On the anniversary of the collapse of Lehman Brothers, the Business Continuity Institute has published a discussion paper on how risk oversight and transparency can be improved for non-executive directors and shareholders through applying business continuity management practices.
Entitled “Risk management is dead, long live risk management,” the BCI paper, which has been positively reviewed by the UK’s Institute of Directors, argues that traditional approaches to risk management have become too complex thereby undermining the value that a broadly-balanced board can bring to a company.
The paper argues that there is a need for a Corporate Impact Policy that considers the dependencies and vulnerabilities of a business around the seven areas of disruptive impact which include reputation, finance, supply chain and people. The paper also covers the case of a financial institution, Euroclear Bank, that applied business continuity management to successfully weather the collapse of Lehman Brothers.
In short, if used effectively, business continuity management helps the board focus on some key questions:
- The company’s business and operating model
- Key value creating products and services
- Key dependencies such as critical assets and processes
- How the company will respond to a loss or threat to any of the above
- What the main threats are today and what is on the horizon
- Evidence that the resulting business continuity plans will work in practice.
Lyndon Bird FBCI, international and technical director at the BCI, commented “The failure of risk management systems was only a single contributor to the financial crisis – broader issues of internal control and remuneration systems also played their part. Whatever the causes of the crisis, this paper asserts that more complexity is not going to solve the problem. Complexity is the enemy of understanding. Companies need to pause and reflect on what information is needed at board level before simply investing in more tools and specialists.
“The business continuity management framework has the advantage of simplicity and provides non-executive directors with the tools to ask the right questions. The development of a Corporate Impact Policy would provide a much clearer direction to the company’s underlying businesses and provide easier oversight at board level.”
See Boardrooms need a simple, transparent method of risk oversight to download the white paper (registration required).
The relationship between Business Continuity and Risk Management are addressed in the book A Risk Management Approach to Business Continuity: Aligning Business Continuity with Corporate Governance, by David Kaye and Julia Graham.