Your clients no doubt intend to expand their contingency programs, focusing on impacts, connected risk appetite, and tolerance levels for disruption of product or service delivery to internal and external stakeholders. But as these initiatives grow in importance, the question remains: are client operational resilience programs bearing fruit?
Operational resilience by the numbers
BCI set out to answer just that question, releasing the results of its multi-sector survey into operational resilience practices.
The resultant report, the Operational Resilience Report 2022, finds unsurprisingly that operational resilience practices have risen in popularity – quickly. Now, over three quarters of organizations report either having or developing an operational resilience program.
The desire to implement best practices is also driving adoption. Nearly three quarters of respondents reveal that they are developing their operational resilience programs because they want to follow good practices.
Your clients might not understand what operational resilience is
Despite the intention, operational resilience programs themselves are struggling. Often enough, clients might not comprehend what those programs should do.
Survey data suggests that operational resilience programs come to resemble organizational resilience programs, following the ISO 22316 standard as a best-practice prototype. Often, firms confuse operational resilience as “business continuity done well.”
In smaller organizations, specifically, professionals worry that their staff doesn’t have the requisite knowledge and resources to lead the transition to a more strategic and customer-centric operational resilience approach.
Dedicated staff also admits to finding it difficult to understand, monitor, and manage supply-chain risk. Concentration risk is another challenge.
Best practices in operational resilience for your clients
What can clients do? Systems and processes must first be adapted, so that clients can continue to provide services and functions in the event of an incident.
How to go about it? Clients should consider following a framework that encompasses four crucial areas:
- Governance
- Operational risk management
- Business continuity planning
- Management of outsourced relationships
When it comes to governance, client Boards should be made responsible for prioritizing the investment and cultural change required to improve operational resilience
It’s also the Board’s responsibility to approve the identification of their firm’s important business services, impact tolerances, and self-assessment (More later).
What other responsibilities do client Boards have in ensuring operational resilience? Boards should be expected to:
- Have appropriate management information available to inform decisions which have consequences for operational resilience
- Have adequate knowledge, skills, and experience in order to provide constructive challenge to senior management and meet their oversight responsibilities in relation to operational resilience
- Articulate and maintain a culture of risk awareness and ethical behavior for the entire organization, which influences the firm’s operational resilience
That’s not the half of it, though. Continuing reliance on legacy software also stymies achieving operational resilience, as well. How do clients ensure they don’t lose momentum? Ditching legacy software in favor of pragmatic business continuity management software and operational resilience software can provide the much-needed boost.
But what are the technology factors your clients should consider? Download our guide to operational resilience best practices to find out.