Align BCM with your risk appetite

Align BCM with your risk appetite

In the real world, one needs to tailor one’s appetites to one’s pocket—and to what one really wants to achieve. The same thinking applies to designing the right Business Continuity Management (BCM) solution.

By Renier du Plessis, Client Executive, ContinuitySA

In an ideal world (perhaps) we would have it all. But in the real world, we have to balance what we need with what we want—and what we can afford. We do this all the time, more or less successfully, but often when it’s something particularly important, we call in help from the experts.

For example, working with a personal trainer to put right exercise regime and diet in place to achieve the beach body we want before that Mauritius holiday!

The same sort of thinking should guide how we approach our BCM planning. Here what we need to balance is our need to make the organisation resilient enough to recover quickly from a disaster—any disaster—with the fact that contingency plans, systems and facilities all cost money.

The key point to consider here is the organisation’s risk appetite, something that will depend on the nature of its business and the circumstances in which it operates. For example, a financial services institution with a strict regulator breathing down its back would have a greater need to recover certain of its processes more quickly than a book publisher.

Nor is each process within a company equally important. A company might need to have its help desk up and running within the shortest possible time, whereas its despatch desk might be able to be down for several days without greatly affecting the business.

The point here is that recovery speed equals resources, and no company can afford to squander its money on the best for everything all of the time.

That’s where the help of a trusted partner—the equivalent of a personal trainer—like ContinuitySA can make all the difference. Its highly trained and experienced Advisory team can assist with the necessary analysis to identify the key processes and establish exactly how quickly they need to be recovered (the Recovery Time Objective, or RTO) and how much data it could afford to lose (Recovery Point Objective, or RPO).

Based on this understanding, a BCM plan that provides the necessary protection without wasting money or resources can be constructed—just as with the help of a personal trainer you can maintain your physical condition without spending all your time in the gym or starving yourself.

To this end, ContinuitySA has numerous clients whom we have assisted in various ways to ensure that their BCM aligns with the risks they face. A prime example would be how we conduct a Crises Simulation and demonstrate to clients not only the importance of practising their BCP (Business Continuity Plan) – to keep fit, but then also assisting with addressing the gaps identified out of such a session – ensuring the correct toning.

For more details on how ContinuitySA can assist you with your BCM and crisis simulation requirements be sure to contact us and talk to one of our BCM Advisors.