Business Continuity Management and Risk Management
Business Continuity Management (BCM) has close relationship with Risk Management. In many organizations BCM is part of
an overall risk management function. This is particularly the case in financial organizations where risk management is well established, features very high on the corporate agenda, and is usually represented at board level. While the Turnbull
Committee has placed a lot of emphasis on risk, there are other factors that impact on the regulatory environment within which financial organizations operate. The international banking regulations established through the Bank of International
Settlements in Basle, Switzerland, have imposed increasingly sophisticated and extensive requirements for risk management within the banking system. The Basle Committee’s 2001 proposals (‘new Capital Accord’) are a major overhaul of the 1988 Capital Accord. The accord will apply to all major banks in the G10 countries from 2004 and it is likely that regulators in many other countries will adopt it. In the EU, the European Commission has stated its intention to apply the new Capital Accord to all credit institutions and investment businesses. The implications are regarded as far-reaching and will require significant investment by financial institutions in order to comply. There are onerous requirements which
will impact on risk management and business continuity activities.
Risk management is the process of identifying risks, evaluating their potential consequences and determining the most effective methods of controlling them or of responding to them. The aim is to reduce the frequency of risk events occurring, whenever this is possible, and to minimize the severity of their consequences if they do occur.
Risk management should be very much a part of every manager’s day-to-day responsibilities. It is not simply an ‘add-on’. It is integral to strategic management, project management and operational management.
To manage risk effectively, risks need to be systematically identified, analyzed, controlled and monitored.
