22301, BCI guidance, Okolita’s enterprise-wide programme approach and Herbane’s resilience perspective all recognise the importance of management commitment, response structures, validation and organisational embedding. The real gap lies less in the design of BCM doctrine than in organisational implementation. Standards and professional guidance may require leadership and activation structures, but organisations can still reduce BCM to compliance evidence, audit documentation or procedural rehearsal.

The weakness is not that BCM lacks a decision dimension in principle. The weakness is that BCM may be implemented without sufficient executive decision-conversion discipline in practice. A continuity plan can define roles, priorities and response procedures; it cannot itself decide when uncertainty has become sufficient for activation, whether a weak signal should be escalated, which function should receive scarce resources, or when reputational, legal and operational consequences require executive commitment.

3. The Limitation of Continuity Plans Without Executive Decision Conversion

Plan-centred BCM becomes vulnerable when organisations assume that the existence of a plan equates to operational readiness. Plans are necessary, but they are not self-activating. They do not interpret ambiguous signals, resolve competing priorities, allocate scarce resources, communicate legitimacy to stakeholders, or accept accountability for difficult trade-offs. Continuity failure often occurs not because there was no plan, but because the organisation could not convert information into decision quickly enough.

Signal interpretation is one obvious point of failure. A cyber anomaly may initially appear to be a technical issue. A supplier delay may appear temporary. A public health alert may seem geographically remote. A geopolitical shock may be treated as background news rather than a continuity risk. In each case, the early signal may not yet justify full activation, but it may justify monitoring, validation and conditional escalation.

Validation can also be delayed. Leaders may wait for excessive certainty before acting, even though disruption rarely presents itself with complete evidence at the moment when decisions would be most valuable. In crisis conditions, certainty often arrives after the optimal decision window has narrowed. This is not an argument for reckless action; it is an argument for disciplined precaution, proportionality and reversibility assessment.

Decision authority creates another vulnerability. Operational teams may recognise disruption before senior leaders grasp its strategic meaning. If escalation thresholds are ambiguous, information may remain trapped at technical or departmental level. This is particularly dangerous when the decisions required involve organisational trade-offs, public communication, expenditure, legal exposure, workforce protection or reputational risk.

Continuity plans may also conceal unresolved prioritisation problems. Business impact analysis may identify critical functions, but real disruption often forces difficult choices between competing forms of criticality. Revenue-generating activities, public-facing services, regulatory obligations, employee safety, customer commitments and reputational protection may all compete for attention. If these priorities have not been converted into executive decision triggers before disruption, the organisation may lose time debating hierarchy of importance during the crisis itself.

Procedural rehearsal presents a final weakness. Continuity exercises sometimes confirm whether teams know the plan, but not whether executives can make time-sensitive decisions under ambiguity, contested evidence and stakeholder pressure. Even testing can remain procedural unless it explicitly examines executive decision-making under uncertainty.

Taken together, these limitations establish the need for a decision-conversion framework. The central BCM question should not be only: ‘Do we have a business continuity plan?’ It should be: ‘Can this organisation convert disruption signals into validated intelligence, accountable decisions, coordinated action and adaptive recovery before consequence becomes irreversible?’

4. The Executive Decision Pipeline as a Proposed BCM Governance Lens

Dr Danie Adendorff’s Executive Decision Pipeline addresses the executive conversion problem. In his published article, Adendorff argues that the AI-era organisation faces not simply an information problem but a conversion problem: the gap between what the organisation knows, what it understands, what it is prepared to decide and what it is capable of executing (Adendorff, 2026). He distinguishes between the Executive Intelligence Pipeline, which filters data into clarity, and the Executive Decision Pipeline, which commits organisational power under risk (Adendorff, 2026).

For BCM, this essay adapts the underlying pipeline into a seven-stage continuity-governance sequence: Signal → Validation → Interpretation → Escalation → Decision → Action → Adaptation. The underlying pipeline is Adendorff’s. The specific BCM mapping is the contribution of this essay.

The sequence begins with Signal. In BCM, signals are early indicators that normal operations may be disrupted. These may include cyber incidents, supply chain failures, pandemic alerts, infrastructure breakdown, loss of premises, workforce unavailability, regulatory shutdown, geopolitical disruption, severe weather, technology failure or reputational crisis. The BCM significance of a signal lies not only in whether it is already confirmed, but in whether it could plausibly affect critical activities.

