Enterprise risk management and business continuity management: Together at last
Organizations that integrate enterprise risk management (ERM) into their strategic planning efforts have found that business continuity management (BCM) enhances both their value creation objectives and their protection objectives. The confidence that comes from identifying and appropriately addressing interruption risks enables them to more boldly execute those strategic plans. But to gain that confidence requires the melding of ERM and BCM programs.
Executing a series of well-coordinated ERM and BCM integration activities makes it possible to realize the full value of optimized business continuity management
Leading-practice integration examples include:
- Consider ERM and BCM program integration
- Involve BCM management in the ERM risk assessment process
- Involve ERM management in BCM interruption risk assessment planning and analysis
- Perform a BCM business impact analysis (BIA) that is informed by the ERM program’s impact categories, weighting, and thresholds
- Develop ERM-informed risk resiliency improvement recommendations
- Enhance risk scenario analysis
- Conduct BCM capability examination and post-incident analysis
- Link BCM and ERM program effectiveness reporting
- Leverage governance, risk management, and compliance (GRC) technology
ERM lifecycle and BCM lifecycle synergies
- Program governance
- Risk assessment/business impact analysis (BIA)
- Risk treatments/strategies
- Risk plans/business continuity plans
- Program effectiveness monitoring and reporting
Program governance
- ERM and BCM program governance is tightly coupled, sharing many of the same stakeholders
- The ERM and BCM program owner can be the same individual, yet supported by separate administrative teams
- The ERM and BCM programs report to the same risk committee and/or board of directors
Contact us
Follow us
