Operational Resilience refers to an organization’s ability to respond to disruptions within its practices, partnerships and procedures.. A key principle to this concept is the acceptance that these disturbances will happen, inevitably, and that firms must be able to respond quickly and appropriately. Simply put, stuff happens. However, you must be ready when it does. According to the Central Bank Guidance, there are three pillars of Operational Resilience:
- Identify and Prepare
- Respond and Adapt
- Recover and learn
In order to prepare for impacts to your business, you must understand the most vulnerable aspects of the organization as well as who and what will be the most affected. Identifying the critical services and personnel associated with these procedures is a crucial part of practicing operational resilience and protecting your organization. Determining the critical services and procedures of an organization is the first and one of the most important parts of operational resilience. Understanding this will allow you to put in place safeguards that will help insulate these operations from potential disruptions. The board and chief management must understand that they are ultimately responsible for the organization’s operational resilience of the firm. They must also examine and approve the standards in which you identify these important services with the goal of creating a management-wide goal of operational resilience. Once the most important services are outlined, you must put in place impact tolerances and clear metrics to monitor them.
Now that you know the crucial areas of your business and how it could be affected, you must strategically develop plans and procedures to respond and adapt to disturbances to those functions. You must create an overarching framework of responses that key management functions such as crisis communication and business continuity management can implement effectively. A firm must clearly detail responses to specific, plausible scenarios that have been rigorously tested. You may also develop new procedures that could remedy existing holes in your operations or run more efficiently.
After identifying, preparing and responding to a scenario, a firm must also be able to bounce back from the aftermath. A firm should use this time as a period of reflection to understand why the disruption occurred and how it can be prevented from happening again. As much information as possible should be gathered to understand the scope of the issue and its origins. This data will provide insights that will allow a firm to recover and learn from its mistakes. When exercising this reflection, you should consider how the issue arose, the impact sustained to critical or important delivery and business services and who was affected. You should also use this time to survey the risk controls that were in place in relation to the problem and how effective they were. How could those controls be more effective? What new controls could you put in place to lessen the impact? Were the impact tolerances used adequate?
Learning from these disruptions is an important part of ensuring they will not happen again, or at the very least, will lessen the negative impact. Using these three pillars of operational resilience is an important way keep your organization strong and effective.