Business Continuity and its connection to Risk Management

8 Feb

What is the relationship between risk management and business continuity? Is one a subset of the other? Is one more important than the other? A good analysis lies here but without doubt, risk management is important when comprehending business continuity and may be of substantial help when our team go to develop a framework for management teams who are creating a business continuity plan.

Image

The foundation of Business Continuity is the policies, guidelines, standards, and procedures implemented by an organization.  All system design, implementation, support, and maintenance must be based on this foundation in order to have any hope of achieving Business Continuity, Disaster Recovery, or in some cases, system support. (2)

Risk management is a central part of any organisation’s strategic management. It is the process whereby organisations methodically address the risks attaching to their activities with the goal of achieving sustained benefit within each activity and across the portfolio of all activities. The focus of good risk management is the identification and treatment of these risks. Its objective is to add maximum sustainable value to all the activities of the organisation. It marshals the understanding of the potential upside and downside of all those factors which can affect the organisation. It increases the probability of success, and reduces both the probability of failure and the uncertainty of achieving the organisation’s overall objectives. Risk management should be a continuous and developing process which runs throughout the organisation’s strategy and the implementation of that strategy. It should address methodically all the risks surrounding the organisation’s activities past, present and in particular, future. (3)

Risk Assessment of the FCA (Farm Credit Administration) 

Essential Practices for Information Technology

Under their business continuity plan, they have a risk assessment statement which states:

Conduct a risk assessment to develop response strategies, which:

  • Identify events and likelihood of those events that could cause interuptions to business processes and services;
  • Assess impact from loss of information and services from both internal and external sources;
  • Assess the criticality of all business areas; and
  • Identify and prioritise critical services, operations, and personnel provided by internal and external service providers.

Risk management is a “central part of any organisation’s strategic management”

Risk management should be a “continuous and developing process which runs throughout the organisation’s strategy and the implementation of that strategy.”

Risk management “protects and adds value to the organisation and its stakeholders through supporting the organisation’s objectives by

“providing a framework for an organisation that enables future activity to take place in a consistent and controlled manner”. (3)

Risk management is a fundamental management process and and I feel it could prove to be an important element which we could implement into our framework when we are developing and crafting it. What are your thoughts? Maybe it serves another purpose or maybe it could be useful? Any comments would be great.

(1) http://www.continuitycentral.com/feature0178.htm

(2) http://www.theirm.org/publications/documents/Risk_Management_Standard_030820.pdf

(3) http://www.fca.gov/Download/ITManual/itbusinesscontinuity.pdf

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: