It’s the Monday morning you don’t want.

Social media is buzzing because a customer has just posted serious allegations about damage caused by your products. The finance team are worried they may have made incorrect payments following a phishing attack. Your risk management team has highlighted what could be a serious regulatory breach as a result of process automation.

And you’re about to go into a review of a recent bold entry into an entirely new market.

The week has only just begun and you’re already facing a series of events to test the operational resilience of your business.

If there’s one thing you can be certain of – more tests like these are coming, and soon. The future success of your business depends as much on your capability to weather these tests, as it does on your own commercial strategies and plans.

Operational resilience – bending without breaking

Businesses, particularly but not exclusively those in financial services, face more risks than ever before. The digital and regulatory worlds are growing ever more complex, presenting both new opportunities and challenges. The voices of stakeholders are getting louder – customers, employees, investors and the wider community. 

Risk is part of doing business and it’s not all negative. Growth, through exploring new opportunities, means taking risks to reap rewards.

Operational resilience is about protecting your core business when disruption occurs. It’s not just about minimising the impact – it’s about using that impact to enable forward movement. Bouncing forward, rather than just bouncing back.

Benefits of increasing your operational resilience

Operational resilience can be viewed negatively or positively. Negatively means thinking of it as disaster recovery planning – having an action list to minimise the impact of problems that occur. It’s only about minimising damage.

A positive view on operational resilience means harnessing it to help the business make better decisions. The strategies required to achieve resilience help develop a culture that in turn builds customer trust and commercial value. 

A proactive approach to building operational resilience includes:

  • Aligning with expectations of regulators.
  • Meeting customer expectations.
  • Eliminating gaps between IT operations and the core business.
  • Developing a robust risk management culture.

The benefits of achieving solid operational resilience include:

  • Improved customer trust.
  • Better decision-making from the board downwards.
  • A more agile business environment.
  • Reduced risk of criticism from regulators.

The first step in moving from a negative to a positive perspective on operational resilience is to stop seeing it as a burden but to seize on it as an opportunity.

Building a resilient business

Resilience is about your firm’s ability to continue delivering, even when facing adversity. It achieves this by anticipating issues, avoiding them where possible, along with adapting and learning from challenging situations.

Achieving resilience requires:

  • Aligning resilience planning with business strategy.
  • A clear understanding of risks and trends.
  • Leadership from the very top.
  • Implementation across the business.

It can be difficult to know where to start because it encompasses the entire organisation with its many disciplines. Here are some key areas that should be considered as operational resilience is developed.

Identify the core

What are the core functions, or services, that must be protected as much as possible? What do you need to continue operating in order to remain viable?

Not everything is core. Deciding what’s in and what’s out involves looking at the value they add to the business – not just today, but into the future. 

Define where you want to be and assess where you are today

Achieving operational resilience is a journey, and before you set out, it’s important to understand what the journey will entail. 

Mapping out your current position involves a review of many aspects of the business, including:

  • Governance.
  • Risk management.
  • Change management.
  • Cyber security.
  • Capacity management.
  • Suppliers and other external relationships.

It’s important to be clear about the organisation’s appetite for risk, as this will help inform where it wants to be. 

The future state of operational resilience must include assessment of the culture, people and processes required for prevention, recovery and adaptation. It should be founded on the assumption that disruption will happen.

Roadmap to resilience

The route from where you are today to that future state of robust operational resilience will typically involve the following:

  1. Common definition and strategy for resilience.
    • Led from the top.
    • Ensures consistent language and expectations.
  1. Design of an operating model.
    • Includes implementation across the organisation.
    • Aligns resilience disciplines with business models.
  1. Establishing active oversight.
    • Measuring and reporting, with KPIs and Risk Indicators.
    • Ensuring visibility up to board level.

There are four essential elements that underpin resilience planning – premises, people, technology and external stakeholders. Each of these is mapped to core processes across the business, such as customer relationships, payments and treasury.

Taking the customer view

While the outcome is to protect the business, the most effective operational resilience strategies put the customer at the centre. Regulation, technology and business practices revolve around the customer, so it’s vital that their perspective is paramount.

The role of GRC software in operational resilience 

Regulatory pressures, new technologies and heightened customer awareness make for an increasingly complex environment, particularly for financial services businesses. Keeping up with the many and evolving requirements has led to firms operating recording and reporting systems spread across multiple documents in different teams and formats. 

This makes reporting time-consuming and difficult, which in turn impacts the speed and quality of decision-making.

The answer is GRC software, a business-wide solution that automates many of the processes associated with maintaining operational resilience.

The 1RS GRC solutions have been built and are maintained by risk and compliance experts. They allow you to manage the continually evolving regulatory landscape, mapped to your business processes.

Benefits that our clients enjoy include:

  • Issue and risk event tracking.
  • Scheduling of self-assessments.
  • Automation of mapping and testing.

All of these tools form part of their strategy to maintain success, by becoming more resilient in today’s demanding marketplace.

To learn more about how the 1RS solution can help your business improve its operational resilience, get in touch with us today.

risk risk management