University of Portsmouth

M32008: Crisis Management and Governance

Assignment 2

Word count: 3,236

 Student ID: UP2051794

The topics of crisis management (CM), business continuity management (BCM) and risk
management (RM) have often been studied and treated as separate, competing, and unrelated
disciplines. However, academic research has found that utilizing these functions in integration is
coherent and productive. Whereas they require different approaches and have different
objectives, there is growing advocacy for organizations to break out of operational silos and
develop a holistic framework for preparedness and readiness at all layers for events that threaten
achievement of goals and objectives (Borodzicz, 2005; Engemann & Henderson, 2014; Smith,
2012). Research has also provided evidence that crisis management, business continuity and risk
management are essential building blocks for organizational resilience and corporate governance
(Smith, 2012; KPMG, 2020; United States Securities and Exchange Commission; 2006;
Herbane, Elliott and Swartz, 2004; Institute of Directors in Southern Africa, 2009; Jaques, 2018;
Shaw, 2004).

This paper will examine the existential relationships and key aspects between crisis management,
business continuity and risk management with support from academic literature, publications and
studies. It will then provide an analysis of how they support organizational governance and
resilience. The paper will draw reference to relevant theoretical models and frameworks in
exploring these relationships.

RM is defined by ISO31000:2018 (International Standards Organization, 2018) as “coordinated

activities to direct and control an organization with regard to risk” where risk is defined as “the
effect of uncertainty on objectives”. The emphasis of this definition which is plain and simple as
compared to other definitions is on the set of activities that manage risk to create and preserve
value.

The Institute of Risk Management (IRM, 2002, p.2) underscored the role of value creation by
defining RM as “the process whereby organizations methodically address the risks attaching to
their activities with the goal of achieving sustained benefit within each activity and across the
portfolio of all activities” where risk is defined as “the combination of the probability of an event
and its consequences.” This definition is more comprehensive because it considers corporate
activities to be the drivers of risk. The commonality in these definitions is a focus on activities
meant to steer the organization towards a more favorable position in terms of uncertainties that
affect its achievement of objectives. The definitions also suggest that risk management is

2
 Student ID: UP2051794

forward looking in that it can address events that may happen in the future that will affect the
organization’s achievement of objectives.

Kovoor-Misra (2019) defined crises as situations that can threaten the survival and goals of an
organization. Pearson and Clair (1998, p. 60) defined crisis as “a low probability, high impact
event that threatens the viability of the organization and is characterized by ambiguity of cause,
effect and means of resolution, as well as by a belief that decisions may be made swiftly.” More
recently, Williams, et al (2017, p.735) defined crisis as “a process of weakening or degeneration
that can culminate in a disruption event to the actor’s normal functioning. BS 11200:2014 (BSI,
2014, p. 2) defined crisis as “abnormal and unstable situation that threatens the organization’s
strategic objectives, reputation or viability.” Relatedly, CM has been defined by BS 11200:2014
(BSI, 2014, p.2) as “development and application of the organizational capability to deal with
crises.” Coombs and Laufer (2018, p.1) defined it as “a set of factors designed to combat crises
and to lessen the actual damage inflicted by a crisis.” Bundy et al (2016) defined CM as actions
and communication by organizational leaders that attempt to reduce the likelihood of a crisis, to
minimize harm from a crisis and to re-establish order following a crisis. From these definitions
of the word crisis and crisis management, it can be observed that crisis management are efforts
by the organization to deal with situations that affect the organization’s achievement of
objectives. Crisis management involves prevention, preparedness, restoration and transition.

ISO 22313:2020 (ISO, 2020) defined BCM as “the capability of the organization to continue
delivery of products or services at acceptable predefined levels following a disruptive incident.”
More broadly, ISO 22301:2019 (ISO, 2019) defined business continuity management as “a
holistic management process that identifies potential threats to an organization and the impacts to
business operations that those threats, if realized, might cause, and which provides a framework
for building organizational resilience with the capability for an effective (business continuity)
response that safeguards the interests of its key stakeholders, reputation, brand and value creating
activities.” This definition is also adopted by BS 11200:2014(BSI ,2014). The definition
describes it as a restorative process for the benefit of maintaining the interests of the business and
its stakeholders following disruption.

