Robin Gaddum believes that the real opportunity for resilience
is to bridge the gap between risk management and performance improvement. In
this article Robin explains why this is the case…
Over the last decade the term resilience has permeated the world
of business and management. Of course, different professions have talked about
resilience for much longer, for example personal resilience in the field
of psychology and resilience in computer systems or networks. Over
the last decade business resilience has emerged, promoted by business
continuity professionals like me as the next evolutionary step forwards
for the business continuity profession.
Like many new ideas, different groups have got hold of
resilience, not least the business development functions of management
consultancy firms. As a result resilience has been hyped just like other new
ideas, like cloud and big data. The problem is, nobody has really
nailed what resilience means in the world of business and management. No
one person has the answer and, like scientific research, as a collective our
understanding creeps forwards as those pioneering in the field try to figure it
out and communicate it to the rest of us.
Defining resilience
This is where guidance standards may be helpful. I've been
privileged to serve on the BSI standards committee for continuity and
resilience for a number of years now. I'm generally not a fan of
committees but this is a good one, populated by experienced industry
professionals and with broad stakeholder community representation. I was
involved in the development of BS 65000:2014 - Guidance on Organizational
Resilience, which has helped move our understanding of Resilience forwards.
The definition of Organizational Resilience in BS 65000:2014 is the ‘ability
of an organization to anticipate, prepare for, and respond and adapt to
incremental change and sudden disruptions in order to survive and prosper.’
Of course, the field of Organizational Resilience is still
evolving and in writing BS 65000:2014 those of us involved were the first to
admit that it contributes to the evolving field, perhaps like a foundation on
which we can build. Currently, an international standard on
organizational resilience is in draft, although still some way off publication.
Standards seek to codify good practice and hence typically lag behind the
leading practice curve.
The missing link
So, what's missing? In my opinion, we have not yet made
the resilience link between downside risk mitigation and upside opportunity
exploitation. In the definition above, the word adapt is too easily
missed.
The real opportunity for resilience is to bridge the gap between
risk management and performance improvement. Establishing a clear link
showing how resilience demonstrably aids in the achievement of an
organization's strategic objectives will secure senior executive sponsorship.
I've sought to illustrate this pictorially in the image below, which is
hopefully self-explanatory:
There are three numbered points on the image that I will
explain:
1. A collaborative, self-critical, risk-aware
and opportunity - seeking culture embedded in the organization’s values
provides the foundation for resilience.
2. Capabilities and capacity establish the organization’s
resilience to disruptive events.
3. Change towards the desired future state relies on projects
and programmes that leverage the organization’s values and its knowledge
of its capabilities and capacity.
Of course, this diagram is my attempt to add to the debate,
based on something I've used that has worked for me. It may not be
perfect and it'd be great to gather suggestions for improvement. Then we can
move our collective understanding of Resilience another step forwards.
About the author
Robin Gaddum is currently Associate Partner, Resilience at IBM.
No comments:
Post a Comment