Toward Optimum Resiliency: Practical Alignment of BCM and ERM Processes

Abstract

Nowadays, enterprise business processes significantly relay on sophisticated and complex IT technologies to enhance business productivity which in turn increase operations' risks of failures and interruptions. Enterprises strive to continuously improve their business continuity program by testing business continuity plans to ensure optimum productivity and resiliency. However, usually observations recorded from drills' activities are not addressed effectively and in timely manner. Business Continuity Management (BCM) and Enterprise Risk Management (ERM) processes should be aligned together to reduce the time to address recorded observations. This paper illustrates a new implemented approach by aligning BCM and ERM processes. The alignment is based on extended collaboration. For example, risk register should be designed and shared collaboratively with business continuity practitioners to ensure defining accurate risks mitigation plans and controls for all drills' scenarios as well. Both processes practitioners shall work closely in conducting Business Impact Analysis and Risk Assessments (BIA/RA) and measure the impact of IT services' disruptions. Moreover, ERM practitioners should be involved in all BCM activities to detect areas of improvement and measure the effectiveness of developed plans and controls. Once observations are recorded from business continuity and disaster recovery (BC/DR) drills and compliances, they should be presented to a joint steering committee, prioritized based on severity and then transferred to the enterprise risk register. Both processes should operate side by side toward robust IT operations. This practice has been proven to be very practical and effective to reduce business overall risks and overdue observations.