BCM Business Continuity Management & GRC Software isn’t just about creating a recovery plan for your organisation. E.g. an office fire with GRC software automatically texting office workers to “Please proceed to leave the building immediately with care”. Yes, this is a significant part of it, BCM Business continuity management is all about having a structured, solidified plan in place for your enterprise to face these scenarios. On and off premise GRC solutions for these circumstances is crucial
Overall, it’s about giving risk managers the correct tools to automate, document, analyse and respond to these events at a moments notice.
The underlying question behind this is, why is GRC Governance, Risk and Compliance and BCM Business Continuity Management even separate?
- BCM or Business continuity management is primarily owned by information technology officers and mainly focuses on IT infrastructure disruptions. In many organisations, IT security is still perceived as an IT-only opportunity.
- On the other hand, BCM is also owned by environmental, health and safety (EH&S). Organisations are currently managing their safety risk in isolated instances. The most critical asset and resources within an organisation are the people within, and organisation have assigned the business continuity topic to their EH&S team as well.
Different Businesses Are Integrating BCM and GRC Together
Human Capital Management and IT infostructure are both missions critical to organisational goals. I’m not familiar with a single successful organisation that could produce goods at scale without these two investitures in place. Even the boy on the corner selling lemon juice still needs one of these. Of course, there are many more aspects to take into account when analyzing and documenting business continuity plans and we could be here for days.
Here is a simple BCM plan:
1. Internal Process Documentation Consistency
- Harness the processes and documentation by other teams, such as audit management. Maybe I should write a blog on the advantages and disadvantages of utilising other team processes? The point is, leverage other internal resources. We all have the same goal in mind: Make sure the company is running smoothly and well prepared for as many situations as possible. Therefore, BCM should reuse internal documents by these teams so they cover the processes that are mission critical.
2.Understand Your Risk Register
- As any wise man will tell you, don’t sit under a tree while it storms. Risks are everywhere – this includes many registers. Companies that have a strong ERM framework (Enterprise Risk Management), the core risk register is THE SOURCE OF TRUTH. BCM needs to utilise the risk register internally; this ensures that mission-critical risks are identified with an appropriate action plan in place. Coupling this with an automated GRC software solution is also vital in today’s age. Therefore, a collaboration and relationships between BCM & operational risk teams need to happen yesterday.
3. Feedback loops
- Mitigating organisational risks through continuous risk improvement is vital. Imagine having risk processes like action plans, controls policies and business continuity plans on paper and not on-premise or in the cloud accessible anywhere.
- Risk owners need to wake up and be able to preview any incident that has sparked in a risk continuity plan and learn from what needs to be done at a moments notice. Your GRC software needs to document real-life incidents along with all the triggers therein – not just incident developments. Take a step beyond root case analysis.
- The opportunity for risk owners to add additional drivers to his/her risk and design a holistic mitigation strategy that prevents armageddon and mitigation in the future.
Is your organisation’s BCM and GRC cohesive and working together? Have you gone paperless and with the latest automation? If not, try ReadiNow out by getting your free demo today. www.readinow.com/request-demo