The final attribute of the RIMS Risk Maturity Model should be of great interest to risk managers responsible for establishing an enterprise risk management (ERM) program. Without some level of business resilience and sustainability built into your program, the iterative, cultural changes that are created by the ERM process will wane and your exposure to loss events will increase.
Traditionally, business continuity plans have focused on technology platforms, but resiliency means much more than ensuring that your information technology infrastructure is prepared for disaster recovery. Consider that the IT infrastructure that is the focus of your business continuity plans is likely to play a critical role in the execution of your mitigation activities (for example, a server that supports access rights and security). A lack of capability to explicitly identify relationships between these entities can result in huge increases in short term risk exposure at the worst possible time, as rapidly deteriorating business environments require even stronger change management ability.
Analysis Based Planning
The key is to determine the downstream dependencies and effects that various external events may have on your operations, and to re-evaluate and assess the potential impact of these events on a frequent basis. Typical business impact analysis (BIA) identifies critical functions, but does not account for a business area’s inherent risk exposures or confidence in mitigation plans.
An ERM approach prioritizes not just business functions, but also mitigation activity and emerging risks that require increased attention. These factors should be weighed against each other and reevaluated as part of the business continuity process. In fact, the concept of “Proactivity,” or the third dimension of the RMM assessment, is specifically geared to evaluate an organization’s ability to prepare for and manage surprises before they materialize.
Looking to integrate Business Continuity with Risk Management? Download our guide on Integrating Governance Areas with ERM.