PAS 56:2003 (BSI, 2003) defined corporate governance as “system by which the directors and
officers of an organization are required to carry out their accountabilities and responsibilities for

3
 Student ID: UP2051794

ensuring that effective management systems, including financial monitoring and control systems,
have been put in place to protect assets, earning capacity and the reputation of the organization.”
Mokline and Abdallah (2021, p.2) defined resilience as “the property of a “system” (material,
individual, organization, society, environment ...) to withstand severe shock and then to rebound
to develop again.” Kendra and Wachtendorf (2003, p. 42) define it as “the ability to respond to
singular or unique events and to bounce back to a state of normalcy.’

The study of CM, BCM and RM as related components has been a subject of debate within
academic research. Willmer (2016) highlighted that the difference between RM and CM is that
CM is concerned with responding to, managing and recovering from an unforeseen event while
RM is concerned with identifying, assessing and mitigating events that could cause harm to the
business. CM is considered reactive whereas RM is considered proactive (Marchesani, 2020).
CM is responsive while RM is strategic. The purpose of CM is to alleviate tensions, the goal of
RM is to identify, understand and plan for dealing with risks (Borodzicz, 2005). Krell (2006)
delineated the boundary between RM and CM using an output approach where the results of CM
include risk avoidance, risk acceptance, risk transfer and risk sharing. The output of a CM
process is to restore the business to normal operations as efficiently and effectively as possible
after a crisis has occurred.

Cha et al (2008) drew the boundary between RM and BCM by examining their areas of focus
when there are threats to an organization. The paper articulated that RM is focused on
developing measures to mitigate losses and deviations from achievement of objectives whereas
BCM is focused on managing interruptions to critical organizational processes. RM and BCM
serve different purposes, have different tolerances for threats and hazards to the organization and
are triggered at different magnitudes of loss. The downside with this illustration is that is
assumes that the threats or hazards grow in predictable and measured progression whereas they
can be spontaneous and predictable. Such is the nature of crises as described by BS 11200:2014
(BSI, 2014), Khaled and Gorpe (2018) and Veil (2011). From the foregoing definitions, there are
varied terminological differences that are observed based on the functional context of application
that have been formed by multitude of academic and professional pronouncements. However, the
important questions are whether they are related, whether one is a subset of another or whether
they are independent functions.

4
 Student ID: UP2051794

The International Fire and Security Exhibition and Conference (IFSEC, 2020) described RM,
CM and BCM as complementary, synergistic and essential for organizational survival and
continued operations. In describing the three processes as components of a security management
plan, IFSEC (2020) pointed out that CM and BCM activities overlap with RM activities (which
is proactive) and are also sequential to RM. This description is important as it suggests that there
is a cyclical input-output relationship between the processes. CM begins with planning which
assesses the risk impact that is identified in RM. The focus of CM is to survive the crisis and
ease its impacts as much as possible including strategies such as evacuation and information
management. It concludes that CM deals with the consequences of risk impact. The aim of BCM
is to prevent service interruption following the crisis. Like RM, it starts with analysis to assess
impact and identifies critical and non-critical functions and allows for provision of critical
functions. IFSEC (2020) asserted that both CM and BCM must be linked with RM at the center.
RM influences the developments to CM and BCM plans.

The BCM process outlined by Ascent (2021) mirrors the position by IFSEC (2020). It avers that
RM includes risk assessment, business impact analysis, business continuity plan development,
strategy development, testing and maintenance. Under risk assessment, the organization analyzes
the probability and impact of risk. Ascent (2021) concludes that risk treatment reduces threat
intensity, and consequently reduces the consequences of crises on organizational operations (a
goal of BCM).

Jaques (2007) supports the relational construct between RM and CM by observing that early
warning and scanning phases of CM and the identification and prioritization phases of RM are
often overlapping. Stocker (1997) and Clarke and Varma (1999) had the same opinion. They
both concluded that RM and the scanning phase of CM are aimed at identifying problems early
and preventing them from turning into crises. These sentiments echoed the arguments of IFSEC
(2020) and Ascent (2021) which linked CM and RM.

CM on the other hand has been found to be linked to BCM. Based on the works of Fink (1986)
and Mitroff (2005), Shaw (2004) coined the term business crisis and continuity management
(BCCM). The paper attempts to demonstrate that RM and CM are supporting functions of BCM
and thus need to be integrated.