Validation then tests whether the event is temporary, localised, escalating, systemic, material or continuity-threatening. It separates operational noise from decision-relevant disruption. In BCM terms, validation asks whether the signal threatens critical activities, recovery objectives, customer obligations, legal duties, workforce safety, supplier dependencies or operational viability. It does not require perfect certainty; it requires disciplined judgement about credibility, relevance, timeliness and potential consequence.

Interpretation carries validated information into organisational meaning. It asks what the event means for critical business functions, recovery time objectives, recovery point objectives, customers, regulators, employees, premises, technology, cash flow, suppliers and reputation. This work matters because continuity risks rarely present themselves in neat organisational categories. A supplier failure may be operational, financial, contractual and reputational at the same time.

Escalation marks the governance threshold at which technical or operational awareness must reach the correct executive decision forum before consequence becomes irreversible. It prevents continuity-threatening issues from remaining at departmental level when they require senior authority, resource allocation or public accountability.

Decision is the point at which preparedness becomes commitment. Executives may activate the business continuity plan, invoke crisis structures, suspend non-essential functions, prioritise critical services, relocate operations, use alternate suppliers, initiate remote work, communicate externally, accept temporary degradation, or allocate emergency resources. This is where continuity planning becomes continuity governance.

Action gives the decision operational form through command structures, resource allocation, stakeholder communication, technology recovery, workforce coordination, supplier management and operational stabilisation. Unless a decision is translated into ownership, resources, timing and communication, it remains only an intention.

Adaptation keeps the sequence alive as conditions change. Prolonged disruptions rarely follow the plan exactly. Recovery priorities may shift. Alternate suppliers may fail. Remote working may create cyber risk. Regulations may change. Workforce fatigue may intensify. Adaptation embeds learning into continuity governance during disruption, not only after the event.

The pipeline should not be overstated as a wholly novel theory. Its stages overlap with recognised decision and crisis-management traditions. Boyd’s OODA loop emphasises observation, orientation, decision and action in competitive environments. Weick’s sensemaking tradition explains how organisations interpret ambiguity. Boin, ’t Hart, Stern and Sundelius identify crisis-leadership tasks such as sense-making, decision-making, meaning-making, terminating and learning (Boin et al., 2005). ISO 22361 provides guidance on crisis management capability and strategic crisis response (ISO, 2022).

A further comparison is required with incident-command doctrine, because command systems already address authority, coordination and escalation. The United States National Incident Management System presents the Incident Command System as a standardised approach to on-scene command, coordination, common terminology, resource management and incident action planning (FEMA, 2017). In UK multi-agency practice, JESIP’s Joint Doctrine provides principles and models for interoperability, shared situational awareness, joint understanding of risk and coordinated response (JESIP, 2021). These doctrines already formalise important questions about who commands, who coordinates, how information is shared and when decisions move between operational, tactical and strategic levels.

The Executive Decision Pipeline does not add value by duplicating incident-command doctrine. Its contribution is broader and more analytical. Incident-command doctrine structures response command once an incident is recognised and a response architecture is required. The pipeline frames the wider conversion sequence from early signal detection and validation through interpretation, escalation, accountable decision, action and adaptation. It can operate upstream of incident command, alongside crisis structures, and after the initial response as assumptions are revised. Its distinct value for BCM is the consequence-governance framing across the whole sequence, not merely the escalation moment.

The value of the Executive Decision Pipeline lies less in conceptual novelty than in emphasis and packaging for an executive accountability audience. It places consequence, authority and conversion at the centre of the sequence. By making Validation and Escalation explicit governance thresholds, it offers a useful BCM lens for a recurring failure pattern: organisations may have information, yet still fail to convert it into accountable decision.

However, this executive emphasis must be qualified. A significant strand of resilience and high-reliability literature resists excessive centralisation. High Reliability Organisation theory emphasises sensitivity to operations, reluctance to simplify, preoccupation with failure, commitment to resilience and deference to expertise (Weick and Sutcliffe, 2007). Deference to expertise means that authority should migrate toward those with the most relevant knowledge, including operational and front-line personnel, rather than remaining fixed by hierarchy. This creates an important tension for the Executive Decision Pipeline: if wrongly applied, escalation could centralise decisions that should remain close to operational expertise.

