Research Topic Introduction
Field of Inquiry
Risk is an inherent component of business activities as it underlies the decisions in such areas as production, marketing, finance, and accounting, among others (Lavastre, Gunasekaran & Spalanzani 2014). Since the recognition of its importance, the issue has been studied extensively and is currently readily recognized as an important aspect of strategic organizational management.
We will write a custom Report on Risk and Crisis Management and Business Continuity specifically for you
301 certified writers online
To respond to the threats, it poses to the stability and consistency of business operations, numerous strategies and techniques have been devised intended to minimize the adverse effects of risk on the business operations and, by extension, its profitability.
Currently, the said strategies are recognized as about two broad categories – prevention strategies aim at minimizing the chance of occurrence of a disruptive event whereas mitigation strategies are expected to decrease the impact after its emergence. Depending on the magnitude of the expected event and the amount and severity of the effects it produces, these strategies and methods are commonly characterized either as risk management or crisis management.
Recently, the concept of business continuity has gained significant traction in the academic literature (Sahebjamnia, Torabi & Mansouri 2015). On the surface, it demonstrates characteristics similar to those of risk management as it is usually brought up in the context of resistance of the business to disruptive influences, the ability to retain operational capacity in challenging situations, and the ability to restore critical organizational functions in the shortest time with the involvement of minimal resources.
However, despite the evident similarity between the two areas, their goals and tasks are different enough to view them as related but distinct fields. Despite the existing differences, the terms are commonly used in conjunction or synonymously.
While attempts exist to classify them as separate concepts, there is no agreement on how the issue can be approached. The most common views are those where the two fields are perceived as related and relatively equal in taxonomic terms, those where one is considered a subset of the other, and those where their relationship is recognized but their hierarchical order is unspecified. The following project aims at establishing the areas of interconnection between risk management, crisis management, and business continuity and clarifying their relative hierarchical placement.
Research Project Significance
The lack of clarity in the definitions of the identified concepts and the vagueness of the relationships between them undermine the field of risk management in several areas. First, all of the identified concepts are actively used by the managers across the business domain. For instance, business continuity planning has become a common part of the organizations’ strategic development.
However, to determine the viability of each specific approach, it is usually necessary to conduct an evaluation that would provide a comprehensive picture of enterprise risk management success. This step depends on a thorough understanding of the issue at hand and the ability to narrow down the inquiry to increase the precision of the measurement. Besides, understanding the interconnection between the identified concepts can aid in the process of assigning weight to each element of the assessment process, thus improving the relevance of the results and providing the opportunity for applying the findings in a similar setting.
From a broader perspective, the knowledge obtained in the course of the project may add to the theoretical basis pertinent to the field of strategic management. The most feasible area of improvement of the theoretical framework lies in the need for assessment of the need for the introduction of risk management strategies and tactics, their monitoring, and adjustment. By now, multiple frameworks have been proposed, some of which are based on more traditional elements while others exhibit relatively novel approaches (van der Vegt et al. 2015).
Nearly all of them utilize the notions of business contingency, risk management, and crisis management to some degree, and, in some cases, include business contingency plans as determinants of the evaluation process. Nevertheless, the majority of the sources use the terms in a self-explanatory manner without specifying the operational definitions. Also, in at least some instances, the proposed frameworks featured incompatible hierarchical structures.
Naturally, the frameworks developed in such a manner would be severely limited in cross-compatibility and would not produce consistent results. Consequently, the clarification of the identified gaps in knowledge can eliminate the identified uncertainty and provide a more reliable approach to both the development of new and measurement of existing frameworks for strategic planning.
The project is intended to decrease ambiguity in the field of risk management by specifying the interconnections between risk management, crisis management/preparedness, and business continuity. Therefore, the specific targets of the project are as follows:
- Determine the existence of a relationship between the concepts;
- Establish the hierarchical order within the relations;
- Identify the goals and tasks common for the concepts;
- Identify the important differences and incompatibilities;
- Outline the relative weight of each concept for the strategic management process.
Once these targets are reached, the project is expected to provide a solid ground for the framework development and, possibly, improve the process of evaluation of the outcomes of the specific risk management techniques and tactics. Alternatively, the finding may point to promising directions for further research in the field.
