Business Continuity and Risk Management - Report Example

RISK MANAGEMENT Business Continuity and Risk Management ……………………... College ………………………….. …………. Introduction The future, especially when business is concerned, is always unpredictable. The increasing pace of change, fluctuations in customer demands and market globalization have put risk management on the top agendas of many strategic management and forward-looking companies. A comprehensive risk management is imperative for any business to survive today’s competitive markets and face challenges of complicated business contexts so as to ensure business continuity. Business Continuity Business Continuity refers to the strategic movement of a business towards successful business, being unhindered and unconstrained by any possible risks and uncertainties. Business should carry out strategic planning and activities in order to ensure continuity in business operation. As Kaye and Graham (2006) pointed, the strategic approaches to achieve business continuity come only once the risks have been determined and the impacts have been analyzed and understood (p. 9). An effective business continuity management system must be able to take full responsibility of determining and implementing appropriate continuity strategies and these strategies must be able to take full account of recovery time and recovery point objectives by protecting organizational critical functions (Burtles, 2007, p. 72). As business faces a number of changes, risks, uncertainties and challenges with regard to production, marketing, pricing, financing, communication and so on, the business have a better understanding of these risks and it must have strong strategies to continue business without disruption, interruption or loss. According to Kaye and Graham (2006), business continuity process is not just about response, but about building resilience and easiness to strengthen an organization and about understanding what may be the risks and what strategies to be developed. The business continuity process must provide a framework for creating the capability for an effective response that can safeguard the interests of the business stakeholders (p. 10). Risk Management as a way to achieve Business Continuity Risk management is a loop of continuous managerial functions that comprises of various steps and processes like identification cycle, analysis, control and reporting of risks. Merna and Al-Thani (2008) emphasized that the process of managing risk involves 1) Identification of risks and uncertainties, 2) Analysis of implications, 3) Response to minimize and litigate risks and uncertainties, and 4) Allocation of appropriate contingencies (p. 45). Risk identification involves determining which and what types of risks are more likely to affect the manufacturing or a particular project and thence documenting and reporting the specific features of each risks. There can be both internal and external risks. The potential impact of each risks also to be measured. Internal risks may be regarding human capital, machinery, technology and so on; where as external risks can be demand fluctuations, credit or financial crisis, competition, exchange rates etc. Once risk has been identified, it must be analyzed and evaluated. Measuring the exposures or the risks and assessing its impacts and effects on the business are parts of risk assessing and evaluation. As Cooper, Grey and Raymond (2005) described, the risk assessing must be carried out in order to develop the agreed priorities of the identified risks. In risk assessing and evaluation, estimated risks will be compared against given risk criteria (p. 16). The assessment process of the identified risks include determining the consequences of each risks, assessing the possibility of those outcome to be happened and developing agreed risk priorities (Cooper, Grey and Raymond, 2005, p. 17). Various tool and techniques can be used to analyze and assess the identified risks and threats. When risks are effectively quantified, assessed and analyzed, a list of opportunities will be prepared. Once the risks are identified, finding instruments to shift or trade risks and assessing the likely costs and benefits of these instruments are also to be considered. Risk mitigation plays vital role in the risk management process. Risk mitigation may be avoiding, transferring or reducing the risks. The risk mitigation stage is basically a step to ensuring business continuity. The risk mitigation stage is also called risk response stage as it involved defining enhancement steps for opportunities and responses to the risks. Risk avoidance is the removal of a particular threat. Risk avoidance is better option for many internal risks like operation related risks. Risk can be avoided either by eliminating the source of the risk or by avoiding the particular project itself. When risk’s source or the risky project has been avoided, the business can continue with its operation and thus it ensures business continuity. Risk reduction is reducing the probability of the risk to be occurred or reducing its impacts on the business. As risk identification may be the identification of the probability of a risk, eliminating such probability through effective measures is a best response to it. On contrary, a specific risk’s impacts on a project or operation can be reduced with appropriate techniques. In an oil refining company, leakage is a potential risk and its impacts include huge financial loss. This financial loss can be reduced by collecting back and filtering the leaked oil contents. Once risk has been reduced, the business is safe from the risk and it can thus ensure business continuity. Risk transfer is the final risk management tool that involves payment by ine party to another. There can be an agreement between transferor and transferee by which transferee agrees to assume a risk and the other desires to escape. This is mainly held in between projects in the same company or between two parties, but with harm-less transfers through agreements, incorporation, diversification, hedging and insurance (Trieschmann and Hoyt, 2005, p. 83). Risk transfer helps avoid the potential consequences of the identified risks on the business operation and thus business can ensure business continuity. Relevance of Risk Management If no risk management, many almost all businesses will fail to continue its business. In today’s business environment, all decisions are taken based on financial consequences and returns. Whether the returns on a project justifies taking risk is a significant factor that business managers have to take in to account. More specifically, both managers and investors are to see whether the financial and other benefits on an investment meet their minimum expected returns if the investment is exposed to a risk (Merna and Al-Thani, 2008, p. 9). Risk Management helps a business foresee the risks, identify them, find their impacts on business and take measures to avoid, or reduce or transfer them so as to ensure business continuity. A business with no risk management is ‘Gambling’ Kaye and Graham (2006) argued that risk is sugar and salt of life- “too much or too little of either is unhealthy. And just as a good diet is achieved through a balance between the intake of sugar and salt, risk management is about getting the balance between taking risk and avoiding it” (p. 4). Risk is inherent with all business activities. Attending them positively will help business continue and ignoring them will lead to business failure. Doing business with no risk management is similar to doing a speculative business like gambling as it involves expecting the best of luck. Expecting the unexpected and meeting them, identifying them and treating them are adventurous as far as business is concerned. Taking risk to manage them effectively is the way to business adventure. Conclusion Risk and uncertainties are the major challenges a business most often face. Any managerial and operational strategies like Supply Chain, Customer relationship management, Knowledge management and any of that sort can bring success only if ‘risk’ can be managed well. Any strategy with no ‘risk management’ will ultimately be a failure. This part of the research work has outlined the relevance of risk management to a business and examined how risk management can help a business ensure its business continuity. The process of risk management that leading to business continuity has been well detailed in this part. References Burtles J (2007), Principles and Practice of Business Continuity: Tools and Techniques, Illustrated edition, Rothstein Associates Inc Cooper D.F, Grey S and Raymond G (2005), Project Risk Management guidelines, Managing Risk in Large Projects and Complex Procurements, John Wiley & Sons Ltd Crouhy M, Galai D and Mark R (2006), The essentials of risk management, Illustrated edition, McGraw-Hill Professional Kaye D and Graham J (2006), A Risk Management Approach to Business Continuity: Aligning Business Continuity with Corporate Governance, Illustrated edition, Rothstein Associates Inc Merna T and Al-Thani F (2008) Corporate Risk Management, Second Edition, John Wiley and Sons Trieschmann J.S and Hoyt R.E (2005), Risk Management and insurance, Thomson- Southwestern Read More