Resilience or hardiness is the ability to adapt to new circumstances when life presents the unpredictable. — Salvatore R. Maddi, Author
Have we ever thought about what is the meaning of a resilient organization? We definitely want our organization to be resilient, especially in Operational terms. However, do we have any idea as to what is Operational Resilience and how to achieve it? Let’s discuss this in the blog.
Operational Resilience is defined by the Basel Committee as the ability of the bank to deliver critical operations even in case of a disruption. In order to be operationally resilient, a bank generally should assume that disruptions will occur. The word Bank can be interchanged with the organization.
LET’S START BY LOOKING AT THE PRINCIPLES OF OPERATIONAL RESILIENCE
Resilience is the strength and speed of our response to adversity — and we can build it. It isn’t about having a backbone. It’s about strengthening the muscles around our backbone. — Sheryl Sandberg, Facebook COO
Organizations should utilize their existing governance structure to establish, oversee and implement an effective operational resilience approach that enables them to respond and adapt to, as well as recover and learn from, disruptive events in order to minimize their impact on delivering critical operations through disruption.
Organizations should leverage their respective functions for the management of operational risk to identify external and internal threats and potential failures in people, processes and systems on an ongoing basis, promptly assess the vulnerabilities of critical operations and manage the resulting risks in accordance with their operational resilience approach.
Organizations should have business continuity plans in place and conduct business continuity exercises under a range of severe but plausible scenarios in order to test their ability to deliver critical operations through disruption.
Once a bank has identified its critical operations, the bank should map the internal and external interconnections and interdependencies that are necessary for the delivery of critical operations consistent with its approach to operational resilience.
Organizations should manage their dependencies on relationships, including those of, but not limited to, third parties or intragroup entities, for the delivery of critical operations.
Organizations should develop and implement response and recovery plans to manage incidents that could disrupt the delivery of critical operations in line with the bank’s risk appetite and tolerance for disruption. Organizations should continuously improve their incident response and recovery plans by incorporating the lessons learned from previous incidents.
Organizations should ensure resilient Information and Communications Technology (ICT) including cyber security that is subject to protection, detection, response, and recovery programs that are regularly tested, incorporate appropriate situational awareness, and convey relevant timely information for risk management and decision-making processes to fully support and facilitate the delivery of the bank’s critical operations.
The word Bank has been interchanged with Organizations in the above principles.
Source: Basel Committee on Banking Supervision
The above principles look very similar to the steps needed to ensure Business Continuity and Information Security so is there a difference between the two?
DIFFERENCE BETWEEN BUSINESS CONTINUITY AND OPERATIONAL RESILIENCE
That which does not kill us makes us stronger. —German philosopher Friedrich Nietzsche
Business Continuity can be explained as following a good set of practices over a period of time which ultimately lead to Operational Resilience.
PREVENTIVE VS REACTIVE
Business Continuity is a reactive phenomenon as it involves preparing an organization to react to a disruptive event whereas Operational Resilience is focused more on the preventive aspects to make an organization flexible in case of any event or disaster.
POSSIBILITY VS ACTUALITY
Business Continuity Plans are developed after identifying potential risks and the plans are activated in case a disaster strikes. On the other hand, Operational Resilience expects that a disaster will strike the only question is when and there is no need to activate a plan, in the case of Operational Resilience it is already embedded in the Company’s operations so to ensure that whatever the environment or situation the company is in it is ready to face any eventuality.
HOW CAN ORGANIZATIONS ACHIEVE RESILIENCE?
Change is the only constant in the business world. Radical technologies are changing the way we do our work at a pace unseen before. We don’t overcome change by being stronger or smarter than our competitors, but by being better able to adapt to it.”-Mike Ross, Founder of Juniper
Financial Resilience: In today’s uncertain world, financial resilience is a critical aspect that needs to be worked on. Recently, the Silicon Valley Bank collapse triggered shockwaves throughout the world. Organizations need to ensure that they balance short-term and long-term financial goals to ensure they are still standing if there are sudden fluctuations in costs.
Operational Resilience: Production/Operational Capacity has to be protected for an organization without any compromise on quality and which can flexibly adapt to demand. A resilient organization will maintain production/operational capacity despite supply chain disturbances or other disturbances.
Organizational Resilience: A resilient organization will take care of succession plans, it will also maximize retention, and also put processes in place to ensure higher standards of retention.
Reputational Resilience: Organizations must be open to communication between stakeholders and also should have a process in place to respond to criticism.
Business Model Resilience: Need to have a flexible business model to ensure that any changes in technology or market are captured.
Technological resilience: Have cybersecurity policies and IT disaster recovery plans in place in order to achieve technological resilience.
In the end, achieving Operational Resilience should be the goal of every organization however it cannot be achieved independently without first ensuring Business Continuity in place.
Resilience is the next level of Business Continuity and will definitely be a more difficult target to achieve for organizations though not impossible.
Is your organization operationally resilient? What would you check in order to have an answer to this question? Think about it.
Gorisco has a wide range of experts who have various solutions to help organizations mitigate their risks and solve their problems.
At Gorisco, our motto is 'Embedding Resilience' and we are committed to making the organizations and their workforce resilient. Reach out to us if you have any queries, clarifications, or need any support on your initiatives.
To read our other blogs, click here. More importantly, let us know if you liked them or not through your comments.