Michael D. Moberly July 15, 2010
Becoming a risk resilient company encompasses three key elements:
1. Having management systems in place that link the control of and response to adverse and/or disruptive events to a company’s core mission through a strong sense of foreseeability and practical risk assessment.
2. Bringing conventional security and risk management systems into a balanced and synergistic framework to ensure a company is sufficiently adaptive and responsive to changes and risks within their business environment (internally, externally) that can impact their sustainability and/or survivability.
3. A culture that facilitates awareness and resistance, an immunity of sorts, to the affects of particular risks and/or adverse events which enables a company to return to an acceptable state of operational normalcy and performance in an acceptable time period should certain risks/threats actually materialize.
Operationally speaking, organizational resilience differs markedly from conventional security and/or risk management approaches due to its focus on (a.) preparedness, (b.) balancing the probability and consequences of risks, and (c.) shifting away from (risk management) being a primarily reactive activity to being a highly proactive, adaptive, and continually improving activity.
Organizational resilience is particularly well suited to the ‘systems approach’ with its requisite cross-disciplinary inclusive framework that compels stakeholders to identify and examine risks as independent variables relative to vulnerability, probability, and criticality. This includes, for example, examining risks that may have a relatively low probability for occurrence but carry inordinately high consequences, i.e., potential for significant adverse cascading effects throughout an enterprise and its external stakeholders.
Some consider the ‘organizational resilience’ movement to merely be a re-packaged version of conventional business continuity and contingency planning. Be assured, it’s not! Much more to come on organizational resilience.
(This post was adapted from the work of Dr. Mark Siegel and the newly adopted American National Standard on Organizational Resilience.)
The ‘Business IP and Intangible Asset Blog’ is researched and written by Mr. Moberly to provide insights and additional views for company management teams, boards, and employees to aid in identifying, assessing, valuing, protecting, and profiting from their intangible assets. I welcome and respect your comments and perspectives at firstname.lastname@example.org.