What is the best method to conduct a Risk Assessment from a Business Continuity Management perspective?
I would use the same method as the rest of the organization. The difference is that the area you are focusing on will be specific to that Product or Service.
Here is some feedback on the above question from BCP Builder Community on LinkedIn:
- My organization takes an ‘all hazards’ approach to Business Continuity Management. This negates the need for a risk and threat assessment as part of the Business Continuity Management program. Instead I consult my Risk colleagues who are part of the Risk and Resilience team. They help me to identify what issues may be on the risk register for particular business areas. This is part of my preparation to conduct the Business Impact Analysis with that team.
- Risk Management is a major part of Business Continuity Management. Therefore, the principles for Risk Assessments shouldn’t differ from those (hopefully) stated in the Risk Management guidelines. However, in order to assure full Business Continuity Management maturity it’s important not just to analyse your own organization, but also to have your supply chain doing so. Currently, I am developing a risk-based approach to have our supply chain provide us with the relevant information via a specific system frequency, to analyse risks.
- Furthermore, we created a Microsoft Excel based tool for executing on-site audits. These audits look at Business Continuity Management, Information Security and Solvency/Governance whenever our “early warning indicator” identifies material risks. The procedure, structure and evaluation of our “security audit structure” remains basically the same. It’s just the content which needs to be changed.
- Business Continuity and Risk Management are partners.
If you want to increase your Organizational Resilience, start with preparing a Business Continuity Plan and check out BCP Builder’s Business Continuity Planning Templates.