A Risk Management Approach to Business Continuity: Aligning Business Continuity with Corporate Governance [Paperback]

Julia Graham (Author), David Kaye (Author), Philip Jan Rothstein (Editor)

Book Description

ISBN-10: 1931332363 | ISBN-13: 978-1931332361 | Publication Date: April 1, 2006

First Practical Guide to Integrating Risk Management,
Business Continuity Management and Corporate Governance

From Two World-Renowned BCM Pioneers Who Have Served on the British Standards Institution (BSI) Team Creating a British and International Standard for Risk Management

The U.S. Department of Homeland Security (DHS) is currently developing disaster preparedness standards for businesses. DHS is incorporating language from the British Standards Institution (BSI) because it "provides a management systems approach to business continuity and integrates risk management disciplines and processes."

The two authors of this now classic text in the field have been directly involved in developing those BSI standards. Here they bring you a distillation of their worldwide experience in pioneering the integration of the disciplines of risk management and business continuity.

This practical guide is endorsed by:
* * * The Business Continuity Institute
* * * The Institute for Risk Management
* * * Disaster Recovery Institute International

It includes numerous helpful features:

* * * Chapter objectives, summaries and bibliographies; charts, sample forms, checklists throughout

* * * Plentiful case studies, in boxed text, drawn from enterprises around the globe, including the UK, US, Europe, Australia, Asia, etc.

* * * Boxed inserts summarizing key concepts

* * * Glossy of 150 risk management and business continuity terms

* * * Timely topics, including stakeholder management, supplier management, outsourcing, the people factor, technology recovery, and communication, both internally and externally.

* * * Wide range of challenges, including supply chain disruptions, media and brand attack, product contamination and product recall, bomb threats, chemical and biological threats, etc.

* * * Instructions for designing/executing team exercises with role playing to rehearse scenarios

* * * Guidance on how to develop a business continuity plan, including a Business Impact Analysis

* * * Ideal for senior undergraduate, MBA, certificate, corporate training programs; in use at 50+ campuses worldwide

* * * Instructor Materials on CD, including PowerPoint slides and syllabus for 12-week course with lecture outlines/notes, quizzes, reading assignments, discussion topics, projects

* * * Authors with extensive international experience in all aspects of risk management and business continuity, having worked with organizations in a combined total of 50 countries

The authors' message is that risk management has become a strategic tool in managing all risk across an organization, and that BCM forms one more important tool in a much wider and coordinated risk management program. They are now complementary disciplines that must be understood and supported by your organization as a whole, including CEO's, directors, non- executive directors, risk managers, continuity managers, internal and external auditors, investment managers, compliance managers, finance directors, human resource managers, project managers, regulators, corporate trainers and other stakeholders.

After discussing the relationship between risk management and BCM, the authors take the reader through the business continuity management cycle: how to understand the organization and its culture; continuity strategies; how to develop and implement a business continuity response, including developing a Business Impact Analysis; building and embedding a business continuity culture; testing/exercising a plan, along with benchmarking, maintenance and audit.

Editorial Reviews

Review

Reviews 1

Business continuity is a vital area of modern risk and resilience management for any organisation. This book provides an ideal introduction to the subject for both the practitioner and for leaders and managers in general. It is also the core text for the Institute of Risk Management's (IRM) own business continuity qualification.
-- Steve Fowler, Chief Executive Officer, The Institute of Risk Management

This book... provides clear guidance, supported with a wide range of memorable and highly relevant case studies for any risk manager or business continuity manager to successfully meet the challenges of today and the future.
-- Steven Mellish, Chairman, The Business Continuity Institute

At last, a book that integrates Business Continuity and Risk Management.
-- Lorraine Lane, Chief Executive Officer, Survive - The Business Continuity Group

Business Continuity Management is coming of age to respond to the new needs of its own stakeholder, the organization for which it carries the responsibility. It is indivisible from risk management and is an increasingly important tool of risk management. The Continuity Industry leaders are now looking well beyond technology and other infrastructure replacement, and see a crucial value for themselves at the very top of level of their organization's strategy setting. They set out to understand the importance of these dependencies, measure the risk and impact in its very widest sense, and then ensure resilience and an ability to respond and recover to a level that the whole range of stakeholders are entitled to expect.

This book is a must read for those senior managers, risk managers and continuity managers who have the vision to see both the new opportunities and the new responsibilities of business continuity management.
-- George J. Mitchell, Chairman, DLA Piper Rudnick Gray Cary
Former Senate Majority Leader and U.S. Senator for Maine

Organizations of all types are placing greater emphasis than ever before on planning to ensure business continuity. At the same time, the need for knowledgeable professionals to create and maintain these plans is growing, as is the need for good textbooks to guide them. A Risk Management Approach to Business Continuity: Aligning Business Continuity with Corporate Governance is a helpful start.

