Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
In the risk-neutral world, all business and government continuity planning would be risk-balanced. However, in reality, risks, threats, hazards and their consequences change depending on an organizations exposure, sensitivities to impact and other factors. For instance, a natural disaster, can occur without much warning and can have direct and indirect impact on an organization. Complicating the Business Continuity Planners life is a simple fact, events have unforeseen consequences that can rarely be planned for.
Thus, while risk-neutral dynamics are ideal for producing plans that meet regulatory compliance requirements, risks, threats, hazards and consequences must be assessed with reference to real-world dynamics. Real-world dynamics incorporate uncertainty, current capacity and current capabilities that have immediate consequences for the generation of business continuity scenarios by any organization.
Explore the Real World
The risk dynamics of the real-world can provide unparalleled scenario generation opportunities. You can also explore the roles of the organization against real-world events, current issues, complexity and the volatility of your operational markets.
Chartis reports that Operational Risk has overtaken credit risk as the most important risk type. So, shouldn’t your scenarios reflect operational risk issues? Fraud, Cyber-Threats, Geo-Political Uncertainties, Human Capital Issues, Supply Chain, Non-Aligned Business Risks/Impacts, etc., should be brought to the forefront of scenario planning.
Expanding your scenario planning horizons will allow for the incorporation of inputs from other disciplines within your organization and, perhaps, external to your organization. Since risk is a non-static element, you will be able to add perspectives that allow you to better understand the nature of the risk that your organization is facing and to expand the operational risk management function to encompass more of the organization.
Future Think: prepare for crises
By its nature the scenario development function should prepare the organization for a spectrum of potential future crises. The World Economic Forum publishes an annual report on global risks. This report is an excellent resource for scenario development. Molding the risks to create a scenario that will validate your Business Continuity Plans at all levels (Strategic, Operational and Tactical) will embed business continuity and risk based thinking into the culture of the organization. This will allow you to address key Governance issues:
- Business Continuity Strategy: Develop the guiding strategy that will define how your organization perceives risk and threats and subsequently developing a roadmap to achieve the strategic business continuity goals.
- Business Impact Analysis: Determining the recovery requirements and the impact to your organization’s business reputation and financial impact on services.
- Risk Assessment: Determining the risk, threat, hazard landscape and the potential consequences of the realization of risks, threats, hazards to the organization.
- Recovery Strategy: Selection of a range of recovery arrangements and protocols in advance so that services and necessary support infrastructure can resume operations within a prescribed period of time.
- Baseline Measurements: Provide analytical data to leverage diagnostic methodologies, tools and resultant metrics.
- Establish Business Continuity Office: Create an integrated Business Continuity Office within the organization that draws on internal experts to provide corporate training, guidance and governance.
- Business Continuity Plan: Validate plans based on complex real-world criteria.
- Value Assurance: Embedding business continuity thinking as a way of doing business not as an adjunct to the business being done.
The organization that adopts a real-world view for scenario development with take a leadership role in business continuity and risk management. Realize that the scope of operational risk management and business continuity are integrally linked and will continue to widen as the impact of real-world events and issues is realized.
If you want Senior Management to see Business Continuity Planning as a “value add” to the organization you need to begin to focus on the Key Risk Indicators (KRI) that keep them up at night.
Geary Sikich – Entrepreneur, consultant, author and business lecturer
Contact Information: E-mail: G.Sikich@att.net or firstname.lastname@example.org. Telephone: 1- 219-922-7718.
Geary Sikich is a seasoned risk management professional who advises private and public sector executives to develop risk buffering strategies to protect their asset base. With a M.Ed. in Counseling and Guidance, Geary’s focus is human capital: what people think, who they are, what they need and how they communicate. With over 25 years in management consulting as a trusted advisor, crisis manager, senior executive and educator, Geary brings unprecedented value to clients worldwide.
Geary is well-versed in contingency planning, risk management, human resource development, “war gaming,” as well as competitive intelligence, issues analysis, global strategy and identification of transparent vulnerabilities. Geary began his career as an officer in the U.S. Army after completing his BS in Criminology. As a thought leader, Geary leverages his skills in client attraction and the tools of LinkedIn, social media and publishing to help executives in decision analysis, strategy development and risk buffering. A well-known author, his books and articles are readily available on Amazon, Barnes & Noble and the Internet.