Considering the lack of unified definitions for each of the identified concepts as well as a relatively lax approach used by the scholars dealing with them in their studies, it would be appropriate to use the descriptive research design for the project. First, it is consistent with the coverage of the issue in contemporary academic literature since it is commonly referred to throughout the field but lacks the depth necessary for an unambiguous and quantifiable application.
Get your first paper with 15% OFF
Second, despite the lack of a robust theoretical basis, the concepts are routinely utilized throughout the managerial field and are expected to be familiar to the managers across organizations. Therefore, it would be reasonable to use a survey with open-ended and close-ended questions as a data collection tool. Such a method will allow for a relatively seamless and time-saving process while at the same time allow for additional insights
In-Depth Literature Review
To identify the gap in current knowledge on the topic, it is first necessary to explore the existing literature related to the matter, determine the commonly used definitions, identify the boundaries of the concepts, and, if possible, outline the current consensus about the interconnection between the concepts in question. The following section contains an extensive literature review of the areas of risk management, crisis management, and business continuity as presented in the current academic studies.
A descriptive study by van der Vegt et al. (2015) provides an overview of the development of risk management practices in the late twentieth and early twenty-first centuries. The authors argue that the shift towards modern business practices eventually rendered the efficiency of traditional risk management practices obsolete, which prompted the introduction of several novel approaches, including the contingency theory (van der Vegt et al. 2015).
The data for the study was gathered from the available literature and summarised. The findings suggest that risk management practices have a feasible effect on business continuity (van der Vegt et al. 2015). However, the mechanism behind the alleged influence is neither specified nor tested.
A study by Torabi, Soufi, and Sahebjamnia (2014) proposes a new framework for business continuity management systems (BCMS). According to the authors, their novel framework is expected to enhance the business impact analysis and, by extension, improve the overall reliability and applicability of the BCMS. Torabi, Soufi, and Sahebjamnia (2014) employ a range of multi-attribute decision-making techniques for their framework whose effectiveness is apparent from the reported use cases. The relevance of the newly proposed framework is confirmed by a case study. While the researchers point to the risks inherent to business practices, no connection is established between business continuity and risk management practices.
An article by Lavastre, Gunasekaran, and Spalanzani (2014) proposes a framework for supply chain risk management that is expected to decrease the uncertainty, increase predictability, and thus improve organizational performance. The theoretical framework in question includes several key elements such as characteristics of the participants, their relationships with industrial partners, perception of risk, and risk mitigation methods involved.
The relevance of the framework is tested by applying it to the data obtained from 164 companies in the industrial sector (Lavastre, Gunasekaran & Spalanzani 2014). One area of application of the proposed framework is a business continuity plan. However, no rationale for such an application is provided in the study.
The study by Järveläinen (2013) explores a specific subset of risk management practices – the issue of data safety and accessibility. According to the author, the literature on risk management and business continuity agrees on the importance of the issue but fails to provide a coherent framework for its implementation (Järveläinen 2013). Thus, a framework is proposed that is expected to enhance operability and applicability of continuity management and tested using a survey administered to IT managers. While the author perceives business continuity and risk management as interlinked concepts, no details are given in support of this assertion.
A study by Qiang et al. (2014) provides an overview of supply chain risk management and identifies several issues in the Chinese closed-loop supply chain. The data is gathered from the academic literature and organized in the form of a systematic review. The authors argue that the current methods of risk management are insufficient for effective risk measurement and mitigation and draw evidence from the case of food industry shortcomings in China (Qiang et al. 2014). The article prominently employs the concepts of business continuity and risk management but does not contain a theoretical basis for such an alleged connection.
A review by Simchi-Levi, Schmidt, and Wei (2014) identifies approaches to the mitigation of unpredictable supply chain disruptions. The article focuses on low-probability events that cause major impacts, such as massive epidemics and natural disasters. The authors suggest that such events render the traditional risk management techniques ineffective and support their assertions with the evidence from the existing literature (Simchi-Levi, Schmidt & Wei 2014). The article mentions business continuity plans as one possible area of application of the proposed framework but contains no rationale for such an application.
