Business Continuity Management (BCM)
Business Continuity Management (BCM) is about protecting your organization against the consequences of disruptions and both known and unexpected threats and risks. Unfortunately too many people prepare insufficiently for such circumstances and do not know how to act in a controlled and structured manner during a disruption. BCM has never been more important with the threats faced by organizations in all sectors developing and expanding. It’s not getting any better for that matter; ICT dependency and the rappid growth in cyber crime are a good examples of how the threat landscape is developing.
All employees within an organization are mainly focused on the day-to-day execution of activities, the objectives set by management, current and possibly future orders, while the focus is less on known and unknown risks that could seriously threaten the organisation’s continued existence. Achieving the (financial) objectives is at the top of every agenda and that is obviously understandable. Business Continuity and to be more specific, managing this, deserves a more prominent place on the agenda. When the continuity of the organization is threatened, clichés like, “If only we had ….” pop up, it’s unfortunately too late at that stage to realise the importance of BCM.
Business Continuity can be defined as the ability of an organization to plan for and respond to a serious disruption, in order to ensure that it can function operationally at a predetermined level following disruptive incident. Business Continuity Management is the holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience. BCM provides the capability for the organization to response effectively to incidents, safeguarding the interests of key stakeholders, reputation, brand and value-creating activities. BCM ensures that the organization is as well prepared as possible to handle crises; however let one thing be very clear, it’s Business Continuity Management and not Business Continuity Guarantee.
Risk Management is part of BCM in this context, although there are those who state the opposite; that BCM is an aspect of Risk Management. More importantly than where Risk Management fits in the organizational pecking-order, is that attention is paid to managing risks and preventing significant damage due to a serious event (disruption). Ensuring the continuity of the organization as optimally as possible focuses, in addition to prevention, mainly on responding and acting in the event of a serious incident.
Speaking of risk …. anyone who is a director of his or her organization (not just the statutory director!) should realize that in the event of a serious business interruption or worse (bankruptcy or company closure), the shareholders and other interested parties, can question the correctness and effectiveness of your actions during the incident. You should always act carefully in the business interest. ‘Obviously improper management’ as it is called in the Netherlands can lead to individual legal liability for you as a director! Here, too, things are changing rapidly and developments in the business-environment are certainly not heading in the right direction for senior management, let alone statutory directors.
In the light of this, it is clear that no senior manager can ignore his or her responsibility to do everything possible to ensure the continuity of the organization.