Tuesday, May 22, 2012

Drivers of performance: ISO 31000 and Business Continuity ...

Notes for my presentation delivered at the?G31000 Conference?in Paris on 21 May 2012

G31000 Conference

Background

Risk management is fundamental to business continuity management at the United Nations.? While in principle we base our business continuity plans on the anticipation of a Black Swan event, we assess risks to identify substantive preventative and mitigation actions to manage local risks.

Risk management writ large is widely practiced at the United Nations, however with varying formality.? Like many organizations, the most advanced risk management tends to be concentrated in finance and hazard risks that are easily quantifiable and for which we have in-house experts.

Increasing the sophistication and expanding the scope of risk management has been challenging.? Varying terminology and methodology complicate and inhibit communication, and the practice of risk management to the detriment of organizational performance.? Adopting an international risk management standard would certainly contribute to resolving this.

A brief history of business continuity management

Simply put, business continuity management is a process by which an organization identifies its most important activities and develops a plan to continue them no matter what.? Business continuity management can trace its origins to IT disaster recovery, the maintenance of core IT and information systems.? As a result, the business continuity risks were initially IT-focused.

Y2K was the first major even that gave visibility to business continuity, but it was the 9/11 attacks that was the game changer given the level of destruction centered in the financial district of New York City.? The significant disruption posed by the?SARS outbreak?in 2002-2003, and then the threat of pandemic influenza in the mid-aughts further reinforced the need for organizations to have formal business continuity management programmes.? It was the latter that spurred the establishment of the Business Continuity Management at the United Nations Secretariat and other United Nations agencies.

The practice of business continuity has evolved with risk.

As the threat of a?global influenza pandemic?waned, it was recognized that the scope of business continuity risks needed to be expanded to include all hazards: terrorism, natural hazard events, disease et al.? The evolution of business continuity at the United Nations has tracked this same path.? What keeps us up at night are Black Swan events.

The context has changed

Risk management is fundamental to effective business continuity management, now even more so with the increased scope of threats that we face.? Further, the systems on which we our critical processes depend are linked and interdependent, not necessarily in ways we understand.? Our operations may therefore be vulnerable to disruptions about which we do not even know.

We are also being pressed on another front: resources.? The global financial crisis has placed pressure on the resources provided by donor governments. Shrinking resources also mean that organizations must prioritize.? Organizations are responding by consolidating and integrating to leverage resources.

Risk forms a common ground

It is not uncommon for organizations to pursue a?programme approach?to preparedness, characterized by different units being responsible for different elements. Although organizations can establish a considerable capacity for crisis response this way, the?programme approach?to preparedness followed runs a risk of compromising the overall effectiveness and response through process duplication and incoherence. It may also lead to increased cost to implement and maintain different initiatives, and an increased burden on offices to develop and implement different preparedness plans, particularly in the field.? To address these shortcomings, there is a trend toward an integrated?systems approach.? Risk management facilitates this shift by providing a common denominator across disciplines.

Under a systems approach risk management provides a convening function, providing catalyst to interact across organizational lines and a common basis of understanding for all those involved.? Risk management also provides a basis to collaborate around shared risks, and to prioritize resources.

Anytime you have a conversation around risk, good things happen.

Anytime you have a conversation around risk, good things happen.? In our experience implementing business continuity, and this holds around the world, that this conversation results in?serendipitous effects?where individuals who never would have connected ? either because they are separated geographically or by the organigram ? interact and identify ways in which they can collaborate to capture economies of scale and scope, and enhance their projects by integrating fresh perspectives.? Because business continuity touches all parts of an organization, we have found that one of the manifestations of the serendipitous effects is tighter operations all round.? In this way, effective risk management enhances organizational performance.

Engagement leads to serendipitous effects.

?Conclusion

Our experience clearly points to risk management value of its convening function, providing a common reference for communication and framework to prioritize resources.? Equally important, the process of coming together around risk leads to serendipitous effects, with significant potential value.

Implementing the fundamentals of ISO 31000, for business continuity or otherwise, will make your organization stronger.

40.777178 -73.976437

Like this:

One blogger likes this post.

lee corso thanksgiving appetizers greg jennings thanksgiving recipes thanksgiving recipes mashed potato recipe mashed potato recipe

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.