A study by Brender and Markov (2013) explores the perception of the potential of cloud computing for risk management associated with data security. The authors point to the fact that despite its evident positive impact, cloud computing poses a range of new risks in the areas of data security, compliance with regulations, and disaster recovery (Brender & Markov 2013). The researchers use several case studies of Swiss companies to support their suggestions. The article mentions both business continuity and risk management as viable areas of cloud computing utilization. However, no connection is established between the two.
A study by Sahebjamnia, Torabi, and Mansouri (2015) identifies the gaps in the current decision-making process related to risk management of businesses. According to the authors, the lack of unity at the tactical and strategic levels leads to the disrupted efficiency of the disaster recovery plans. The novel framework proposed by the authors relies on the minimization of recovery time objectives and testing for applicability at an operational level (Sahebjamnia, Torabi & Mansouri 2015). Notably, the authors use the concepts of business continuity and crisis management throughout the paper without specifying the nature of their relationship or the involved hierarchical connections.
An article by Ho et al. (2015) provides a comprehensive review of the literature on the topic of supply chain risk management. The data for the study is gathered from the relevant academic sources and systematized according to the identified categories of risk factors and common strategies. Importantly the study cites several sources that categorize business continuity planning as an intrinsic component of the risk management process. However, no details are given on the proposed hierarchy as it is supposedly outside the scope of the inquiry.
A study by Epstein and Khan (2014) explores the potential benefits of using Application Impact Analysis (AIA) for improving the viability of business continuity planning. To substantiate their assertions, the researchers draw evidence from the theoretical academic literature. The authors view business continuity as one of the approaches to risk management practices. However, the connection is neither specified nor substantiated throughout the paper.
An article by Hohenstein et al. (2015) contains a literature review about the concept of supply chain resilience (SCRES). The data is gathered from the available literature using a set of well-defined criteria. The research is aimed primarily at the phenomenological aspect of the issue, stressing the need for the formulation of a definition of SCRES and the identification of its components. The study employs the notions of crisis management and business continuity as components of risk resilience interchangeably.
Research by Farrell and Gallagher (2015) studies the implications of enterprise risk management (ERM) maturity valuation. The data is derived from the results of the application of the Risk Insurance Model to several firms in the five years (Farrell & Gallagher 2015). The study focuses on risk management approaches and uses business continuity as one of the criteria for measurement of the maturity of ERM. However, continuity is used in a self-explanatory manner and is not specified as an operational definition.
A study by Gatzert and Martin (2015) aims at determining the core components responsible for the successful initiation of enterprise risk management and identifying the value its implementation creates in the organizations. The data is gathered using a literature study with a robust set of criteria. The findings of the researchers suggest a positive relationship between certain characteristics of the organizations and the ERM implementation and result in corporate value improvement. However, despite the involvement of business continuity factors, the authors do not include it in the list of ERM-associated values.
Research by Grötsch, Blome, and Schleper (2013) attempts to determine the causes behind the inability of businesses to mitigate the adverse effects of supplier insolvencies on supply chain functionality. The researchers use the available data on past occurrences of such insolvencies that are verified via interviews with representatives of the industry. The study utilizes business continuity plans as one of the measures of organizational proactiveness in risk management but presents no rationale behind such an approach.
Baskerville, Spagnoletti, and Kim (2014) study the effects of response and prevention paradigms, determine their relative efficiency, and identify the need for the optimal balance between them via a security framework. The authors use the comparative case study method in support of the proposed framework (Baskerville, Spagnoletti & Kim 2014). The article lists business continuity planning is an important element of response models but does not identify its interconnection with crisis management.
Interlink of Risk Management, Crisis Management/Preparedness, and Business Continuity
Business continuity is an important characteristic of the modern organization, determining the uninterrupted nature of business operations and, by extension, contributing to the sustainability of revenues.
Currently, the concept is strongly associated with risk management and crisis preparedness. However, such a relationship is usually established based mostly on the evident similarities of goals and tasks pertinent to the said concepts and is rarely backed by the evidence from the research. The current project is intended to confirm the interconnection between risk management, crisis management, and business continuity, identify the existence of hierarchical order, and outline their relative impact on organizational performance. The project utilizes a qualitative research design. The data is gathered using an online survey.
Introduction and Significance of the Study
Risk is an essential component of the business. The increasing complexity in the fields of production, finance accounting, and marketing make it virtually impossible to account for all possible deviations from the scheduled procedures. It is also worth mentioning that businesses are becoming increasingly vulnerable to various sporadic threats, such as natural disasters. In response to the apparent threats, a significant bulk of research has been done in the field currently collectively addressed as risk management.
Based on these studies, the current consensus in both the academic and the managerial fields now recognizes the importance of risk management as a subset of strategic organizational management. To respond to the issue, numerous strategies and tactics have been introduced that were expected to minimize the impact of the possible negative occurrences on business sustainability and profitability. These strategies and tactics are commonly grouped into two broad categories.
The first category includes prevention strategies that aim at either avoiding the events which have adverse effects on business practices or minimize the likelihood of their occurrence, thus eliminating the threat. The second category encompasses mitigation approaches that are meant to be introduced after the occurrence of a disruptive event and aim at the minimization of its negative effect on organizational performance and, by extension, the profitability of the business operations. As can be seen, both categories have the same ultimate goal but are implemented at different stages and require different approaches.
It is also worth mentioning that the scope and magnitude of certain events, such as natural disasters, was considered sufficient for the creation of a separate subcategory, known as crisis management. The unpredictability and massive scale of these disruptive events render the traditional mitigation strategies irrelevant and require the introduction of more effective approaches.
As was mentioned above, the risk management strategies have an overarching goal of achieving the uninterrupted, steady, and predictable performance of the business. This concept eventually crystallized into what is known as business continuity.
Recently the concept has garnered significant attention in both the theoretical domain and as a part of managerial practices (in the form of business continuity plans). On a superficial level, the concept can be readily associated with the concept of risk management as both are associated with the increased organizational resilience to disruptive factors, the capacity for rehabilitation after adverse events, and the ability to return to the normal functioning in the most time-saving and resource-efficient manner. However, the concepts also employ a range of techniques and objectives that are distinctive enough to differentiate between the two.
Nevertheless, there is still a notable lack of consistency in the use of the terms across the academic literature. The two concepts are routinely used in a manner suggesting their synonymous nature without a rationale for such association. Admittedly, attempts have been made to introduce clarity to the field. Currently, three dominant views can be observed in the academic domain: the approach that considers risk management and business continuity related concepts with that are relatively autonomous, the one where one is viewed as a subset of an intrinsic component of the other, and the one that recognizes the relation of the concept but does not provide a conclusive statement regarding their hierarchical order.
Naturally, such a situation is highly unfavorable for both the theorists and managers in the field. For the former, the vagueness and lack of consistency introduce an additional challenge to the process of developing the frameworks and strategic solutions for businesses. Also, it compromises the applicability and scalability of the findings of individual studies since the absence of common ground renders the obtained solutions incompatible with those implemented using a different framework.
For the latter, the lack of understanding of the relative significance of each term and their hierarchical interconnections undermines the assessment capacity of their actions. In simple terms, the managers are unable to conclusively measure the outcomes of their decisions using only vague definitions and intuitive views on the interlinked nature of the concepts in question. To sum up, the findings of the project are expected to improve and systematize the current understanding pertinent to the concepts of both risk management and business continuity, enhance the managerial practices, and, possibly, outline viable directions for further research.
Problem Statement & Purpose of the Study
Considering the information above, two problems can be identified in the field of organizational management. First, the terms “risk management,” “crisis management,” and “business continuity” appear to be used interchangeably despite several loosely compatible objectives throughout the academic literature. Also, many sources consider one of the concepts as an element of the other, apparently guided solely by the intuitive perception (since such an approach is rarely substantiated by the existing taxonomy).
Since both concepts are routinely used for the development of novel frameworks intended to improve the risk management processes in the organizations, some confusion can be expected. Another notable issue is the inability to consistently measure the outcomes achieved by the introduction of risk management practices. While it is certainly possible for managers to select one of the currently existing frameworks and conduct the assessment internally, the findings will be incompatible with those obtained using a methodology built upon a premise of different types of connection.
Finally, without the understanding of the nature of the interconnection between risk management, crisis management, and business continuity it would be impossible to estimate their relative significance in the process of strategic planning. Such a gap in knowledge would eventually result in ineffective resource allocation and, possibly, unforeseen setbacks in business operations. In conclusion, it is possible to formulate the following problem statement from the information above: The current literature does not contain a conclusive statement regarding the principles of interconnection or hierarchical order of risk management, crisis management, and business continuity, which compromises both the theoretical and practical utilization of each of the said concepts.
In response to the identified issues, the purpose of the current study is to identify the existence of interconnection between the concepts in question, determine whether a hierarchical order is involved in the relationship, identify the similarities and differences in goals and means pertinent to each concept, and outline their relative significance. The said findings are expected to introduce additional clarity both to the developers of the risk management frameworks and the managers dealing with strategic planning. Also, it would be reasonable to expect that the data obtained in the course of the project would highlight the viable directions for further research and possibly identify the overlooked shortcomings of the existing approaches to business continuity.
The primary research question of the study is as follows:
- What is the nature of the interconnection of risk management, crisis management, and business continuity and is there a hierarchical order pertinent to the interconnection?
However, several issues need to be addressed to formulate a conclusive answer. Specifically, it would be beneficial to identify the differences between the concepts in question to produce an accurate distinction between them. For the same purpose, it would be necessary to detect the similarities between risk management and business continuity. This knowledge would highlight the areas of intersection and, therefore, enhance the understanding of the relationship between the studied concepts and clarify the hierarchical order involved. Finally, the information on the relative weight of each component could be determined from the obtained data, which could improve the issue of ineffective resource allocation.
As was mentioned in the previous section, risk management, crisis management, and business continuity have been recognized as important areas of organizational development and have been extensively covered in the respective academic sources. However, their usage lacks consistency and is rarely backed by the formulated operational definitions. Thus, to better understand the setting of the proposed study, it is first necessary to review the relevant literature on the topic. The following literature review presents the most commonly used definitions and provides insights into the academic consensus regarding the interconnection of the concepts in question.
The trends in the development of the risk management practices identified in the descriptive study by van der Vegt et al. (2015) can be broadly described as the gradual shift from the traditional risk mitigation plans towards novel approaches in the late twentieth and early twenty-first centuries. The primary reason for this, according to the authors, is the ongoing transformation of the business practices that, in their current state, are incompatible with the traditional means of risk mitigation, and require the introduction of new theoretical frameworks based on the contingency theory (van der Vegt et al. 2015).
The authors assert that risk management practices have an observable effect on business continuity but provide no rationale for their conclusions. A similarly comprehensive overview of the field of supply chain risk management is provided in the article by Ho et al. (2015). The data for the review is obtained from the existing literature and systematized. Interestingly, the author cites several sources that characterize business continuity planning as one of the core components of the risk management practices (Ho et al. 2015).
This connection can be interpreted as an attempt to classify the former as a subset of the latter, thus highlighting a possible hierarchical order. A more in-depth inquiry into supply chain risk management is provided by Qiang et al. (2014). The research team argues that the traditional methods of risk management have only limited applicability in the modern organizational environment and exemplify their assertions by studying the case of failures in the Chinese food industry.
Both business continuity and risk management are used in support of the viewpoint. However, no attempt is made to establish a relationship between the two. Another aspect that is considered a major disruptive factor for traditional business practices is the occurrence of natural disasters. According to Simchi-Levi, Schmidt, and Wei (2014), they exhibit several distinctive characteristics (e.g. massive scale and low predictability) that make the said events resistant to traditional means of prevention and, to some degree, mitigation.
The authors list business continuity planning among the possible ways of risk management strategies, which implies that the former is considered a subset of the latter. The study does not contain the rationale for such a decision. Interestingly, business continuity is excluded from the list of relevant factors by some researchers. For example, a systematic review of the components responsible for the successful initiation of enterprise risk management by Gatzert and Martin (2015) provides a comprehensive list of factors responsible for the creation of value through ERM. Despite the inclusion of features of business continuity (e.g. revenue consistency), it is not included in the list of components.
The studies of specific tools of risk mitigation also employ business continuity. For instance, Brender and Markov (2013) explore the implications of cloud-based solutions for business safety and security. According to the authors, the multitude of risks associated with the practice in the areas of data security, regulation compliance, and disaster recovery nullify the expected positive impact of the technology (Brender & Markov 2013).
