KnowledgeLeader Blog

Business continuity management (BCM) is the development of strategies, plans and actions that provide protection or alternative modes of operation for activities or business processes which, if they were to be interrupted, might otherwise bring a seriously damaging or potentially fatal loss to the enterprise.

Sustaining an effective business model in the face of digital disruption requires a strong foundation of IT governance able to scale and adapt to modern enterprise needs. These needs, though unique to each enterprise, are generally shaped into four key drivers — innovation, meeting customer expectations, data-based decision making and improving business performance — and enabled by a convergence of technologies such as cloud and mobile, social apps, the internet of things (IoT), artificial intelligence (AI), and robotic process automation (RPA).

Given the complexity of the business environment, executives need to be careful to avoid overconfidence that can be bred by an expressed or implied “official” view of the future during the risk assessment process. Overconfidence is a powerful source of illusions. It is often driven by the degree of success managers have experienced and the quality and coherence of the storyline they construct regarding the future they envision. Scenario planning is the process of testing management’s “view of the future” by visualizing different future conditions or events, what their consequences or effects would be like, and how the organization can respond to or benefit from them. Scenario planning avoids the risk of a single view of the future by enabling management to identify the likely direction and order of magnitude of the effects of changes that affect the drivers of the enterprise’s revenues, costs, profits and market share.

Developing risk maps, heat maps and risk rankings based on subjective assessments of the severity of impact of potential future events and their likelihood of occurrence is common practice. These approaches provide an overall picture of the risks, seem simple and understandable to most people, are often the result of a systematic process, and provide a rough profile of the organization’s risks.

"Close the books" is a process that a corporation uses to reconcile, consolidate and report financial information on a periodic basis. Each company defines closing the books a little differently; not all companies complete an identical list of tasks in their close-the-books process.

Every audit committee should assess the effectiveness of the organization’s internal audit function at least annually, if not throughout the year. The critical role that internal audit plays requires the audit committee to ensure that the organization receives substantial benefits from the investments made in the internal audit function. Though the charter, scope, funding and activities of internal audit vary from company to company, audit committees should at least consider the following questions when evaluating their company’s internal audit function:

Once a company forms an internal audit function, completes the risk assessment process and develops an internal audit plan that is responsive to the risk assessment, it can initiate individual internal audit assignments.

The process of purchasing materials and supplies comprises procedures and activities to acquire goods in the correct quantity and in a timely manner. The process should include how purchases are started (e.g., inventory levels), who is involved and how it is made. In addition, the process covers the communication of purchases to all required areas of the company (e.g., accounting). Inventory management follows and starts from the time inventory purchases are received to the time the inventory is sold to the customer and payment is received.