This page contains a Flash digital edition of a book.
ll Continuity invites leading market practitioners
representing a different sector or country to provide
their expert opinion on a key issue currently impacting
BCM Bureau
on the BCM arena. kk
ll
Andy MAson MBCi nAthAniel FoRBes MBCi
andy Mason, MBCs, CitP, is head of business continuity at nathaniel Forbes is director of Forbes Calamity Prevention Pte ltd,
PricewaterhouseCoopers llP based in singapore
andrew.mason@uk.pwc.com nforbes@calamity.com.sg
www.pwc.com/uk www.calamityprevention.com
“Will we ever see a director of BCM at a permanent seat on the “Will we ever see a director of BCM at a permanent seat on
board of directors?” the board of directors?”
I believe that the short answer to this question is ‘No!’ I expect ‘Never say never’, but in my opinion it is about as likely as
the hypothesis behind the question is that BCM is so important a director of security, facilities management or corporate
it deserves representation on the board, thus guaranteeing the communications on a board. Professionals in those fields
level of support required. Imagine if every specialist operational also mitigate, prepare for, respond to or help recover from
discipline had a director, the board would be both enormous unexpected events, but unlike a BC manager, they do so for
and less effective. more kinds of incidents, more often and more visibly. Yes, all
those functions are important, but they are not mission-critical.
Members of a corporate board have broadly defined roles. Even They are cost centres, not profit centres. They are part of the
if they individually represent specific parts of the organisation, income statement, not the vision statement.
they have a collective role in establishing vision, values, policy,
strategy, structure, performance monitoring, internal controls Fundamentally, BCM is not a strategic activity about which
and progress reporting. They are accountable to and must board members should be expected to render sagacious
communicate with shareholders and external stakeholders on advice. The UK Institute of Directors states that the duties
all sorts of matters, including corporate governance, ethics and and responsibilities of directors are: setting strategic
social responsibility. objectives; appointing executive management and reporting
to shareholders (and that’s the most important one). It would
The board is ultimately responsible for the continuance of be hard to shoehorn BCM into that list. Even enterprise risk
business on a day-to-day basis. The board must ‘own’ business management elbowed its way into the boardroom only
continuity in a similar way to how it owns health, safety, because the Sarbanes Oxley Act put directors’ personal assets
environmental and risk management, and drive these disciplines at risk after the Enron chicanery.
throughout the organisation via vision and policy. Larger
organisations will likely delegate responsibility for delivering BCM is a middle management function for low likelihood,
a business continuity programme to management, whereas in high impact events and that job scope is never going to have
medium and small organisations it is likely to be one of many – or deserve – a board seat.
tasks managed by an individual who may also be a director on
the board. Organisational resilience is absolutely a board-level oversight
responsibility, but BCM is only one of several business
Whatever way we BC managers dress up our titles, our role is functions that contribute to resilience. Others include
that of a programme manager tasked with ensuring delivery security, health & safety, emergency management, crisis
of a business continuity programme for our organisation. Our management, IT disaster recovery, human resources, corporate
programmes should improve the robustness of our organisation communications and the many varieties of risk management.
to withstand disruptive events, and increase the resilience when I don’t know of a single company in which all those functions
they happen. We are there to ensure that our organisations can report to a single executive, so it’s not reasonable to expect
respond appropriately and recover in a timely manner. that they would all be the responsibility of a single member of
the board.
We should be trusted advisors to someone who specifically has
ultimate accountability for business continuity, and also to the To date, results in multinational companies of trying to
board collectively when it comes to responding to a disruptive combine those departments have been notable for their lack
event. Our aim should be to ultimately put ourselves out of a job of synergy, but I like to think that professional convergence is
by embedding business continuity deep into the culture of the inevitable. When you hear of a chief resilience officer at any
organisation, including the board – not elevating ourselves to it. of the world’s ten most-admired companies, you might look
for a concomitant addition to that company’s board – but not
If the question asked ‘should there be a chief risk officer?’, then before.
January/February 2010  Continuity  
Cont Jan/Feb 2010_insides.indd 11 3/2/10 14:49:39
Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44
Produced with Yudu - www.yudu.com