Keys to Getting Operationally Resilient in 2023

  • 19 Jan 2023
Noggin_How to get operationally resilient in 2023.png

2023 to be a crucial year for operational resilience

We’ve experienced an almost unbroken series of critical events in the last few years. And as a result, operational resilience became a business-world buzzword.

Indeed, as BCI survey data demonstrate, over three quarters of organizations reported either having or developing an operational resilience program. Adoption numbers are even higher in tightly regulated sectors, e.g., financial services.

The question this year, though, is whether these programs will be enough? To this end, challenges have already emerged, which must be addressed for organizations to get operationally resilient this year.

Organizations must define and mature operational resilience programs

What are the challenges?

For one, staffers, when surveyed, concede not fully understanding what their operational resilience programs should do (BCI). 

This lack of understanding will necessarily create roadblocks to operational resilience in 2023.

Other staffers confuse operational resilience as “business continuity done well.” This is particularly the case in small organizations, where continuity practitioners are being tasked with managing operational resilience programs, as well.

What are the risks to operational resilience? Well, the practices implemented under the banner of operational resilience might actually be harmful, e.g., using the business impact analysis exercise to define impact tolerances. Which is dangerous given the different focus points between operational resilience and business continuity.

Furthermore, leaders worry that staff doesn’t have the requisite knowledge and resources to lead the transition to a more strategic and customer-centric operational resilience approach.  

Getting best-practice operational resilience programs off the ground

What then can help deliver operational resilience in 2023?

Per best-practice guidance, operational resilience programs should consist of effective risk management systems to help manage threats integrated into their organizational structures and decision-making processes.

That means striving to reduce the likelihood that operational incidents will occur, and if they do, firms can limit losses.

To do so, firms must take action to provide important (or critical) business services within impact tolerances even through severe but plausible disruptions. Impact tolerances, here, assume a particular risk has already crystalized rather than focusing on the likelihood and impact of operational risks occurring.

Firms able to remain within their impact tolerances increase their capability to survive severe but plausible disruptions. However, risk appetites are likely to be exceeded in these scenarios.

Setting impact tolerances alone won’t ensure operational resilience, though. Business continuity and contingency planning come into play, as well.

In fact, some regulators are already requiring adequate contingency and business continuity plans, with the aim of ensuring that in the case of a severe business disruption a firm is able to operate on an ongoing basis.

Other best practices firms should adopt to address resilience challenges in 2023 include:

  • Setting recovery priorities for operations, prioritizing the delivery of important business services within impact tolerances
  • Allocating resources and communications planning for business continuity planning focusing on the delivery of important business services
  • Testing business continuity plans, complemented by the testing of disruption scenarios in relation to impact tolerances

Digitization key to remaining operational resilient in 2023

This best-practice guidance must be put into operation quickly. And that’s where digital technology comes in.

Digital technology can help organizations, their critical third parties, and others incorporate best practice standards into resilience programs.

How so?

The right platforms can give firms the risk and business continuity management functionality needed to identify, assess, manage, mitigate, and report on risks, including the cyber threat, new compliance drivers, third-party risk, and ongoing supply-chain disruptions.

Dedicated business continuity software, for its part, can also enables organizations to automate key functions crucial to recovery should disruption occur.

Other relevant capabilities to help address the remaining resilience challenges in 2023 include:

  • Define domains, critical business activities, assets, and sites, as well as record inter-dependencies
  • Assess the risk and impact of outages across activities, assets, and sites, and implement risk treatment plans and actions to mitigate risks, and reduce the likelihood or impact of incidents
  • Assign and track business impact assessment and risk management activities for organizational unit owners
  • Set recovery targets for business activities and report on progress against those targets as incidents occur
  • Visualize and report on the risk profile of business and the impact on critical services
  • Digitize business continuity, crisis, and incident response plans, including strategies and considerations, roles and responsibilities, and pre-assigned checklists ready to deploy when incidents occur
  • Activate crisis and incident management teams including structures, roles, capabilities required and on-call resources
  • Record and manage incidents and response tasks, log and share updates, decisions, facts, and assumptions, and produce situation reports and briefings
  • Initiate and track investigations, capture evidence and related actions
  • Conduct exercises, post-incident reviews, and lessons learned
  • Visualize locations of incidents, risks, people, and assets using the fully integrated mapping features.
  • Communicate alerts, notifications and updates via email, SMS, voice, or the app
  • Manage key details of staff, contractors, customers, suppliers, regulators, and external parties
  • Display key information where it is needed using flexible dashboards, analytics, and reporting that caters for all stakeholders.
  • Automate and lead people through procedures, with fully-configurable workflows

Although a start, those capabilities won’t scratch the surface of what’s necessary to get operationally resilient in 2023. What else will be needed? To learn more, download Noggin’s latest guide to overcoming the challenges in getting operational resilience programs off the ground, The State of Play in Operational Resilience.

 

More on