• 25Jan

    RISKY BUSINESS…

    Navigating regulatory compliance in a global market

    An excerpt of a Quality Digest article by Rory Granros

    When regulatory compliance and risk management come to mind, they usually evoke feelings of fear, uncertainty, and doubt as to how well an organization is prepared for government scrutiny or any worst-case business scenario. Questions arise, such as: Have we developed the proper procedures to ensure product compliance? How can we measure and actually know if we are within the regulatory guidelines?  Do we have “proof of absence” or are we at risk from “absence of proof” by market and regulation? Do our systems help or hinder us?

    The consumer recalls in 2007 are prime examples of how compliance and risk management go well beyond internal operations to span the entire supply chain. A comprehensive strategy includes three dimensions:

    • An internal dimension comprising variables manufacturers can control
    • An external dimension, which includes factors outside manufacturers’ control
    • A customer dimension, encompassing supply-chain factors that manufacturers can influence

    While it’s common for companies to firefight internally to meet compliance mandates, it’s critical to involve and consider all constituents as part of the compliance strategy. Equally important is to recognize that compliance and risk management aren’t projects, but rather are processes that must be monitored and adjusted on an ongoing basis. To meet emerging corporate responsibility and compliance mandates, companies can no longer afford the cost and risk of being reactive and the increased risk associated with “absence of proof” strategies. They must incrementally move to an active, and eventually proactive, compliance plan that is built into all processes and products, and ensures the “proof of absence” to regulatory exposure.

    The compliance mandate
    Over the past few decades, the pace of introducing new government regulations and compliance guidelines has accelerated significantly and is unlikely to slow down. Partially as a result of consumer demand for economic, environmental, and social responsibility, the burden of safety is shifting from governments to manufacturers. Additionally, mounting pressure driven by special interest groups has led to the creation of many new laws that put tighter restrictions on manufacturers. These new restrictions and laws have increased costs and have mandated changes at all levels, requiring that companies retool at the plant floor level, reevaluate materials and suppliers, and reexamine how products are introduced and marketed. Companies often respond in an ad hoc manner. The proliferation of compliance and risk management concerns requires that companies build a strategy encompassing the three primary influences—internal, external, and customer dimensions.

    READ MORE!!!

    Filed under: General
    No Comments
  • 25Jan

    BCP News

    Survey reveals widespread vulnerability to email outages

    Today, January 25, 2008, 9:55:20 AMGo to full article
    But many companies fail to implement high availability solutions or develop disaster recovery plans.

    Majority of malicious websites are now legitimate sites compromised by attackers

    Today, January 25, 2008, 9:55:20 AMGo to full article
    According to Websense Security Labs report.

    Risk Management d/b/a Business Continuity

    Originally posted by John Glenn in Untagged - DRJ.com
     

    I’ve been telling people for years that I am a Business Continuity practitioner.

    The typical response is: "What’s that?"

    I then go into my spiel. Sometimes I hold their attention, sometimes not.

    But I was talking with a Business Continuity planner the other day who got me to thinking maybe I should list "Risk Management" on my businesscard in lieu of Business Continuity.

    That is, after all, what Business Continuity is all about: risk management.

    No fancy terms people have difficulty grasping. No buzz words du jour such as "Resiliency Planning," which, were it not for spell check, I probably would misspell every time I wrote it.

    Nope. Risk Management. Gets to the point and most people understand both words, singularly and together.

    As an old reporter, I should have paid closer attention to my audience and addressed the audience’s "Business Continuity" comprehension level.

    There is nothing wrong with "Business Continuity" other than the only ones who think they understand the term are in the business.

    Practitioners still can stick modifiers in front of the term: Enterprise Risk Management, IT Risk Management, Profit Center Risk Management.

    What do we do, after all?

    Having identified processes, we look for risks to those processes.

    Then we seek ways to avoid or mitigate (manage) the risks.

    Finally, we train people to respond to (manage) those risks.

    We still can have process re-engineering, and succession planning, and personnel safety & awareness, and employee retention, and . . . And all the other functions which go into a comprehensive Business Continuity plan since, one way or another, overlooking any of the functions constitutes - would you believe - a risk.

    I still am a Business Continuity practitioner, and I’ll still accept Business Continuity engagement offers, but I think I’ll get back to the basics and promote myself for what I really am - and what prospects will understand - a risk manager.

    Here’s a thought. Billing ourselves as "Business Continuity" practitioners is a risk - a risk that the people we’re addressing won’t understand Business Continuity and how it benefits them. Manage that risk by either re-titling ourselves or explaining in a sub-head that Business Continuity is "Risk Management."

    jg

    Business Continuity Practitioner
    (Risk Management Practitioner) 

    Filed under: Business Continuity
    No Comments