5
 Student ID: UP2051794

Paradoxically, Mitroff (2005) considered RM and BCM to be subsets of CM which is divided

into two types: proactive (for crisis prepared organizations) and reactive CM (for crisis prone
organizations). Proactive CM anticipates and prepares for crises by amplifying warning signals
whereas reactive CM uses the tools of RM to respond after crises occur. According to Mitroff
(2005) proactive CM is the ideal and effective type of CM as an integral part of corporate
governance. Mitroff (2005) highlighted that CM is all encompassing as it fulfills all the
characteristics required to deal with threats. According to Mitroff (2005, p.8), RM and BCM are
limited, sophisticated forms of denial because “they do not go far enough in anticipating and
planning for a broad array of crises. They give false security. They contribute to the illusion that
crises and their effects are limited.”

A section of research also considers BCM as a component of RM. BSI (2003) for example that
the objective of RM is to reduce risk to an acceptable level including through organizational
intervention such as BCM. Henderson (2017) argued that BCM is a specialized part of RM. In
BCM development, organizations need three analysis components- business impact analysis
(analyzing effects of disruption), risk assessment (identifying threats, likelihood and impacts)
and continuity strategies (strategies to reduce risk and improve resilience). Henderson (2017)
highlighted that this commonality is an important instance in the relation between BCM and RM
and that RM can be conducted concurrently with RM. A risk assessment is important in ensuring
that the likelihood of critical functions by threats is minimized. Executive commitment,
information collection and analysis, plan development and implementation testing and
maintaining and continuity strategies have been identified as organizational BCM capabilities in
literature (Estrada et al, 2021; Fischbacher-Smith, 2017; Maurer & Lechner, 2014; Pescaroli,
2020).

Hassel and Cedergren (2021) built a case on the relationship between BCM, CM and RM by
pointing out that effective CM activities should be founded on an in-depth knowledge on risks
and vulnerabilities which can be developed by performing risk and vulnerability assessments. In
their opinion, based on studies in Sweden, they state that more practitioners are adopting BCM
as a means of preventing preparing for hazards and business impact analysis is the preferred
means of gaining organizational understanding as opposed to traditional risk assessments.

6
 Student ID: UP2051794

However, they cautioned that both processes are valuable and that their synergies can be
exploited.

On the same note, Masar et al (2019), Klucka (2020) and Cha (2008) agree that BCM is a
compound phenomenon that encompasses several disciplines including RM to prevent the origin
of crises. The emphasis of BCM, CM and RM is on prevention first by quickly and flexibly
adapting to changes in the environment and creating a stable and resilient organization.
Buganova, Moskova and Simickova (2021) resonated by concluding that RM is a tool for the
prevention of the origin of crises which is important because, conducted effectively, it can lower
the costs of recovery after the crisis occurs.

Contrastingly, McCrackan (2005) disagrees with the idea that BCM is a subset of RM. The
article opined that there has been a misunderstanding as to what constitutes business continuity
and that it is an evolutionary result of RM, CM, disaster recovery and health and safety. The
paper argues that since the purpose of RM is to protect the continuity of business, then RM is a
function of BCM and not vice versa. In furthering this line of thought the paper pointed out that
there are two sides of risk RM: business processes which address the risk of conducting business
(such as foreign exchange hedging which has little to do with business continuity but is RM) and
processes which address risks to business continuing (such as risks to property or people which
the business relies on for operation). The paper considers the latter RM function to be
subordinate to business continuity function. It concluded that there is a RM function that is
placed within business continuity and there is a risk function that may be separate from business
continuity (at least not above it) that deals with risk to conducting business. In summary,
business continuity functions should operate side by side with risk management functions or
above risk management functions.

RM, CM and BCM have also been found to be important tools for corporate governance.
According to Rathod (2018) there is a correlation between excessive risk-taking and corporate
governance failures. It opines that the role of RM is placed with board of directors due to its
relevance in strategy setting and decision making. A publication of the Financial Reporting
Council (FRC, 2018)-the United Kingdom code of corporate governance-underscored the role of
Enterprise Risk Management (ERM) in corporate governance and value creation. ERM
accomplishes this by helping the board and management make better informed decisions that

7
 Student ID: UP2051794

enable them to effectively manage those risks that could impair their ability to achieve strategies
and business objectives. It can determine the basis of evaluating how strategy may affect the firm
with respect to achieving goals by first setting the risk appetites as a criterion for selecting
alternative strategies supporting organizational decisions (Moller et al, 2020). Anderson and
Frigo (2020, p.4) drew attention to the relationship between RM and governance by stating “the
governing body should appreciate that the organization’s core purpose, its risks and
opportunities, strategy, business model, performance, and sustainable development are all
inseparable elements of the value creation process.”