Authors Julia Graham and David Kaye and editor Philip Jan Rothstein are all seasoned specialists and the text is a solid guide to the basic components of creating business continuity plans of all types.

Among the book's strengths is its demonstration that planning about business continuity is starting to evolve from its roots in IT backup, and that risk management no longer means simply buying an insurance policy. There is also an emphasis on the importance of involving senior organizational leadership in the planning and the need to identify all stakeholders at some point in the process.

Helpfully, there are a number of useful suggestions for doing this. Some sections provide considerable information, and there are a number of useful outlines. One provides suggested section headers for a continuity plan.

This book is a very good beginner's reference guide for any manager new to the business continuity game. Experienced planners will find it a helpful refresher.
-- Security Management Magazine

--Reviews 1

Reviews 2

The topic of Business Continuity Management is growing dramatically in importance to corporate executives, as the nature and seriousness of the threats to the business sector continue to be revealed. This book is both a clear and insightful presentation of the concepts of Business Continuity Management that should become a part of every executive's bookshelf.
-- John Copenhaver, Chairman, The Disaster Recovery Institute International

One of today's priorities for any business organization - whatever its size, sector or location - is that it continues successfully. Yet there is an increasing array of potential threats - both internal and external - to staying in business, ranging from IT failure and human resource issues to terrorism and climate change. Meanwhile, a growing number of interested stakeholders exist with an enhanced awareness of business management and performance.

Therefore Business Continuity Management (BCM) is attracting greater recognition as a vital tool that should be understood by the organisation as a whole. Protection of brand value, loss of reputation, product liability, existing and upcoming regulation and legislation, corporate governance and professional indemnity, are examples of commercial survival issues covered by BCM and addressed in this excellent book. Filled with case studies and illustrations, the authors provide a comprehensive approach that:

* * * sets the scene for BCM;
* * * demonstrates its value;
* * * assesses risks and opportunities;
* * * examines practical tools as part of risk management and corporate governance; and,
* * * gives clear direction that moves the reader on from theory to practice.

This is a thorough work that is a must for all organisations. A Risk Management Approach to Business Continuity enables the reader to grasp the key issues in an accessible manner. It uniquely integrates the concerns of risk management and corporate governance in a practical manner that develops the interest of the reader so that it can - and should - attract the attention of the management of the organisation as a whole.
-- Women in Law Newsletter
--Reviews 2

"Clear guidance, with wide range of memorable, highly relevant case studies for any risk manager or business continuity manager.” --Steven Mellish, Chairman, The Business Continuity Institute

From the Inside Flap

"The escalating pace of change, a rising tide of technological innovation, almost instantaneous transmission of breaking news and the globalization of crime and terrorism, all combine to provide a heady cocktail of challenge for today's organization. "Clear to all business watchers are the dramatic ways that businesses have responded to these challenges and reorganized themselves, as they have taken up the opportunities available. These include new uses for technology, faster and direct to customer communications, increasingly open foreign market opportunities, outsourcing and offshoring, harnessing the power of the brand, sophisticated supply chain management, just-in-time delivery cycles, the ability to mine huge databases in milliseconds, and new relationships with the workforce. "These elements of the modern business may offer great flexibility and a magnificent ability to relate precisely to the needs of individual customers and other stakeholders. They have, however, also given rise to critical dependencies and single points of potential catastrophic risk and failure. Organizations can upsize and respond to new selling opportunities very quickly indeed. If an organization is fighting though a crisis, its competitors will most likely be well positioned to seize any opportunities created by the distraction and diversion of attention that recovery can demand. Interestingly therefore, the risk of sudden destruction of today's modern organization, however huge, diverse, financially strong and multinational, is more likely than businesses using the models seen in the 1990s and before. "The most critical failure points are not financial. Company boards have long established financial risk measuring mechanisms but the response to these new exposures and the growing influence of regulators are driving boards increasingly to consider non-financial risk. This is tougher to quantify, harder to grasp and consequently can give rise to boards feeling less comfortable and in control and consequently, less confident. "Business Continuity Management is coming of age to respond to the new needs of its own stakeholder, the organization for which it carries the responsibility. It is indivisible from risk management and is an increasingly important tool of risk management. The Continuity Industry leaders are now looking well beyond technology and other infrastructure replacement, and see a crucial value for themselves at the very top of level of their organization's strategy setting. They set out to understand the importance of these dependencies, measure the risk and impact in its very widest sense, and then ensure resilience and an ability to respond and recover to a level that the whole range of stakeholders are entitled to expect. "This book is a must read for those senior managers, risk managers and continuity managers who have the vision to see both the new opportunities and the new responsibilities of business continuity management." George J. Mitchell, Chairman DLA Piper Rudnick Gray Cary Former Senate Majority Leader and U.S. Senator for Maine Senator Mitchell successfully chaired the peace negotiations in Northern Ireland.

