A case study of the integration of ERM and BCM as an independent function

At the 2014 BCI World Conference and Exhibition, participants will have an opportunity to listen to a real case study of the integration of Enterprise Risk Management (ERM) and Business Continuity Management (BCM) as an independent function. This is an innovative and forefront role for the ERM and BCM function.

In my presentation, I will show how the traditional reporting structure and work functions of ERM and BCM in an organisation are usually separated from each other. The ERM and BCM functions are typically part of the executive management team and the head of ERM and BCM reports to the executives such as the CEO or the CFO.

I will share with you the real life case in Malaysia where the ERM and BCM functions are integrated as a 'single' function and act as an 'independent' unit - assuming the roles and responsibilities similar to those of the Internal Audit - separated from the Management. The integrated ERM and BCM independent function reports functionally to the Board of Directors via the Board Audit Committee and administratively to the CEO.

The integrated ERM and BCM function will serve as the foundation for a well-governed and well-managed organisation that is built on a solid resilient foundation of BCM and supported by three pillars of Corporate Governance - Governance, Risk and Compliance.

In order to ensure the effectiveness of an integrated ERM and BCM independent function in an organisation, the following pre-requisite criteria must be established:

1. An integrated ERM and BCM Charter clearly stating the independent, authority, position, roles and responsibilities of the ERM and BCM functions
2. Unbiased support from the Board of Directors and the CEO on the independent roles and responsibilities of the integrated ERM and BCM function. The Board of Directors via Board Audit Committee is responsible for the oversight of the work of the integrated ERM and BCM function and for the performance and oversight of the Head of Integrated ERM and BCM function, and ensures that it has a sufficient amount, and quality of resources to fulfil its roles
3. The appointment of the Head of integrated ERM and BCM function must be approved by the Board of Directors. The Chair of the Board Audit Committee is consulted before the appointment of the Head of integrated ERM and BCM function or the termination of his/her employment and conducts entry and exit interviews with the same
4. The Head of integrated ERM and BCM function and the supporting subordinates should possess strong knowledge in the disciplines on both ERM and BCM
5. The Management shall know its role as risk owners and BCM process owners, and these must be clearly communicated and supported by the Management

I will also share with you the benefits of an integrated ERM and BCM independent function and some of the limitations that you may face if you implement the said function in your organisation.

In conclusion, I will share the key takeaways on the lessons learnt from the Malaysian experience that can be adapted to your organisation since there is no 'one-size-fits all' integrated ERM and BCM function. The ultimate goal of the integration is to have a synergy between the two functions as an independent function that will contribute towards a well-governed and well-managed organisation.

Chong Chen Voon is currently the Managing Director of GRC Consulting Services and an Executive Director of EJF Group, a group of consulting firms providing Consulting, Advisory and Training services.

Chong will be discussing 'the integration of ERM and BCM as an independent function' on day one of the BCI World Conference on Wednesday 5th November. You will find him in seminar room 3 starting at 13:10.