The answer is that Escalation should be understood as a threshold discipline, not as a demand that all judgement move upward. The pipeline does not require every signal to become an executive decision. It requires the right decisions to reach the right level of authority before consequence becomes irreversible. Routine incidents may remain within operational command. Technical incidents may be led by subject-matter experts. Executive escalation becomes necessary when consequences exceed delegated authority, cross organisational boundaries, create legal or reputational exposure, require major resource allocation, or involve strategic trade-offs. Properly understood, the pipeline is compatible with devolved resilience: it protects operational expertise while ensuring that enterprise-level consequences receive accountable executive judgement.

5. Case Study: COVID-19 and the Conversion of Continuity Planning into Continuity Decisions

The COVID-19 pandemic provides a major continuity stress test because it disrupted organisations across multiple dimensions simultaneously: workforce availability, premises access, supply chains, customer demand, regulatory conditions, public health duties, technology capacity, communication, finance and leadership continuity. It did not merely test whether organisations had plans. It tested whether they could convert emerging disruption into executive decisions under uncertainty.

The case begins with Signal: reports of a novel coronavirus in China in late 2019 and early 2020, followed by evidence of international spread, travel disruption, public health concern and supply chain stress. WHO declared a Public Health Emergency of International Concern on 30 January 2020 and later characterised COVID-19 as a pandemic on 11 March 2020 (WHO, 2020). These dates show that decision-makers faced a developing threat environment. In January and February 2020, many organisations were not yet dealing with a fully visible local crisis, but they were already receiving signals that could plausibly affect workforce mobility, premises access, suppliers, customers and continuity assumptions.

Validation required organisations to assess whether the threat was temporary, regional or systemic. This was difficult because decision-makers in early 2020 faced genuine epistemic uncertainty about transmissibility, severity, likely government response, duration and economic consequence. With hindsight, it is too easy to criticise all delayed action as irrational. Early activation carried costs: unnecessary disruption, financial loss, workforce anxiety and reputational implications. The stronger BCM lesson is one of proportional validation: where potential consequences are high, organisations should be able to create watch conditions, scenario triggers and preparatory actions before full certainty exists.

The pipeline is also useful because it distinguishes different forms of uncertainty without pretending to remove them. Some facts were known: international spread, public health concern and emerging travel disruption. Other matters were known-unknowns: the likely duration of restrictions, the resilience of supply chains, workforce availability and technology capacity. Unknown-unknowns remained beyond confident prediction. Validation and Interpretation cannot make such uncertainty disappear, but they can force organisations to record assumptions, define triggers for revision and revisit decisions as evidence changes.

Interpretation became the decisive BCM task. Organisations had to translate pandemic information into business impact. The issue was not only whether COVID-19 was a public health emergency. The BCM question was what the pandemic meant for critical activities, recovery time objectives, remote-working capacity, employee safety, customer service continuity, supply chain resilience, technology infrastructure, regulatory compliance and leadership availability. OECD evidence shows that the crisis created a sudden need for businesses and employees to work from home and that information and communication technologies were crucial in allowing economic activity to continue (OECD, 2021a). OECD data also indicate that teleworking capacity varied significantly by country, firm size, sector and occupation, which demonstrates that continuity adaptation was uneven rather than universal (OECD, 2021a).

Escalation mattered because pandemic continuity decisions exceeded the authority of health and safety, travel management, procurement, IT or human resources alone. Organisations had to move the issue into executive governance structures. OECD analysis of government responses emphasised the role of centres of government in coordination, strategic planning, evidence-informed decision-making and public communication during the pandemic (OECD, 2020). Although that analysis concerns public administration, its logic is transferable with care to organisational BCM: systemic disruption requires central coordination, evidence processing, executive decision and communication legitimacy.

Decision-making involved difficult choices. Organisations had to decide whether to activate continuity arrangements, move to remote work, suspend non-essential functions, protect vulnerable staff, reconfigure customer service, scale technology infrastructure, prioritise critical services, engage regulators, adjust supply chains and revise financial plans. McKinsey advised organisations in March 2020 to create transparency across multi-tier supply chains, estimate available inventory, assess customer demand, optimise production and distribution capacity with employee safety in mind, and identify logistics capacity constraints (Alicke, Azcue and Barriball, 2020). These recommendations illustrate that pandemic continuity decisions involved concrete choices about transparency, prioritisation, inventory, demand, capacity, safety and resilience.

