Home

BCM World Conference 2013: Risk Management and Business Continuity

November 18, 2013

BCM World Conference and Exhibition

Again this year, I made the pilgrimage to London to attend the BCM World Conference and Exhibition; a link to the background paper for my presentation is here.

As always, there were some nuggets.  Here is one:

Risk and Business Continuity (Mike Power – LSE)

Professor Power cogently described how Business Continuity Management can contribute to effective enterprise risk management.  He began by detailing the challenges to manage enterprise risks:

  • The Illusion of Control, characterized by the assumption that we have more of an understanding of cause and effect than we really do.  As I have written elsewhere, in complex and anarchic events, cause and effect can only be understood after the fact
  • Fragmentation of capability to manage specific risks
  • Entity v System Focus, resulting in organizational stove pipes
  • (Unrecognized) Interconnectedness, concomitant with today’s complex systems

Power then turned to the challenges for Business Continuity Management in the enterprise:

  • BCM has historically been disempowered, considered overhead and not a value-generating part of the business
  • The slow emergence of operational risk
  • Weak institutionalization, stemming from the perception that BCM has only an operational or technology focus
  • Weak accountability within the enterprise for low probability-high impact events, which are the bread and butter for BCM

To respond to these challenges, Professor Power proposed a number of solutions:

  • Establish and formalize the Three Lines of Defence: Business, Corporate Risk Management, and Internal and External Audit.  These lines are graphically depicted at Figure 1.
Figure 1 – Three Lines of Defence
business continuity management risk management

The ‘Action’ is in the fuzzy area between Levels 1 and 2

  • Identify the scenarios under which your organization will fail . . . completely, and then decide what will be your strategies to recover from catastrophic loss
  • Establish a risk culture – the ability to think of alternate futures and build action plans around them – where:
    • The authority for risk and control functions are clear
    • There is a respect for controls
    • There is close attention to incentives risk
    • Accept that you can do your best, but there is still a chance for failure
  • Recruit charismatic BCM leaders
  • Build the narrative of BCM’s value generating capacity:
    • Embed resilience as a core organizational value and ‘BAU’
    • Circulate stories of success
    • Create the discourse, incorporating the performance nature of language: if you talk in a certain way, it will happen
  • Incentivize collaboration: when the world is moving against you, to succeed, collaboration must increase.

My Take

Professor Power’s presentation resonated with me because the content was consistent with my experience.  First, there is a common bias toward a programme, or entity, approach over a system approach.  This in turn complicates the management of operational risk, which can only be done effectively by an enterprise approach.  Second, it is ironic that fragmentation features in a field – emergency management – in which consolidation is almost always a good idea.

The fewer baton passes, the fewer times the baton will be dropped

The fewer baton passes, the fewer times the baton will be dropped

Third, there is a critical message implicit in the Three Lines of Defence: corporate BCM can support businesses prevent, prepare, respond and recover, but each business is responsible for their continuity and resilience.

Finally, BCM is a value generator.  The focus of BCM is to find and preserve value within the organization.  Executing this responsibility, connects BCM with all parts of the enterprise, inevitably generating serendipitous effects that are typically of significant value.  Any time you have a conversation around risk, good things happen.

2 Responses to “BCM World Conference 2013: Risk Management and Business Continuity”

  1. Alan Elwood Says:

    Brian. It sure was an interesting talk from Professor Power. You’ve summarised the points well and I agree with your sentiments. Plus it was nice to be presenting along with you.

    Like


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 583 other followers

%d bloggers like this: