Important Update: Community URLs redirect issues are partially resolved. Learn More. .

This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Driving Business Resiliency Through Operational Risk Management

PatrickPotter1
Archer Employee
Archer Employee
‎2017-03-23 02:50 PM

I recently had the pleasure of presenting with a panel of RSA Archer customers on the topic of “Building Resiliency Across the Value Chain” for a Disaster Recovery Journal webinar.

Two key questions were posed to the 80 attendees. The first question was: “Where is your organization on the business resilience scale?”  The responses were:

  • Recovery only (5%)
  • Mainly recovery with some focus on resiliency (53%)
  • Mainly resiliency with some focus on recovery (18%)
  • Very resiliency-oriented (18%)
  • Other (5%)

The second question was: “How closely do your business continuity/IT disaster recover/crisis management teams work with or integrate with operational risk teams?”  The responses were:

  • Not at all (2%)
  • Sporadic discussions when required (32%)
  • We are working with ORM more and more (28%)
  • BC/DR/CM is well aligned with or a part of ORM (32%)
  • Other (6%)

90% of respondents indicated they are addressing resiliency at some level, and 92% have BC/DR/CM teams integrated with operational risk management (ORM) teams. The alignment of responses to these two questions is no coincidence.  There is a direct correlation between business resiliency and effective risk management that more and more organizations are benefitting from as they continue to mature their operational risk management and business continuity or resiliency programs.

What does GRC maturity look like? The RSA Archer maturity model defines three stages for GRC maturity:

Screen Shot 2017-03-23 at 9.17.51 AM.png

Diagram 1 – RSA Archer Maturity Model

As organizations mature their operational risk management programs, their business resiliency capabilities grow as well, often due to three factors:  

  1. Methodologies – deploying risk assessment and treatment approaches (e.g., ISO 31000) and common business impact analyses (BIA) consistently across the organization
  2. Priorities – consistently applying common methodologies drives more aligned priorities and higher consensus 
  3. Actions – clear priorities drive better understanding, prioritization, and execution

These three factors initiate proactivity, consistency, and alignment in both the risk management and resiliency practices and culture of the organization.

Risk management is, by its very nature, a proactive practice, as is business resiliency. The two go hand in hand.

For comments, contact me at Patrick.potter@rsa.com or @pnpotter1017.

Popular Articles