The empirical literature also supports the argument that COVID-19 continuity response was not merely a matter of plan existence. Margherita and Heikkilä’s study of 50 world-leading companies identified 77 actions across operations, customer, workforce, leadership and community-related responses during the COVID-19 emergency (Margherita and Heikkilä, 2021). This is significant because it shows continuity response as a multidimensional executive and organisational adaptation process, not simply the activation of a pre-existing document. Firms had to reconfigure operations, protect workers, adjust customer interfaces, manage leadership communication and address wider social obligations.

Okolita’s inclusion of pandemic planning within an enterprise-wide BCM programme is relevant to this case. It shows that pandemic disruption was not outside the professional imagination of BCM before COVID-19; pandemic planning already existed as a recognised continuity concern (Okolita, 2010). The COVID-19 problem was not that pandemic planning was unimaginable. It was that pandemic conditions required organisations to move from planning assumptions into executive judgement about workforce protection, premises closure, remote operations, supplier resilience, customer communication and repeated adaptation.

Action appeared in the rapid implementation of remote working, digital collaboration, emergency communications, technology scaling, workforce protection measures, supplier substitution and revised service delivery. OECD evidence on teleworking shows that digital technologies became central to sustaining economic activity during the pandemic (OECD, 2021a; Ker, Montagnier and Spiezia, 2021). Implementation was uneven, however. Some sectors and occupations could shift to telework more readily than others; essential physical operations, healthcare, logistics, food supply, infrastructure and frontline public services faced different continuity challenges. COVID-19 did not create one continuity problem; it created different continuity problems across sectors.

Adaptation became the defining feature of prolonged pandemic continuity. Initial continuity assumptions were repeatedly challenged by changing lockdown rules, variants, workforce fatigue, school closures, supplier disruption, vaccine policies, cyber risk, hybrid working patterns and shifting stakeholder expectations. BCI research after the pandemic found increased top-management appreciation of organisational resilience and crisis management, but also noted that siloing of information, lack of collaboration and uneven senior-management involvement had affected crisis management in some organisations (BCI, 2021). This reinforces the essay’s central argument: continuity performance depends on the relationship between information, executive engagement, collaboration, decision authority and adaptation.

The case does not prove, in a strict empirical sense, that every organisation with stronger decision-pipeline discipline outperformed every organisation with weaker discipline. That would require comparative organisational data, decision logs and performance indicators. What the case does demonstrate is the plausibility and practical relevance of the thesis: continuity effectiveness during COVID-19 depended not only on prior planning but on the capacity to convert weak signals into validated interpretation, executive escalation, accountable decision, coordinated action and adaptation under changing conditions.

6. Critical Evaluation

From a governance perspective, the framework’s primary strength lies in activation discipline. Many continuity failures arise because leaders delay action until disruption becomes undeniable. By making Signal and Validation explicit, the pipeline encourages organisations to identify watch conditions and decision thresholds before disruption matures into crisis.

A related strength is escalation discipline. BCM often depends on information held by operational, technical or functional teams. The pipeline asks when that information becomes an executive decision condition. That question matters because continuity-threatening events require authority, resources and accountability that may not sit at the level where the signal first appears.

The framework also strengthens strategic interpretation. It discourages organisations from treating disruption too narrowly. A technology failure may become a customer, legal, financial and reputational issue. A supplier disruption may affect contractual performance, revenue, public trust and regulatory exposure. Interpretation connects technical disruption to organisational consequence.

Accountability is another contribution. BCM can become procedural if it focuses only on documented arrangements. The Decision and Action stages force attention onto who decides, who owns implementation, what resources are committed, what communication is authorised and who remains accountable when consequences follow.

The model’s adaptive dimension is equally important. Traditional continuity planning can appear linear: prepare, activate, recover and restore. Real disruption is iterative. By placing Adaptation inside the pipeline, the model treats learning and correction as part of continuity governance rather than post-event administration.

The dissenting resilience perspective has already been addressed in Section 4 and remains central to a balanced assessment. High-reliability and resilience scholarship warns against excessive hierarchy in volatile conditions. Duchek’s capability-based view of organisational resilience emphasises anticipatory, coping and adaptation capabilities rather than a purely centralised crisis-response model (Duchek, 2020). This does not defeat the pipeline argument, but it disciplines it. The Executive Decision Pipeline should be applied as a threshold-based governance lens, not as an executive capture of all continuity judgement.

