• Starting with the definition of Business Continuity Management as formulated by the Business Continuity Institute: “Business Continuity Management identifies an organization’s priorities and prepares solutions to address disruptive threats. This understanding supports the design and implementation of plans to protect and continue the value creating operations of an organizations in the event of any major disruptions.”
• Adding the definition of a threat. “A threat is defined as a potential cause of an unwanted incident, which can result in harm to individuals, a system or an organization.” (Source ISO22301)

The definitions show a link between business continuity and threat and indicate that business continuity efforts are aimed at addressing threats.

So, what does that tell organizations? As most organizations use the terms “threats” and “risks” interchangeably, it tells that there should be alignment between die risk management function and the business continuity (BC) programme. Alignment can be achieved through the following:

1. The business continuity manager / practitioner should consider the organization’s existing operational risk register, to understand the organization’s risk landscape, risk appetite and the approach to mitigating risks.
2. The position of the risk management function in the organizational structure should give guidance as to where BC should be incorporated (i.e. If the Risk Management department forms part of the overall Governance Risk and Compliance department and the BC function becomes part of the Risk Management department).
3. During the process to establish a BC programme, efforts should be made to understand the organization’s priorities through a business impact analysis and a BC specific risk assessment. The outcomes of the BC risk assessment should be shared with the Risk Management department, as new risks may have been identified.
4. Including BC as a standard agenda item at the relevant risk committees and forums (i.e. Risk and Compliance Committee, Audit and Risk Committee).

In summary, successful alignment between the risk management function and BC, should support a risk-based approach to BC and raise awareness for the BC programme.