Primary navigation:

QFINANCE Quick Links
QFINANCE Reference
Add the QFINANCE search widget to your website

Home > Operations Management Best Practice > Business Continuity Management: How to Prepare for the Worst

Operations Management Best Practice

Business Continuity Management: How to Prepare for the Worst

by Andrew Hiles

Table of contents

Executive Summary

  • No organization is immune from disaster.

  • Business continuity management (BCM) is an integral part of corporate governance.

  • A business continuity plan (BCP) can protect your brand, reputation and market share.

  • The prerequisite discipline of risk and impact assessment reveals critical dependencies and threats to them, enabling preventative measures to be taken.

  • Risk and impact assessment identifies and prioritizes mission-critical activities and the timeframe in which they must be resumed; it can also provide new risk insights to improve your business performance.


BC: Business continuity

BCM: Business continuity management

BCP: Business continuity plan

BIA: Business impact assessment

DRP: A plan for the continuity orrecovery of information andcommunications technology (ICT)

MCA: Mission-critical activities

Risk appetite: The level of loss that anorganization is prepared to tolerate

RTO: Recovery time objective

RPO: Recovery point objective (of dataor transactions)


Over five years even a well-managed organization has an 80% chance of suffering an event that damages its profits by 20%.1

The cause could be equipment downtime, failure of utilities or supply chain, terrorism, fire, flood, explosion, or adverse weather. Whatever the cause, without a BCP, the result is the same: damage to reputation, brand, competitive position, and market share. Sometimes this damage, and subsequent losses, are severe enough to lead to permanent closure.

Yet such loss can be minimized, or even avoided, by implementing a business continuity management (BCM) system which includes developing a business continuity plan (BCP).

Quite simply, those organizations that have a BCP tend to survive a major adverse incident, while those without a BCP tend to fail.

What Is BCM?

According to one definition, BCM is: a “holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience and the capability for an effective response which safeguards the interests of its key stakeholders, reputation, brand and value creating activities.”2

Information and communications technology (ICT) disaster recovery is an important and integral part of BCM—but only one part. BCM covers all mission-critical activities (MCAs)—operations, manufacturing, sales, logistics, HR, finance, etc.—not just the technology.

The BC Project

BCM starts as a project, but, once the BCP has been developed, audited and exercised, it becomes an ongoing program needing regular maintenance and exercise.

The project activities are illustrated in Figure 1.

Back to Table of contents

Further reading


  • Hiles, Andrew. Business Continuity: Best Practices—World-class Continuity Management. Brookfield, CT: Rothstein Associates, 2007.
  • Hiles, Andrew. The Definitive Handbook of Business Continuity Management. 2nd ed. Chichester, UK: Wiley, 2007.
  • Hiles, Andrew N. Enterprise Risk Assessment and Business Impact Analysis: Best Practices. Brookfield, CT: Rothstein Associates, 2002.
  • Von Roessing, Rolf. Auditing Business Continuity—Global Best Practices. Brookfield, CT: Rothstein Associates, 2002.



  • BS 25999 Business Continuity Management (UK)
  • HB 221 Business Continuity Management (Australia)
  • NFPA 1600 Emergency Management and Business Continuity (USA)

Back to top

Share this page

  • Facebook
  • Twitter
  • LinkedIn
  • Bookmark and Share