Risk Management - ERM & BCP

These two acronyms are often mentioned in discussions on risk management processes but what do they mean and are they of practical value?  ERM is Enterprise-Wide Risk Management and BCP is Business Continuity Planning.

ERM is a process by which all risks that could adversely impact on the business are reviewed, methods of dealing with each risk are assessed for effectiveness and the residual exposure to the business is prioritised. This is a broad ranging process that should not be restricted to conventional risks but should evaluate all types of risk including those which may be regarded as being outside the organisation's control, such as interest rates and currency exchange.

BCP is generally applicable to a specific manufacturing site or administration centre and again risks are identified and controls evaluated. Additionally plans are established for continuing to supply customers or provide services in the event the location is unable to operate.

Both processes are applicable to businesses of all sizes and should not be seen as being relevant only to large organisations with regulatory requirements for corporate governance. Various methods can be utilised to obtain the necessary information but for an ERM process a workshop comprising the senior management group is recommended and for BCP a workshop with the site management team.

---

Author

Sid Levett, Former General Manager - Risk, Amcor Limited
Clients interested in applying these processes can contact Sid Levett of Objective Risk Advisory Services (ORAS Consulting).

External Links