Magazine article Risk Management

How to Justify Business Continuity Management

Magazine article Risk Management

How to Justify Business Continuity Management

Article excerpt

For the most part, available business continuity management (BCM) literature preaches to a choir of practitioners who are skilled at execution but unable to obtain the requisite organizational support to achieve their planning objectives.

They know well the importance of BCM, as do many of their executives. Still, while companies routinely incur expenses for other functions that do not turn a profit directly, BCM is forced to jump through budgetary hoops in order to justify its worth. What the risk professional needs is a model to evaluate BCM and convince budgeting executives to invest a fair share of financial resources to support this essential department.

The Equivalency Table

For BCM to be truly effective, organizations need a central department or initiative that has both executive-level support and adequate resources. But in many cases, BCM efforts do not get what they need because they are considered discretionary projects that do not contribute directly to the organization's profitability. Yet, at the same time, other discretionary initiatives routinely get the kind of support and visibility that BCM is denied. These include:

Budgeting or financial planning and analysis. Can the organization do without its dozen or so people in the corporate headquarters who crunch numbers for budgets? What is the direct impact on earnings of these employees?

Internal audit. In some areas, there are ethical and legal requirements for this, but what do internal audits earn relative to the personnel, whether internal or outsourced, and other resources dedicated to them?

Non-job based training and morale-building exercises. This includes organizational development training, performance evaluations, motivational training and other efforts that do not create a one-for-one return on investment.

Other consulting services. These typically require a high level of approval, have a nebulous return on investment, and are one of the first to go when funds get tight. They might include retaining the services of engineering firms, human resource strategists and risk management firms.

In each company departments have powerful arguments for their level of support. Their inability to demonstrate direct profits does not discount their function. In terms of enterprise risk, however, BCM deserves the opportunity of a logical comparison to these other departments against which it routinely competes for resources. By doing so, BCM can prove its rightful place alongside other wellsupported departments. To best achieve this, BCM must be analyzed against budget management, internal audit, external audit, non-job training and other consulting using the equivalency table above. The comparison breaks down into five main criteria:

Annual cost of function. This is the overhead for the department, including salaries, real estate and benefits allocations, and office services.

Percentage of earnings. What percentage of the organization's profits before interest and taxes does the department's annual cost comprise? This is likely to be a small percentage, but it provides a valuable reference point when compared to other departments, BCM in particular. Some firms may use earnings per share to gauge the department's expense.

Full-time equivalent employees. How many staff members does the department have? This may consist of many low-paid employees, a few high-paid employees or a mixture of the two.

The cost of upside or downside risk. Upside risk is the further benefit or gain to the organization from an investment. A good example of this might be investing in high-tech hardware to increase productivity and boost profits in the long run. Downside risk is the loss incurred if a function is not properly supported.

Upside and downside risk ultimately comes to one question: are you willing to invest to gain or invest to save? -Overall risk score. How one answers the question of upside versus downside risk has much to do with a simple calculation-Overall Risk Score = severity x management system x probability of loss. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.