In a recent episode of The Continuity Forecast, William “Bill” Hord, Quantivate’s vice president of ERM services, made a guest appearance to discuss the challenges and benefits of increasing collaboration between risk management and business continuity functions.
Read a recap of the podcast below or listen to the full interview here:
Episode #12: Are Your Business Continuity Teams and Your ERM Teams Collaborating?
Business continuity and enterprise risk management (ERM) share many goals and stakeholders in common. However, few companies are capitalizing on those commonalities to improve organizational communication and strategy.
“The whole point of governance, risk, and compliance is that we should be breaking down silos,” Hord says. But in his role working with organizations to build and mature risk management programs, he often sees business units operating with separate processes and data rather than sharing information and expertise for a more holistic approach to GRC.
In his interview, Hord highlights several common problems that prevent businesses from achieving the type of collaboration that could help them make smarter decisions and meet their strategic objectives.
Different teams will often talk about risk management in ways that don’t align or that are specific to their own department. This can form an initial hurdle to ERM and continuity teams working together and effectively sharing information.
Beyond the disconnect in defining or discussing risk, many teams simply don’t have a seat at the table in each other’s planning or assessment processes.
For example, the ERM team may not be considering the impact and scope of disruptions at the business unit level, as revealed by a business impact analysis (BIA). On the other hand, the business continuity team may not be aware of key risks identified by ERM, which could be integrated into business continuity planning and exercising.
Hord suggests inviting team members from other relevant risk verticals to sit in on assessments, planning sessions, or exercises to encourage direct information sharing. Oftentimes, just getting people in the same room reveals unexpected commonalities or hidden risks and vulnerabilities that help broaden oversight and improve risk mitigation.
Finally, businesses frequently have siloed risk reporting that doesn’t highlight critical connections and dependencies across the enterprise. An integrated approach to reporting can begin the process of breaking down silos while improving executive oversight. Ideally, organizations should be able to combine and synthesize data into a concise format that allows management to make better business decisions.
We’re all on the same team; we’re all here for the same thing: to promote the success of [organizational objectives]. Business continuity has as much to do with that as ERM, and vice versa. – Bill Hord
Improving communication and coordination is good for everyone. From a more complete understanding of enterprise risk and business impact, to actionable reporting, organizations stand to gain significant benefits from a more collaborative approach to GRC.
Looking for more risk management insights?
Explore further reading and resources about business continuity, enterprise risk, and integrated GRC: