It is important to note that the focus of the study is business resilience; not DR or business continuity or even risk management. Business resilience, according to IBM, refers to the ability of enterprises to adapt to a continuously changing business environment, not just to restore operations after a disaster or continue to function despite operational problems.
More study findings, for example Big Fat Finance, show a solid majority of respondents (60%) saying that business resilience is considered a joint responsibility of all C-level executives although CIOs and IT professionals remain key players in building a more resilient organization. Similarly, a significant majority of survey respondents (85%) say that data and application security, data protection (79%) Big Fat Finance, infrastructure security (77%), security governance (75%), identity and access management (74%), and compliance management (69%) now are part of their organization’s broader risk management strategy.
If your organization is not yet engaged in business resilience risk planning now is a good time to start. Begin by downloading the report noted above. From there, IBM recommends assigning an enterprise-wide risk management team with a strong mandate to reach out across the organization because risk management should be part of everybody’s job.
Of course business resilience helps organizations maintain continuous operations in the face of disruptions and disasters. But IBM envisions it as something more. IBM distinguishes business resilience planning from enterprise risk management (ERM) in that it is more directed to build the organizational capacity to seize opportunities created by unexpected events. As such, it requires the engagement of everyone in the organization and often means a change in corporate culture to instill awareness not only of risk but of potential opportunities.
Companies would pay even less attention to disaster recovery than they do now if auditors and other compliance police didn’t get on their cases or threaten them with fines or liability of various sorts. Disaster recovery (DR) alone, however, may not be sufficient.
Among the findings of the study: organizations are diversifying their strategies to build business resilience, while keeping continuity, IT, and compliance risks in the forefront. And increasingly in business resilience strategies cloud computing is quickly emerging as a key risk and opportunity management tool.
The study makes it clear that DR and business continuity is evolving into enterprise-wide risk management. Such risk management, the study notes, should involve everyone in the organization and imbue responsibility for risk management at every level if companies are to respond effectively to changes and unexpected events.
The addition of opportunities to the risk management calculus adds a new dimension. Now it is not just about restoring servers in response to a sudden disaster but to bring back the right capabilities and capacity to take advantage of new opportunities that may emerge from the events.
Based on its 2011 Global Business Resilience and Risk Study IBM is suggesting a more proactive and forward thinking approach to DR, one that encompasses opportunities as well as risks. The study is available here.
Business resilience, of course, continues to involve the CIO and IT because, in the end, it is about the protection and accessibility of the organization’s applications, systems, and data assets. However, 62% of respondents also noted they brought onboard other C-level executives and 44% even include Board Members.
A focus on business resilience with the goal of not only ensuring business operations continue but exploiting sudden new opportunities will require new investments and the involvement of new players across the company. For example, 58% of the respondents reported investing in new risk-related IT strategies, such as cloud computing with its ability to rapidly deploy new resources and capabilities.
Related:
0 comments:
Post a Comment