Many enterprises today understand the myriad of potential threats to
its people, processes, systems and structures. It stands to be better
equipped for sustained continuity. Business Crisis and Continuity
Management (BCCM) is a dynamic change management initiative that
requires dedicated resources, funding and auditing.
Certainly the largest organizations realize that the risks are taking on different forms than the standard fire, flood, earthquake and hurricane/twister scenarios. These large catastrophic external loss events have been insured against and the premiums are substantial. What is less easy to analyze from a threat perspective, are the constantly changing landscapes and continuity postures of the many facets of the organization having to do with people, processes and systems.
Since effective BCCM analysis is a 24/7 operation, it takes a combination of factors across the organization to provide what one might call C², or “Continuous Continuity”. A one-time threat or risk assessment or even an annual look at what has changed across the enterprise is opening the door for a Board of Directors worst nightmare. These nightmares are “Loss Events” that could have been prevented or mitigated all together.
Most of the best practices talk about a BCCM plan that will be periodically updated. Periodic is not continuous. Change is the key factor here. What changes take place in your organization between these periodic updates? How could any organization accurately account for all the changes to the organization in between BCCM updates? The fact is that they can’t.
This will change over time as organizations figure out that this is now as vital a business component as Accounts Receivable. The BCCM will become a core process of the organization if it is not already, dynamically evolving by the minute as new change-based factors take place in the enterprise. As new or terminated employees, suppliers and partners come and go into the BCCM process, the threat profile is updated in real-time. This takes the operational management that much closer to C², or “Continuous Continuity”.
So what? Boards of Directors have the responsibility to insure the resiliency of the organization. The people, processes, systems and external events that are constantly changing the operational risk landscape become the greatest threat to an enterprise. It’s the shareholders duty to scrutinize which organizations are most adept at “Continuous Continuity” before they invest in their future.
Certainly the largest organizations realize that the risks are taking on different forms than the standard fire, flood, earthquake and hurricane/twister scenarios. These large catastrophic external loss events have been insured against and the premiums are substantial. What is less easy to analyze from a threat perspective, are the constantly changing landscapes and continuity postures of the many facets of the organization having to do with people, processes and systems.
The sources of significant loss events are changing as we speak. Here are a few that should not be overlooked in your Operational Risk Management (ORM) Programs:Frankly, corporate directors have their hands full, helping executives managing risk and continuity on behalf of the shareholders. The risk management process will someday have as big an impact on the enterprise, as other key functions because shareholders will be asking more questions about the changing landscape of managing risk for corporate governance.
· Public perception
· Unethical dealings
· Regulatory or civil action
· Failure to respond to market changes
· Failure to control industrial espionage
· Failure to take account of widespread disease or illness among the workforce
· Fraud
· Exploitation of the 3rd party suppliers
· Failure to establish a positive culture
· Failure in post employment process to quarantine information assets upon termination of employees
Since effective BCCM analysis is a 24/7 operation, it takes a combination of factors across the organization to provide what one might call C², or “Continuous Continuity”. A one-time threat or risk assessment or even an annual look at what has changed across the enterprise is opening the door for a Board of Directors worst nightmare. These nightmares are “Loss Events” that could have been prevented or mitigated all together.
Most of the best practices talk about a BCCM plan that will be periodically updated. Periodic is not continuous. Change is the key factor here. What changes take place in your organization between these periodic updates? How could any organization accurately account for all the changes to the organization in between BCCM updates? The fact is that they can’t.
This will change over time as organizations figure out that this is now as vital a business component as Accounts Receivable. The BCCM will become a core process of the organization if it is not already, dynamically evolving by the minute as new change-based factors take place in the enterprise. As new or terminated employees, suppliers and partners come and go into the BCCM process, the threat profile is updated in real-time. This takes the operational management that much closer to C², or “Continuous Continuity”.
So what? Boards of Directors have the responsibility to insure the resiliency of the organization. The people, processes, systems and external events that are constantly changing the operational risk landscape become the greatest threat to an enterprise. It’s the shareholders duty to scrutinize which organizations are most adept at “Continuous Continuity” before they invest in their future.