why bcm
Why Business Continuity Management?
Business Continuity Management (BCM) is a holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation and value creating activities.

External Drivers
• Pressure from audit committees
• Pressure from financial institutions
• Pandemic concern
• New threats & risks since 9/11
• Demands from customers
• Cost of insurance
• Perceived as competitive edge
• Reliance on third parties (supply chain)
• Increased regulator and self-regulated requirements
• Loss of customers or inability to attract new customers
• Loss of revenue / market share
• Decrease in stock value
• Increase of insurance premiums/takaful contributions
• Loss of assets and employees
• Regulatory sanctions
• Downgrading of debt securities or corporate ratings
• Loss of confidence by foreign investors and potential investors
• Default on financial commitments and contracts
Program Initiation and Management

• Establish the need for a business continuity program.

• Obtain support and funding for the business continuity program.

• Build the organizational framework to support the business continuity program.

• Introduce key concepts, such as program management, risk awareness, identification of critical functions/processes, recovery strategies, training and awareness, and exercising/testing.

Risk Assessment

• Identify risks that can adversely affect an entity’s resources or image.

• Assess risks to determine the potential impacts to the entity, enabling the entity to determine the most effective use of resources to reduce these potential impacts.

Business Impact Analysis

• Identify and prioritize the entity’s functions and processes in order to ascertain which ones will have the greatest impact should they not be available.

• Assess the resources required to support the business impact analysis process.

• Analyze the findings to ascertain any gaps between the entity’s requirements and its ability to deliver those requirements.

Business Continuity Strategies

• Select cost-effective strategies to reduce deficiencies as identified during the risk assessment and business impact analysis processes.

Incident Response

• Develop and assist with the implementation of an incident management system that defines organizational roles, lines of authority and succession of authority.

• Define requirements to develop and implement the entity’s incident response plan.

• Ensure that incident response is coordinated with outside organizations in a timely and effective manner when appropriate.

Plan Development and Implementation

• Document plans to be used during an incident that will enable the entity to continue to function.

Awareness and Training Programs

• Establish and maintain training and awareness programs that result in personnel being able to respond to incidents in a calm and efficient manner.

Business Continuity Plan Exercise, Assessment, and Maintenance

• Establish an exercise, assessment and maintenance program to maintain a state of readiness.

Crisis Communications

• Provide a framework for developing a crisis communications plan.

• Ensure that the crisis communications plan will provide for timely, effective communication with internal and external parties.

Coordination with External Agencies

• Establish policies and procedures to coordinate incident response activities with public entities.