Discussions on the contribution of CM to corporate governance are congruent in the sense of

creating and preserving value. The main goal of managers and boards of directors is to contract
with stakeholders as agents on behalf of the firm to create shareholder value (Jones, 1995).
Management is therefore tasked with identifying stakeholder interests and concerns in a crisis
and involving stakeholders in preparation and response. Crises have the potential to erode
corporate value and thus the importance of CM in governance cannot be overstated. The United
Nations Committee on Trade and Development (UNCTAD, 2010) highlighted the importance of
CM from an organizational learning perspective on corporate governance. The paper argued that
following the global financial crisis, organizations and United Nations member states had
undertaken governance reforms especially in risk-taking and executive compensation. It gives
the example of Germany where managers and boards are now accountable to stakeholders rather
than shareholders and South Africa where ‘stakeholder relationship governance’ and
sustainability reporting are now responsibilities of the board of directors. Increased
accountability is important in enabling corporate stakeholders to make informed assessments of
the sustainability of firms (UNCTAD, 2010).

Henderson (2017) examined the role of RM in promoting organizational resilience and

championed risk controls as an important and necessary part of improving organizational
resilience by eliminating or reducing probability of occurrence of disruptive events. The
approach taken by Buganova, Moskova and Simickova (2021, p.3) cemented the important role
played by RM, CM and BCM in promoting organizational resilience by classifying RM and
BCM as effective preventive functions. It asserted that “appropriate preparation of the enterprise
through the procedures and methods of risk management and continuity management will build a

8
 Student ID: UP2051794

resilient enterprise, which is ready to deal with various situations has established preventive
measures, know to respond to various changes, is also able to continue operations in the case of
an interruption.”

In furthering the idea that BCM has a role in promoting organizational resilience, the United
Kingdom Business Continuity Institute (BCI, 2021) articulated BCM as being “about building
and improving resilience in your business.” ISO (2019) identified resilience as one of the
benefits of a BCM system. Randeree et al (2012) articulated that BCM is about managing risk to
resist loss, interruption and disruption. The contributions of CM, RM and BCM to organizational
resilience and performance has been discussed extensively by Fischbacher-Smith (2017). It
opined that whereas CM, RM and BCM are building blocks of organizational resilience, BCM is
more holistic as it deals with failure, disruption and disturbances across organizational functions
and disciplines that comprise management. RM and CM have a narrower scope since they are
limited in dealing with emergent forms of hazard whose probabilities and consequences are
indeterminate.

The positive relationship between good corporate governance and organizational resilience
capabilities has also been studied and established in academic research (Bedi et al, 2014; Lebel
et al, 2006; Wakeman, 2017; Linkov, 2019). Organizational resilience has been positively
correlated against several aspects of corporate governance including effective risk management,
director independence, flexible organizational structures, diversity of boards, shareholder rights,
auditor independence and transparency. The argument is that organizations that observe good
corporate governance principles are also found to prioritize organizational resilience and work
towards strengthening resilience capabilities (Schneider, 2008). Ungureanu (2018) coined the
term corporate durability to refer to the ability to withstand adversity. It opined that
organizations with good corporate governance have better durability characteristics including
long term sustainability, social responsibility and agility. Another argument is that good
corporate governance promote management’s independence from the influence of owners and
that this autonomy is important for resilience (Bhalla et al, 2014). In addition, organizations that
foster employee involvement in decision-making enjoy better resilience capabilities since they
experience ‘tighter coupling’ between operational feedback and strategy setting (Lampel, Bhalla
and Jha, 2014).

9
 Student ID: UP2051794

From the foregoing review of literature, there is evidence that RM, CM and BCM are
terminologies that describe different organizational activities. RM, CM and BCM have also been
found to be related, overlapping and intertwined. Based on contextual applications and
experiences sections of literature have identified some processes to be part of others. For
example, BC has been placed as a subset of RM, RM and BCM as a subset of CM and finally
RM has been placed as a subset of BCM. The paper has also examined the relationship between
RM, CM and BCM and organizational resilience and found that they play a role in promoting
organizational governance.

