CHAPTER 5
RISK AND BUSINESS CONTINUITY MANAGEMENT
Don’t assume people always understand the risks they are taking, particularly in respect of complicated or financial procedures.
Phillippa Williamson, Chief Executive, Serious Fraud Office
It’s hard to pick up a newspaper these days without coming across yet another example of the consequences of poor management of corporate risk. In the past two years alone we have seen previously unsullied corporate reputations damaged beyond repair and household-name businesses we regarded as solid as a rock going to the wall.
It is clear there is not just a lack of preparedness, but also some real failings in the way that UK plc is currently managing organisational risk. This is borne out by recent Chartered Management Institute (CMI) research that shows that fewer than half of UK organisations are proactively practising business continuity management.
Two fundamental problems lie at the heart of this issue. First, organisational motivations for managing risk have become somewhat skewed. Evidence suggests that it is the need to demonstrate good corporate governance that is driving risk management in organisations rather than the desire to sustain good organisational performance and maintain services.
We seem to have got into a mindset where risk management is about compliance and about spotting and fixing problems. Managers haven’t fully woken up to the fact that, applied effectively, it is a key business tool that can actually help organisations ...