top of page

Resilience services

‘Resilience’ means many different things to many different people. Our focus is on the resilience of organisations, and in particular resilience to short and medium term disruption. Resilience and risk management activities are closely related (and should be aligned). They differ in that Resilience concentrates on the ability of an organisation to resist, adapt to and recover from (or even exploit) disruptions regardless of the cause.

We look at Resilience in three ways:

 

1. Organisational Resilience

 

Organisational Resilience is based on an understanding of why businesses fail, and of what capabilities and attributes are needed not only to improve their resilience but also to take advantage of potentially disruptive change.  Early thinking on this has been captured in standards including BS65000 and ISO22316, the former of which our Resilience technical leads helped to develop.

However, full Organisational Resilience remains a largely aspirational goal for most; our services aim to help businesses take pragmatic steps to move in the right direction, including:

  • Leadership workshops

  • Resilience assessment reviews

  • Resilience Strategy definition

  • Implementation support

 

2. Operational Resilience

 

Operational Resilience is a more tactical, integrated approach to Resilience that aims to provide the various protective disciplines and related risk domain areas with a common approach to prioritisation, improved coordination, collaboration and decision making. Operational Resilience will improve both the effectiveness and efficiency of investment in resilience by promoting aligned goals and outcomes and avoiding overlaps and contradictory positions.

 

UK Financial Service regulators set the lead in this field and this has / is being followed by financial regulators in most key markets. Their expectation is that businesses understand what their critical services are from a client perspective, and that they set Impact Tolerances for these services reported at board level. 

 

The importance of Operational Resilience isn’t confined to meeting regulatory expectations – it represents good practice and makes good business sense in all organisations.

 

Our Operational Resilience services include:

  • Strategy definition

  • Key business service identification, prioritisation, and mapping

  • Risk Appetite and Impact Tolerance setting

  • Management systems and frameworks

  • Measurement and metrics

  • Implementation support

 

3. Business Continuity Management

 

Business Continuity Management (BCM) is a well-established protective discipline that lies at the heart of Resilience. It is a risk-agnostic approach that should improve the capability of an organisation to recover from disruptions and maintain the continuity of delivery of its most important products and services. It usually includes planning for incident and crisis management as well as business continuity and recovery, and increasingly is adopting many of the principles of Operational Resilience in terms of, for example, closer integration with related disciplines such as ERM.

 

BCM is not always implemented as well as it should be in organisations. Sometimes investment and capabilities are eroded over time, or old-fashioned tactical approaches are taken.  There is often misalignment between the business needs of the organisation and what the plans actually cover.

Our services typically build on existing investments in Business Continuity, and address where improvements can be made, although we also have deep experience developing new programmes from scratch.  Our support often includes:

  • BCM Reviews and Benchmarks

  • Design of framework structures

  • Development of / improved Business Impact Assessments (BIAs)

  • Development of / improved Business Continuity Plans (BCPs)

  • Exercise programmes

bottom of page