The past year has been nothing but a constant flow of disruption. Businesses have had to keep up with a crush of new risks related to employees working from home, supply-chain disruptions, severe weather-related events, and, of course, a global pandemic.
The cascading effects of these risks provided irrefutable proof that risk can no longer be viewed as an individual event. A single risk can trigger a multitude of other risks. Risks are complex and interconnected – and cannot be understood in isolation.
To build business resilience, departments and functions across the organization need to work together. Think about the big picture and what it means to be resilient.
Risk management is all about managing uncertainty within the context of objectives. You must be able to see the connections between risks – within the context of strategy – to be a resilient organization.
The Journey to Business Resilience
Amid such a chaotic world, the need for resilience has never been more acute. But what does that really mean?
Business resilience is the overall resilience of an organization, including the business strategy, liquidity, integrity, and operational resilience.
Operational resilience is a component of business resilience. It is focused on internal processes, services, people, systems, and relationships.
To increase business resilience, you must stay on top of all of the dynamics influencing your risk environment, including:
- Legal and regulatory change. Virtually every organization in every industry is facing an ever-growing and ever-changing number of regulations with which they must comply. Global financial services firms, for example, deal with over 200 regulatory-change events every business day.
- External risk change. Shifts in market forces, geopolitical risks, and technology (including IoT device connectivity) all bring outside risks inside the business.
- Internal business change. Business strategy, employees, technology, and business relationships will continue to evolve and challenge resilience.
A 360-Degree View of Risk
Understanding the interconnectivity between internal, external, and third-party risks is critical to building resilience. You need 360-degree contextual intelligence to manage evolving risks, anticipate what’s ahead, analyze the big-picture impact, and adjust the plan as necessary.
Here are five places to start:
- Strengthen accountability. Responsibility is something you can outsource – accountability is not. While you can assign tasks to others, someone needs to take ownership. Regulators around the globe are now enforcing accountability with a stream of new regulations, especially in the financial services industry. The UK’s SMCR is one of the most well-known of these regulations, but similar accountability mandates are on the books in Ireland, Australia, Hong Kong, Singapore, and more.
In a resilient organization, everyone knows where the buck stops.
- Work together. Operational risk has traditionally been managed separately from continuity, disaster recovery, and third-party risk. Yet these functions tackle many of the same issues. Duplicate work is never a good thing.
In a resilient organization, silos are replaced with seamless collaboration so related functions can act as one – and possibly even become one.
- Understand the impact of third parties. Today’s organization is permeated by third parties. In some offices, as many as half of the people might be contractors. Traditional employees no longer define an organization.
Resilient organizations have a strong understanding of third parties and how they impact the organization at every level.
- Implement integrated technology. Managing risk in spreadsheets, emails, and documents may be a common tactic, but data housed in disparate sources will not give you the intelligence you need to be resilient. You simply cannot waste hundreds of hours building a report. By the time you aggregate all the data and realize you have a problem, you’re already in hot water.
Resilient organizations have integrated risk technology that provides instant access to real-time data. All risk information is in one place where it can be easily accessed, managed, and monitored on a continuous basis. Timely and reliable facts are essential to resilience.
- Take lessons from the past to inform the future. History repeats itself because no one was listening. The world is a volatile place, and you must be prepared to deal with whatever comes your way.
Resilient organizations learn from their mistakes – and those made by others. They adjust their action items according to current circumstances. Resilient organizations have the agility to circumvent the worst of the damage and get right back on course.
Risk is a tool for achieving rewards. The trick is to manage that risk to your advantage. Awareness allows you to align your efforts, which in turn, allows you to be more responsive.
And that agility leads straight to business resilience.