BCM ERM and Crisis Management: How They Differ and When to Use Each
Last updated: 10 Jun 2026
10 Views
BCM ERM and Crisis Management are three terms that appear together in risk meetings constantly. Many people use them interchangeably without understanding the differences. How does BCM ERM truly differ? This article explains all three concepts clearly.
BCM ERM Crisis Management in 3 Sentences
ERM (Enterprise Risk Management) is the system that views all organizational risks holistically to prioritize and manage them.
BCM (Business Continuity Management) is the system that prepares the organization to continue operations when disruption hits.
Crisis Management is the management of specific situations when crisis actually happens. Focus on real-time decision-making and communication.
Scope of BCM ERM
ERM covers all risk types: Strategic, Operational, Financial, Compliance, Reputational, and ESG. Most comprehensive view.
BCM focuses on Operational Risk that could disrupt operations: floods, fires, system outages, pandemics, war.
Crisis Management focuses on specific events that have already occurred and need rapid decision-making: reputation-damaging rumors, accidents, employee fatalities.
Timing of BCM ERM
ERM is a Continuous Process running constantly. Review Risk Register quarterly.
BCM focuses on Preparation Phase before incidents. Do BIA, build BCP, conduct Exercises.
Crisis Management is a Reactive Phase during and after incidents: Crisis Communication, Decision-Making, Post-mortem.
Standards for BCM ERM
ERM uses COSO ERM 2017 and ISO 31000:2018.
BCM uses ISO 22301:2019, the Business Continuity Management Systems standard.
Crisis Management uses ISO 22361:2022, Guidelines for Crisis Management.
How BCM ERM Connect
ERM is the parent covering everything. Risk Identification in ERM leads to identifying which disruption types are likely, which becomes input to BCM.
BCM prepares plans in advance for predictable disruptions. Crisis Management executes those plans when events actually occur.
Good ERM means comprehensive BCM, which means Crisis Management responds quickly and correctly.
BCM ERM Example in Action
Flooded factory: In ERM stage, company identifies Climate Risk as Top 5 Risk in annual assessment. Sets Risk Appetite and KRI tracking water levels.
In BCM stage, team does BIA identifying critical production processes. Designs BCP including Alternate Site, Supply Chain Continuity, IT Disaster Recovery. Runs Tabletop Exercises twice yearly.
In Crisis Management stage, when floods actually happen, Crisis Team activates BCP, contacts Stakeholders per Crisis Communication Plan, and communicates with investors within 24 hours.
BCM ERM by Organization Type
SMEs should start with Basic Risk Register (ERM mini), BCP for the 3-5 most likely events, and Emergency Contact List.
Mid-size companies need Full ERM per COSO ERM, BCM per ISO 22301, and a Crisis Management Team with Communication Protocol.
Large or Listed Companies require all 3 systems, plus Board-level Risk Committee, BCMS Certification, and annual Crisis Simulation.
ERM tells you what the risks are. BCM tells you how to survive. Crisis Management tells you how to decide in one hour.
Consult BCM ERM with ESG PRO
The ESG PRO and BCP GURU teams, under Splendid Orga, deliver comprehensive BCM ERM and Crisis Management services tailored to your organization.
Call 092-834-0989 or email contact@esgprothai.com
BCM ERM Crisis Management in 3 Sentences
ERM (Enterprise Risk Management) is the system that views all organizational risks holistically to prioritize and manage them.
BCM (Business Continuity Management) is the system that prepares the organization to continue operations when disruption hits.
Crisis Management is the management of specific situations when crisis actually happens. Focus on real-time decision-making and communication.
Scope of BCM ERM
ERM covers all risk types: Strategic, Operational, Financial, Compliance, Reputational, and ESG. Most comprehensive view.
BCM focuses on Operational Risk that could disrupt operations: floods, fires, system outages, pandemics, war.
Crisis Management focuses on specific events that have already occurred and need rapid decision-making: reputation-damaging rumors, accidents, employee fatalities.
Timing of BCM ERM
ERM is a Continuous Process running constantly. Review Risk Register quarterly.
BCM focuses on Preparation Phase before incidents. Do BIA, build BCP, conduct Exercises.
Crisis Management is a Reactive Phase during and after incidents: Crisis Communication, Decision-Making, Post-mortem.
Standards for BCM ERM
ERM uses COSO ERM 2017 and ISO 31000:2018.
BCM uses ISO 22301:2019, the Business Continuity Management Systems standard.
Crisis Management uses ISO 22361:2022, Guidelines for Crisis Management.
How BCM ERM Connect
ERM is the parent covering everything. Risk Identification in ERM leads to identifying which disruption types are likely, which becomes input to BCM.
BCM prepares plans in advance for predictable disruptions. Crisis Management executes those plans when events actually occur.
Good ERM means comprehensive BCM, which means Crisis Management responds quickly and correctly.
BCM ERM Example in Action
Flooded factory: In ERM stage, company identifies Climate Risk as Top 5 Risk in annual assessment. Sets Risk Appetite and KRI tracking water levels.
In BCM stage, team does BIA identifying critical production processes. Designs BCP including Alternate Site, Supply Chain Continuity, IT Disaster Recovery. Runs Tabletop Exercises twice yearly.
In Crisis Management stage, when floods actually happen, Crisis Team activates BCP, contacts Stakeholders per Crisis Communication Plan, and communicates with investors within 24 hours.
BCM ERM by Organization Type
SMEs should start with Basic Risk Register (ERM mini), BCP for the 3-5 most likely events, and Emergency Contact List.
Mid-size companies need Full ERM per COSO ERM, BCM per ISO 22301, and a Crisis Management Team with Communication Protocol.
Large or Listed Companies require all 3 systems, plus Board-level Risk Committee, BCMS Certification, and annual Crisis Simulation.
ERM tells you what the risks are. BCM tells you how to survive. Crisis Management tells you how to decide in one hour.
Consult BCM ERM with ESG PRO
The ESG PRO and BCP GURU teams, under Splendid Orga, deliver comprehensive BCM ERM and Crisis Management services tailored to your organization.
Call 092-834-0989 or email contact@esgprothai.com
Related Content
รายงานความยั่งยืนในประเทศไทยมักอ้างอิงถึง GRI (Global Reporting Initiative) ด้วยหลายเหตุผลดังนี้
เมื่อ 1 ใน 3 ของพลังงานไทยถูกคุกคามจากสงครามฮอร์มุซ คำถามคือ: องค์กรไทยจะยังรอให้วิกฤตผ่านไปก่อน หรือจะเร่ง Energy Transition เพื่อความอยู่รอดระยะยาว?
ประเทศไทยกำลังก้าวเข้าสู่ยุคใหม่ของการจัดการก๊าซเรือนกระจก ภายใต้ (ร่าง) พ.ร.บ. การเปลี่ยนแปลงสภาพภูมิอากาศหนึ่งในหัวใจสำคัญของกฎหมายฉบับนี้ คือการนำ กลไกราคาคาร์บอน (Carbon Pricing Instrument) มาใช้ เพื่อทำให้การลดก๊าซเรือนกระจกไม่ใช่แค่เรื่องความสมัครใจอีกต่อไป
