Operational resilience is an organization’s ability to respond and successfully address impediments and adverse circumstances that have the potential to cause financial loss and disrupt business. The ability of an organization to achieve and maintain Operational Resilience is a significant determining factor that allows for effective response and recovery in a timely manner.
Ranging from people (human capital) to natural disasters and global economic change, managing all that impacts an organization’s ability to conduct business operations, maintain value and, ultimately, increase that value, is goal behind Operational Resilience. Identifying potential issues before they occur and either preventing them from impacting or mitigating their ultimate impact is the goal – a goal moved towards realization by both Enterprise Risk management (ERM) and the establishment of a Business Continuity Plan (BCP).
There are Four (4) Key Stages to Operational Resilience…
1. Anticipation – what events have the greatest likelihood of occurring and impacting the organization's ability to do business; a fundamental concept of Enterprise Risk Management (ERM).
2. Preventative Strategies or Control Measures – once an organization has anticipated a Risk, it can develop a plan for addressing that Risk or Control Measures. Levels of Control Measures may vary. Isolated events such as an IT systems failure, may be mitigated by redundant hardware and automated processes. Whereas large-scale, catastrophic destruction of a data center is more difficult and complex to address.
3. Respond and Recover – upon the occurrence of a Risk event, the organization must be prepared to engage the proper preventive or mitigative strategy, as defined by the Control Measures. One that where internal “Communication, Consistency, and Continuity” are well established.
4. Adapt to the Situation – after a Risk event has occurred and addressed accordingly, it is important analyze the parts of a response strategy that worked well, and those that did not work as anticipated, so that improvements may be made moving forward.
Many mistakenly assume that Operational Resilience and Business Continuity Planning are synonymous. However, Business Continuity Planning is focused upon planning for specific, identifiable events that could be directly disruptive to the business such as, from an IT perspective, running mission-critical workloads on failover clusters in the event of server failure to allow for the workload to automatically transition to running on a different server, thereby preventing an outage.
In contrast, while Operational Resiliency may benefit from Business Continuity Planning, Operational Resilience maintains a broader scope. A key difference is that Business Continuity Planning generally focuses upon External Factors and how internal processes are tied together. Operational Resiliency examines how all events, even in directly related to the business – both internal and external - may cause a chain of events that could disrupts operations. Natural disasters triggering shipping delays, impacting the receipt of raw materials, then production and finally the ability to fulfill commitments to customers… and the downstream effect upon cashflow, debit load, and reputation in the marketplace.
Enterprise Risk Management (ERM) is an essential part of achieving operational resilience; adopting a holistic approach to both organizational culture and business processes so that all Risks, external and internal, are examined. If an organization truly wants to be Operationally Resilient it must begin by performing an in-depth risk assessment to identify potential risks that could adversely affect the business.
Once an organization completes the process of identifying potential Risks through the Enterprise Risk Management (ERM) process, evaluating each Risk based on its potential severity and likelihood of the Risk occurring. This Enterprise Risk Management (ERM) process allows the organization to prioritize Risks to determine which risks to focus upon in order to achieve Operational Resilience.