Michael D. Moberly January 12, 2012
I suspect there are very few, if any, management teams today, including c-suites and boards that do not recognize the necessity for their company to have reasonable assurance of operational continuity should certain risks/threats materialize. Enterprise risk management is no longer solely about (risk) prevention or mitigation rather it’s about creating organizational resilience.
Today’s business transaction environment, for both large and small companies is truly global in which each of the following are the norm:
- business interdependencies and alliances
- supply chains that are multifaceted, lengthier, and ‘just in time’
- elevated vulnerability – probability of disruptions and materialization of risk that carry the capability of producing immediate, adverse, and cascading affects that ripple throughout an enterprise (internally and externally)
…too, each is prompting management teams, as fiduciary responsibilities, to reassess the conventional business continuity – contingency plan to determine if it reflects today’s necessary standard’s for organizational resilience?
Determining (assessing) with some degree of precision, just how resilient a company really is to the growing array of (asymmetric) business risks and threats is challenging, but absolutely necessary today. Many of those risks, should they materialize, their adverse (potential cascading) affects can be immediate, relentless, and devastating insofar as undermining and eroding a company’s value, standing, market share, and revenue streams, etc., regardless of a company’s size, industry sector, or whether it publicly or privately held.
The bottom line, in my view is, some materialized risks/threats cannot be fully or readily mitigated or reversed without recognizing the need to have a viable and comprehensive organizational resilience plan in place.
One business reality that makes organizational resilience all the more critical is that growing numbers of analysts as well as consumers, clients, and suppliers:
- possess a propensity to exhibit – express a sense of skepticism, cynicism , and are generally less-believing of company’s resiliency motivated (public) communications following the occurrence of a risk-threat event
- can readily find satisfactory alternatives to meet their needs either in the interim or permanently due to which certain risks materialize, i.e., product recalls, production – supply chain disruptions, etc.
…that render products temporarily unavailable or cause question about their quality.
I find the single greatest challenge to helping company’s design and execute an organizational resilience plan is achieving consensus about the criticality of certain processes, products, and assets (tangible and intangible) insofar as measurably elevating a company’s resilience, i.e., returning to a state of operational normalcy as quickly as possible, following an adverse event or act.
A word of caution though, management teams that inadvertently overlook or do not specifically include a company’s intangible assets in their organizational resilience plan are not merely being near-sighted or neglectful of their fiduciary responsibilities, they’re actually taking their company down a much more riskier path because:
- 65+% of most company’s value, sources of revenue, and building blocks for growth and sustainability today lie in – directly evolve from intangible assets, and
- intangible assets are frequently more fragile, transportable, and therefore vulnerable to adverse events or acts.
(This post was inspired by Michael D. Moberly’s interpretation of ASIS Internationals’ 2009 ’Organizational Resilience’ standard.)