You have a Risk Department. Why do YOU conduct Risk Assessments?

If you’re new to Business Continuity, you have a lot to learn.  A thorough understanding of Risk – and how to assess Risk – need not be on your To Do list.

As a BCM professional, you already know how much time you spend on Risk Assessments.  Have you ever considered how little value a BCM-centric Risk Assessment provides?

Most large organizations have a Risk Management Departments.  They catalogue, monitor and manage risks.  If that’s already their fulltime job, why are you conducting Risk Assessments?  Even in a smaller company, is a BCM practitioner really most qualified to be conducting Risk Assessments?

Risk Management is more a science than a project.  Risk Managers spend their time focusing on risks. Most small businesses without dedicated Risk Management departments understand their organization’s risks – even if they don’t act on them.  Those who set a business’ strategic direction consider risk in those plans (regardless of whether they do so consciously).

So why should we expect Business Continuity managers to be Risk experts?  They devote their time, and energy assessing risks specifically for BCM – when an understanding of organizational risks already exists elsewhere in their organization.

Asking line managers to help evaluate risks to their business processes is equally wasteful.  Most are too close to day-to-day operations to perceive all but the most obvious risks, and generally have no prior experience thinking about risks.  So BC Managers often fall back on a predetermined list of potential risks with only the most widely impactful importance and limited, if any, value.

A Business Continuity Management program can function without conducting Risk Assessments. Conversations with the right people (Risk Managers or strategic managers) can collect sufficient information to accommodate the needs of BCM.

Stop reinventing the wheel; leverage existing institutional knowledge. Then cross Risk Assessments off your Things-to-Do list.

Register for one of our upcoming webinars

Jim Mitchell

Jim Mitchell

A frequent speaker at Business Continuity conferences, many of Jim Mitchell’s blogs can be found elsewhere on eBRP’s website and has published articles in DRJ, Continuity Insights and Continuity Central. Jim has more than 20 years of experience in Business Continuity; if you don’t agree with his opinions – he won’t be surprised.

Related Posts

Insights into creating a successful Disaster Recovery Test – Part 2: Preparation

Insights into creating a successful...

Insights into creating a successful Disaster Recovery exercise – Part 1: Objectives

Insights into creating a successful...

Aligning Cyber Incident Response Planning with Your BC/DR Program

Aligning Cyber Incident Response Pl...

Cyber disruptions – and their impact on both reputations and…
What Can You Do when your BCM software Relationship Falls Apart

What Can You Do when your BCM softw...

“This isn’t working.”  “I’ve changed.”  “I don’t see a future…
Aligning BC/DR to CSIRP Challenges

Aligning BC/DR to CSIRP Challenges

The immediate reaction to a cyber-security incident is the FUD…
Technology Modeling – the eBRP Way

Technology Modeling - the eBRP Way

Definition: Technology modeling is a point-in-time snapshot of an Enterprise’s…
eBIA – The eBRP Way

eBIA - The eBRP Way

Definition: A Business Impact Analysis (BIA) is the cornerstone of…
Threats, Impacts, BCPs

Threats, Impacts, BCPs

Within Business Continuity circles there is ongoing debate about the…
The BCM Challenge: Executive Buy-In

The BCM Challenge: Executive Buy-In

As a Business Continuity Management (BCM) solution provider, the first…
DR Plans – The What, When & Who

DR Plans - The What, When & Who

As a Business Continuity practitioner with more than 20 years…