On stones, clay and rubber balls: why business continuity is not a risk management discipline

Mark Armour explains why he believes that we need to agree on our definitions and change our thinking around risk management, business continuity and resilience.

First, this is not about where the responsibility for business continuity should reside within an organization. It is about the responsibilities of the business continuity profession and its practitioners. Lately, I’ve witnessed the practice of risk management begin to take over that of business continuity. Many practitioners promote this alignment and foster the perception that business continuity is simply a part of the practice of risk management. I say this is bad for both disciplines and the organizations they serve.

For the sake of clarity, let’s start with some simple definitions:

The Institute of Risk Management states ‘Risk management involves understanding, analysing and addressing risk to make sure organisations achieve their objectives.’ The International Risk Management Institute describes its work as ‘The practice of identifying and analyzing loss exposures and taking steps to minimize the financial impact of the risks they impose.’

More of the Continuity Central post

Comments are closed.