‘Resilience’ means many different things to many different people. Our focus is on the resilience of organisations, and in particular resilience to short and medium term disruption. Resilience and risk management activities are closely related (and should be aligned). They differ in that Resilience concentrates on the ability of the organisation to resist (and even exploit) and recover from disruption regardless of the cause.
We look at Resilience in three ways:
1. Organisational Resilience
Organisational Resilience is based on an understanding of why businesses fail, and of what capabilities and attributes are needed not only to improve their resilience but also to take advantage of potentially disruptive change. Early thinking on this has been captured in standards including BS65000 and ISO22316, the former of which our Resilience technical lead Martin Caddick helped to develop.
However, full Organisational Resilience remains a largely aspirational goal for most organisations. Our services aim to help businesses take pragmatic steps to move in the right direction, including:
Resilience assessment reviews
Resilience Strategy definition
2. Operational Resilience
Operational Resilience is the more tactical approach to Resilience aiming to provide the various protective disciplines and related risk domain areas with a common approach to prioritisation, with improved coordination, collaboration and decision making. Operational Resilience will improve both the effectiveness and efficiency of your investment in this area.
UK Financial Service regulators have set a lead in this field with their discussion paper DP01/18, and this lead is being followed by financial regulators in most key markets. Their expectation is that businesses understand what their critical services are from a client perspective, and that they set Impact Tolerances for these services reported at board level.
The importance of Operational Resilience isn’t confined to meeting regulatory expectations – it represents good practice and makes good business sense in all organisations.
Our Operational Resilience services include:
Key business service identification, prioritisation, and mapping
Risk Appetite and Impact Tolerance setting
Management systems and frameworks
Measurement and metrics
3. Business Continuity Management
Business Continuity Management (BCM) is a well-established protective discipline that lies at the heart of Resilience. It is a risk-agnostic approach that should improve the capability of an organisation to recover from disruptions and maintain the continuity of delivery of its most important products and services. It usually includes planning for incident and crisis management as well as business continuity and recovery.
BCM is not always implemented as well as it should be in organisations. Sometimes investment and capabilities are eroded over time, or old-fashioned tactical approaches are taken. There is often misalignment between the business needs of the organisation and what the plans actually cover.
Our services typically build on existing investments in Business Continuity, and address where improvements can be made. This includes:
BCM Reviews and Benchmarks
Definition of governance, framework and structure
Improved Business Impact Assessment
Improved Business Continuity Plans