If the word “disruption” sounds familiar, it’s because we’re living in one of the most volatile times in recent history. The COVID-19 pandemic created major challenges for supply chains and third-party relationships, which in turn has had a ripple effect on the market and an organization’s ability to provide products and services.
Recently, two famous examples in Asia-Pacific alone have been highlighted by KPMG to demonstrate just how susceptible these supply chains can be to disruption: Some semi-conductor manufacturers will not return to full production capacity for two or three years, creating new stresses for a wide range of technology-orientated industries. Furthermore, a surge in demand for bicycles has results in part and equipment shortages across the region, disrupting transportation networks.
By looking at the impact of this disruption, we can see that operational resilience is imperative for organizations to prevent mass disruption. The good news is that it is achievable. It just means that as governance, risk, and compliance challenges are ever-changing, the constant rise of new regulations also requires the implementation of a strong integrated risk management plan.
Why is Operational Resilience Needed?
According to Gartner, operational resilience is defined as “initiatives that expand business continuity management programs to focus on the impacts, connected risk appetite and tolerance levels for disruption of product or service delivery to internal and external stakeholders.”
So how did operational resilience suddenly become such a hot topic? The pandemic, border tensions, cyberattacks, and operational failures have forced organizations to identify their most critical business services, consider vulnerabilities that are broader than cyberattacks and IT failures, and define a consistent approach to prevent, adapt, and respond. In essence, operational resilience provides assurance to protect against various mishaps that can arise within an organization. And those threats such as the pandemic have made the construction of this framework even more vital.
Recently, we’ve learned a lot about the way the world works under pressure. For one, we need to be able to look at what processes used to work, which ones are still useful, and which ones are broken and need changed. The frequency of manual processes within businesses is continuing to shrink, especially when considering the sheer number of organizations with a hybrid or work from home model. While these changes can seem overwhelming and maybe even uncomfortable to an extent, it’s the root of what operational resilience is. Being able to pivot in times of change, while displaying grit and determination, will lead to positive adoptions when transformation is least expected. Small amounts of progress soon lead to large-scale noticeable change, which will prove beneficial to an organization from top to bottom.
Achieving Operational Resilience Through Risk Management
One of the first steps in achieving a strong operational resilience plan is to understand the volume and velocity of interconnected risks that exists within the organization, as well as third-party risks. Then, the shift can be made to automated processes. Implementing artificial intelligence (AI) technology has rocketed to the forefront for organizations that want to make their routine processes – whether its financial, human resources, marketing, or otherwise – as efficient as possible. That being said, human intelligence still does reign supreme, especially when logical decisions are involved, because of the direct proximity to the process at hand.
AI also allows for multiple risks to be managed simultaneously, which becomes especially prevalent in times of chaos. In contrast, a disorderly, manual process to manage risks can lead to little or no progress.
Finding Stability in Times of Chaos
Speaking of managing multiple risks at the same time – what happens when conflicting regulatory priorities come to the surface? As noted by a report on the Asia-Pacific regulatory environment by Deloitte, there are a large number of new and escalating regulatory challenges that organizations face: “Many of the themes have to do with resilience and sustainability,” the report notes. “Respond with agility to a changing landscape; to weather market events with minimal service disruptions; and, to work towards long-term sustainability of their business models. We also consider upcoming challenges presented by the application of new technologies and the looming threat of climate change.”
Because of this, an organization is bound to face a dilemma when considering which regulation to sort through first. But not only do global companies need to constantly be aware of these regulations, but a holistic view of regulatory requirements will uncover issues that were previously hidden. Once again, AI can establish a common risk platform that leads to a singular number assessing an organization’s risk standpoint. Outside of AI, regulatory priorities can be handled within boardrooms, where executives can build practical solutions to manage risks while forming a consensus opinion on their risk management landscape.
Even when the best laid out risk management plan is thought-through, several external threats can arise, such as security breaches and ransomware attacks. While no risk management plan is inherently perfect, a carefully-designed solution that is executed properly is the best form of crisis management for an organization.
Looking Ahead to the Future of Operational Resilience
An integrated risk management approach is key to achieving operational resilience regardless of what type of business you lead. As Governance, Risk and Compliance (GRC) solutions become more sophisticated, data gradually moves from qualitative-based to quantitative. This means that information that was once complex and difficult to sort through is now easy to understand and to translate into action. Once again, AI can only do so much on its own – people must retain active involvement in the risk management process. For example, it is critical to engage the frontline, as they are often your first line of defense. You need to equip them with the physical tools to adhere to all compliance and regulatory policies. Furthermore, combining digital platforms with artificial intelligence allows risk leaders to interpret and learn from data, highlight patterns, and effect specific tasks and outcomes.
If it was not obvious by now, a strong risk management solution is the backbone to being operationally resilient. With proper processes in place to mitigate and attack risks before they become a real threat, the likelihood of chaos ensuing in the wake of a crisis becomes much less. The pandemic is just one example of how companies can get derailed when issues such as flaws in the supply chain arise.
Although the decisions involved in managing growing threats or potential attacks and compliance issues may seem overwhelming, the truth is, achieving operational resilience is not as far-reaching as organizations once envisioned. Integrated risk management becomes the key to achieving operational resilience and helping you turn volatility into order.