Risk management and business continuity planning are often seen by organisations as distractions from their day-to-day business. Many organisations approach these areas as a compliance activity required to meet certain standards, because their clients expect them to have policies and procedures in place, or because senior management have said they need them.
However, approaching risk and business continuity from this perspective significantly limits the value of these activities. These areas should not be seen as a separate activity or corporate overhead, but incorporated into the way in which organisations conduct business on a daily basis.
The role of risk management is to ensure organisations consider all available information prior to making decisions. Rather than relying on assumptions about your operations, or thinking that everything will be ok, effective risk management is really about testing those assumptions and asking, “What if…”. It doesn’t need to be an onerous or time-consuming task, and should be incorporated into normal decision-making processes.
Likewise, business continuity planning is ensuring that when something unplanned happens, organisations are in the best position to continue operating. A common approach to business continuity planning is scenariobased – that is, “if this happens (loss of electricity), then we do this”. Whilst this approach has merit, it limits the planning to what organisations can imagine. A better approach is to break business continuity into three fundamental elements: loss of access (either temporary or permanent) to facilities; loss of staff (including temporary loss, such as where staff stay home due to bushfire risk); and loss of key services (again, either temporary or permanent).
Using this approach, and by identifying multiple possible approaches to dealing with each, organisations can manage a business interruption without the need to try and plan for each individual type of event. This approach also aligns with normal business planning.
If risk management and business continuity are approached in an integrated way, and as part of normal business considerations, then organisations can:
- truly identify and understand the risks they face (both internal and external to the organisation);
- plan effectively and modify their operations to minimise or remove the impact of risks;
- know how they will deal with a business interruption when one occurs (and all organisations suffer business interruptions at some point); and
- if caught out by the unexpected, can efficiently and effectively continue to operate.
The Cordelta governance, risk, and compliance team can assist you with positioning your firm to make the most of any eventuality. Contact us for further details.