The paper recommends that organizations should harness synergy by utilizing these functions in
integration rather than in isolation. There is a strong case for breaking silos in order to reduce
redundancies and triangulate knowledge as a means of creating resilient organizations. Secondly,
the paper recommends that organizations should foster organizational structures that elevate RM,
CM and BCM functions to executive and top management levels. There is evidence that they are
important functions that should take priority in the day-to-day operations and management of
organizations for organizations to create and preserve value. Thirdly, the paper recommends that
organizations should adopt the principles of good corporate governance. Literature has shown
that organizational resilience thrives hand in hand with good corporate governance. Finally, it is
recommended that organizations should promote more accountability to stakeholders and
employee involvement which bridges the gap between operational and executive level
communication for more informed strategy setting and decision making.

10
 Student ID: UP2051794

References

Anderson, R. & Frigo, M. (2020). Creating and protecting value: understanding and
implementing enterprise risk management. Committee of Sponsoring Organizations
of the Treadway Commission.https://www.coso.org/Documents/COSO-ERM-
Creating-and-Protecting-Value.pdf

Ascent (2021). Relationship between Business Continuity and Risk Management. Retrieved
August 9, 2021 from https://www.ascentbusiness.com/relationship-between-
business-continuity-and-risk-management/

Bedi, N., Bishop, M., Hawkins, U., Miller, O. and Pedraza, R. (2014). Linking Resilience and
Good Governance: A Literature Review. Anthos (Vol 6). Retrieved July 24, 2021,
from https://core.ac.uk/download/pdf/37767962.pdf

Bhalla, A., Lampel, J. and Chordia M. (2014). Are employee-owned firms more resilient in the
long-term? Retrieved August 4, 2021 from
https://www.cass.city.ac.uk/__data/assets/pdf_file/0011/358193/employee-
ownership-report-2014.pdf

Borodzicz, E. (2005). Risk, crisis and Security Management. John Wiley and Sons. West Sussex,
England. Retrieved July 24, 2021, from
https://ereader.perlego.com/1/book/1684092/6

British Standards Institution (2003). PAS 56:2003 - Guide to business continuity management.
Retrieved August 9, 2021 from http://eds.b.ebscohost.com/eds/pdfviewer/pdfviewer?
vid=3&sid=bf3932ea-383e-4e3c-a278-d128ac403e01%40pdc-v-sessmgr03

British Standards Institution (2014). BS 11200:2014- Crisis management –Guidance and good
practice. BSI Standards Publication. Retrieved August 9, 2021 from
https://shop.bsigroup.com/ProductDetail?pid=000000000030274343

Buganova, K., Moskova, E. and Simickova, J. (2021). Increasing the Resilience of Transport
Enterprises through the Implementation of Risk Management and Continuity
Management. Retrieved August 17, 2021 from
https://reader.elsevier.com/reader/sd/pii/S2352146521005573?

11
 Student ID: UP2051794

token=F86DF9972864FD148C2579CE321EF06C3439A7ABA77186A0705EED74
82752261DED7DA0911A9D26100C5A8277A3CF233&originRegion=eu-west-
1&originCreation=20210817164938

Bundy, J., Pfarrer, M., Short, C. and Coombs, T. (2016). Crises and Crisis Management:
Integration, Interpretation, and Research Development. Journal of Management (Vol
43). Retrieved August 4, 2021 from
https://journals.sagepub.com/doi/pdf/10.1177/0149206316680030

Cha, S., Juo, P. Liu, L. and Chen, W. (2008). RiskPatrol: A Risk Management System
Considering the Integration Risk Management with Business Continuity Processes.

Clarke, C.J. and Varma, S. (1999). Strategic risk management: the new competitive edge. Long
Range Planning. (Vol 34). Retrieved August 4, 2021 from
https://www.sciencedirect.com/science/article/pii/S0024630199000527

Coombs, T. and Laufer, D. (2018). Global crisis Management-current research and future
directions. Journal of International Management (Vol 24). Retrieved August 9, 2021
from https://reader.elsevier.com/reader/sd/pii/S1075425317304763?
token=473951968B856D73D32EACF399B9574E835F86836C4501F2695892DDB4
FC1702268D14F8160E7885FE25D259B4F60CEB&originRegion=eu-west-
1&originCreation=20210714080256

