Enterprise risk management and business continuity management: Together at last

Start adding items to your reading lists:
Sign in
or
Create your account
Save this item to:
This item has been saved to your reading list.

Organizations that integrate enterprise risk management (ERM) into their strategic planning efforts have found that business continuity management (BCM) enhances both their value creation objectives and their protection objectives. The confidence that comes from identifying and appropriately addressing interruption risks enables them to more boldly execute those strategic plans. But to gain that confidence requires the melding of ERM and BCM programs.

Download Enterprise risk management and business continuity management: Together at last

Get started with PwC's preference center

Our insights. Your choices.

Executing a series of well-coordinated ERM and BCM integration activities makes it possible to realize the full value of optimized business continuity management

Leading-practice integration examples include:

  1. Consider ERM and BCM program integration
  2. Involve BCM management in the ERM risk assessment process
  3. Involve ERM management in BCM interruption risk assessment planning and analysis
  4. Perform a BCM business impact analysis (BIA) that is informed by the ERM program’s impact categories, weighting, and thresholds
  5. Develop ERM-informed risk resiliency improvement recommendations
  6. Enhance risk scenario analysis
  7. Conduct BCM capability examination and post-incident analysis
  8. Link BCM and ERM program effectiveness reporting
  9. Leverage governance, risk management, and compliance (GRC) technology

 

ERM lifecycle and BCM lifecycle synergies

Program governance

  • ERM and BCM program governance is tightly coupled, sharing many of the same stakeholders 
  • The ERM and BCM program owner can be the same individual, yet supported by separate administrative teams 
  • The ERM and BCM programs report to the same risk committee and/or board of directors 

View more

Risk assessment/business impact analysis (BIA)

  • ERM and BCM risk assessment scopes align for areas related to operational interruption risks 
  • ERM risk impact categories and their thresholds are used to standardize the way BCM BIA participants describe operational interruption impacts 
  • Management’s risk appetite and tolerance decisions are informed by BIA results 

View more

Risk treatments/strategies

  • Deciding whether and how to respond to interruption risks is based on management’s risk tolerance and risk appetite 
  • Resiliency improvements are made to areas that leadership identifies as critical to achieving operational and strategic goals

View more

Risk plans/business continuity plans

  • Approved strategies for responding to interruption risk are documented in actionable business continuity plans

View more

Program effectiveness monitoring and reporting

  • Responses to actual interruption events and the results of business continuity and crisis management exercises are formally evaluated against risk reduction objectives 
  • The BCM program’s effectiveness analysis provides a feedback loop to the overall ERM program, thereby providing comfort that resiliency and recoverability efforts reduce interruption risk impact

View more

Explore further

Compliance & Risk Management Solutions Our perspectives Controls Testing & Monitoring Risk and Regulatory Internal Audit Solutions

Stay up to date

Subscribe to risk and regulatory insights

Related content

State of Compliance Study: PwC

2019 State of Compliance Study

Compliance and ethics programmes that are digitally enabled and data-driven bring a clearer line of sight into evolving regulations so leaders can anticipate...

Start adding items to your reading lists:
Sign in
or
Create your account
Save this item to:
This item has been saved to your reading list.

Contact us

Mike Maali

Mike Maali

Partner, Risk and Regulatory, PwC US

Linkedin Follow Email
Steve Zawoyski

Steve Zawoyski

Enterprise Risk Management Solutions Leader, PwC US

Linkedin Follow Email
Follow us
Audit and assurance Consulting Tax services Newsroom Alumni US offices Contact us

© 2017 - 2021 PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.