A special issue
of International Journal of Business Continuity and Risk Management
The IJBCRM goal is to provide an academic and professional forum to develop and disseminate research, practical methods, theories, and experiences in the advancing area of business continuity and risk management. This growing body of knowledge provides a vital lead within organisations in the process of systematic decisions to protect people, assets and operations and ensures the continuation of an organisation following disaster.
Risk standards are one means used by organizations to assure systematic decisions when managing risk. Standards are accepted specifications which define terms, concepts, methods, processes and practices. There is no shortage of standards, codes and guidelines in the area of risk management and the international community has developed many. One of the difficulties, however, is that this large body of information has grown in an uncoordinated manner. Some have argued this divergent growth of standards and guidelines in risk management has resulted in there being no universal approach and terminology that is recognized as the industry standard.
Several of the well known risk management standards include: the risk standard of AIRMIC/ALARM/IRM 2002, the Australian/New Zealand Standard AS/NZS 4360:2004; the Enterprise Risk Management - Integrated Framework, COSO 2004 and the ISO/DIS 31000 International Standard or BSI British Standards - BS 31100:2008. Other standards exist such as the ISO/IEC Guide 73:2002 Risk Management — Vocabulary, the CSA Q 850:1997 Risk Management Guidelines for Decision Makers; the JIS Q 2001:2001 Guidelines for development and implementation of risk management system and the BS 25999-1:2006 Business continuity management Code of practice.
Such standards vary in scope, purpose, perceived benefits, guidelines, principles, frameworks, components, terminology, objective, implementation advice, risk processes, structural recommendations and in adoption, certification and compliance monitoring processes. Standards also vary regarding their primary reason for creation - the thinking behind them.
Adoption of and compliance with a standard requires the allocation of internal or external resources and represents an additional business cost. Standards too can be expensive to implement and to maintain. This may have an impact on the competitiveness of corporations. Companies seeking to implement risk standards must know whether benefits are really worth the costs involved. Whatever their nature, standards and technical regulations will have no effect unless they are properly implemented.
Aside from identifying and establishing the general worth of standards, we might question:
Whether risk specialists and practitioners think in ways that are consistent with the standards?
Are changes needed and if so, what changes are needed and why?
What are the objectives of a risk standard?
What have organizations learned whilst implementing these standards?
Therefore, the aim of this special issue is to clarify the role of risk management and related standards and to assess their impact. Bringing together such a body of knowledge through case studies, research and literature review on topics such as implementation and enterprise risk management, as well as a standards update, will enable practitioners to make immediate improvements to their risk management activities and to plan for the future. The special issue should enable a better understanding of the tools that are available to manage the risks, sharing best practice on how to increase the efficiency and effectiveness of standards. It will also help academics and researchers to ground future work.
Potential authors are invited to submit contributions which evaluate existing risk management standards, critically analyzing their role and contributing to our knowledge of why standards should or should not be adopted. Contributions will also further knowledge concerning the implementation issues of how, where and when such risk management standards might be applied. The goal is to prepare a reference issue that could be of immediate use to those interested in the management of risk and business continuity assurance and the implications of risk standards for business, whether they are academics, practitioners or researchers.
Suitable topics include, but are not limited to:
- Comparison of standards worldwide
- Critical evaluation of standards
- Role of standards in specific branches/industries, e.g. banking, telecomms, healthcare etc.
- Role of standards in specific functions, e.g. IT/IS risk, operations, project management etc.
- Frameworks for the management of risk
- Influence of laws and policy makers
- Economic performance and business benefits of organizations adopting risk standards
- Regulation and other drivers for adoption
- Standards and the regulatory environment
- Communicating risk standards
- Case studies on implementation and adoption of risk standards
1-2 page abstract due: 1 February 2010
Notification to authors: 1 March 2010
Submission of manuscripts due: 30 August 2010
Notification to authors: 15 October 2010
Final drafts of papers: 31 December 2010