|
 In a statement published on the website of the Business Continuity Institute’s Australian Forum, the BCI’s technical director, Lyndon Bird, has commented on the new business continuity standard, AS/NZS 5050. This was released in June by Standards Australia and Standards New Zealand.
Mr. Bird said that AS/NZS 5050 “does not follow what has become a generally accepted international view of business continuity management; a holistic management discipline that looks at an organisation’s products and services strategically to determine the most impact that would result from interruptions across different time horizons.”
AS/NZS 5050 aims to relate business continuity to the ISO 31000:2009, ‘Risk management – principles and guidelines’ framework and it makes risk assessment and management its central pillars. However, Mr. Bird sees this as a fundamental mistake.
“In recent years, business continuity has moved rapidly from operational response to providing strategic insight and evaluating tactical options, says Mr. Bird. “As such it should not be seen as a risk mitigation measure but an end-to-end business protection process in itself.”
“The BCM life-cycle and its compatibility with the management systems PDCA model seems a better approach than that a return to the now
discredited threats / hazards models traditionally promoted by risk managers.”
According to Mr. Bird, the BCI does not believe that AS/NZS 5050 will have much influence on the wider business continuity profession.
“The BCI expect the Standard to have little international impact within the practitioner community, because the underlying principles are not in line with progressive BCM thinking,” says Mr. Bird.
Read the statement in full.
Make a comment
In response to Peter Power regarding the article “AS/NZS 5050 standard ‘not in line with progressive BCM thinking’” (See below):
While convergence sounds like a fair and reasonable conclusion by maturing or evolving thought leadership we should be clear on what that actually means and what the risks are. I don’t have a problem with role convergence i.e. 5 to 10 years from now the Risk Manager and the BC Manager are the same person. However, I hope that this person has two hats (figuratively) - possibly more if other disciplines have also been converged eg information security management. When undertaking RM activities the RM hat should be worn reinforcing the philosophies and disciplines of RM. When undertaking BC activities then the BCM hat should be worn reinforcing the philosophies and disciplines of BCM. This should also hold true if the RM activity is within a BCM initiative and vice versa.
The problem with AS/NZ 5050 is that it is not a BCM standard since it doesn’t present the philosophies required to respond and recover from ANY threat (to use a risk term) or Black Swan ref http://en.wikipedia.org/wiki/Black_swan_theory .
Under AS/NZ 5050, you need to generate a comprehensive list of risks and those that were not (or cannot) be identified are not “included in further analysis” – so you will be exposed to Black Swans. Of those that are considered, an assessment of likelihood is required followed by the development of a small number of representative scenarios from which risk treatment options can be considered. Likelihood is by definition a risky metric – just because you accept the likelihood as being low doesn’t mean that you’re safe from that risk manifesting. Scenario consideration relies partly on the individual’s experience and partly on their imagination – again a risky basis for planning against any disruption. I can’t imagine a CEO or Minister standing in front of their stakeholders and apologising because “in all our planning and considerations we didn’t think that could happen - sorry.”
Even at a fundamental level, I find it most disappointing that the standard for business continuity management doesn’t present a definition of business continuity management. This is reflective of the direction that the authors are heading and it’s not in pursuit of convergence: rather conversion.
Saul Midler, MBCI
Managing director, Linus Information Security Solutions
It is seldom a bad thing to have a debate on matters of global interest such as BC/risk management, on the basis that discussion should be an exchange of knowledge. Put this way what has been mentioned could be is a sign of health within the global BC community, rather than a schism. At least that is the way I prefer to see it. Better still, if we did all move collectively towards a more visionary attitude where synergy replaces silos there will, in theory, be no requirement for entrenched behaviour.
Earlier this year I attempted to challenge obdurate attitudes when I wrote an article on this site (Risk and continuity: convergence is in the air) that sought to at least dismantle unreasonable defences by suggesting “At the risk of being branded a heretic we need to look at risk management and business continuity in the future through the other end of the telescope.
This means focusing much more on the concept of risk rather than as seen solely by the Institutes of Risk or BC. Excellent though both organisations are (I have been a Fellow of each for many years) I suggest we undervalue the benefits of risk and so ensure real opportunities will forever elude us….we should stop using the language of silos that define rather than synergise”
Focusing on enterprise risk management (ERM) has always seemed the best approach to me and anyone who has read the recent 2010 report by Marsh ‘EMEA business continuity benchmark report’ will spot on the first page that “The main discovery in this year’s result is around the integrated nature of risk, with BCM now as a component part of an ERM programme. This integration allows firms to leverage the synergies of combined risk management and BCM information when analysing their risks”. Precisely. I could not agree more and I sense many readers feel likewise?
So where does this leave us? I much prefer to focus on the comment by the BCI that “the Australia/New Zealand Standard AS/NZS 5050 adds to the debate and makes an interesting contribution to the ongoing question of how business continuity”, rather than “the underlying principles are not in line with progressive BCM thinking”
Michael Crichton (1942 - 2008) Caltech Michelin Lecture, January 17, 2003) stated that “Historically, the claim of consensus…..is a way to avoid debate by claiming that the matter is already settled”. An opinion worth considering here perhaps, so let me conclude my comment by repeating (see previous article) my own view that the leaders of tomorrow’s most successful companies will not so much be risk takers. They will be risk shapers. But as long as business continuity remains disconnected from helping to shape those risks it will never take its part in tomorrow’s opportunities, so let’s start by pulling up the barbed wire now”.
Peter Power FIRM FBCI
•Date: 25th August 2010 • Region: Aus/NZ •Type: Article •Topic: BC general
Rate this article or make a comment - click here
UPDATED 6th OCTOBER 2010
|
