Information, Articles, Tools, and Useful LinksCommittee Listing, BusIndNews, Hall of Fame, Discussion ForumEvents and ConferencesMembership InformationPublications, CPE, and Conferences
 
Search
 

Search Options

Printer Friendly View

Corporate Governance Issues? 
AICPA Audit Committee Effectiveness CenterCorporate Audit Committee Toolkit

 

 

Don't Know What to Do?

AICPA Ethics Decision Tree

 

 
FMC Home > Resources > Management Accounting Guidelines > Executive Summary—Business Continuity Management
Executive Summary—Business Continuity Management
Source: Kahan, Stuart. 2005. Disaster Recovery is a Numbers Game. WebCPA, April

Definition and Scope of Business Continuity Management (BCM)

BCM Defined

BCM and Organizational Risk Management

Drivers of Business Continuity

Developing Effective BCM Capabilities

Conclusion

 

The frequency of man-made and natural disasters has increased in recent years. The nature of disasters has also changed: who could have imagined five years ago that civilian passenger airplanes would be used as a weapon of war? More important, the impacts of disasters on companies have greatly increased and intensified thanks to technological advances, progressing globalization and the extension of the supply chain. Companies of all sizes are "connected" to their suppliers and customers to a much greater degree today than ever before. When a disaster occurs, its effects quickly ripple up and down the supply chain.

 

As a result, management teams and corporate boards face much more pressure to make their organizations more resilient when disasters, ranging from simple power outages to Category 4 hurricanes to synchronized suicide bombings, strike. To date, however, the corporate BCM capabilities necessary to establish that resiliency generally have ranged from absent to insufficient. This deficiency has a high cost: a University of Minnesota study finds that 93 percent of companies that lose critical systems for more than 10 days quickly file for bankruptcy; another study finds that 90 percent of organizations that experience a catastrophic loss of data and equipment" without a business continuity plan in place go out of business within 24 months of the loss (Kahan, 2005).

 

The 9/11 Commission's exhaustive investigative research concludes that the Sept. 11, 2001, terrorist attacks revealed failures in imagination, policy, capabilities and management.

 

The purpose of this guideline is to help organizations address and prevent those failures while providing finance and accounting managers with a foundation on which to further develop their BCM thinking, strategy and processes. The purpose of this Management Accounting Guideline is not to fear monger (a tactic practiced by some BCM service providers that should be recognized and disregarded), but to help finance and accounting professionals enable their organizations to make the most effective and cost-efficient investment in the BCM capabilities that best meet the needs of the business.

 

The specific objectives of this guideline are as follows:

 

·         To define business continuity management as a corporate capability and to identify its essential components and processes;

·         To identify the drivers that make BCM a vital corporate and management competency in the 21st Century;

·         To establish and define the roles and responsibilities that corporate managers and boards fulfill in developing effective BCM practices;

·         To present a step-by-step framework for developing and maintaining effective business continuity management processes;

·         To provide an overview of the software applications available to support BCM planning and execution processes;

·         To present examples of sound business continuity management capabilities in practice.

 

While the target audience of the guideline is finance and accounting managers, all senior level executives, functional and operational managers and corporate directors will benefit from its content.

 

DEFINITION AND SCOPE OF BUSINESS CONTINUITY MANAGEMENT (BCM)

 

Establishing and maintaining business continuity management processes begins with three steps:

 

1.      Defining business continuity management;

 

2.      Identifying and defining the key components of a viable BCM framework; and

 

3.      Placing BCM in the context of organizational risk management

 

Back to top

 

BCM Defined

 

This guideline agrees with the BCM definition put forth by the U.K.-based Business Continuity Institute (BCI):"Business Continuity Management (BCM) is a holistic management process that identifies potential impacts that threaten an organization, and provides a framework for building resilience and the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities."

 

This guideline defines stakeholders as employees, customers, suppliers, investors, and the community or communities in which an organization operates. Business continuity planning is the process through which organizations establish the capabilities necessary to protect their assets and continue key business processes after a disaster—an unexpected business interruption caused by natural or man-made events—occurs.

 

Back to top

 

BCM and Organizational Risk Management

 

BCM's rising importance and IT-based history have caused internal debates about who owns the BCM function and how BCM relates to a company's existing risk management efforts. Again, business continuity management is a subset of a larger risk management strategy. The most significant difference between risk management and business continuity Management relates to the output of each process. Risk management strategies (either risk avoidance, risk acceptance, or risk mitigation—through risk reduction, risk sharing or transfer of the risk) are "pre-event" responses to perceived risks. Most BCM strategies and tactics focus on the processes that need to take place after an event or disaster occurs; the objectives of those processes are to restore the business to normal operations as efficiently and effectively as possible.

 

Back to top

 

Drivers of Business Continuity

 

The need for business continuity management capabilities continues to increase due to the following drivers:

 

1.      A rise in the number of natural and man-made business interruptions;

2.      The growing impact of business interruptions on organizations due to rising business interconnectivity;

3.      The essential obligation to protect, preserve and build value;

4.      New regulations and guidelines pertaining to BCM;

5.      The business benefits of effective business continuity management; and

6.      The generally insufficient quality of existing corporate BCM capabilities.

  

Back to top

 

Developing Effective BCM Capabilities

 

There is good news for corporate managers facing the challenge of developing business continuity management capabilities. First, information about disaster recovery, business continuity planning and crisis management processes is readily available. The high cost of ineffective business continuity management has spurred academics, consultants and other experts in the field to share information much more freely than is usually the case in other disciplines. Second, the fundamentals of a sound BCM strategy are relatively simple to grasp. Professional disaster recovery and business continuity managers and consultants frequently make the point that most elements of their work "are not rocket science." The toughest part of a business continuity manager's role is overcoming organizational resistance to fund and participate in business continuity planning activities.

 

Back to top

 

Conclusion

 

Natural disasters and other unexpected business interruptions occur more often and inflict greater damage on companies than they have in the past. Business continuity management enables organizations to reduce the negative impacts of disasters and to return to normal operations sooner. To date, the general state of BCM capabilities among North American companies has been insufficient.

 

The gap between the financial toll of worldwide catastrophes and the amount of that toll covered by insurance in 2004 was about $74 billion. The loss of life attributed to those catastrophes topped 300,000.Those figures seem like a compelling motivator for better business continuity management. But they are not the only drivers. New regulations with specific BCM mandates are also emerging. The epidemic of business continuity plans suffering from dust-inhalation on the shelf is being cured by the growing number of regulations and industry guidelines—along with more requests from external auditors to review the plans. The development of sufficient BCM capabilities requires:

 

·         An understanding of the roles and responsibilities of corporate managers and boards in implementing effective BCM practices;

 

·         Adherence to a framework for developing and maintaining effective business continuity management processes;

 

·         An understanding of the ways in which finance and accounting managers can apply their unique skills and experience to the execution of BCM practices;

 

·         An understanding of the tools that can help automate and support BCM processes; and

 

·         Knowledge of emerging "good practices" among companies with more sophisticated BCM capabilities.

 

Much of that knowledge has arisen from insight into insufficient responses to disasters and business interruptions. Just as the 9/11 Commission "looked backward in order to look forward," so, too, should companies learn from lessons of the past to ensure that they will not suffer through the same mistakes—or absorb similar costs—when future disasters strike.

 

Download Full Text MAG

 

Back to top