Rule: focus on streamlining and formalising your operating model within which operational resilience takes place, including improving the quality of data and using technology to enhance the efficiency of approaches.
Action: shift to a streamlined operating model -
there can be overlaps between several existing frameworks and approaches and operational resilience, so take the time to understand the overlaps across a number of areas, including:
operational risk
business continuity
third-party risk and outsourcing.
Once the overlaps are understood, remove silos and streamline the operating model, this will ensure you have an effective and cost-efficient model with resilience at its heart, and that decisions made across the organisation maintain or increase your resilience.
Rule one
Rule: increase your internal and external collaboration to enhance understanding and the ability to respond effectively to disruption.
Action: foster a culture of resilience - everyone in an organisation has a role to play in delivering operational resilience, so break down silos by building a culture of resilience through promoting awareness and understanding of the importance of resilience across the organisation, including:
motivating employees to consider resilience as
an integrated part of their decision making
encouraging collaboration and information
sharing
establishing clear communication channels
internally and with third parties.
Rule two
Rule: enhance your operational resilience and change management approaches to aid in decision-making and support the delivery of your strategic objectives.
Action: ensure resilience is at the heart of change delivery - whether it's waterfall, agile or a hybrid delivery approach, deploy processes and governance that ensure resilience is considered from initiation through to go-live and embedding, such as:
having operational resilience non-functional
requirements in major transformation projects
linking project testing with ongoing scenario
testing
upgrading governance gate checklists to include
operational resilience considerations.
Rule three
Rule: co-ordinate and streamline your operational risk and resilience approaches in order to increase the effectiveness and efficiency of risk-taking, management, and response.
Action: understand how your operational risk and operational resilience approaches can complement each other, then identify synergies and efficiency improvements. For example, co-ordinate or integrate scenario testing across the different elements, including:
resilience testing
stress and scenario testing
reverse stress testing
operational risk scenarios
BCP testing.
This will help reduce duplication of effort and increase efficiency and clarity of understanding.
Rule four
Rule: Make sure your operational resilience approaches are really testing and helping you to build strength and resilience.
Action: develop operational resilience related management information (MI) - as you continue to embed your operational resilience approaches, develop and enhance MI to help you assess and understand whether overall resilience is improving or reducing.
By refining MI and increasing the sophistication of resource mapping and scenario testing, organisations can be more confident that your organisation is truly resilient, or cut straight to the heart of what improvements are needed.
Rule five
Click to show five golden rules for extracting value from operational resilience