I’m glad the world didn’t end during DRJ Spring World 2017 conference last week, because over 1,000 of the world’s business continuity and disaster recovery specialists were there!
It was another great conference and I had the pleasure of presenting on building resiliency across the organization’s value chain and the key relationship between business resiliency and operational risk management. Both topics were on the minds of attendees as shown by their questions:
- Outside of surviving a high profile disaster, how do we make customers understand the value that our resiliency program adds to our product or service?
- If the company has a critical Third-Party vendor and that vendor outsources, who owns the relationship and the potential risk exposure?
Also, over 20% of the sessions at DRJ dealt with resiliency or risk which shows experts are thinking about the importance of business resiliency on the organization and how risk should be considered more broadly than just recovery.
I mentioned in a previous blog, Driving Resiliency Through Operational Risk Management, that there is a direct correlation between driving business resiliency (versus recovery only) and operational risk management (ORM). I believe collaboration between ORM and business continuity programs is a precursor to improving business resiliency, and the top three reasons are:
- The bigger picture – looking outside typical business continuity type risks, like natural or man-made disasters, broadens our horizon. Considering the potential risk and impacts from supply chains, reputation impairment, social media, regulatory compliance, or even the risk culture within the organization highlight new risks that could have larger affects on the organization’s resiliency that were never dealt with before. Coupled with a view across the value chain, resiliency teams are better able to anticipate how these new risks might impact the going concern of the organization.
- Aligns the Forces – the ORM “umbrella” by its very nature aligns risk functions across the organization, including their methodologies, approaches, resources and outcomes. The key is ORM gets these separate functions on the same page, working together, aligned on priorities, and striving toward agreed upon and appropriate outcomes. Individuals or siloed groups trying to manage risk may feel that their efforts don’t affect the outcomes, but a larger, more coordinated approach does.
- Drives Risk Maturity – as risks become more complex, fluid and pervasive, risk approaches need to mature to enable the organization to become resilient to those risks. ORM is a discipline that continues to evolve and mature, unlike siloed risk functions in every organization that attempt to deal with risks reactively, as best as they can. Every organization should evaluate their holistic risk management capabilities against a maturity model (refer to my blog above), determine where they currently stand and what the end goals is in terms of risk maturity.
Organizations that are able to align siloed risk functions under the auspices of their ORM programs have a better chance to become risk-proactive, even opportunistic. As ORM and Business Resiliency are considered together and measured against the bigger picture of the organization’s value chain, functions like business operations, business continuity, supply chain management and internal audit can understand the risks that impact their organization and implement better measures to ensure the resiliency of the organization.
Send me your comments at Patrick.potter@rsa.com or connect with me @pnpotter1017.
