Business continuity
215
is to look at the continuity of operations across the whole organization. Ensuring 
continuity is obviously part of an ERM approach. It should therefore be considered 
that BCP is part of ERM, but it is not the whole of ERM activity. Nevertheless,
there is a strong similarity in approach and the business continuity and disaster
recovery activities should take place within the context of a broader ERM initiative, 
as appropriate. Both approaches seek to achieve continuity of effective and efficient 
core business processes.
Enterprise risk management is explored in more detail in Chapter 8. The basis of 
ERM is that the stakeholder expectations and the core processes of the organization 
that deliver those expectations are the focus of the risk assessment process. The
intention of ERM is to ensure that the core processes are maintained.
Continuation of core business processes is also the basis of BCP. The difference in 
emphasis is that ERM seeks to identify the risks that could impact the effectiveness 
and efficiency of core processes. BCP seeks to identify the critical business functions 
that need to be maintained in order to achieve continuation of the business. The
approaches are complementary and there is a good deal of similarity between BCP 
and this style of ERM.
Page 53 identifies the constant availability of prescription drugs as a core process 
for a pharmaceutical company. It is possible to take an ERM approach to this core 
process and identify the risks that could disrupt the process. In taking this approach 
to risk management, the pharmaceutical company will have combined the ERM 
and BCP approaches in a way that clearly focuses on the delivery of stakeholder 
expectations.
Scenario planning is an important component of business continuity and has 
broader implications for the successful implementation of enterprise risk manage-
ment. For financial institutions, scenario planning extends to evaluation of the balance 
sheet capital that would be required by the financial institution in the event of
difficulties similar to the global financial crisis of 2007/08. This type of scenario 
planning for financial institutions is usually referred to as ‘stress testing’ and is often 
a specific requirement of banking regulators.
Scenario planning needs to take account of the external and internal context of 
the organization, as well as the business impact analysis. Also, there is a strong
relationship between scenario planning and crisis management. Disaster recovery 
planning and business continuity planning can take account of foreseeable incidents, 
but it is more difficult to foresee every crisis that might arise. Therefore, a useful 
aspect of scenario planning is that it anticipates highly unlikely circumstances and 
then challenges senior management to develop successful responses.
The lessons from scenario planning can then be used to take actions that will
increase the resilience of the organization. The text box overleaf describes an approach 
to scenario planning supported by the Cabinet Office of the UK Government, in
relation to disruption of national infrastructure, such as the electricity supply
network.

Download 3.45 Mb.

Do'stlaringiz bilan baham: