Continuing the work-from-home risk discussion
In this five-part mini-series, I covered topics of safety and security risks, but this blog discusses promoting operational resilience for remote workers. If you have followed my blog for a while, you know that I have covered the topic of Operational Resilience (OpRes) for some time. The regulatory definition of OpRes in the UK is the ability to prevent, adapt and respond to, recover, and learn from operational disruption (BoE/PRA/FCA). Taking it a step further, I also compared Organizational Vs. Operational Resilience terms we hear more frequently in business settings.
However, executives, I interact with say “operational resilience” and mean just that. Often, they are not thinking about the regulatory definition but the process of maintaining critical operational functions. So, it can get a little confusing because my mind is oriented toward the regulatory process, focusing on defining the technological strategy of providing critical services from beginning to end. In the article Operational Resilience: Understanding the UK’s Latest Regulation for Financial Services, Cam Skinner defines it well. Operational resilience goes beyond business continuity planning and involves developing a comprehensive framework that covers all potential impacts, risk factors, and tolerance levels affecting a business’s successful operation. Yet, our management is thinking of it from a holistic view of Business As Usual (BAU), IT factors, 3rd party risk, regulatory risk, and organizational change. They have included increased telework risks and the probability of adverse events.
Quiet quitting and the great resignation
So, as a business continuity or resilience professional, you might be asking why it’s essential to consider operational resilience related to telecommuters. Quiet Quitting is trending and recognized as part of the post-COVID work-life. In effect, it’s when employees do the bare minimum of work or have a second job. Thought to be initiated by Generation Z or Millennials, it appears to be a rejection of the hustle culture of working excessive hours for little recognition by their employers.
For HR and some leadership groups, it’s initiated a desire to return to the office to better monitor employees. However, this is a limiting belief as research shows that employees’ mental health can benefit. The recently published article in Psychology Today, 5 Reasons Why Quiet Quitting Is Great for Your Mental Health, argues just that. We need to understand this because the concept of business resiliency includes the well-being and ability of the workforce to bounce back quickly.
365 view of resilience
If the reason for promoting operational resilience for remote workers is leaving you mystified, let me break it down. Your IT department is likely all over educating your workforce about the importance of data security. However, I would argue that encouraging operational resilience is more than that. It’s a vital aspect, but it is the totality of the shift in our new way of working.
As discussed above, we already see cracks in company culture after two years of COVID-enforced isolation. We know that different personality types respond better to in-person vs. remote working. Regardless, a resilience professional wants to keep the many facets of the work world in mind for preparedness and response efforts. We need to have the vision to consider the perils of operational stability, which is the bedrock of the business continuity practice. Business resilience demands a perspective that considers all hazards and potential liabilities across operations.
Time is money
In my years in this field, it’s always been a delicate balance to address the company’s vision with response realities when faced with a crisis. Harried managers wanted to recover from an interruption immediately, regardless of Recovery Time Objective (RTO). Business is always competitive, but in today’s environment, any service interruption can equate to a loss of customers. In the digital age, clients have minimal tolerance for dips in immediate service. If your company cannot fill their needs, they can and will go elsewhere.
For me, this speaks to the increased importance of the resilience mindset. We want to preempt crisis events whenever possible or mitigate downtime in the most suitable ways. The old saying, “Time is Money,” is applicable here. However, it’s best to understand time as a limited resource, worth more than money. Because, in the majority of past continuity assessments, most customer transactions may only suffer a delay. Instead, your company may now lose new customers or impatient ones. So, this is where promoting operational resilience for remote workers is valuable. Resilience operations preemptively work with telecommuters to understand gaps and their tolerance thresholds.
Operational resilience for remote workers
By this point, you likely want to know what I consider to be tips for enabling resilience in the at-home or hybrid workforces. Let’s get to it. Here are my high-level tips:
- Assess your people’s risk: One of the concerns I identified for the shift from a continuity perspective is a decrease in concern about site loss. Instead, the percentage of the workforce working from home or hybrid increases the risk of power and network outages, especially if your personnel are highly concentrated geographically.
- Process risk: Define what limitations exist in your current service flows so that you can work to address them. For example, is your reliance on delivering services heavily invested in people internally or externally third parties? The war in Ukraine is an example. Many companies rely on the technological services provided by vendors in-country. It’s an excellent lesson to assess your vulnerabilities in this area and define viable workarounds.
- System risk: A system error or crash can have devastating effects on an organization’s ability to provide core services, whether it’s retail, manufacturing, the service industry, or shipping. We’ve recognized a growing threat from fourth-party vendors, so due diligence is vital. The Apache Log4j Vulnerability is one example, along with the recent AWS and Facebook outages. So, you should analyze how downstream vendors could impact your work-from-home teleworkers and disrupt operations.
- External events risk: Many companies recognize increased vulnerability of potential geo-political impacts after the pandemic experience.
- Legal and compliance risks: Last but not least, employees committing fraud, such as embezzlement, could damage your business’s reputation and operational continuity, so those are also things to watch for. Of course, some may see this as an argument for returning to the office but mitigated with solid management and security practices.
Operational resilience in the new normal
Improper management of operational risk can become a financial risk. Empowering and working with your remote employees pays dividends. Help make them part of the solution by including them. Understanding the different types of operational risks your company is vulnerable to and planning for risk mitigation with critical stakeholders is vital. Working with senior and line managers to oversee operational risk at all levels help builds resilience.
Minimizing risk as we evaluate the new normal is essential for supporting viable business resilience. Chief risk assessment officers, and compliance managers monitor and help, manage risk levels and business activities. Resilience practitioners assist this process by taking stock and understanding the (potential) gaps. Working from home poses new threats with the new normal as your workforce is crucial to maintaining operations. Effective operational risk management will go a long way in keeping your business resilient. In the series’s final installment, I’ll discuss risks to resilience when employees’ well-being suffers.