Fake omega

An Integrated Connection

An integrated connection - Risk Management & Business Continuity Management

The King II Report on Corporate Governance indicates that "sound risk management and internal control frameworks, tailored to the specific circumstances of the company, should be part of the daily operational activities of a company and should not be viewed independently of normal business activities." It also makes clear that the Board should be responsible for the total process of Risk Management.

While Risk Management focuses on every conceivable type of risk that may be found in an organisation; Business Continuity Management focuses only upon such aspects that may impact and disrupt the delivery of key products and services.

The Explanatory Memorandum of the Companies Bill, 2007, introduces a "form of a codified regime of directors’ duties, which includes both a fiduciary duty, and a duty of reasonable care, which operate in addition to existing common law duties." In light of the above duties, it may be argued that one of the directors’ duties lies within their need to ensure the organisation has adequately provided for its business risks and business continuity.

Within this context, it is essential that directors and senior executives familiarise themselves with Business Continuity Management (BCM), as a "holistic management process that identifies potential threats to an organisation and the impacts to business operations that those threats, if realised, might cause, and which provides a framework for building organisational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities."

“Recent developments in corporate governance have placed accountability for risk management in the hands of the Board of directors. In the past, Board directors were usually not directly involved in the day-to-day details of risk management because it was perceived to be an operational management function.” IRMSA Code of Practice

Food for Thought

  1. The Board is responsible for the total process of Risk Management (RM)
    1. The Board should make use of generally recognised Risk Management and internal control models to support business sustainability under normal as well as adverse operating conditions
  2. Business Continuity Management (BCM) best practice assumes a worst case scenario e.g. a total loss of building, including a total loss of technology & possible loss of key personnel
    1. BCM is complementary to and forms part of the process of Risk Management (RM)
    2. the on-going continuity of the business is a key risk consideration
    3. BCM may be considered a specialised technique for the integration of RM within the organisation
  3. RM is the process that responds to every conceivable type of risk in every part of the organisation by;
    1. organising resources and information around risk in the manner considered most appropriate & useful
  4. BCM focuses on the impact of any disruption to the delivery of key products and services by;
    1. identifying the products & services on which an organisation depends for survival and what will be required for an organisation to continue to meet its obligations

For further information regarding Corporate Governance and Legislative Compliance, please contact Terry Booysen at CGF Research Institute (Pty) Ltd on +27 11 476 8264 / 1 / 0 or email tbooysen@cgf.co.za or view www.cgf.co.za

For further information regarding Enterprise Risk Management, please contact The Institute of Risk Management in South Africa on +27 11 234 5898 fax: +27 (11) 235 4006 or email admin@irmsa.org.za or view www.irmsa.org.za