Flying an airplane is no easy feat. If you don’t believe me, just check out the cockpit of this Boeing 747-400! Even the most well-trained and experienced pilot has a myriad of details to think about during each and every flight – from navigation, to weather and air traffic control, to aircraft operations; not to mention flying conditions like air speed, altitude and turbulence. To successfully operate the aircraft, the pilot has a litany of controls, dashboards, indicators, gauges, GPS and flight schedules they rely on. They have to monitor and use these interrelated procedures and controls at all times during each flight – and every flight is different. They also have to manage risks along the way, such as weather, other flights and disruptions, along with complying with from Federal Aviation Administration (FAA) regulations and policies instituted by their airline or employer. With any aircraft there are built in safeguards, controls, and standard operating procedures to ensure safe operations is the highest priority. There are also backup procedures and steps to follow in the event something doesn’t go as planned or unknown risks present themselves. This is a perfect example of how resiliency is built into a process.
The Business Continuity Management (BCM) industry is changing to take a similar focus. Just take a look at the latest governing standard – ISO 22303/22313, which is all about building resiliency into the business, expanding the scope from historic business recovery. Resiliency needs to be incorporated into all areas of the business – from risk management, to performing the business processes themselves, to managing IT, third parties, and more. The latest analyst predictions of the BCM market substantiate this movement as well. However, when we look introspectively at our own companies and functions, do we know just how resilient our functions, company or organization are, and what we can do to drive resiliency throughout the organization?
What most organizations struggle with is not the desire to be resilient, but the ways to put this into practice. Back to the airplane analogy, in order to drive true resiliency, there have to be interrelationships between processes. Just like the pilot who manages the flight, navigation adjustments, risks that come up and compliance simultaneously, our organizations don’t work in silos either. For example, in this day and age of cost cutting and process reengineering, it’s common to see business process managers that are also risk managers that have BC plans to update and test, vendors to evaluate and controls to follow. The challenge is most of our business processes and teams work alone. What further complicates matters is unlike the pilot who has interrelated tools, dashboards and controls, most automated tools they’re using are not inter-related. They’re also not very intuitive or easy to learn. They are typically not used very often, so end user adoption isn’t very successful and intended process improvement and return on investment is rarely achieved.
Governance, Risk and Compliance (GRC) attempts to weave together separate processes into inter-related disciplines. Even if step by step, the organization that sees and implements a true vision of related, resilient processes and automation, and does so from the perspective of the end user will significantly improve adoption, achieve greater ROI and be far ahead in building true resiliency into the organization. Like the pilot flying above clouds, seeing the vast horizon ahead of them, our organizations will fly higher on the wings of business resiliency!