See all Editorial Reviews

Product Details

• Paperback: 390 pages
• Publisher: Rothstein Associates Inc. (April 1, 2006)
• Language: English
• ISBN-10: 1931332363
• ISBN-13: 978-1931332361
• Product Dimensions: 10.6 x 8.3 x 1 inches
• Shipping Weight: 2.8 pounds (View shipping rates and policies)
• Average Customer Review: 5.0 out of 5 stars  See all reviews (2 customer reviews)
• Amazon Best Sellers Rank: #574,909 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

2 of 2 people found the following review helpful:

5.0 out of 5 stars A great book to understand the BCM in light of Risk Management, March 9, 2008

By 

Konstantin Smirnov (Moscow, Russia) - See all my reviews
(REAL NAME)   

This review is from: A Risk Management Approach to Business Continuity: Aligning Business Continuity with Corporate Governance (Paperback)

I have chosen this book from the list of Business Continuity Institute recommended literature. I cannot say it was a well-informed choice. However I did not regret it even a single bit. One thing that instantly attracted me was the link between Business Continuity and Risk Management in its heading.
The book was true to its heading.
Pros:
- The book is very well-structured
- The book is comprehensive (and beware... 400-pages long!)
- The book is full of real-world examples, case studies, and templates
- It is not only useful for those on BC side, but to th elesser mortals on IT service continuity side (like me)
- There is comprehensive glossary at the end
Cons:
- The language is at times somewhat difficult to read (bear in mind, I am non-native speaker)
- Few "broken links" and minor inconsistencies - i.e. chapter A references chapter B, while it should be C
- The book might have a bit more illustrations
- No headings (except chapters) numbering
Despite its minor "bugs", the book is worth every penny spent to buy and every minute spent reading it. My suggestion - while reading this book, have a pencil and stick-on bookmarks ready. You will be coming back to it!
I refer to this book in my day-to-day work, and find it becoming my good friend in guiding me through the maze of Business Continuity best practices. Many thanks to Julia Graham and David Kaye.

4 of 6 people found the following review helpful:

5.0 out of 5 stars from the author, May 30, 2006

By 

David Kaye (United KIngdom) - See all my reviews
(REAL NAME)   

This review is from: A Risk Management Approach to Business Continuity: Aligning Business Continuity with Corporate Governance (Paperback)

The circumstances that lead Julia and I to write this book are interesting and help to explain what it is, and why it is quite different from other books. The Institute of Risk Management, who are the International Institute for vocational risk management education, asked me to be their lead examiner on business continuity. The first task was to set out to find a textbook that takes the organisation wide and holistic risk view on business resilience. I needed to find one that had the vision to see that business continuity as something that includes, but is now so very much more than, the fast replacement of technology and workstations.

I do believe that this is so important, not least because the science of business continuity must keep pace with change amongst our own `stakeholders', i.e. the organisations that employ us and also their own stakeholders. If we do not evolve and take our rightful place in the strategic thinking of the organisation, we will increasingly be sidelined from the crucial and the real resilience debates; and others will be asked to manage stakeholder expectations.

The modern day organisational structure has so many more single points of risk that potentially offer complete destruction than the business models of the 1990s. The supply and the delivery chains are outsourced, the intellectual assets are much more critical and diverse and are, even in themselves, outsourced. The workforce is managed by third parties, and the double-barrelled risks of brand and speed are the real dependencies at the heart of the modern-day organisational promise. It is no coincidence that the board, the risk manager, investor, regulator, auditor, as well as the business continuity manager, increasingly sees resilience an ever more important concern amongst their worry beads.

In spite of asking many friends and fellow professionals to search out a book for me that captures that wide-business resilience , and thus bring together as a team the various managers concerned with risk, we failed to find even one.

The upshot was that Julia and I set out to write one. This was not only to provide the Institute with their needed textbook but because we feel strongly that the business continuity industry does need to move on into the 21st century. We hope that the book will encourage that process and encourage co-operation between erstwhile silos of risk management that, in isolation can be so dangerous to today's organisations.

We have written the book therefore with a view, not only to aid students to develop their understanding, but also as a good read for everybody who has a responsibility to ensure that their function, public service or profit making, can continue to deliver on its promises.
David Kaye
FCII FRSA FBCI MIRM