Today, companies are obliged, fiduciarily, and otherwise to be increasingly risk resilient…however, achieving risk resiliency is much more than conventional enterprise risk management. Instead, it’s about creating operating units that are sufficiently ‘risk resilient’ (sustainable) if – when risks do materialize.
In other words, achieving a state of risk resilience, recognizes – encompasses the importance, necessity, and fiduciary responsibility for companies to be reasonably assured there will be (sustainable0 operational continuity through effective contingencies that emerge relative to the speed and cascading affects of the risk. https://kpstrat.com/wp-admin/post.php?post=1543
Business operation – transaction environments are routinely described here as go fast, go hard, go global, go black…along with variations of these operating norms, e.g.,
- development of alliances. collaborations, and interdependencies.
- creating multi-sourced, global, and/or ‘just in time’ supply chains.
- an elevated vulnerability – probability for operational disruptions prefaced by materialization of risk that often produce immediate and adverse affects that cascade throughout an enterprise (internally and externally).
Each circumstance variously prompts more business leaders…akin to a fiduciary responsibility, to revisit – reassess their company’s, very likely, conventional business continuity – contingency plan to determine if it reflects…
- the keystroke speed which business risk can materialize.
- the asymmetric nature of business risk, and therefore,
- the necessity to be ‘organizationally resilient’.
Determining (assessing) with some degree of precision…just how resilient a company is to the growing array of (asymmetric) business risks, can be challenging, but its necessity cannot be understated relative to business sustainability. For example, many business risks, if-when they materialize, their adverse (potential cascading) affects can be immediate and potentially irreversible insofar as undermining and eroding a company’s value, market space standing and share, and revenues, etc., regardless of a company’s size or sector. To be sure, one need not look far to see ample evidence of this occurring regularly. https://kpstrat.com/wp-admin/post.php?post=1295
Of course, some materialized (business) risks …
- are amenable only to minimal mitigation.
- have a low probability to achieve comprehensive – rapid reversal, or
- return to full operational normalcy.
…absent a viable and comprehensive organizational resilience plan being in place, in advance!
One business reality that makes organizational resilience all the more essential is that growing numbers of analysts as well as consumers, clients, and suppliers…
- possess a ready propensity to publicly express – exhibit their sense of skepticism and cynicism, and
- are generally skeptical of company’s post-risk event remarks-communications, and
- consumers can readily find-secure satisfactory alternatives in the interim, which may become permanent.
Some challenges to helping company’s design and execute effective (business specific) organizational resilience plans...often center on,
- achieving actionable consensus regarding the vulnerability, probability, and criticality which certain risks pose to companies structural capital, products, and tangible – intangible assets,
- measurably elevating a company’s resilience, i.e., the ability to return to a state of operational normalcy as quickly as possible, following an adverse event or act.
Leadership and management teams that overlook – dismiss the inclusion of intangible assets…in organizational resilience planning are exhibiting near-sightedness and neglect of their fiduciary responsibilities, as well as taking their company down a far more riskier path, especially when considered in light of these (economic) facts…
- 80+% of most company value, sources of revenue, and ‘building blocks’ for competitiveness, growth, and sustainability today lie in – directly evolve from intangible assets, and
- intangible assets are frequently (more) fragile, transportable, and vulnerable to adverse (risk) events and acts.
Becoming a (more) risk resilient company encompasses three key – distinct components…
1. having management systems in place that recognize the relationship between the mitigation, management, and response to disruptive – risk events that adversely affect a company’s mission, i.e., value, revenues, and competitiveness, with a strong sense of timeliness, foreseeability, and practical risk assessment.
2.bringing conventional security and risk management strategies-systems into a balanced and synergistic framework to ensure a company is sufficiently adaptive and responsive to change produced by the materialization of risk(internally, externally) which can impact company sustainability and survivability.
3. an operational culture that facilitates-enables timely awareness of and resistance to, i.e., immunity, to the adverse affects of particular risks, i.e., acts, events, behaviors, etc., which, when correctly applied, enable – serve as preludes to a company rapidly returning to a state of operational (performance) normalcy in an acceptable time period.
Operationally speaking, ‘organizational resilience’ differs markedly from conventional security and risk management approaches…due, in large part to its focus on (a.) advance preparations, (b.) balancing probability-vulnerability-criticality relative to when, how, where the affects-consequences of risks will manifest, and (c.) a decided shift away from ‘conventional risk management’ strategies, those being largely reactive actions to a highly proactive, adaptive, maneuverable, and continually improving and integrated set of actions.
Organizational resilience is particularly well suited to the ‘systems approach’…with its requisite cross-disciplinary – inclusive framework that compels leadership and management teams to collectively identify and examine risks as independent variables relative to vulnerability, probability, and criticality. This practice includes, for example, examining risks that may have a relatively low probability for occurrence but carry inordinately high consequences (criticality), i.e., potential for significant adverse cascading effects throughout an enterprise.
I would be remiss, if I did not say, some business leaders, management teams, and security-asset protection practitioners portray the ‘organizational resilience’ movement as merely constituting a re-packaged version of conventional business continuity and contingency planning. Not so!
This post was adapted from the fine work of Dr. Mark Siegel and the newly adopted American National Standard on Organizational Resilience and inspired by Michael D. Moberly’s interpretation of ASIS Internationals’ 2009 ’Organizational Resilience’ standard.
Michael D. Moberly – August 15, 2018 – St. Louis – kpstrat.com. – [email protected] – ‘Business Intangible Asset Blog’ (since May 2006) https://kpstrat.com/blog where one’s attention span, business realities, and solutions converge! Intangible Asset Strategist and Risk Specialist
Readers can explore other papers, books, and posts I have published at https://kpstrat.com/books/