Engemann, K. and Henderson, D. (2014). Business Continuity and Risk Management. 1st edn.
Rothstein Publishing. Retrieved August 4, 2021 from
https://www.perlego.com/book/565924/business-continuity-and-risk-management-
pdf

Estrada, A., Gomes-Santos, L., Bernal-Torres, C. and Rodriquez-Lopez, J. (2021). Sustainability

and Resilience Organizational Capabilities to Enhance Business
continuityManagement: A Literature Review. Sustainability (vol13). Retrieved
August 4, 2021 from https://doi.org/10.3390/su13158196

12
 Student ID: UP2051794

Financial Reporting Council (2018). The UK Corporate Governance Code. Retrieved August 16,
2021 from https://www.frc.org.uk/getattachment/88bd8c45-50ea-4841-95b0-
d2f4f48069a2/2018-UK-Corporate-Governance-Code-FINAL.PDF

Fink, S. (1986). Crisis Management: Planning for the Inevitable. Amacom. New York.

Fischbacher-Smith, D. (2017). When organizational effectiveness fails Business continuity

management and the paradox of performance. Journal of Organizational
Effectiveness: People and Performance (vol 4). Retrieved August 4, 2021 from
http://eprints.gla.ac.uk/135454/7/135454.pdf

Hassel, H Cedergren, A. (2021). Integrating risk assessment and business impact assessment in
the public crisis management sector. International Journal of Disaster Risk
Reduction. Retrieved August 9, 2021 from
https://www.preventionweb.net/publication/integrating-risk-assessment-and-
business-impact-assessment-public-crisis-management

Herbane, B., Elliott, D. and Swartz, E. (2004). Business Continuity Management: Time for a
Strategic Role? Long Range Planning journal (Vol 37). Retrieved August 4, 2021
from
https://www.researchgate.net/publication/240177042_Business_Continuity_Manage
ment_Time_for_a_Strategic_Role

Hernderson, D. (2017). The manager’s guide to risk assessment. Getting it right. Rothstein
Publishing. Retrieved August 4, 2021 from
https://ereader.perlego.com/1/book/565904/0

Institute of Directors Southern Africa (2009). King report on governance for South Africa 2009.
Retrieved August 6, 2021, from
https://cdn.ymaws.com/www.iodsa.co.za/resource/resmgr/king_iii/King_Report_on_
Governance_fo.pdf

Institute of Risk Management (2002). A Risk Management Standard. Retrieved August 5, 2021,
from https://www.theirm.org/media/4709/arms_2002_irm.pdf

13
 Student ID: UP2051794

International Fire and Security Exhibition and Conference (2020). Successful risk, crisis and
business continuity management. BCI crisis management report 2021. Retrieved
August 2, 2021 from https://www.ifsecglobal.com/uncategorized/successful-risk-
crisis-and-business-continuity-management/

International Standards Organization (2018). ISO 31000:2018(en) Risk management —

Guidelines. Retrieved August 9, 2021 from
https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en

International Standards Organization (2019). ISO 22301:2019 - Security and resilience —

Business continuity management systems . Retrieved August 9, 2021 from
https://www.iso.org/obp/ui#iso:std:iso:22301:ed-2:v1:en

International Standards Organization (2020). ISO 22313:2020- Business continuity management

systems. Retrieved August 9, 2021 from
https://www.iso.org/obp/ui/#iso:std:iso:22313:ed-2:v1:en

Jaques, T. (2007). Issue Management and crisis management. An Intergrated non-linear and
relational construct. Retrieved June 28, 2021 from https://www.sciencedirect.com

Jaques, T. (2018). Business continuity is not the same as crisis management. Mumbrella.
Retrieved August 2, 2021 from https://mumbrella.com.au/business-continuity-is-not-
the-same-as-crisis-management-552932#:~:text=No.,crisis%20after%20it%20has
%20happened.%E2%80%9D

Jones, T. (1995). Instrumental Stakeholder Theory: A Synthesis of Ethics and Economics,

Academy of Management Review (Vol 20). Retrieved August 17, 2021 from
https://repository.au.edu/handle/6623004553/14111

Kendra, J. and Wachtendorf, T. (2003). Elements of Resilience After the World Trade Center
Disaster: Reconstituting New York City’s Emergency Operations Centre. Disasters
(Vol 27). Retrieved August 5, 2021, from
https://citeseerx.ist.psu.edu/viewdoc/download?
doi=10.1.1.463.3925&rep=rep1&type=pdf

