|
|
What Does Enterprise Risk Management Have To Do With Business Continuity? By Carol A. Fox The set of circumstances surrounding last year’s destructive hurricanes – particularly Katrina, Rita and Wilma – was overwhelming for many companies. Some found they had underestimated the destruction the hurricanes would cause, and the need for human relief outweighed so many other considerations. Other companies, however, weathered the storm by activating disaster recovery plans and continuing to serve their customers with little impact. Their businesses continued to operate, in spite of the devastating effect the storms had on their employees. What made their experiences so different? The answer is an integrated process, a major principle of Enterprise Risk Management (ERM). Here’s how one company used this process to create a solid business continuity plan, helping it survive disaster. Call Center Stands Up to Hurricane Wilma Located just 15 miles from Ft. Lauderdale, Florida, the Convergys Tamarac Contact Center employs over 1,000 customer service representatives and support staff. On a daily basis, it handles customer service requests for clients in industries ranging from telecommunications to financial services to health care, serving clients in the program areas of credit and collections, wireless, long-distance, cable and video and emergency preparedness. When Hurricane Wilma headed toward Florida last October, Convergys knew it needed to step up to the plate if the company was going to surivive the storm with little to no impact. The company got started right away, long before the storm ever hit land. First, the corporate Business Continuity Planning Group began providing storm updates to its Florida and Gulf Coast sites through its global tracking software. Then, just 72 hours before Hurricane Wilma struck, the Tamarac Incident Command Team (ICT) met to discuss its business continuity plan. Program by program, the ICT began invoking its site and program plans over the next 60 hours. Here are some of the company’s key initiatives:
Enterprise Risk Management is the Key to Broader Business Continuity So how did Convergys manage to get through the hurricane with such a minimal impact on its business? The fact is, Convergys call centers, including the Tamarac facility, have remained efficient and productive throughout the past two years, despite facing events ranging from hurricanes to fires to tsunamis. That’s because of Convergys’ Business Continuity and Disaster Preparedness and Recovery plan – a plan that first asks “What’s the worst that can happen?” Notably, the plan is supported by an executive team that itself trains to respond to events that may become a corporate crisis. By focusing on strong executive and financial commitment, integrated planning with processes to protect mission-critical elements and a well planned and understood communication strategy, Convergys operations are prepared to meet the needs of its clients and their customers, regardless of whatever disruptive events may occur. Companies that successfully continue or recover operations in spite of tremendous odds practice risk management against a specific risk – the risk of disruption to operations. They’ve taken the time to identify and assess the potential risks, validate and measure the necessary controls, take specific actions to mitigate or optimize the risks, then monitor the action plans. The same process underpins a successful Enterprise Risk Management (ERM) program; one that takes into account any risk that could disrupt strategic or operational plans. If you broadly define risk as a “chance” that something will happen (good or bad) that impacts the organization (positively or negatively), you start to see a much wider picture. Consider the following: What if…
In other words, what worries keep you up at night? Can your company survive if one or more of these events actually happens? A successful ERM program requires the same level of executive sponsorship, process governance, integrated planning, accountability and communications strategy that support successful business continuity planning. The beauty of ERM is that you don’t limit the stakeholders to considering only certain hazards and you don’t limit them to considering only the risks over which they have control. That way you surface all kinds of risks – physical, environmental, security, technology, financial, regulatory, compliance, etc. ERM makes risk accountability a visible and documented process, not only for the manager who is making a particular decision or preparing a particular plan, but also for the executives and the audit committee. By grouping and ranking risks, management and the Board of Directors are better informed about the overall risks facing the organization through an enterprise-wide prism. For example, one manager might think an action has no risk – but that action could create a huge risk for another manager. ERM makes those silo decisions and action plans transparent to the wider organization. As a result, planning becomes more collaborative. To be truly effective, an organization cannot conduct ERM in a vacuum. Partnerships are required. At Convergys, both Risk Management and Internal Audit are equal ERM partners with defined roles in support of the risk owners. The ERM Framework An ERM framework identifies who owns what part of the process. See Figure 1 to understand how Convergys’ ERM framework works, and what teams need to take responsibility for which areas. How can you implement a successful ERM program in your company? Here are a few tips:
By tying strategic and operational plans to the ERM process, ERM becomes an integral part of overall planning and not a one-time, stand-alone project. About the Author Carol A. Fox is Senior Director, Risk Management and Business Continuity Planning, for Convergys Corporation and Vice Chair, Risk and Insurance Management Society, ERM Development Committee. You can reach her at corporateriskmanagement@convergys.com. Learning Links
|