The researchers state that cloud computing can be utilized in the fields of risk management as well as business continuity planning but establish no connections between the two. Epstein and Khan (2014) explore the benefits of Application Impact Analysis for business continuity planning. The authors utilize the term “business continuity” throughout the paper in a self-explanatory manner. Most likely, it is considered an approach to risk management (implying both connection and hierarchical order) but not substantiated with evidence. Hohenstein et al. (2015) discuss the viability of the concept of supply chain resilience (SCRES) and point to the lack of both the definition and the identification of its components (Hohenstein et al. 2015).
The authors assert that both risk management and business continuity planning are viable ways of business resilience improvement. However, the terms are used interchangeably without clarification. The same approach is exhibited by Farrell and Gallagher (2015) in a study of enterprise risk management maturity valuation. The authors apply the Risk Insurance Model to determine the level of maturity of individual firms and use business continuity as one of the metrics. Nevertheless, the concept is not defined as an operational definition, and the connection between it and business management is not explained.
In the same manner, Grötsch, Blome, and Schleper (2013) consider business continuity planning as one of the determinants of organizational proactiveness in a specific field of supply chain risk management responsible for the mitigation of adverse effects of supplier insolvencies. However, neither the connection nor the implied hierarchical order is substantiated.
Some authors build upon the apparent similarity of the concepts mentioned in the previous section in an attempt to devise new frameworks. Torabi, Soufi, and Sahebjamnia (2014) suggest one such framework for business continuity management services (BCMS). The key point of the proposed framework is the business impact analysis component that is expected to improve the applicability of BCMS.
The research team tests the viability of their framework by examining its use cases in existing organizations (Torabi, Soufi & Sahebjamnia 2014). Both business continuity and risk management are incorporated as framework elements with no connection established by the authors. A similar approach is taken by Lavastre, Gunasekaran, and Spalanzani (2014), who suggest a framework expected to increase the reliability of the evaluation process and improve organizational performance.
The framework involves the characteristics of the participants, perception of risk by stakeholders, the relationships with partners in the field, and risk mitigation methods as core elements (Lavastre, Gunasekaran & Spalanzani 2014). The authors mention business continuity planning as one of the areas of application of their framework, but the suggestion is neither detailed nor backed with evidence.
Sahebjamnia, Torabi, and Mansouri (2015) argue that the current risk management practices used by the businesses overlook several critical points. To address the identified shortcomings, the researchers suggest a novel framework that relies on recovery time objectives and testing for applicability at the operational level (Sahebjamnia, Torabi & Mansouri 2015). Both concepts are used throughout the article, but neither is suggested as an element of the framework or tied to the other in any way.
A study on data safety and accessibility by Järveläinen (2013) provides a framework intended to improve operability and accessibility of business continuity planning. Even though business continuity is interlinked with risk management throughout the paper, the nature of the relationship is not specified.
Baskerville, Spagnoletti, and Kim (2014) propose a security framework intended for balancing the prevention and response paradigms in risk management practices. The authors classify business continuity planning as one of the elements of the response models, which implies both an interconnection and a well-defined hierarchical placement. However, no evidence is presented by the authors in support of the conclusion.
As can be seen, three common approaches are prevalent in the literature available on the topic. The first group includes scholars who tend to view risk management, crisis management, and business continuity as interlinked concepts and use them interchangeably and in a self-explanatory manner based on their similarity. The second group introduces certain details regarding the interconnection but provides no rationale for such a decision and does not substantiate it with evidence.
Finally, the third group specifies the nature of the interconnection by classifying one of the concepts as a subset of the other, thus introducing the hierarchical order to the taxonomy. However, in all cases, the connection is based on the apparent similarities in goals rather than the analysis of the data. Such an approach results in the emergence of frameworks that employ the concepts differently and, by extension, generate incompatible data during the assessment process.
Research Methodology and Framework
The study will be conducted in the form of descriptive research. Such design choice is justified by the relatively broad scope of the inquiry as well as by the relative scarcity of information available in the academic literature. Also, it should be noted that while business continuity is extensively used throughout the literature, it is rarely defined with a precise and agreed-upon definition, which also necessitates a descriptive inquiry to be addressed.
