facebook_pixel

Four Types of Risk Mitigation and BCM Governance, Risk and Compliance

Michael Herrera

Risk mitigation is defined as taking steps to reduce adverse effects. There are four types of risk mitigation strategies that hold unique to Business Continuity and Disaster Recovery. It’s important to develop a strategy that closely relates to and matches your company’s profile.

Risk Acceptance: Risk acceptance does not reduce any effects however it is still considered a strategy. This strategy is a common option when the cost of other risk management options such as avoidance or limitation may outweigh the cost of the risk itself. A company that doesn’t want to spend a lot of money on avoiding risks that do not have a high possibility of occurring will use the risk acceptance strategy.

Risk Avoidance: Risk avoidance is the opposite of risk acceptance. It is the action that avoids any exposure to the risk whatsoever. Risk avoidance is usually the most expensive of all risk mitigation options.

Risk Limitation: Risk limitation is the most common risk management strategy used by businesses. This strategy limits a company’s exposure by taking some action. It is a strategy employing a bit of risk acceptance along with a bit of risk avoidance or an average of both. An example of risk limitation would be a company accepting that a disk drive may fail and avoiding a long period of failure by having backups.

Risk Transference: Risk transference is the involvement of handing risk off to a willing third party. For example, numerous companies outsource certain operations such as customer service, payroll services, etc. This can be beneficial for a company if a transferred risk is not a core competency of that company. It can also be used so a company can focus more on their core competencies.

So how can I be a leader in Business Continuity Management (BCM) Governance, Risk and Compliance (GRC) and balance my risks and opportunities?

If you’re a BCM Practitioner practicing risk mitigation, you’ve probably been asked this question from your senior management: “How compliant is our Business Continuity program and how does it compare to others in our industry? “  Are you still trying to figure out what industry standards fit your program or are using manual inefficient tools that are holding you back?  A BCM GRC software tool is something you should consider today.

 

What the Trends Tell Us

BCM compliance across companies we have worked with has yielded interesting information:

  • Many are afraid to assess their compliance – better to keep their head under the sand than know the truth
  • Management education is needed to show how BCM benchmarking can be effectively used to manage their program
  • The use of self-assessment tools to measure BCM compliance is non-existent or its a rudimentary tool with limited functionality
  • Majority of organizations do not have a clear picture of where they stand and where their weaknesses or strengths lay
  • Resource time is often being spent on program dimensions that have little to no effect on compliance and resiliency
  • Management is continually asking for compliance benchmarking and reporting but it doesn’t exist

How a BCM GRC Tool Helps You

In a nutshell, a BCM GRC tool helps you better manage your risk mitigation program by balancing the risks and opportunities for improvement. If you’ve devised your own system of assessing your compliance, such as using a manual process, it gets a little trickier to assess and report on compliance on a regular basis.   And if you’ve ever let something accidentally slip through the cracks, you can appreciate a better way to manage this process. 

While not every BCM GRC platform features questions modeled after industry standards and weighted by importance, permits task assignments and comprehensive management reporting you’ll benefit from choosing one that does. Unless, that is, you have your own personal assistant who keeps you up to date about everything regarding BCM compliance…and these days, who does? 


 Your Goal is Compliance and Resiliency

If your goal as a BCM Practitioner — and let’s face it, every one of us has this as a goal — is to raise your compliance and resiliency, you need a reliable system for assessing compliance and a BCM GRC tool can play a major role in making all these business processes much easier.  Let’s say you’ve been asked to assess your BCM compliance. In your BCM GRC tool, you can quickly and easily assess the compliance of the seven dimensions  (Program Administration, Crisis Management, Business Recovery, Disaster Recovery, Supply Chain Risk Management, Third Party Management, and Fire & Life Safety) of your program.  You can attach supporting documentation, so you have everything that relates to that assessment in one handy place.  You can assign fellow planners to have access to specific programs or auditors to view reports on your compliance.   You can add tasks and assign responsible parties for resolution to keep the program moving down the compliance trail.  You can run management scorecards and reports on each dimension outlining the state of the program. This kind of highly valuable data gives a big picture analysis of what the compliance landscape looks like. For example, perhaps the tool identifies your BIA process is critically weak and does not comply with industry standards.   This is worth considering. Perhaps it might be time to revise your BIA questionnaire or look to outside agencies to implement a best practice approach.

Designed for You

If you’re serious about succeeding as a BCM Practitioner, make sure you’re using the right tools, like BCMMETRICS. It’s designed to help BCM Practitioners like you be more effective at successfully managing your BCM program through intelligent assessment and measurement. The multitude of BCM industry standards is overwhelming even for the experienced practitioner.  But BCMMETRICS makes the process extremely easy to use and administer. Our own BCMMETRICS platform is designed to be simple enough to figure out within minutes.  We offer a free video on BCMMETRICS and overview of the solution in our website.

 

Download the Ultimate Checklist for Creating a Risk Mitigation Plan

Complete the form to gain instant access to the checklist:
DOWNLOAD NOW
Showing 6 comments
  • jason
    Reply

    Does risk transference negate the company’s exposure and liability should an event occur that causes damage, injury or even death? The BP Mexican Gulf oil platform disaster springs to mind.

    • Melissa
      Reply

      Thats a very good question. Risk transference may not always negate exposure if your supplier is negligent in the production of good or operations of a service that you as the company are providing to your customers.

      • Austin
        Reply

        Hello Melissa, the Risk transference should mitigate your risks if you have a properly crafted service level agreement which can be enforced by law. This way, you will be able to trust that the third party will not devote from the minimum requirements.

pingbacks / trackbacks

Leave a Comment

Download the Ultimate Checklist for Creating a Risk Mitigation Plan

Complete the form to gain instant access to the checklist:
DOWNLOAD NOW
close-link