Understanding Operational Resilience

Operational resilience is a multi-player effort.

Warehouse operation
Hor/stock.adobe.com

My last article focused on managing supply chain risk, which is a key component to understanding and achieving operational resilience. In order to effectively manage resiliency across an organization, you first need to understand it.

What Is Operational Resilience?

Mike Campbell, the CEO of risk management firm, Fusion, shares a definition seen in public-facing material from his company. He writes that "Operational resilience is the logical next step approach to keeping your business in business. The need to understand your critical services across the enterprise and being able to adapt to any disruptions in real time in order to keep delivering to your customers has been demonstrated time and again over the past few years."

The Transformational Shift

Traditional business continuity and IT Disaster Recovery programs focus on recovery; the concept of operational resilience goes beyond recovery, to the sustainability of an organization during disruptions. The recent pandemic required similar capabilities globally as there was a shift to remote working. Organizations adapted to a new operating model and made adjustments, as many firms had never contemplated that the entirety of their workforce would, and could, work remotely. This dynamic also acted as a catalyst to advance digital transformation agendas across organizations.

Operational resilience not only requires potential enhancements to capabilities but, more importantly, it requires a mindset shift and collaboration. Operational resilience is a multi-player effort across an organization and is an outcome of effective operational risk management. In a recent survey by Interos, a company advised by myself and my team at Kohli Advisors, more than 75% of participants recognized the need for internal and external collaboration as a means to effective operational resilience.

As critically, I have witnessed an increasing focus from regulators in this area over the past several years triggered by a consultation paper released by the UK financial regulators in 2018.This guidance set in motion numerous other regulators across the globe releasing regulations and guidelines for different and overlapping constituencies. Fast forward to today, many companies are transforming and/or maturing their programs — geopolitical conflicts, cyber attacks and more have elevated concerns regarding the ever-expanding vulnerabilities.

Simplifying It

A parallel I often used to explain this shift is what I refer to as a "broken arm analogy."

A traditional approach to crisis and disruption would focus on the recovery of that broken arm, and what you need to do immediately to get better sooner and more quickly — the primary objective being recovery and a faster return to work.

From the perspective of operational resilience, the focus is not only to recover from that broken arm but to manage your day-to-day. This requires that you understand what is needed, what is necessary, and what can be delayed. This puts the focus on managing important tasks with the broken arm, making trade-offs on delaying some items and minimizing the impact of not taking action.

A Practical Approach

The starting point to embedding operational resilience is identifying those critical services that are most important and may result in a significant impact on the external market (customers/clients, distributors, etc.).

The next step is to understand the end-to-end service and map the processes in order to identify assets (people, locations, technologies, data and third parties/vendors) that the service depends on.

It's important to unravel and understand the level of interconnectivity between functions and across organizations, as this will help in identifying dependencies and relationships that are most critical to supporting the service. Mapping needs to incorporate dependencies across the operational ecosystem, beyond the organization's boundary.

There are a number of tools in the market that can help you on this journey. There are tools specific to operational resilience tools, and tools available to help map your supply chain. Interos data shows that for every single supplier that exists at an organization's first tier in the supply chain, that supplier has 10 additional sub-suppliers that it in turn relies on. In other words, supply chains get big, fast. Leading organizations think about the integration of information and their toolset — how can they optimize to serve the organization and increase visibility.

Putting plans in place is not enough; testing and continuous monitoring across your threat landscape are key. Many firms take a manual approach to these activities, periodically issuing manual surveys, calling vendors and conducting isolated testing — each with room for improvement when it comes to sustainability and effectiveness. This gap in sustainability and effectiveness can be helped in part by artificial intelligence (AI) and machine learning (ML). These tools can be used to facilitate and automate testing in order to proactively monitor threats. In Interos' survey, just over 10% of organizations use technology to support continuous monitoring.

How Resilient Are You?

Do you know the most critical threats and significant vulnerabilities to your organization? Until you are able to understand your ecosystem and its dependencies, you are limited in assessing your company's resiliency posture.

Resiliency insights can be achieved by proactive monitoring and testing across your supply chain. Identifying the weakest link(s) that support your services is crucial to limiting impact and exposure to an organization. Timely operational insights can be used to redirect resources and funds to remediate those critical vulnerabilities that will, in turn, help to strengthen an organization's resilience posture.

Given the events of the past few years, Corporate Boards have been primarily focused on supply chain and data risk as of late. No wonder, supply chain disruptions now cost large enterprises on average $182 million in lost revenue annually.

Resilience by Design

The move toward better operational resilience requires a transformational shift across multiple areas. It requires a multi-faceted approach that includes regular communication, training, and awareness, and embedding resilience into the cultural DNA across the organization. A resilience approach needs to be embedded into processes ranging from when staff is on-boarded, new entities established, new products developed and additional vendors acquired. This approach is foundational to an organization's overall resilience posture.

Operational resilience is a multi-player effort, traversing multiple risk domains and requiring collaboration within organizations across the industry and the ecosystem. It is a never-ending process of continuously monitoring interrelated parts of your business and identifying those that could have a domino-like impact on your business.

The most crucial first step is the engagement of key stakeholders to start breaking down the silos within your organization and across industries.

The Newsweek Expert Forum is an invitation-only network of influential leaders, experts, executives, and entrepreneurs who share their insights with our audience.
What's this?
Content labeled as the Expert Forum is produced and managed by Newsweek Expert Forum, a fee based, invitation only membership community. The opinions expressed in this content do not necessarily reflect the opinion of Newsweek or the Newsweek Expert Forum.