Continuity Risk Management: The New ‘Big Dog’
Every indication suggests that we have passed a major inflection point in the continuity industry.
Continuity risk management (CRM) has been the tail on the disaster recovery (DR)/business continuity planning (BCP) dog for the last three decades, having been narrowly defined to mean “business impact assessment” or “risk assessment,” and only engaged periodically for the purpose of making a business case to spend more money. But there are compelling signals that clearly indicate CRM is now front and center, and traditional continuity programs are falling in line as part of a bigger risk management agenda. This represents a profound shift and one that companies and practitioners can ill afford to deny or ignore.
Risk management is fundamental to the effectiveness, relevance and management of every continuity program. It is not to be confused with continuity program management (CPM). Risk management capitalizes on fundamental risk-based decision-making processes that already operate in most organizations.
Contrary to what some might think, executives are keenly aware of risks — they make risk management decisions every day. The emergence of enterprise risk management (ERM) has paved the way for continuity managers to participate in a more productive discussion related to risks that might impact business or IT operations. While ERM is more concept than reality in most large organizations, it sets in motion a vision state where a broad array of risks can be measured and prioritized, providing executives with the data needed to make difficult decisions about where to invest, and what level of risk to accept.
Starting with the concept that “vulnerabilities and threats are endless, but the funds to address them are not,” it is not only possible, but probable, that an organization will have to accept more risk than the executive team is comfortable with because there simply isn’t enough money to fully address every risk. With risk acceptance comes risk management, and risk-adjusted decision making that leads to a more resilient and agile enterprise.
See Continuity Risk Management: The New ‘Big Dog’ by David Nolan for Continuity Insights.
Tags: Business Continuity, continuity program management, Continuity Risk Management, CPM, CRM, enterprise risk management, ERM, Risk Management
