You have been asked to present information to your company’s board of directors regarding each of the following items: business continuity plan (BCP),disaster recovery plan (DRP),business impact analysis (BIA), andoperational risk management strategy (ORM).
Create a written report consisting of at least three pages in which you describe the purposes and benefits of each one, the challenges involved in creating each one, and how each one fits into a risk management strategy. Also, assemble and present a policy for planning and performing each of the processes above.
Risk management is increasingly becoming one of the important issues in business management considering that each business decision has a level of risk associated with it. All businesses and organizations need to take risks for them to grow and develop. Risk management largely focuses on understanding, analyzing, and handling risks to ensure that companies and entities attain their organizational objectives and goals. Therefore, risk management processes must be proportionate to the complexity and the nature of the enterprise involved (Bowman, 2008). The risk management teams have the duty and responsibility of identifying, evaluating, prioritizing and treating risks. Some of the widely used terminology in organizational risk management process includes Business Continuity Plan (BCP), Disaster Recovery Plan (DRP), and Business Impact Analysis (BIA) and Operational Risk Management Strategy (ORM). This assignment will focus on identifying and describing the purposes and challenges of these terms used in risk management.
Business Continuity Plan (BCP)
It is the dream of every investor to make sure that they remain in the business for as long as possible. However, for this dream to come true, investors and companies must create a strategy and plans by recognizing threats and risks that might face the company to make sure that the company employees and assets are fully protected against these risks. A carefully planned business continuity plan (BCP) helps investors to cope with crises and risks, thus minimizing disruption to the business and its customers. Such a strategy proves to business stakeholders such as customers, insurers, and investors that organization is firm and strong enough to withstand crisis and risks, thus giving it a competitive edge over their customers (Bowman, 2008). Apart from minimizing disruptions, business continuity plan (BCP) helps to minimize financial losses by retaining company brand image and give employees, customers and suppliers’ confidence in the company’s services and products. Additionally, the plan enables the recovery of critical systems within an agreed timeframe as well as meeting legal and statutory obligations of the company. Some of the common challenges associated with business continuity plan (BCP) include program drivers and scoping. Most of the business continuity plans (BCP) do not define the reasons why most organizations actively engage in preparation for disruptive events and risks.
Disaster Recovery Plan (DRP)
Business is faced with the risk of loss from every corner as it strives to meet the needs and wants of the customer. One of the notable risks associated with the business is the loss of information technology infrastructure such as a data warehouse. However, to minimize the adverse impacts of such losses, companies design and implement a Disaster Recovery Plan (DRP). DRP is a procedure to protect a business IT structures in the event of an accident. It can also be described as an inclusive statement of persistent activities to be taken before, during and after a tragedy. A disaster recovery plan (DRP) can bring significant advantages to business. Some of the notable advantages of the plan include asset and inventory management through the documentation which includes understanding equipment inventory (CTC & Associates & California, 2009). DRP is important in identifying which equipment the company has, which are in excess but may come in accessible and which are entirely worthless. Another important advantage of this plan is network management by helping employees and staff members of a company to understand the way a network function thus allowing quick recovery. One of the major challenges of implementing this plan is designing an inadequate or wrong plan. Most risk managers believe that a disaster recovery plan can be wrong, especially in instances when it is too simple to cover and protect the business or too complicated for the employees to understand.
Business Impact Analysis (BIA)
Despite the designing and implementation of risk management plans, businesses and organizations have to prepare to treat and neutralize the adverse effects of business risks through business impact analysis. BIA is a systematic process through which the potential effects of an interruption to core business operations are determined and evaluated as a result of an accident. BIA is part and parcel of a business continuance plan. BIA helps to discover a method and technique to keep the going concern of business even after enduring high volatile crises. Therefore, the analysis is meant to ensure that the operations of the business do not cease. Notably, depending on the type and the severity of the accident that occurs, the operations of the business may not even need to be interrupted (Lincke, 2015). One of the major challenges in designing a BIA is the fact that it emphasizes on the effects of interrupted operations rather than the business functions. Therefore, it becomes easy for employees to ignore the normal operations of the business to concentrate on the interrupted operations.
Operational Risk Management Strategy (ORM)
Operational risks result from inadequate or failed systems or internal processes of an organization. Operational risk management is a process of identifying, assessing, measuring, mitigating, monitoring and reporting risks. One of the major advantages of ORM includes identifying the potential operational risks facing the company as well as treating the already identified risks (Bhattacharjee, Angevine, Majhi, & Smith, 2015). On the other hand, lack of enough knowledge and understanding of risk management substantially limits the ability of the company employees to design and implement risk management strategies.
Bhattacharjee, S., Angevine, D., Majhi, S., & Smith, D. (2015). Permanent Mooring Reliability & Mooring Risk Management Plan (MRMP): A Practical Strategy to Manage Operational Risk. Offshore Technology Conference. doi:10.4043/25841-ms
Bowman, R. H. (2008). Business continuity planning for data centers and systems: A strategic implementation guide. Hoboken, NJ: John Wiley & Sons.
CTC & Associates, & California. (2009). Disaster recovery plan. Sacramento, Calif.: California Department of Transportation.
Lincke, S. (2015). Addressing Business Impact Analysis and Business Continuity. Security Planning, 85-102. doi:10.1007/978-3-319-16027-6_5
Describe the purposes and benefits of each one, the challenges involved in creating each one, and how each one fits into a risk management strategy.