Another important reason is the apparent lack of an in-depth understanding of the interconnection between risk management, crisis preparedness, and business continuity. While the majority of the theoretical perspectives imply such a relationship, it is evident that their conclusions are not backed by the evidence but are instead based on the existence of similarities of tasks and goals in the respective fields.
While such an approach does not necessarily lead to a faulty conclusion, it is still desirable to clarify the matters, which can be performed effectively using the descriptive approach. Finally, it is worth pointing out that the scope of the study combined with the diversity of approaches characteristic for the field of business continuity and crisis preparedness suggests the existence of valuable insights on the impact of risk management strategies and techniques that are downplayed in both the theoretical and practical fields. In this case, the qualitative nature of the chosen research design offers the possibility of identifying the overlooked areas and thus highlighting the viable directions for further studies.
Considering the specificities described above, it would be reasonable to suggest the constructivist perspective as a basis of the project’s framework. As such, the study will focus on the perceived relationship between the concepts as well as their relative significance in the ERM practices. As was explained above, the business continuity plans that are currently being used by the majority of organizations are relatively diversified both in structure and the set of measures and techniques. Therefore, the quantitative assessment may provide distorted or incomplete data unless the data collection is organized with the acknowledgment of the majority of practices. However, such a tool needs to be constructed by the facts that are currently unavailable and can be gathered from the perceptions of the individuals.
The most suitable data collection method for the study in question is a survey consisting of both open-ended and close-ended questions. Such a method is suitable for the project for several reasons. First, it allows for a relatively small sample size, which is beneficial considering the resource limitations and time constraints of the study. Second, it provides the possibility to adjust the amount of the information obtained from the participants by including both open-ended and close-ended questions.
The former can streamline the process of data collection, are highly accessible, and can be easily processed using the readily available functions of the data collection tool. The latter requires more time to process and analyze but hold greater potential for the in-depth insights regarding the impact of risk management on business continuity. Also, it is possible to expect that some of the responses will point to the viable areas that were either overlooked during the stage of survey design or not identified by the previous researchers.
Plan for Sampling & Data Collection
The sample for the survey will consist of managers working in the field of risk management. The suitability of the sample will be ensured by the introduction of a set of inclusion criteria. First, the participants would be expected to have at least four years of experience in the managerial position. Since one of the concepts, business continuity, is based on the premise of uninterrupted functioning for a certain amount of time, the said criterion would increase the likelihood of participants’ familiarity with the issue in question. Second, the participants are expected to be involved with both strategic and tactical data of their organizations’ performance.
In this way, they will be able to observe the outcomes of the risk management and crisis management techniques on organizational performance and, as a result, link their observations to characteristics of business continuity. Third, the organizations where the sampling will take place will be expected to engage in business continuity planning as a part of their risk management effort. This factor will ensure the relevance of the participants’ experience to the topic of the study. The estimated number of participants that is considered sufficient for the success of the project is twenty individuals.
The sampling process will be initiated by contacting the administration of the selected companies and outlining the goals of the project as well as the criteria of the sample. Once the approval of the administration is obtained, it would be possible to get the list of suitable employees. These individuals will be contacted via email, briefed on the details of the project, and invited for participation. Simultaneously, they will be provided with the sampling criteria and asked to provide personal referrals to include the suitable individuals overlooked by the administration. The candidates who will agree to participate will then be contacted over the phone and provided with a detailed account of the possible security and privacy issues about the study, after which their formal consent will be obtained.
Once the final list of the participants is formed, it will be possible to proceed with the data collection. The data for the study will be collected using an online survey tool. The participants will receive a link to the questions via e-mail or other messaging means. Ten days will be allocated for the participants to provide their responses, after which the submissions will be locked to ensure the integrity of the data.
The respondents will be notified of the duration of the data collection stage during a telephone conversation, and a reminder will be attached to the link. Once the survey is locked, the number of responses will be matched with the initial list of participants, providing insight on the response rate. Due to the inclusion of both close-ended and open-ended questions, two approaches to data analysis will be necessary. The responses to the former will be processed using the capabilities of the data gathering tool. The latter will be handled separately by identifying common themes, coding the responses accordingly, organizing them in respective categories, and calculating the percentages of occurrence of each theme.
