Business continuity has been around from its early disaster recovery roots in the 1980s through to its present acceptance as a formal management systems standard by ISO. Risk management has had a similar heritage from its initial insurance and loss control days through to its current eminent position as a key component of corporate strategy. Crisis management has by contrast always been spoken about without ever being formalised – except arguably by the PR profession.
In the fallout from the global financial crisis of 2007/08, risk management for a while looked a likely victim. There was a view in some quarters that conventional risk management had failed to predict the crisis or provided any effective way of mitigating the outcomes that emanated from it. This led many organisations to question their approach to operational risk, seeking an approach which relied less on theoretical models and more on practical techniques and understandable solutions. Continue reading