The Right Mix of ERM and BCM – the Success Concoction

Many global companies are not adequately prepared to counter incidents that threaten their business’s continuity. Loss of crucial data, systems and processes in a security violation could send businesses tumbling down.

Business Continuity Management or BCM is a holistic management practice that identifies impending impacts, which intimidate an organization, and offers a framework for building flexibility. The process enables an efficient response which can uphold the brand reputation and interests of its key stakeholders, thereby creating value.

BCM programs characteristically do a superior job measuring business criticality to analyse and determine recovery priorities. However, the challenge for an organization lies in integrating the business with IT properly in this analysis. The BCM program should effectively coordinate with the organization’s Enterprise Risk Management (ERM) program, approach and results.

So how and where does ERM converge with BCM?


Enterprise Risk Management or ERM has been a reputable function within businesses for quite some time, and is well embedded in many organizations, while Business Continuity Management is relatively new. Since protecting the continuity of a business process also has a component of risk management to it, BCM is often construed to be a part of ERM. Although the two are essentially separate, there are many facets of business processes that address the risk of conducting business. Additionally, there are aspects that counter risks to enable the continuity of business functions. The point of convergence – managing risks is critical to protect the continuity of the business.

A strategy, which enables a business to recover from downtime or prevent a disaster swiftly enough, is crucial for business continuity. While ERM identifies and treats risks in the organization, BCM assists the organization to develop flexible and inclusive solutions that cater to the availability of their information systems, essential data and core business processes in case of a catastrophe.

The primary focus of BCM is deterrence and response to unsettling occurrences. Risk management helps measure the probability of particular risks, but it also determines the vulnerability of critical business assets like facilities, human resources, technology, processes, etc. This in turn helps a BCM program create objectives that address specific risks.

Regardless of whether risk management is appropriate for C-level staff or it resides only within a particular department, it acts as important decision-support system. BCM should be an essential part of successful risk management. Business-continuity planning and disaster recovery are ‘life jackets’ that help an organization endure potential risks, which it cannot otherwise mitigate.


There are several variables that can potentially impact the execution of a risk management program. Some companies argue that it does not matter where BCM and ERM are positioned within a business; what is rather important is that they are effectively engaged within the business. However, some disagree. Poor positioning within an organization can significantly affect the success of the business. The Board of Directors should bring the Internal Audit and ERM groups together to create processes and monitor them effectively. Support from the senior leadership of a company, coupled with optimal integration of BCM and ERM, is a sure shot concoction that spells magic for business.

Leave a Reply

Your email address will not be published. Required fields are marked *