The obtained data will undergo a deidentification process upon collection to retain the privacy of the participants. The demographic data will be included in the survey to determine whether the sample is representative of the population in question. It should also be noted that the project is voluntary and provides no incentives to the sample. This condition will be specified during a telephone conversation as a part of formal consent retrieval.
The privacy of the participants will be ensured primarily via the capabilities of an online tool. Specifically, the resource will collect the IP addresses of the respondents to ensure the integrity of the data. However, this information is not disclosed to either the researchers or a third party and thus poses no threat to the participants. All information gathered by the tool is transferred in the encrypted form to minimize the possibility of disclosure of sensitive information.
All information will be stored on an account created for the project and will be deleted after its termination. The account will be protected by a strong password to minimize the possibility of the loss of data. The responses to the open-ended questions will be encrypted for storage and transportation using open-source software to increase data security. The participants will be briefed on the protective measures as well as the possible risks pertinent to the data collection process.
Baskerville, R, Spagnoletti, P & Kim, J 2014, ‘Incident-centered information security: managing a strategic balance between prevention and response’, Information & Management, vol. 51, no. 1, pp. 138-151.
Brender, N & Markov, I 2013, ‘Risk perception and risk management in cloud computing: results from a case study of Swiss companies’, International Journal of Information Management, vol. 33, no. 5, pp. 726-733.
Epstein, B & Khan, DC 2014, ‘Application impact analysis: a risk-based approach to business continuity and disaster recovery’, Journal of Business Continuity & Emergency Planning, vol. 7, no. 3, pp. 230-237.
Farrell, M & Gallagher, R 2015, ‘The valuation implications of enterprise risk management maturity’, Journal of Risk and Insurance, vol. 82, no. 3, pp. 625-657.
Gatzert, N & Martin, M 2015, ‘Determinants and value of enterprise risk management: empirical evidence from the literature’, Risk Management and Insurance Review, vol. 18, no. 1, pp. 29-53.
Grötsch, VM, Blome, C & Schleper, MC 2013, ‘Antecedents of proactive supply chain risk management–a contingency theory perspective’, International Journal of Production Research, vol. 51, no. 10, pp. 2842-2867.
Ho, W, Zheng, T, Yildiz, H & Talluri, S 2015, ‘Supply chain risk management: a literature review’, International Journal of Production Research, vol. 53, no. 16, pp. 5031-5069.
Hohenstein, NO, Feisel, E, Hartmann, E & Giunipero, L 2015, ‘Research on the phenomenon of supply chain resilience: a systematic review and paths for further investigation’, International Journal of Physical Distribution & Logistics Management, vol. 45, no. 1-2, pp. 90-117.
Järveläinen, J 2013, ‘IT incidents and business impacts: validating a framework for continuity management in information systems’, International Journal of Information Management, vol. 33, no. 3, pp. 583-590.
Lavastre, O, Gunasekaran, A & Spalanzani, 2014, ‘Effect of firm characteristics, supplier relationships and techniques used on supply chain risk management (SCRM): an empirical investigation on French industrial firms’, International Journal of Production Research, vol. 52, no. 11, pp. 3381-3403.
Qiang, Q, Huang, Z, Ke, K & Yang, YX 2014, ‘Overview of supply chain risk management and the current issues of closed-loop supply chain in China’, International Journal of Business Continuity and Risk Management, vol. 5, no. 3, pp. 236-243.
Sahebjamnia, N, Torabi, SA & Mansouri, SA 2015, ‘Integrated business continuity and disaster recovery planning: towards organizational resilience’, European Journal of Operational Research, vol. 242, no. 1, pp. 261-273.
Simchi-Levi, D, Schmidt, W & Wei, Y 2014, ‘From superstorms to factory fires: managing unpredictable supply chain disruptions’, Harvard Business Review, vol. 92, no. 1-2, pp. 96-101.
Torabi, SA, Soufi, HR & Sahebjamnia, N 2014, ‘A new framework for business impact analysis in business continuity management (with a case study)’, Safety Science, vol. 68, pp. 309-323.
van der Vegt, GS, Essens, P, Wahlström, M & George, G 2015, ‘Managing risk and resilience’, Academy of Management Journal, vol. 58, no. 4, pp. 971-980.