15 February 2017
In its first column FSM, the International Institute of Risk and Safety Management (IIRSM) explains how systematic risk management safeguards business resilience
WE ALL live with uncertain futures and we can’t freeze in time, stay still and do nothing – we all have things we want to achieve, opportunities we want to exploit and changes we want to make.
Public bodies want to provide services, businesses want to serve their customers and owners, charities want to deliver change for their stakeholders and as individuals we have aspirations for ourselves and those close to us.
But we can never be completely sure how things will turn out. Risks in the real world and risks arising from our own actions may stop us achieving our goals. Sometimes these risks will lead to direct monetary loss, but they can also lead to illness and injury, damage to the environment and property, business failure, loss of employment or waste of human potential.
Today, there exists a body of knowledge about risk and a variety of skills, tools and techniques that can be applied to improve outcomes, regardless of the industry or sector, in a similar way to other professional disciplines such as accounting or human resource management.
It provides a means for organisations to handle uncertainty, including new problems arising from changing circumstances. While it acknowledges that nothing in life is certain, the practice of systematic risk management should improve business resilience, increase predictability and contribute to improved returns and outcomes. Risk management is therefore about both helping an organisation achieve its objectives, as well as protecting its reputation and core business activities.
IIRSM believes that practical educational approaches to managing risk for all, and not purely for risk professionals and specialists, ensures that more people have the knowledge and competence to help their organisations avoid harm and maximise opportunities.
Business continuity management (BCM) provides the tools for organisations to recover from major disruption from fires, flu pandemics, extreme weather, terrorism, cyber attacks or other risks.
It is a holistic management process that identifies potential risks to a business and the impacts they may have in the event of major disruption to normal operation of the organisation. While risk management is concerned with risks facing the organisation, BCM is concerned with continuity of operations across the organisation. BCM takes account of future plans and strategies, whereas risk management is concerned with threats to those plans and strategies.