What is operational resilience?

Operational procedures tend to be designed for efficiency rather than risk and compliance. They also tend to rely on corrective tools rather than more automated preventative measures. Unfortunately, this can leave gaps in a business' defences and make a response much more difficult. Instead, incorporating risk and compliance activities into everyday processes, automating where possible, using a common data source across your organisation and continuously monitoring for incidents, you can optimise incident response to the point where many emergent events can be countered before they have any negative impact.

Perhaps the worst approach to operational continuity is waiting for disaster to strike before deciding how to respond. Poor communication between vendors or suppliers, inaccurate or incomplete information and insufficiently trained personnel may lead to businesses making uninformed, split-second decisions that may actually cause more harm than good. By creating a detailed continuity plan, you provide your organisation with a blueprint for remaining calm, reducing risks and recovering quickly. Make sure that your plan is reviewed and approved by key decision-makers and test it for effectiveness before implementation.

Effective operational resilience allows an organisation to bounce back from disasters. But with so much focus on survival, organisations can lose sight of the unique learning experiences disruptions provide. The ability to adapt and take away key insights means that you have the opportunity to improve your organisation and response plan to better counter disruptions in the future. In the event of an emergency, have programmes in place to collect relevant data, review and analyse results, and communicate vital conclusions to your teams.

It's important to account for internal and external factors that will influence your organisation, such as systems, processes, business lines, assets, people and third parties. A resilient operation sees the interconnection and interdependence of risk and how it affects an organisation. An effectively managed risk management portfolio looks across divisions and operations to assess, in a holistic manner, all potential threats.

Translate risk into terms that everyone can comprehend. A common language provides the opportunity for a more comprehensive analysis and documentation of potential risks within the organisation. It also provides a more robust series of discussions around risk and returns on risk as your organisation takes the time to consider adapting to risk and changing conditions.

There are no two events that are the same, but there is plenty to be learnt from each event. Assess where your key risks are across your organisation and implement potential workarounds to assist your organisation with its adaptation to changing conditions. Robust systems, flexible processes, a resilient culture and a collaborative environment are all key.

Your employees' well-being should be your primary concern in the event of a disaster or other emergency. Ensure their safety and help maintain their productivity by focusing on proactive collaboration, communication and leadership. Verify compliance with established controls by leveraging HR-system and app data, and provide alerts, training and policies to better prepare your workforce for potentially dangerous or disruptive situations.

Facility disruption, in the form of power outages, flooding, fires etc., can grind your business to a halt. Operational resilience helps to preserve safety and compliance within your facilities and ensure reliable access to status information and essential controls.

Even if your organisation is well prepared and extremely resilient, the third parties you do business with can introduce potential issues. Risk and compliance assessments help evaluate business continuity and risk management programmes from your suppliers, consultants and vendors. When necessary, include policy compliance in contracts and improve diversification through second sourcing.