Resilience integration across a business
Many of you have asked what I view as resilience program pillars. Although I never pretend to have all the answers, I am a subject matter expert in my field. I say this because we are in a time when resilience is evolving. I’ve spoken on Operational Resilience multiple times, the rapidly maturing subsegment of fintech-focused on critical service continuity.
However, I gravitate toward Organizational Resilience. OpRes is the area designed to preserve operations holistically, people, and assets from crisis impacts. The concept is to build your company’s elasticity to navigate and pull through events more easily. Because I like to try to simplify complexity, the following are what I view as the core areas of business resilience.
Organizational security
Security, as I am defining it, consists of several business disciplines. In some companies, they are separate, while in others, responsibilities overlap. Regardless, security’s attributes form a protective barrier to threats. It encompasses physical, cyber, information, and asset security as a resilience pillar.
I realize this is a tall order, but the reality is many companies overlap in personnel and focus. For resilience, the business must be mindful of monitoring, protecting against, and directing its activity to defend and react effectively to threats. A resilient organization orients itself in the most efficient way to mitigate damage with a robust management framework.
Organizational safety
Next in the resilience programs pillars is a safety net that extends across the enterprise. Here, both employee health and safety considerations get aligned with the company culture. What I’ve noticed since COVID is a fundamental shift in focus away from primary concerns of operations to employees. Such an approach signals a North Star approach where people, whether employees, clients, or contractors, are the focal point of a buoyant organization.
There’s finally a recognition that people make up businesses. Of course, without operational continuity, any business will ultimately fail. But, we all know that there is no operational stability without adequate people to conduct critical tasks. So, I put safety as an essential element of a successful resilience program. Effective safety protocols rely on good management practices.
Business continuity value
An area near and dear to me is Business Continuity Management (BCM). It inspires me to know that business continuity management systems are a critical driver of resilience programming. BCM’s history includes frameworks for governance, understanding organizational structures, and enabling rapid response and recovery. Naturally, it is a pillar due to these attributes and the established goal of mitigating business disruptions.
As Operational Resilience gained traction in the UK and Organizational Resilience became a hot topic for boards and management, it makes sense that BCM is in the spotlight. Realistically, as ISO 22301:2019 states, an org need(s) to continue to deliver products and services at an acceptable predefined capacity during a disruption. The system orients to preparing, responding, and recovering from calamities. So, it makes perfect sense that continuity protocols be leveraged to enable resilience practices.
Risk management
Finally, risk management is the lynchpin of the resilience program pillars. Companies tap their risk management process to lead their Operational Resilience efforts, and most have established risk committees. COVID brought it from a back-office protective measure to the forefront from a risk perspective. I can’t imagine successfully navigating the last two years without a deep understanding of risk and mitigation efforts.
The discipline has allowed us to directly leverage probability data for real-time decision-making and ongoing horizon scanning. Improvement of business performance misses the mark if it doesn’t consider risk. As a pillar, it aids us in understanding what could jeopardize the organization and guides the implementation of the most effective controls.
Resilient organizations start with leadership
Finally, resilience is not possible without coordinated alignment across business units. None of these pillars can act alone and expect to build organizational plasticity. Instead, structures need to be implemented to encourage ongoing improvement, coordination, and strategic planning.
Senior management support is vital, and without it, individual efforts will fail. When buy-in is gained, the program lead must provide ongoing reporting and opportunities for feedback. It includes the ability to evaluate the program objectively and the willingness to pivot. Resilience, at its core, comprises an organization’s operating environment and complexity, preparing it for future shocks to minimize the effects. Ideally, most crises become bumps in the road with minimal effects on outcomes.