Contributions for September Issue of The Best Practice Magazine
Submit your article about (IMP) Improving Performance - (PCM) Process Management, (PAD) Process Asset Development & (MPM) Managing Performance and Measurement for next month's issue of The Demix Best Practice Magazine.
(MBR) Managing Business Resilience - (RSK) Risk and opportunity management, (IRP) Incident Resolution & Prevention, (CONT) Continuity
(RSK) Risk and opportunity management
Intent Identify, record, analyze, and manage potential risks or opportunities.
Value Mitigate adverse impacts or capitalize on positive impacts to increase the likelihood of meeting objectives.
(IRP) Incident Resolution & Prevention
Intent Resolve and prevent disruptions promptly to sustain service delivery levels.
Value Minimize the impact of disruptions to meet objectives and customer sommitments more effectively.
Intent Plan mitigation activities for significant disruptions to business operations so that work can continue or resume.
Value Enables continued operation when serious disruptions or catastrophic events occur.
The inherent cadence and iterative nature of Agile practices make them well suited for the management of a wide range of risk commonly encountered in product development and related projects.1 Indeed, the nature and pace of change in such undertakings present considerable challenges for traditional methods that presume well-defined and stable requirements, together with known risk, that can be captured and modelled using classic techniques. For example, the manner in which understanding of requirements evolves (e.g., facilitated workshops, Agile modelling), the explorative fashion in which designs are implemented (e.g., prototyping, architectural spikes) and the incremental delivery of solutions all help to tackle uncertainty and to promote desired outcomes. This is particularly true of highly innovative solutions where both the customer and the delivery team must collaboratively work together to iteratively define the scope and content of the final solution while tackling both upside and downside risk.
However, throughout Agile literature, there is also a pronounced tendency to focus exclusively on the downside of risk without considering opportunities that can be exploited. This is evident from the view, expressed in many methodologies, that risk should necessarily be considered as an exposure to potentially negative outcomes. Moreover, there is a prevailing view that merely being Agile suffices and that more explicit attention to the identification, assessment, treatment and monitoring of risk is, therefore, not warranted.
It’s been an interesting month for Home Group, one of the UK’s major housing associations. Home Group is responsible for renting homes to more than 116,000 people across 55,000 properties in England and Scotland. Just last month, the charity suffered a data breach involving customer names, addresses and contact information. The company informed affected customers and mitigated the breach in just 90 minutes — a feat only a vigorous cybersecurity program made possible.
Business continuity is an organization's ability to maintain essential functions during and after a disaster has occurred. Business continuity planning establishes risk management processes and procedures that aim to prevent interruptions to mission-critical services, and reestablish full function to the organization as quickly and smoothly as possible.
The most basic business continuity requirement is to keep essential functions up and running during a disaster and to recover with as little downtime as possible. A business continuity plan considers various unpredictable events, such as natural disasters, fires, disease outbreaks, cyberattacks and other external threats.
Business continuity is important for organizations of any size, but it might not be practical for any but the largest enterprises to maintain all functions for the duration of a disaster. According to many experts, the first step in business continuity planning is deciding what functions are essential and allocating the available budget accordingly. Once crucial components have been identified, administrators can put failover mechanisms in place.
Thank you very much Steve for presenting at our info-sharing event on the 30th July 2020. Thank you also to all those who attended.
Whilst, BCM is a sub-set of the greater enterprise risk management discipline, the link between BCM and Risk Management is often not very well understood. This presentation focusses on BCM and how risk management integrates with BCM, provides objective value, and the ability to recover from setbacks, adapt well to change and keep going in the face of adversity.
In a nutshell, risk management together with BCM enables an organisation to optimise the level of risk being taken to best achieve the organisation’s objectives whilst still operating within the risk appetite of the organisation. Risk management is about preserving and enhancing value creation whilst minimizing the risks that lead to value erosion.
Cyber security discussions have become increasingly about cyber resilience in recent years, but the concept of being able to bounce back from disruption needs to be applied across the entire business, especially as organisations become more dependent on IT.
Resilience, however, is not something that happens by itself in cyber security or any other aspect of business operations. It has to be planned and managed, and therefore business resilience management (BRM) ought to be on the agenda of most organisations.