This paper examines the interconnected roles of risk, crisis, and security management within organizational contexts, with particular attention to business continuity management (BCM) as a strategic framework for reducing organizational risk. Drawing on foundational texts by Adams, Borodzicz, Labib, and several articles by Herbane, the paper traces the concept of risk from individual development through organizational practice. It discusses failures in risk management — illustrated by real-world examples such as BP and an India-based industrial case — and highlights how crises typically precede meaningful change. The paper also considers how BCM's three phases (pre-event preparation, event management, and post-event continuity) can provide structured, proactive approaches to organizational resilience, especially in small and medium enterprises.
The paper demonstrates effective use of evidence-based argumentation: each claim about risk or BCM is supported directly by a quotation or finding from a peer-reviewed source, followed by the author's own analytical commentary. This show-then-explain pattern is a core undergraduate academic writing skill that keeps analysis grounded and credible.
The paper opens by establishing the theoretical landscape of risk, crisis, and security management. It then moves through individual risk development (Adams), to organizational failures (Labib, Button), to the BCM framework (Herbane, Tammineedi), and finally narrows to small business crisis management before concluding with a hypothetical scenario illustrating the real-world consequences of neglected risk management. The references follow APA format throughout.
Crisis, risk, and security all play a role and are linked within an organizational context. It is also important to examine the role gaming and simulation play within this phenomenon. In the past, risk was established as an idea that generated academic interest not just in the social sciences but in the pure sciences as well. It has also become subject to overzealous social and political controversy. Risk management has since become the main source of debate as well as theory development (Borodzicz, 2005). As risk can appear within anything from public safety to transportation and health, businesses must learn effective ways to manage it. Security management, however, has less developed theories and debates but still plays a vital role in lessening risk and increasing proper risk management. It is therefore crucial to understand how both play roles in the stability and safety of any organization.
In John Adams's Risk, at the beginning of Chapter 1, he discusses the development of a person's expertise as it concerns coping with the unknown. "The development of our expertise in coping with uncertainty begins in infancy. The trial and error processes by which we first learn to crawl, and then walk and talk, involve decision-making in the face of uncertainty" (Adams, 1995). The origins of calculating and preventing risk thus start in a person's earliest stages of life. It is here, Adams notes, that one learns to assess and predict. Through this beginning stage, one can derive the seeds needed to start understanding what it takes to lessen risk and, most importantly, manage it.
Adams also suggests, on the same page, that there is a sort of balancing act that happens during childhood and is carried on into adulthood. "In our development to maturity we progressively refine our risk-taking skills; we learn how to handle sharp things and hot things, how to ride a bicycle and cross the street, how to communicate our needs and wants, how to read the mood of others" (Adams, 1995). As this refinement continues, so it runs parallel to a business or organization. Within its formative stage, a business has just begun to understand risk. As the company grows and its employees gain experience, the efficacy of risk management rises accordingly. It then becomes more likely that such risk management can be implemented than was initially possible.
Because risk management is so imperative in maintaining the continuity of a business, it is important to understand how to execute it properly. In a book by Labib, the writer discusses bad management in India and the perils of forgoing a risk management strategy. "The Indian Government, although keen to attract foreign investment, needed to factor in basic safety requirements for its citizens. During future MNC projects, designs of installations need to be peer reviewed and more stringent environmental, health, and safety measures adopted" (Labib, 2014, p. 60). Not only did the company lack basic safety requirements — greatly increasing risk — it also failed to assess any additional safety measures. Needless to say, the business experienced several serious issues due to its negligence.
Another deficiency was the absence of segregation of dangerous processes. "Governments also need to be aware of the requirement for segregation of hazardous operations from other industrial facilities and from adjacent populations" (Labib, 2014, p. 60). This means that any accidents that occur are in proximity to other facilities, posing a risk to more workers than would be the case if operations were located separately. Errors like these become extremely costly in the event of an accident.
A lack of training with respect to security managers also increases risk. "This also requires security managers to demonstrate generic business skills, engage in their lexicon and be able to exert influence on other members of management and the board. This also means that security specialists should be represented on the board and in some organizations..." (Button, 2008, p. 207). These risks, coupled with a low overall level of safety, mean danger not just for the business but also for its employees. Essentially, this India-based company failed to do anything to minimize risk. Instead, it increased risk in ways that could lead to major problems, including employee deaths and costly lawsuits.
In order to circumvent such dangers, a structured approach must be adopted — specifically, business continuity management (BCM). "Business continuity management (BCM) has emerged in many industries as a systematic process to counter the effects of crises and interruptions, although its potential to play a more strategic role is still largely under-explored" (Herbane, Elliott & Swartz, 2004, p. 435). BCM can play a significant role in gaining or preserving a competitive edge. Some of the essential components of BCM are operational continuity and value preservation, which are central to business strategy dynamics. As mentioned in the literature, BCM can serve as a means of implementing a mission-critical method, with a focus on delivering clear objectives and structure.
Although there is less research on BCM than on overall risk management, it remains an important method to consider because it delivers sound structure for a business. Furthermore, it is a means to lower risk and thereby improve safety in organizations. The need to decrease risk is paramount, and risk management can benefit greatly from the implementation of BCM.
Another article discusses risk management as an exercise in caution, describing it as "directing the company activities towards conservative activities and proposing procedures that can be viewed by some employees as highly inconvenient and unnecessary — they have done it in a particular way for years..." (Devargas, 1999, p. 35). The article also addresses responsibility and the tendency of people to deny accountability for a pre-existing management system. Everyone may want to create a business continuity plan, yet few actually take steps toward fulfilling that objective. There are, however, ways to persuade managers to perform tasks they would otherwise resist — for example, by highlighting that decreasing risks also lowers insurance premiums.
Sometimes one must persuade managers and employees to act and to act well. This can take place in the form of rewards such as bonuses or workplace recognition. Either way, it is important to get staff willing to work with and take responsibility as it relates to risk management. There must be accountability on the company's part as well as the employee's part to avoid costly pitfalls.
Further background information on BCM reveals additional noteworthy details. The evolution of BCM has been ongoing since the 1970s, primarily in response to operational and technical risks that could threaten an organization's recovery from interruptions and hazards. As Herbane suggests, events have a way of dictating risk management practice. "From the resulting historical review, three distinct phases of management practice and four phases in the development of drivers are identified, revealing the influence of events over governance, the internationalisation of influence, and organisational resilience as a meta-institution" (Herbane, 2010, p. 978). This makes sense, as organizations often only act when adverse events occur. Returning to the India-based company, they continued to neglect the safety of their employees; it would likely only be after a major accident that they would adopt measures to lower risk and improve safety.
History has proven time and again that companies fail to decrease risk or handle risk management properly until after a major disaster occurs. A prominent example is BP and the Deepwater Horizon oil spill, which affected thousands of wildlife species and hundreds of businesses along the coast. Only after that disaster struck did the company create better structures and assessments to avoid similar events. To prevent such disasters from occurring in the first place, there must be effective execution of business-related processes.
Labib, A. (2014). Learning from failures (1st ed.). Burlington: Elsevier Science.
Tammineedi, R. (2010). Business continuity management: A standards-based approach. Information Security Journal: A Global Perspective, 19(1), 36–50.
Tjoa, S., Jakoubi, S., Goluch, G., Kitzler, G., Goluch, S., & Quirchmayr, G. (2011). A formal approach enabling risk-aware business process modeling and simulation. IEEE Transactions on Services Computing, 4(2), 153–166.
You’re 56% through this paper. Sign up to read the remaining 3 sections.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.