The incident-command comparison creates a related limitation. FEMA’s NIMS and JESIP’s Joint Doctrine already offer mature response-command and interoperability frameworks (FEMA, 2017; JESIP, 2021). The pipeline must avoid claiming what these doctrines already do. Its claim is narrower: it provides a continuity-oriented decision-conversion lens that links signals, validation, interpretation, escalation, decision, action and adaptation across the BCM lifecycle. It is not a substitute for command doctrine, but a way of examining whether command, continuity and executive accountability are connected before and during disruption.

The pipeline also depends on accurate information flows and a culture willing to surface uncomfortable signals. If signals are suppressed, distorted or ignored, the pipeline cannot function effectively. A culture that punishes bad news, discourages escalation or rewards premature reassurance will weaken the system at precisely the point where honesty is most operationally valuable.

Validation remains difficult under uncertainty. COVID-19 illustrates this clearly. Decision-makers in early 2020 had to act before the full scale of the pandemic was known. The pipeline cannot eliminate uncertainty, but it can discipline how uncertainty is identified, assessed, escalated and revisited as new information emerges.

The single-case design must be treated cautiously. COVID-19 was a maximal, systemic disruption. It is useful for examining the pipeline under extreme stress, but it cannot automatically establish the framework’s proportional value for ordinary incidents such as a localised cyber event, single-supplier failure, premises fire or short technology outage. In smaller or routine incidents, full executive escalation may be unnecessary and could become over-engineering. The pipeline must be scalable: minor incidents may require only operational validation and conditional escalation thresholds, while systemic or high-consequence disruptions require full executive conversion. This limitation does not invalidate the framework, but it prevents excessive generalisation from one extreme case.

There is also a falsifiability risk. If every continuity failure is explained retrospectively as ‘weak conversion’, the thesis becomes too broad. Observable indicators are necessary. Evidence of pipeline discipline would include predefined escalation thresholds, decision logs, executive participation in continuity exercises, documented activation criteria, after-action reviews focused on decision quality, and evidence that recovery priorities were adapted as conditions changed. Without such indicators, the pipeline risks becoming an attractive conceptual vocabulary rather than an assessable governance framework.

Finally, smaller organisations may lack formal executive structures, specialist BCM staff or sophisticated data systems. For them, the pipeline would need to be simplified. Yet the underlying logic remains relevant: even small organisations must detect disruption, validate its significance, interpret consequences, decide, act and adapt.

A balanced conclusion follows. The Executive Decision Pipeline does not solve BCM. It offers a structured executive consequence-governance lens through which continuity plans and enterprise-wide continuity programmes can be examined, exercised and converted into accountable decisions. Its effectiveness depends on leadership maturity, information quality, organisational culture, rehearsal, authority clarity, devolved expertise and disciplined learning.

7. Implications for BCM Practice

Governance design is the first practical implication. Organisations should define continuity escalation thresholds before disruption occurs. These thresholds should be linked to business impact analysis, recovery time objectives, supplier dependencies, cyber events, workforce unavailability, customer impact, regulatory exposure and reputational risk. Business impact analysis should not remain a static documentation exercise. It should produce decision triggers: if a critical activity approaches its maximum tolerable disruption period, the relevant executive decision should already be identified.

Enterprise-wide programme management is equally important. Okolita’s work reinforces the point that BCM should be sustained as a programme rather than treated as a one-off planning project (Okolita, 2010). Continuity arrangements should be owned, trained, tested, refreshed and validated across the organisation. This requires senior leadership support, planning teams, crisis communications capability, recovery strategies and transition from initial project development into ongoing programme governance.

Exercises should test executive decision-making, not only procedural compliance. Scenarios should include ambiguous signals, incomplete evidence, conflicting advice, stakeholder pressure, resource constraints and changing assumptions. Executives should participate directly in continuity simulations because they are the actors who must authorise trade-offs, allocate resources, communicate externally and accept accountability. Testing should examine not only whether a plan works procedurally, but whether decision authority works under pressure.

Integration across management disciplines is also necessary. BCM should be connected to crisis management, enterprise risk management, cyber resilience, supply chain governance and organisational resilience. Disruptions rarely respect functional boundaries. A ransomware event may become a continuity, legal, reputational and customer-service crisis. A supply chain failure may become a financial, contractual and strategic risk. The Executive Decision Pipeline provides a common conversion logic across these domains.

