We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

5 Steps for Creating an Effective Business Continuity Plan

Vote 0 Votes

At LogicManager, we are firm believers that embracing risk management can result in two boons: ease of mind and success. On a related note, we recently came across an article by Carl Richards in The New York Times titled "For True Freedom, Learn to Deal with Uncertainty."

"Right now, I'm working really hard on both having goals and accepting the reality of uncertainty," Richards says. "In fact, I embrace the uncertainty and say to myself, 'given that goal, and given the uncertainty, what's to be done next?'" He summarizes himself with a diagram scrawled on a napkin. It's quite simple:

Success Cycle.png

Richards' cycle is in some ways the heart of LogicManager's mission, Manage Tomorrow's Surprises Today ®. Nobody likes being surprised when it comes to business, and many surprises are nearly impossible to prevent, so it stands to reason that only by managing those surprises can we achieve a more desirable outcome.

No governance function embraces the concept of managing surprises quite like business continuity planning and disaster recovery (BCP/DR) programs. A BCP/DR strategy is in effect the management of high-velocity risks. What your organization does in the 24 hours after a disruptive scenario can often make or break the business.

For William Bauer, this might literally be the case. Bauer is the managing director of Royce Leather, a company based in New Jersey. During Hurricane Sandy, floodwaters destroyed thousands of dollars' worth of goods, and a "$100,000 server, which held vital customer records, was also destroyed," according to The New York Times. Before the 2012 hurricane, Bauer hadn't drawn up a sufficient BCP/DR program; the resulting chaos cost him his mental wellbeing and financial stability and nearly crippled Royce Leather.

Bauer certainly wasn't alone. The 2015 Travelers Business Risk Index indicates only "21 percent of small businesses have continuity plans," and "as many as 40 to 60 percent of small businesses never recover" from unforeseen catastrophes like natural disasters.

Bauer took this lesson to heart, creating a short but succinct Business Continuity & Disaster Preparedness Strategy in case something similar happens again.

What characterizes a good BCP/DR program, and how can LogicManager help you achieve it? 

So far, our discussion of business continuity plans have been straightforward and abstract: A good business continuity plan "targets the biggest business risks and critical functions that keep revenue flowing." ERM software helps identify those critical functions by providing a standardized criteria to complete a Business Impact Analysis (BIA). A key component of the BIA is understanding what vendors, applications, organizations, and organizational data are utilized by your core business processes. This web of information, called a risk taxonomy, is the backbone of any enterprise-wide approach to risk.

With a robust business continuity plan, companies will generally install improved systems, adopt better data recovery options, and (often) have the added benefit of reduced insurance premiums.

The 5 steps to formulating your business continuity plan 

The general process outlined by The New York Times is very similar to our approach at LogicManager. In order to mitigate risk effectively, it is crucial to first devote a sufficient effort to identifying, assessing, and evaluating predominant areas of interest. This enables a focused expenditure of the resources needed to construct appropriate mitigation activities, or controls. Once underlying root causes are uncovered and matched to the proper mitigation activities, risk monitoring strategies can be implemented to confirm the root causes are being neutralized accordingly.

The five recommended steps are: 

  • 1. Identify/analyze critical functions.
  • 2. Focus on risks with severe or even catastrophic consequences. These risks can be prioritized by setting global risk tolerances and risk appetites so you know which ones fall farthest out of that range.
  • 3. Create specific strategies, also known as mitigation activities, to protect the critical components identified in step 1.
  • 4. Test the plan before it's actually needed.
  • 5. Update, review, and change the plan as needed.

To learn more about the risk assessment process you'll need in order to create a comprehensive business continuity plan, download our free eBook, "5 Steps for Better Risk Assessments," or download our datasheet on LogicManager's Business Continuity Solution.

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives