When organisational effectiveness fails: business continuity management and the paradox of performance

Purpose: The aim of the paper is to consider the nature of the business continuity management (BCM) process and to frame it within wider literature on the performance of socio-technical systems. Despite the growth in BCM activities in organisations, some questions remain as to whether academic research has helped to drive this process. The paper seeks to stimulate discussion within this journal of the interplay between organisational performance and BCM and to frame it within the context of the potential tensions between effectiveness and efficiency. Design/methodology/approach: The paper considers how BCM is defined within the professional and academic communities that work in the area. It deconstructs these definitions in order to and set out the key elements of BCM that emerge from the definitions and considers how the various elements of BCM can interact with each other in the context of organisational performance. Findings: The relationships between academic research in the area of crisis management and the practice-based approaches to business continuity remain somewhat disjointed. In addition, recent work in the safety management literature on the relationships between success and failure can be seen to offer some interesting challenges for the practice of business continuity. Practical implications: The paper draws on some of the practice-based definitions of BCM and highlights the limitations and challenges associated with the construct. The paper sets out challenges for BCM based upon theoretical challenges arising in cognate areas of research. The aim is to ensure that BCM is integrated with emerging concepts in other aspects of the management of uncertainty and to do so in a strategic context. Originality/value: Academic research on performance reflects both the variety and the multi-disciplinary nature of the issues around measuring and managing performance. Failures in organisational performance have also invariably attracted considerable attention due to the nature of a range of disruptive events. The paper reveals some of the inherent paradoxes that sit at the core of the BCM process and its relationships with organisational performance

Aligning a Service Provisioning Model of a Service-Oriented System with the ITIL v.3 Life Cycle

Bringing together the ICT and the business layer of a service-oriented system (SoS) remains a great challenge. Few papers tackle the management of SoS from the business and organizational point of view. One solution is to use the well-known ITIL v.3 framework. The latter enables to transform the organization into a service-oriented organizational which focuses on the value provided to the service customers. In this paper, we align the steps of the service provisioning model with the ITIL v.3 processes. The alignment proposed should help organizations and IT teams to integrate their ICT layer, represented by the SoS, and their business layer, represented by ITIL v.3. One main advantage of this combined use of ITIL and a SoS is the full service orientation of the company.Comment: This document is the technical work of a conference paper submitted to the International Conference on Exploring Service Science 1.5 (IESS 2015

Model-Based Mitigation of Availability Risks

The assessment and mitigation of risks related to the availability of the IT infrastructure is becoming increasingly important in modern organizations. Unfortunately, present standards for Risk Assessment and Mitigation show limitations when evaluating and mitigating availability risks. This is due to the fact that they do not fully consider the dependencies between the constituents of an IT infrastructure that are paramount in large enterprises. These dependencies make the technical problem of assessing availability issues very challenging. In this paper we define a method and a tool for carrying out a Risk Mitigation activity which allows to assess the global impact of a set of risks and to choose the best set of countermeasures to cope with them. To this end, the presence of a tool is necessary due to the high complexity of the assessment problem. Our approach can be integrated in present Risk Management methodologies (e.g. COBIT) to provide a more precise Risk Mitigation activity. We substantiate the viability of this approach by showing that most of the input required by the tool is available as part of a standard business continuity plan, and/or by performing a common tool-assisted Risk Management

IT process architectures for enterprises development: A survey from a maturity model perspective

During the last years much has been published about IT governance. Close to the success of many governance efforts are the business frameworks, quality models, and technology standards that help enterprises improve processes, customer service, quality of products, and control. In this paper we i) survey existing frameworks, namely ITIL, ASL and BiSL, ii) find relations with the IT Governance framework CobiT to determine if the maturity model of CobiT can be used by ITIL, ASL and BiSL, and (iii) provide an integrated vista of IT processes viewed from a maturity model perspective. This perspective can help us understand the importance of maturity models for increasing the efficiency of IT processes for enterprises development and business-IT alignment

Insurer Climate Risk Disclosure Survey: 2012 Findings and Recommendations

2012 was the warmest year on record in the Lower 48 states and the second most extreme weather year in U.S. history. This is not a coincidence. Extreme weather -- stronger, more damaging storms, unprecedented drought and heat in some regions and unprecedented rainfall and flooding in others -- are the predictable consequences of rising global temperatures.Eleven extreme weather events each caused at least a billion dollars in losses last year in the United States. A single event, Hurricane Sandy, caused more than $50 billion in economic losses. Insurance companies are on the hook for tens of billions of dollars in claims as a result of Sandy and other severe weather events. And American taxpayers are on the hook for tens of billions of dollars themselves, thanks to losses sustained by the National Flood Insurance Program as well as disaster relief spendingThis raises a fundamental question: Is the insurance industry prepared? Have insurers analyzed and measured their climate-related risk? Are they planning for life in a warmer world? These should be essential questions for insurance regulators in all 50 states to be asking, and some are

Food calamities and governance; an inventory of approaches

In normal circumstances a governance structure of the food system has evolved that serves the system so as to reduce transaction costs. While its overarching conditions are often set by the government policy as to the sector, the private sector, with the help of an enabling government, has developed arrangements to its own liking. The question addressed in this review is whether this governance structure of the food system is robust enough to cover extreme events, calamities, that strike unexpectedly and may harm large sections of the system. Do normal arrangements cover part of what should be done in these circumstances, or do they perhaps hinder the application of adequate governance fit for such extreme events

Food security, risk management and climate change

This report identifies major constraints to the adaptive capacity of food organisations operating in Australia. This report is about food security, climate change and risk management. Australia has enjoyed an unprecedented level of food security for more than half a century, but there are new uncertainties emerging and it would be unrealistic – if not complacent – to assume the same level of food security will persist simply because of recent history. The project collected data from more than 36 case study organisations (both foreign and local) operating in the Australian food-supply chain, and found that for many businesses,  risk management practices require substantial improvement to cope with and exploit the uncertainties that lie ahead. Three risks were identified as major constraints to adaptive capacity of food organisations operating in Australia:  risk management practices; an uncertain regulatory environment – itself a result of gaps in risk management; climate change uncertainty and projections about climate change impacts, also related to risk management