You can't do a business continuity plan or disaster recovery plan if you aren't aware of what risks your business faces, and how your company is prepared to deal with those risks. An effective risk management plan ensures better preparedness by: identifying possible risks; quantifying the effects of those risks;  allowing the business to decide if they should put solutions in place to avoid, mitigate, transfer, or accept those risks; as well helping the business organize and allocate its resources and capital to address possible incidents before or when they occur. A continuity or recovery plan that was built without consideration of any one of these things will have a very good chance of failing.

Interesting question since Risk Management is the very reason that BC/DR plans exist to begin with. BC/DR plans are created precisely to mitigate risk by creating awareness and plans of action for those risks seen as highly probable.  In order to prepare more effective BC/DR plans companies must clearly understand and assess the potential impact of the risks that they face. successfull recovery from a major catastrophe requires preparation  and effective preparation requires specific focus which comes from the process of risk assessment which is a key component of risk management.

A lot has been said about risk assessment and risk management, I believe that most competent IT professionals will agree that Risk management is an integral component of any legitimate BC/DR plan.

As IT security professionals whose major responsibility is to protect the digital infrastructure and data assets of  the business I believe that risk management is the job. Risks come in an infinite array of shapes and sizes from unassuming risks such as misconfigurations crippling a network to bold faced intrusions by malicious entities with criminal intent.

It may be time for a "chicken and egg" review of the relationship of risk management to the BC/DR plan. What I mean by this is that IT professional spend a significant amount of time assessing and planning for a plethora of scenarios but relatively little time reviewing the risk inherent in the BC/DR plan itself.

To be truly bulletproof IT organizations should invest time in performing risk assessment of the plan e.g. Prof D's classic anecdote about leaving the laptops tethered to the dsks during the fire drill!

Risk management is important to BC/DR plans because the object is to mitigate or avoid risks/threats to the business and daily business   functions. Although it is true that no business can be full proof to risk/threats so it is wise to be prepared for the possiblity of an occurrence. The key to Risk Management is knowing exactly what the risk are to the business functions and its assets. More importantly knowing the likelyhood of the threats/risk to the business; meaning the risk should be prioritized as to which risks are more likely to happen, how often it may occur and the impact it may have on the business functions. Risk management will aid in creating BC/DR plan's simply by knowing what to prepare for, if the risks are identified and the proper actions are taken the impact to business functions may be greatly reduced and may possibly cut the amount of revenue or data lost in the event of an incident.

BC / DR is concerned with the ability of a business to continue to function as an entity in the event that there is unavailability of the core business location. Before a BC plan can be written, it is important to have an understanding of the critical systems or assets that keep the business running and what could potentially cause these systems to become unavailable. During the risk management process, the vulnerabilities that are exploitable are considered threats and an organization must ensure there are mitigating plans to protect itself against these threats. Since systems / assets can be unavailable for various reasons a risk management process allows management to see where the highest risks are in terms of threat, probability of occurence and potential loss. It is at this point that management decides to insure the availablity of the critical systems by building a process that will prevent loss or least damage to the company.

In addition to being a common sense tool for BC/ DR, risk management can be used as a tool for advocating the amount of money spent on a DR or DC plan.

The reason risk management is such an imporant part of the development of a BC/DR plan is because it is the foundation of every BC/DR plan.  The risk assessment process consists of three main steps:  Risk Analysis, Risk Assessment and Risk Mitigation.  The BIA is an important part of the Risk Analysis, because Business Continuity Plans (BCPs) are based on the BIA questionnaire results. Therefore, the Risk Management process is vital because it identifies, assesses, analyzes and mitigates all possible risks to business operations.  However, as Jennifer and Andre pointed out, it would be a mistake to focus only on the business or the IT aspect of it, because you must also include the human aspect which includes the safety of the employees, back up communication methods for employees, suppliers and customers, customer assurance, etc.