Let's try and identify some of the risks that an organisation will face and which need to be considered in a risk register.
These risks are interesting and can inspire you to expand on them but they are not exhauative.
It is important to instigate a horizon scanning process to identify a set of risks to analyse.
So let's try and find out what risks can be considered?
The Business Continuity Institute (BCI), in conjunction with the British Standards Institute (BSI), has compiled a ‘horizon scanning report’ which shows the perceived threats that organisations may face in 2019.
The top ten threats identified were:
Cyber attacks and data breaches
IT and telecom outages
Adverse weather/natural disasters
Critical infrastructure failure
Reputational incident
Regulatory changes
Skills shortage
Supply chain disruption
Utility failure
Political change
Some threats are more common, while others are dependent on factors such as geography, social conditions and industry sector.
How does these risks measure up to what your own risk register is stating?
What about climate change and the covid pandemic?
We need to state this at a proper level.
Consequences of not having a Business Continuity or Crisis management plan may include:
The organisation ceases to operate – leading to job losses
Harm is caused to the community or the community needs to be relocated (permanently or temporarily), for example in nuclear disasters.
Essentially, organisations have BCM and CM in place in order to prepare for and respond to disruptive events which directly or indirectly affect the organisation.
By having them in place they can manage the operational elements that allow them to function normally and maintain revenue generation/service provision.
BCM enables the identification and development of strategies and contingency plans to manage the effects of disruption, to mitigate the impact on critical activities or outputs and recover the business back to normal levels of operation as soon as possible within what is acceptable to the business.
Crisis Management (CM) is a strategic management process.
The British Standard BS 11200:2014 (Crisis Management – Guidance and Good Practice) defines a crisis as:
An inherently abnormal, unstable and complex situation that represents a threat to the strategic objectives, reputation or existence of an organisation.
A crisis can consist of four elements (Venette 2003):
A threat to the organisation
The element of surprise
A short decision time
Where the old system can no longer be maintained
When dealing with a crisis we can think of it from a time perspective (Coombs 2012), as shown below:
We will examine further risks that an organisation can face in the next blog but how does your organisation identify and analyse the risks it faces?
What are its major Risks?
Do they natch with what we have already identified?
Comments