Two different, and perhaps competing, perspectives of the future appeared in my Inbox this week. It is no wonder that John Glenn often refers to BCM as the Rodney Dangerfield profession – it is hard to earn respect when you actually cannot decide what you stand for.
Feeling lost?
First item comes from Alex Serano, a Senior Manager with Ernst & Young in Australia. In an article published on the Risk Management magazine’s website, Serano asks the question “Has BCM lost its way?”
Unfortunately I didn’t find a specific answer to that question in the article, but it is a very good question.
If I have understood him correctly, Serano is saying that we have lost our way when BCM becomes just a compliance “tick box” activity. When we stop asking questions, challenging the status quo and just become complacent, compliant and complicit.
Serano’s solution is to keep the passion and the fire in the belly, to apply that passion to continuous development of our knowledge – as he puts it “treading a fine line between the Evangelist and the Fanatic. We need to do this in collaboration with various other related disciplines in the organisation.
All good stuff for motivation and hopefully getting people to think about what form and approach would be most appropriate for this future model.
The emperor has no cloths!
The second perspective came from a webinar on the DRJ site – “BCM – The Road Ahead“, this was presented by Chris Alvord from COOP Systems. The road in question is paved with ISO standards.
This brave new world of BCM has no place for passion and knowledge improvement! It will be marked by a shift of focus from the application of the knowledge and experience of experts to the use of automated systems which encapsulate the standards-based processes.
Shock! And this from a BCM Software vendor! At first I accepted his assurance that the webinar was not about software, even the use of screen shots to promote how COOP supported his points did not totally destroy the impression. (After all they were the sponsor, you have to accept product placements).
Later when I saw the same promotion/advertising under the guise of discussion on LinkedIn it became fairly apparent to me they are promoting the sale of software, rather than advancement of thinking.
Enter EGRC
Cynicism aside, he introduced another new piece of jargon – EGRC, being Enterprise Governance, Risk Management and Compliance. The coining of this acronym was attributed to Gartner.
This is proposed as a multi-discipline approach, based on 4 specific ISO standards;
- IT Security, ISO27001
- ICT DR, ISO24762
- Risk, ISO 31000
- BCM, ISO 22031
there was also mention of a forthcoming Environment standard to add to the list.
All of these promote the ‘management systems’ approach, plus the additional similarities with their shared use of the Deming Cycle (Plan, Do, Check, Act). Even with all that I do not see that these generic approaches can be incorporated into a piece of software that will replace human expertise and knowledge.
There is a school of thought that you will need more expertise after you adopt those standards, because they are generic and relate to managing a process – rather than the professional practices that need to be undertaken within this process.
Despite the efforts of Watson, when the first piece of BCM Software beats humans at Jeopardy I will change my mind.
I can readily agree with the need for cross-dicipline approaches, and the need for synergy across the various risk disciplines – which will include BCM. But pushing these risk disciplines into what is really emerging as a compliance and audit function I do not see as helpful.
Over at ContinuityCentral.com they a have a poll running. I have to admit that my vote reflected more of the fact that for many organisations BCM is already a compliance activity. That is part of the reason why so many people are looking for how to rejuvenate it. Some interim results of the survey are here .
The winners are the printing industry – new business cards all round!
The losers – those seeking to create resilient organisations.
Do you have a different take on the value of GRC – with or without the E?
Leave a Reply