Comparing Resilience – Part Two: Operational Resilience
In part one of this five-part mini-series, we covered business resilience and highlighted three aspects of resilience on which an organization has the most control. Let’s cover the first one of these: operational resilience.
What Is Operational Resilience?
Operational resilience describes the ability of an organization to prevent, detect, prepare for, respond to, and recover from internal and external disruptions to its operations. Operational resilience is a critical component of a modern governance, risk, and compliance (GRC) framework and is indispensable in modern business environments.
Operational resilience is more focused on business processes, systems, people, customers, and third-party relationships. It also covers specific and critical areas of the business involved in delivering goods and services. It is narrower in scope than business resilience.
The diagram below illustrates the impact of COVID-19 on operational resilience, for many large companies.
In general, operational resilience usually lives in the immediate to short-term horizon of a business. It may also drive longer-term changes, but those would encompass limited areas of the organization.
How Do You Build Operational Resilience?
Building operational resilience requires designing an all-inclusive strategy that takes a 360-degree view of the organization and its operations—including third-party vendors and partners, governance, finance, resources, and data assets, as well as regulatory and compliance mandates. This is no walk in the park. This provides company leaders with an innate understanding of threats and risk factors to the organization while prescribing actionable plans to counteract their impacts.
Backing this strategy with full-spectrum business mapping, regular organizational assessments, and stringent scenario testing helps ensure that your operational resilience strategy is robust enough to withstand the vagaries of today’s business world.
Operational resilience requires some level of IT and cyber resilience. These may not be enough to ensure operational resilience, but without them operational resilience will remain elusive.
Why Is Operational Resilience Important?
It’s just a matter of time, but every business will experience events that will threaten its operations. Operational resilience protects your organization’s ability to produce and deliver its goods and services, in turn mitigating the impact on your customers and your reputation. It ensures that your business position post-crisis is the same, or even better than before, especially against your competitors.
What Does an Operational Resilience Strategy Include?
To build an effective operational resilience strategy, you must develop:
- Strong strategic operational management, with shared vision and purpose
- Excellent governance, risk, and compliance (GRC) framework
- Deep understanding of your operational gaps and exposures through risk assessment and business impact analysis (BIA)—this must consider third-party vendors and partners
- Business continuity plans that address specific identified and assessed operational risks
Your operational resilience strategy should also incorporate specific actions, processes, and behaviors that connect the dots between all corporate governance and risk management activities.
Next: IT Resilience
As businesses are all in some ways digital—depending on applications, digital services, etc.—so keeping applications and IT systems up and running is essential to ensure some level of business resilience. In part three, we are going to drill down into one of its cornerstones: IT resilience.
Until then, feel free to contact us with any questions you have about your organization’s resilience.