How organisations can build resiliency to risk and disruption
Modern organisations operate in a world of change and complexity, often unrealised and unseen. Keeping this change and complexity in sync with the broader business strategy, as well as operational processes, poses a momentous challenge for risk management processes and functions, particularly given the additional challenge of the lack of visibility to this risk.
Given the evolving nature of the modern organisation in today’s chaotic business environment, we must ask ourselves: "How can organisations build a resiliency to emerging risks and disruptions to the business?"
Resiliency, within this context, can be no better defined than within the official definition of governance, risk and compliance (GRC), defined and developed by OCEG — which is a capability to reliably achieve objectives, while addressing uncertainty and acting with integrity.
Gaining a complete understanding of organisational and operational resilience requires a holistic and comprehensive understanding of the context of the organisation, relating to meeting organisational objectives and strategy, in order to be able to manage risk and disruption in the pursuit of achieving overall business objectives.
The modern organisation
In order to fully understand the state of operational resiliency, first, we must consider the state of the chaotic, modern business environment. Modern organisations are:
Interrupted. The evolving nature of modern business added on top of the complexity of scattered operations, and decentralised/siloed information, makes disruption to operational objectives inevitable. Modern organisations have a need to manage high amounts of internal, as well as external, risk data across a multitude of processes, relationships and functions in order to gain an understanding of organisational risk, compliance and performance. The overall volume of risk, and the speed in which it can cause disruption, is capable of completely overwhelming the organisation and can threaten to bring the business to a near halt at a time when agility is crucial to the pursuit of the overall objectives. What is significantly alarming is the extent of the issues that is so limitedly understood by so many senior executives in all corporations, large and small.
Scattered. Business has changed dramatically. The old brick-and-mortar approach has become extinct, and modern business has become an interconnected snare of often global relationships and transactions that can affect all facets of the organisation.
Constantly evolving. The nature of business in our contemporary world is very dynamic. Change is a given, and technologies, processes and objectives are evolving simultaneously with changes in regulations around the world, risk and governance procedures. Meanwhile, distributed operations are growing, creating a multiplicity of potential risk environments for the organisation across the globe.
Achieving operational resiliency
In order to achieve operational resiliency, organisations must attain a comprehensive real-time view of the full scope of the context of the organisation, in order to achieve an integrated view of risk across the business, ie, organisations must gain a full picture of how risk can impact its processes, products, services, clients, suppliers, etc, and how it interconnects throughout the organisation. Business continuity and operational risk management (ORM) are therefore intrinsically related and connected and should be integrated together.
Making this connection is a key aspect of operational resiliency. Resiliency requires that the organisation manage the interconnection of risk functions such as information management, third-party management, compliance, operations, performance, etc. Since operational risk management encompasses a multitude of risk functions and departments throughout the organisation, it is crucial that these functions collaborate and are integrated in order to connect ORM to the bigger picture of operational strategy in order to achieve a transparent and true state of resiliency.
Historically, this risk is managed in isolated silos. ORM is often misapplied as a result of these uncoordinated and nonstrategic approaches confined in silos and corporate egos that get in the way of developing a sound operational risk strategy to protect the organisation from risk exposure and achieve business objectives. Risk is pervasive; there can be numerous departments throughout these organisations that manage risk, with completely different approaches and thoughts on what risk is and how it should be measured and managed.
An integrated information and technology architecture is critical for organisations to build a more thoughtful and strategic approach to operational risk strategy. Organisations need complete situational awareness and vision into risk scattered across systems, operations, processes, relationships and data in order to fully achieve operational resiliency, and to gain an understanding of the full impact of risk throughout the organisation holistically and its impact on strategy, objectives and performance.
Click here if you would like to participate in a free, comprehensive EGRC & IT Governance Maturity Assessment. The assessment has been compiled by leading enterprise GRC and information security, cyber risk and information privacy governance advisory experts. It's quick, it's simple and you will receive an expert and detailed report as an outcome of having done the assessment for your organisation. A series of reports that can be confidently used to bring the leadership of your organisation rapidly up to speed on the real exposures faced by your business!
The steps are simple: