What is Operational Resilience?
Etymologically, the word resilience has roots in the Latin term resiliere, which means ‘to rebound’. In similar vein, operational resilience describes an organization’ stability to cope with change or misfortune. The ongoing global pandemic, COVID 19 is an extreme form of misfortune, but its impact has been so universal that it has laid bare each organization’s level of operational resilience and sparked renewed interest in the topic.
Stress, threats, potential failures, disruptions, uncertainty, and change are part of the life of an organization, but one that is operationally resilient has the wherewithal to maneuver through it all. From climate change, power grid black outs, and cyber-attacks to a tainted image on social media and demand-supply disruptions, there are numerous factors that can cause an organization to buckle and crack. A resilient organization has the frameworks and mechanisms to bounce back when dealt the unexpected.
Operational resilience, however, goes further than an organization simply maintaining business continuity or managing risk.
What is operational resilience?
Here are two helpful definitions:
Gartner: Operational resilience is a set of techniques that allow people, processes, and informational systems to adapt to changing patterns. It is the ability to alter operations in the face of changing business conditions. Operationally resilient enterprises have the organizational competencies to ramp up or slow down operations in a way that provides a competitive edge and enables quick and local process modification.
PwC: We define operational resilience as “an organization’s ability to protect and sustain the core business services that are key for its clients, both during business as usual and when experiencing operational stress or disruption.”
The operational resilience definition offered by Gartner places a lot of emphasis on ‘techniques’, ‘abilities’, and ‘competencies’. PwC too focusses on ‘ability’ but brings the end goal in picture, that is, service of the ‘client’.
This article will elaborate more on these themes, while also providing some operational resilience examples.
Interconnected and futuristic
To work within a sound operational resilience framework means to consider risks in a holistic manner. It involves moving away from a vertical and siloed approach to a horizontal and organization-wide approach. This way you aren’t left facing collapsing dominos when one segment of your operations stalls. Similarly, key to the word resilience is the aspect of bouncing back and if your operational resilience strategy focuses on avoiding disruptions only, it is inadequate. Operational resilience is a trait by which your organization can get back to everyday business once a disruption occurs too!
Digital, data and cyber
Today, amid the pandemic, digital adoption is what has kept many businesses running and building a layer of digital resilience can help you put your best foot forward. With more and more touchpoints in the customer journey being digitized, it becomes important to live up to the customer expectation of having always-on services. Issues like server outages can dampen customer confidence.
Digital processes run on data as a fuel and your operations will be only as good as the quality of data you possess. Data resiliency includes aspects like restoring compromised data, preventing data loss, and establishing a sync point in case of a snag.
Alongside digitalization and increased data comes the need for cyber operational resilience. For instance, on 5 March 2020 the US Power Utilities were the subject of a cyberattack that used firewall vulnerabilities to cause ‘blindspots’. The system was resilient enough that actual flow of electricity was not affected. However, this incident shines light on present-day practices that hamper organizational resilience. These include using sensitive apps over home Wi-Fi, storing passwords on home devices, and limited awareness about data privacy.
Client is king
When an organization is in its nascent stages, everything revolves around satisfying the client. At such times, it is quite clear what the firm’s key business processes are, which add direct value to the client. However, as an organization scales, processes become more abstract and even at the C-level, one is not dealing with the client’s needs and aspirations directly, but with other contingencies. While it is required that, for instance, the CIO, COO, and CEO take up different responsibilities, resilience is built when these are ordered to the client’s needs.
This approach makes it easier to identify key products and services, meaning that business continuity planning becomes more strategic and secure when the client is at the center. The goal of a client-centric operational resilience strategy must be to uninterruptedly deliver critical operations, even amidst disruptions.
At a certain level, your organization is only as good as your employees. Business staff man several key processes, without which products and services would never reach the client. Factors like employee attrition and wages are perennial issues that threaten business continuity, and hence operational resilience. But in the wake of the pandemic, newer issues such as employee wellness have surfaced. In an increasingly remote-first work environment, HR teams have the tricky task of accepting work from home’s olive branch of business continuity, while knowing that prolonged isolation is a deadly threat to creativity, collaboration, and long-term goals.
Whether you have an operational resilience manager or not, possessing a framework for managing third-party relationships that are interwoven with critical operations is a must. This is another way of saying that the client shouldn’t be at the receiving end of issues related to sourcing and other external dependencies. Achieving this includes performing due diligence and risk assessment according to your standards for operational resilience before entering into an agreement.
Governance, risk, and compliance
GRC is integral to operational resilience – and not just because organizations are increasingly coming under the scrutiny of regulatory authorities! A good operational resilience framework includes having a governance structure that can respond to disruptions. Ongoing risk assessment too is crucial to weeding out vulnerabilities and avoiding threats. As mentioned earlier, being resilient means moving away from silos and being more holistic and here, GRC software serves aptly as operational resilience technology.
Solutions like VComply ensure you have a better way to run your business. VComply is a comprehensive platform you can use to govern risks, stay compliant, and implement an operational resilience strategy in a way that you cannot with spreadsheets and binders. With automated reports, integrated workflows, data centralization and more, you can more reliably work towards making your business‘ disruption-proof’.
With a better understanding of what operational resilience is, proceed to define what it means in the context of your organization and grow your business strategically!
VComply Editorial Team
A comprehensive platform to govern risks, compliance and workflows in your organization.