AS/NZS5050, with its title of “Business continuity – Managing disruption-related risk”, caused a few ripples when it was published in 2010. With its focus on risk management, it recommends that disruption should be stabilised as soon as possible, with resumption of mission-critical operations and a speedy return to normal functioning. It also recommends that a standard part of an organisation’s risk management plan should be to reduce the size and the occurrence of risks with the potential to cause disruption. So far so good, but what about unidentifiable risk?
Unidentifiable risk or the “black swan” is what irked some readers of standard. An interpretation of the risk management defined by AS/NZS5050 is that is applies only to risks that can be identified, and that any other risk is excluded from the analysis. If this is true, then as a result, any random and unexpected event that could capsize an enterprise is not part of the risk modelling. If such an event occurs, the enterprise is unprepared and vulnerable.
On the other hand, AS/NZS5050 embodies a feeling among certain observers that success in business will be a matter of shaping one’s environment, rather than submitting to it –being a risk shaper rather than (just) a risk taker. Making this part of a standard written as an example to be followed also adds weight to the notion that risk-shaping is not a one-time action, but a continuing exercise.
In all, while it may be good to have a standard that meets with unanimous approval (notwithstanding the dangers of groupthink), having one that sparks off a constructive discussion can also be valuable – more so than a standard that is met with general indifference.