No matter the size of an organization or its industry, business continuity — or the process by which companies maintain the viability of their business processes in the event of a disruption — is a critical issue facing senior management and corporate boards. Faced with greater scrutiny from regulators, shareholders, and customers, business continuity is no longer just an audit comment but an essential part of maintaining a business edge.
Many of the business drivers behind the focus on business continuity management and crisis readiness can be found in the myriad of regulations facing organizations today. Regulatory issues are no longer limited to the financial service industry but, as in the case of Sarbanes-Oxley, impact all industries. No one can dispute the fact that an effective business continuity plan is essential in today's corporate and political environment. Equally important is the mandate by customers that their suppliers and vendors maintain business continuity plans in order to ensure an end-to-end process capability in the event of a disaster. In the United States, standards such as Federal Financial Institutions Examination Council, Securities and Exchange Commission, National Association of Securities Dealers, New York Stock Exchange (in the financial sector), Health Insurance Portability and Accountability Act (in the healthcare sector), Federal Energy Regulatory Commission, and Natural Environment Research Council (in the energy sector), have put business continuity management at the top of many boardroom agendas.

Understanding the impact of risks is the crucial element in the development of a business continuity plan. Armed with this information, an organization can prepare a cost effective business continuity plan as part of a total risk transfer architecture. This would include risk mitigation, insurance, and reacting to an interruption. In this way, an organization can respond to the many events that are outside of the control of the organization — such as natural and manmade disasters, changes in regulations, economic downturns, etc.

In ideal risk management, a prioritization process is followed whereby the risks with the greatest loss and the greatest probability of occurring are handled first, and risks with lower probability of occurrence and lower loss are handled in descending order. In practice the process can be very difficult, and balancing between risks with a high probability of occurrence but lower loss versus a risk with high loss but lower probability of occurrence can often be mishandled.
Intangible risk management identifies a new type of risk - a risk that has a 100% probability of occurring but is ignored by the organization due to a lack of identification ability. For example, when deficient knowledge is applied to a situation, a knowledge risk materialises. Relationship risk appears when ineffective collaboration occurs. Process-engagement risk may be an issue when ineffective operational procedures are applied. These risks directly reduce the productivity of knowledge workers, decrease cost effectiveness, profitability, service, quality, reputation, brand value, and earnings quality. Intangible risk management allows risk management to create immediate value from the identification and reduction of risks that reduce productivity.
Risk management also faces difficulties allocating resources. This is the idea of opportunity cost. Resources spent on risk management could have been spent on more profitable activities. Again, ideal risk management minimizes spending while maximizing the reduction of the negative effects of risks.

This business information website has been created as a source of objective and credible information for business professionals and consumers, and does not endorse any specific product, service or organization.