During last twelve to twenty four months we have all experienced extraordinary uncertainty primarily due to natural calamity, COVID-19 pandemic, unstable global economy, political differences leading to war scenario and others. We have even witnessed that large well run fortune 500 companies have failed the test during this period despite having a good risk and governance framework.
Organisations with a fragmented risk and resilience framework lack visibility to have a consistent program across functions and departments and are not in a position to leverage risk and resilience insights to improve planning and decision making.
Risk Management is all about identification, assessing, evaluate, and measure risks followed by monitor, mitigate, and minimize those risks.
The Basel Committee defines operational resilience as “the ability to deliver critical operations through disruption.” The principles of operational resilience aim to strengthen banks’ ability to withstand operational risk-related events that could cause significant operational failures or wide-scale disruptions in financial markets, such as pandemics, cyber incidents, technology failures or natural disasters.
Step 1 – Identify Critical Business Services
Step 2 – Resource Mapping and Dependency
Step 3 – Set Impact Tolerance
Step 4 – Measure and Monitor the Tolerance Level
Step 5 – Scenario Testing
Step 6 – Continuous Improvement
Benefits of an integrated Risk and Resilience framework
Decision makers who are sufficiently risk aware understand the potential threats and opportunities that will emanate from their decisions and always will try to take a calculated risk which will work towards their advantage with well thought out mitigation plan.
By reliably remaining online and continuously delivering services to clients during disruptions, resilient organisations maintain and enhance their reputation.
Receptiveness to change
Allocating adequately skilled resources to the high-risk corporate initiatives is essential to the overall sustainability of the business.
In a world of accelerated change, a resilient organisation is in a better position to accommodate the speed at which organisations can respond to change as it is vital and can drive competitive advantage and sustained relevance.
Better trust and stakeholder confidence
Taking strategy decisions that are in line with the Board’s risk appetite is essential to ensuring that management is acting in line with the stakeholders’ expectations.
Resilience drives effective engagement and communication with stakeholders, reliability and consistency, which ultimately builds trust.
Informed and future-fit strategic initiatives
An organisation’s risk appetite provides direction and a good basis for selecting strategies and strategic initiatives.
An organisation’s resilience posture may increase or decrease the risk of new strategies being implemented.
Where risks are regularly defined and updated at the strategic level, it helps increase awareness around emerging risks and, in the process of risk treatments, reduces strategic and operational surprises.
More efficient operations through value chain analysis, elimination of inefficiencies and continuous enhancement driven by operational resilience.
More agility and flexibility
Creating alternative futures, systems thinking and key risk indicators allows for reliable and fast decision making.
A resilient organisation is better prepared to respond swiftly and effectively to emerging trends, needs and stakeholder expectations.
Reduced cost and impact associated with incidents and sudden disruptions
Risk reporting reflecting integrated and aggregated risk information (top-down and bottom-up), linked to risk owners and control owners as well as risk response strategies allow for a clear understanding of all stakeholders and strategies that are impacted by a particular risk across the company’s risk profile.
Resilience principles drive organisations to find and maximise synergies in the microenvironment and external business ecosystem, providing benefits to the entire ecosystem
(Source guideline on integrating strategy, Risk and Resilience 2022 edition – The institute of risk management South Africa)
The integrated risk and resilience approach is where most organizations will find the greatest balance in collaborative risk and resiliency management and oversight.