14
 Student ID: UP2051794

Khaled, Z. and Gorpe, T. (2018). Crisis Management: A Historical and Conceptual Approach for
a Better Understanding of Today’s Crises. Retrieved August 2, 2021 from
IntechOpen. http://dx.doi.org/10.5772/intechopen.76198

Klucka,J. (2020). Enterprise Risk Management – Approaches Determining Its Application and
Relation to Business Performance. Retrieved August 2, 2021 from https://qip-
journal.eu/index.php/QIP/article/view/1467

Kovoor-Misra, S. (2019). Crisis Management. SAGE Publications. Retrieved August 2, 2021

from https://ereader.perlego.com/1/book/2034392/10

KPMG (2020). Crisis Management & Business Continuity Guide. Retrieved August 5, 2021,
from https://assets.kpmg/content/dam/kpmg/ca/pdf/2020/03/cyber-resilience-crisis-
business-continuity-planning-en.pdf

Krell, E. (2006). Business Continuity. Management accounting guideline. The Society of

Management Accountants of Canada and The American Institute of Certified Public
Accountants. Retrieved August 5, 2021, from
https://www.cimaglobal.com/Documents/ImportedDocuments/Tech_mag_business_
continuity_sept06.pdf

Lampel, J., Bhalla, A. and Jha, P. (2014). Does governance confer organisational resilience?
Evidence from UK employee-owned businesses. Econpapers. Retrieved August 14 ,
2021, from
https://econpapers.repec.org/article/eeeeurman/v_3a32_3ay_3a2014_3ai_3a1_3ap_3
a66-72.htm

Lebel, L., Anderies, B., Campbell, C., Folke, S., Hatfield-Dodds, T., Hughes, P. and Wilson, J.
(2006). Governance and the Capacity to Manage Resilience in Regional Social-
Ecological Systems. Retrieved August 15, 2021, from
https://www.ecologyandsociety.org/vol11/iss1/art19/

Linkov, I. and trump, B. (2019). The Science and Practice of Resilience. Retrieved August 19,
2021, from

15
 Student ID: UP2051794

https://www.researchgate.net/publication/330500546_The_Science_and_Practice_of
_Resilience

Masar, M., Hudakova,M., Simak, L. and Brezina, D. (2019). The current state of project risk
management in the transport sector. Transportation Research Procedia (Vol 40).
Retrieved August 15, 2021, from
https://www.sciencedirect.com/science/article/pii/S2352146519303242

Maurer, F. and Lechner, U. (2014). From disaster response planning to e-resilience: A literature
review. In Proceedings of the 27th Bled eConference: eEcosystems; Bled
eCommerce Conference: Vorarlberg University of Applied Sciences, Bled, Slovenia,
1–5 June 2014. . Retrieved July 15, 2021 from
https://www.semanticscholar.org/paper/From-Disaster-Response-Planning-to-e-
Resilience%3A-A-Maurer-Lechner/fce7e8825cf410a630842dbb5db49df55e731aa1

Marchesani, V.J. (2020). The fundamentals of crisis management. PAGE publishing Inc. New
York, NY. Retrieved Retrieved July 15, 2021 from
https://ereader.perlego.com/1/book/2018906/1

Mccrackan, A. (2005). Is business continuity a subset of risk management? Continuity Central.

Portal Publishing. Retrieved July 15, 2021 from
https://www.continuitycentral.com/feature0178.htm

Mitroff, I. (2005). Why some companies emerge stronger and better from a crisis. 7 essential
lessons from surviving disaster. AMACOM. Broadway, NewYork. Retrieved
August 7, 2021, from https://ereader.perlego.com/1/book/727824/2

Moller, J., Utter, J., Walker, P., & Wasserman, J. (2020). Pivoting from ERM to SRM. Risk and
Insurance Management Society.
https://www.rims.org/about-us/newsroom/news/rims-report-pivoting-from-erm-to-
srm

Mokline, B. and Abdallah,M. (2021). Individual Resilience in the Organization in the Face of
Crisis: Study of the Concept in the Context of C OVID-19. Public Health Emergency

16
 Student ID: UP2051794

COVID-19 Initiative. Retrieved July 30, 2021, from

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8217778/

Pearson, C. and Clair, J. (1998). Reframing Crisis Management. The Academy of Management
Review (Vol 23). Retrieved July 30, 2021, from
https://www.jstor.org/stable/259099?seq=1#metadata_info_tab_contents

Pescaroli, G., Velazquez, O., Alcántara-Ayala, I., Galasso, C., Kostkova, P., Alexander, D. A.
(2020) . Likert Scale-Based Model for Benchmarking Operational Capacity,
Organizational Resilience, and Disaster Risk Reduction. Retrieved August 5, 2021
from https://www.researchgate.net/publication/341498586_A_Likert_Scale-
Based_Model_for_Benchmarking_Operational_Capacity_Organizational_Resilience
_and_Disaster_Risk_Reduction

Randeree, K., Mahal,A. and Narwani, A. (2012). A business continuity management maturity
model for the UAE banking sector. Emerald insight. Retrieved July 30, 2021, from
https://www.researchgate.net/publication/235285862_A_business_continuity_manag
ement_maturity_model_for_the_UAE_banking_sector/link/
568d112a08aec2fdf6f5e3f4/download

Rathod, L. (2018). How Does Risk Management Relate to Corporate Governance? Retrieved
August 5, 2021 from https://diligent.com/en-gb/blog/how-does-risk-management-
relate-to-corporate-governance-diligent/

Schneider, B. (2008), Economic liberalization and corporate governance: the resilience of

business groups in Latin America. Comparative politics (Vol 40). Retrieved July 29,
from https://www.jstor.org/stable/20434092

Sidorenko, A. (2019). Is IIA secretly trying to kill risk management? Sometimes I wonder. Risk
Academy. Retrieved August 5, 2021 from https://riskacademy.blog/is-iia-secretly-
trying-to-kill-risk-management-sometimes-i-wonder/

Shaw, G. (2004). Business Crisis and Continuity Management. Institute for crisis, disaster and
risk management. Retrieved August 3, 2021 from
https://training.fema.gov/hiedu/docs/emt/shawtextbook011105.pdf

17
 Student ID: UP2051794

Smith, D.,J. (2012). Organisation Resilience: Business Continuity, Incident and Corporate Crisis
Management. Institute of business continuity management. Retrieved July 29, 2021
from
http://disaster.co.za/pics/Smith_BC_Incident_Corporate_CrisisManagement_2012.p
df

Stocker, K. (1997). A strategic approach to crisis management. New York. McGraw-Hill

Ungureanu (2018). Models And Practices Of Corporate Governance Worldwide. IDEAS .

Retrieved July 29, from https://ideas.repec.org/a/jes/wpaper/y2012v4i3ap625-
635.html

United Kingdom Business Continuity Institute (2021). What is business continuity? Retrieved
August 18, 2021 from https://www.thebci.org/knowledge/introduction-to-business-
continuity.html

United Nations Committee on Trade and Development (2010). Corporate Governance in the
Wake of the Financial Crisis: Selected international views. Retrieved August 18,
2021 from https://unctad.org/system/files/official-document/diaeed20102_en.pdf

United States Securities and Exchange commission. Interagency Paper on Sound Practices to
Strengthen the Resilience of the U.S. Financial System. Retrieved August 5, 2021
from https://www.sec.gov/news/studies/34-47638.htm

Veil, S. (2011). Mindful Learning in Crisis Management. University of Kentucky. Journal of

Business Communication (Vol 48). Retrieved June 24, 2021 from
https://www.researchgate.net/publication/254120920_Mindful_Learning_in_Crisis_
Management

Wakeman, T., Contestabile, J., Knatza,G. and Anderson, W. (2017). Governance and
Resilience: Challenges in Disaster Risk Reduction. TRB weekly. Retrieved July 29,
from https://trid.trb.org/view/1489135

Williams, T.A., Gruber, D.A. and Sutcliffe,K. M. (2017). Organizational Response to Adversity:
Fusing Crisis Management and Resilience Research Streams. The Academy of

18
 Student ID: UP2051794

Management Annals (Vol 11). Retrieved July 29, from

https://journals.aom.org/doi/10.5465/annals.2015.0134

Willmer, J. (2016). Crisis Management Versus Risk Management: Do You Know the
Difference? Probono Australia. Retrieved July 29, from
https://probonoaustralia.com.au/news/2016/09/crisis-management-versus-risk-
management-know-difference/

19