Distributed expertise must be protected rather than bypassed. Organisations should distinguish between decisions that should remain with operational experts and decisions that require executive authority. The pipeline should not be used to pull every incident upward. Escalation thresholds should identify when operational disruption becomes enterprise consequence. This protects the high-reliability principle of deference to expertise while preserving executive accountability for high-consequence trade-offs.

Learning and adaptation should be reviewed through decision quality as well as operational performance. After-action reviews should ask whether signals were detected early enough, whether validation was proportionate, whether implications were interpreted correctly, whether escalation was timely, whether decisions were accountable, whether action was coordinated and whether assumptions were revised as conditions changed. This moves BCM learning from procedural correction to executive consequence-governance improvement.

Weak signals deserve disciplined attention. Low-confidence indicators should not be dismissed automatically. They should be graded, monitored and linked to watch conditions where potential consequences are severe. This is especially important in cyber, public health, geopolitical and supply chain contexts, where early signals may be fragmentary before systemic disruption becomes visible.

8. Future Research Note

The Executive Decision Pipeline is presented here as a proposed analytical lens. Its empirical value should be tested rather than assumed. A suitable future research design would compare matched organisations facing similar disruption types and examine whether observable indicators of decision-pipeline discipline correlate with better continuity outcomes.

Relevant indicators could include predefined escalation thresholds, documented activation criteria, decision logs, executive participation in continuity exercises, evidence of business impact analysis being linked to decision triggers, clarity of delegated authority, post-incident reviews focused on decision quality, and documented adaptation during disruption. These indicators could be compared against continuity outcomes such as recovery-time performance, service continuity, stakeholder communication quality, regulatory breach avoidance, customer impact, staff-safety outcomes and speed of operational stabilisation.

This design could be expressed as a small hypothesis set rather than only a descriptive agenda:

H1: Organisations with explicit, threshold-based escalation pathways will experience lower recovery-time-objective deviation during major disruptions than organisations relying primarily on procedural plan invocation.

H2: Organisations that include executive decision-making in continuity exercises will demonstrate faster activation and adaptation during systemic disruption than organisations that test only procedural recovery steps.

H3: Organisations with documented decision logs and post-incident decision-quality reviews will show stronger continuity learning than organisations conducting only operational after-action reviews.

Such a design would move the pipeline from conceptual plausibility toward empirical assessment. It would also address the present essay’s principal limitation: COVID-19 illustrates the decision-conversion problem, but it does not by itself prove that organisations using this framework outperform organisations that merely possess continuity plans. The appropriate next step is comparative, evidence-based and falsifiable.

9. Conclusion

BCM cannot be reduced to documents, plans, systems or compliance standards. These instruments are necessary, but they are not sufficient. Mature BCM must be understood as an enterprise-wide programme supported by leadership, business impact analysis, recovery strategies, training, testing, crisis communications, validation and continual improvement. Okolita’s practitioner account reinforces this programme-level view, while ISO, BCI guidance, Herbane’s resilience perspective and crisis-management scholarship show that BCM has always been broader than plan production.

The COVID-19 pandemic demonstrated this with unusual force. Organisations faced weak signals, incomplete evidence, changing public policy, workforce risk, technology pressure, supply chain disruption and prolonged uncertainty. The decisive issue was not only whether continuity plans existed. It was whether leaders and operational experts could validate signals, interpret organisational consequences, escalate the right decisions, activate continuity arrangements, coordinate action and adapt as conditions changed.

Dr Danie Adendorff’s Executive Decision Pipeline should be treated, at this stage, as a proposed analytical framework rather than an independently validated BCM theory. That limitation is important. It makes the framework more academically honest and more useful. Its value lies in clarifying the decision-conversion problem: the gap between continuity preparedness and accountable action.

The strongest version of the argument is not that all continuity judgement must be centralised at executive level. Resilient organisations require devolved expertise as well as executive accountability. Operational expertise should act where it has authority and competence; executive escalation should occur when disruption becomes enterprise consequence.

The Executive Decision Pipeline offers BCM a disciplined consequence-governance lens. It bridges the gap between continuity plans and continuity decisions by showing how enterprise-wide preparedness may be converted into accountable action before disruption becomes organisational failure.

References

Adendorff, D. (2026) ‘When Information Is Not Enough: Why Executives Need a Decision Pipeline in the AI Era’, The Rumblings of a Wanderer, 12 June. Available at: https://rumbls.com/when-information-is-not-enough-why-executives-need-a-decision-pipeline-in-the-ai-era (Accessed: 12 June 2026).

