In our recent webinar with our customer Clariant, we got asked a very interesting question from one of the participants: “What’s the difference between enterprise risk management and business continuity management?”
Great question. And, like most great questions, the answer is a little fuzzy.
At the end of the day, enterprise risk management and business continuity management are tightly linked. The best way to think about it is probably this: Enterprise risk management (ERM) is about processes that are enacted before a disaster occurs, because enterprise risk management is concerned with protecting a business from risk by identifying the existence of vulnerabilities and defining a way to minimize their probability.
Business continuity management (BCM), on the other hand, is about processes that are designed to be enacted after a disaster has occurred, because business continuity management is the process of maintaining business operations during or after an actual disaster, which is executed through the use of business continuity plans.
To put a different spin on it, let me continue with my hiking analogy from an earlier blog post. Enterprise risk management is the part of the hike where you pack your survival kit full of flares—and business continuity management is the part of the hike where you shoot off those flares because you’ve broken your leg and can’t move.