Is the term “business continuity” appropriate? It applies to a wider sector than the “business” part of the name suggests. As well as profit-driven, private sector enterprises, many public sector organisations also have BCM in place. Still, the public sector can be just as “business-like” in pursuing its goals as the private one. On the other hand, whether private or public, there are some areas of organisational activity that BC does not cover – even though it would be natural to assume organisations would try to continue to operate no matter what happens.
What’s missing? Comparing business continuity and a classic SWOT (strengths, weaknesses, opportunities and threats) analysis can show up gaps. According to the type of organisation and the type of operating environment, SWOT may for example emphasise legislation, compliance or health and safety. BC also takes these factors into account. Whether it’s a strength that fails, a weakness that becomes critical, etc., under BC a plan will exist to ensure continuity. However, other SWOT factors such financial weaknesses or threats do not always feature in BC planning.
Now, SWOT leads to the definition of organisational strategy, which connects with the definition and management of risk within Enterprise Risk Management (ERM). ERM is concerned with preventive measures to mitigate risks to an organisation; for this, it defines a number of categories of risk. Business continuity management is there to provide a solution for the business to keep running, if risks turn into disasters. Comparing BCM with ERM makes it clearer as to what BCM is covering or leaving out. Category by category, BCM either maps exactly onto ERM or is absent (notable absences are often for company strategy and financial risks). A simple step to help BC to “live up to its name”? Systematically put in place a BC solution for every risk requiring treatment that is identified by ERM.