Relationship between risk management, business continuity and crisis management
Vložit
- čas přidán 12. 08. 2023
- In this short off the cuff video response to Bradley Guest, I briefly outline my personal approach to understanding the relationships between Risk management, Business continuity, and Crisis management. The subjects and nuances are very wide, so this is just an outline based on what was on the tip of my tongue at the time while walking with Llewellyn 🐕
**NOT INTERCHANGEABLE
Whilst the terms have many similarities and overlaps, they aren't fully interchangeable, and therefore it is beneficial to have a working understanding of at least the high-level differences.
I tend to conceptualise the differences from an ISO perspective and from an organisational objectives perspective.
The ISO approach to differentiation I have always believed very beneficial as each has its own ISO - this enables direct comparison and slow time evaluation of definitions and what those who write the standards have recorded after much discussion and debate. It also supports the 'hopeful' commonality of language and understanding given its international nature.
The organisations objective approach is beneficial as the activities required for Risk management, Business continuity management and Crisis management can be identified and the differences and similarities noted, making application of each methodology more understandable
✅ ISO 31000 Risk management
✅ ISO 22301 Business continuity
✅ ISO 22361 Crisis management
Some of the points I make are (there are many more of course):
➡️ 'Crisis' is STRATEGIC - It is something that threatens the actual viability of the organisation. It is an abnormal or extraordinary event that may not be identifiable before hand
➡️ 'Crisis' is not geographically bound
➡️ A member of the 'Crisis Management Team' could be a 'Business Continuity Specialist' as the resumption of products or services will be a key consideration
➡️ 'Risk' is a theme throughout Crisis management, and indeed is 'Principle C', of the seven Principles for crisis management in ISO 22361
➡️ 'Risk assessment' is identified as a separate activity to 'Business Impact Analysis' in both ISO 22301 and the Good Practice Guidelines 2018.
➡️ The six steps of the risk management process are iterative, meaning the 'Risk theme' should be throughout the organisations activities
➡️ 'Business continuity' focusses on 'disruptions, timelines and business continuity objectives regarding sustaining operations' at all organisational levels - Strategic, Tactical and Operational
➡️ Business Impact Analysis can be done at multiple levels, from activity, to product or service to an initial high-level BIA
➡️ The origin of a 'crisis' can in fact be a mismanaged 'business continuity solution'
This is my personal take Bradley - All in all, I highlight there are nuances and overlaps, but also separations and differences.
Thanks for reading and watching if you do, Andy
Excellent video, thanks for sharing