Alicke, K., Azcue, X. and Barriball, E. (2020) ‘Supply-chain recovery in coronavirus times — plan for now and the future’, McKinsey & Company, 18 March.

BCI (2021) ‘BCI research finds COVID-19 has changed the perception of organizational resilience’, Business Continuity Institute, 14 September.

BCI (2023a) Good Practice Guidelines Edition 7.0. London: Business Continuity Institute.

BCI (2023b) ‘Good Practice Guidelines 7.0: Validating the BCMS’, Business Continuity Institute, 8 November.

Boin, A., ’t Hart, P., Stern, E. and Sundelius, B. (2005) The Politics of Crisis Management: Public Leadership under Pressure. Cambridge: Cambridge University Press.

Duchek, S. (2020) ‘Organizational resilience: a capability-based conceptualization’, Business Research, 13, pp. 215–246. doi: 10.1007/s40685-019-0085-7.

Elliott, D., Swartz, E. and Herbane, B. (2010) Business Continuity Management: A Crisis Management Approach. 2nd edn. London: Routledge.

FEMA (2017) National Incident Management System. 3rd edn. Washington, DC: Federal Emergency Management Agency, U.S. Department of Homeland Security.

Herbane, B. (2016) ‘A Business Continuity Perspective on Organisational Resilience’, in Florin, M.-V. and Linkov, I. (eds.) IRGC Resource Guide on Resilience. Lausanne: EPFL International Risk Governance Center.

IRGC (2017) Introduction to the IRGC Risk Governance Framework. Lausanne: International Risk Governance Council.

ISO (2019) ISO 22301:2019 Security and resilience — Business continuity management systems — Requirements. Geneva: International Organization for Standardization.

ISO (2022) ISO 22361:2022 Security and resilience — Crisis management — Guidelines. Geneva: International Organization for Standardization.

JESIP (2021) Joint Doctrine: The Interoperability Framework. Edition 3. London: Joint Emergency Services Interoperability Principles.

Ker, D., Montagnier, P. and Spiezia, V. (2021) Measuring telework in the COVID-19 pandemic. Paris: OECD Publishing.

Margherita, A. and Heikkilä, M. (2021) ‘Business continuity in the COVID-19 emergency: A framework of actions undertaken by world-leading companies’, Business Horizons, 64(5), pp. 683–695. doi: 10.1016/j.bushor.2021.02.020.

OECD (2020) Building resilience to the COVID-19 pandemic: the role of centres of government. Paris: OECD Publishing.

OECD (2021a) Teleworking in the COVID-19 pandemic: Trends and prospects. Paris: OECD Publishing.

Okolita, K. (2010) Building an Enterprise-Wide Business Continuity Program. Boca Raton, FL: Auerbach Publications / CRC Press.

Renn, O. (2011) ‘Coping with complexity, uncertainty and ambiguity in risk governance: a synthesis’, AMBIO, 40(2), pp. 231–246. doi: 10.1007/s13280-010-0134-0.

Weick, K.E. and Sutcliffe, K.M. (2007) Managing the Unexpected: Resilient Performance in an Age of Uncertainty. 2nd edn. San Francisco: Jossey-Bass.

WHO (2020) Coronavirus disease (COVID-19) pandemic. Geneva: World Health Organization.

Framework authorship. The Executive Decision Pipeline is cited in this essay as a published framework by Dr Danie Adendorff. The specific application of the pipeline to Business Continuity Management is the analytical adaptation developed in this essay. Where this work is submitted for academic assessment, the authorial relationship between the essay writer and the framework originator should be declared transparently in accordance with institutional requirements.

Author workflow declaration. This essay was produced through an AI-assisted but human-directed workflow. AI support was used for accessibility assistance, structuring, language refinement, source-discovery prompts, revision planning, and conversion of editorial comments into amendments. Dr Danie Adendorff retained responsibility for the argument, accepted or rejected changes, checked the logic of claims, assessed source credibility, and remains accountable for the final text. AI-generated material was not treated as empirical evidence, and synthetic or illustrative examples were not presented as observed data.

contact@rumbls.com

Terms and Conditions

Privacy Policy

Cookie Policy

© 2026 Dr Danie Adendorff. All rights reserved.

Disclaimer