Organisational resilience has moved centre stage for many businesses during the pandemic. That is why IRM’s Innovation Special Interest Group has published fresh guidance for risk professionals, which is available here.

The paper defines operational resilience (OR) as the blend of proactive ERM culture and process that focuses on maintaining continuity in a disruptive climate. It provides long-term viability within fast-moving external and internal environments.

Risk management’s role

“Risk management has always been part of organisational resilience, and ERM plays a vital function in cementing these various disciplines together,” the report says. “ERM determines risk and resilience thresholds, assesses the exposures and impacts while determining priority areas.”

It also integrates perspectives and ensures that resilience components generate outputs that keep actual organisational resilience capabilities within risk appetite, and tolerance. ERM ensures consistency in decision- making processes. It enables organisations to grasp alternatives by scanning the horizon and analysing scenarios that help define bespoke preventative and corrective controls.

Breaking down silos

“Our discussions indicate that it’s mature and integrated risk management practices that drive and enhance organisational resilience,” the paper says. “To work, these practices must include co-operation that breaks down, potentially damaging silo mindsets.” Risk managers must understand emerging vulnerabilities in order to create agile corporate structures and operations that are embedded in a coherent, consistent and resilient risk culture.

The SIG’s research found that:

• More mature organisational resilience practices are related to more mature ERM practices because they receive Board support and are driven proactively by CROs
• Successful OR is built upon clear communication channels and collaboration across departments and hierarchies that breaks down’ silo’ mentalities
• OR is developed by CROs who look beyond mere tick-box exercises to reflect upon the broader challenges and opportunities that affect the future of organisational practice and competitive advantage
• Companies must continuously check their OR capabilities in a timely fashion to make sure they’re within risk appetites and tolerances. This helps avoid unpleasant surprises during turbulent periods
• New technology, such as risk apps, can create globally scaleable and affordable measurements of performance. These precisely and judiciously track emerging risks to maintain OR levels optimally

Trips, traps and snags

Organisations often fall short on OR risk practices. That can be because there is a fundamental lack of maturity in risk cultures and ERM practices. Or, there is little clear clear communication – or commitment – from senior management teams regarding the value of risk management and resilience.

A number of chief risk officers told the researchers that thorough resilience propositions are “sold” in easier after a failure or crisis. “Prior to such failures, one could venture that risk management and resilience was more lip-service than in-depth preparedness,” the report says. “This indicates issues at the strategic cultural level that creates a false assurance from planning that’s more aspirational than practical.”

A lack of connectivity across a meaningful operational resilience framework has caught out many organisations in the current climate, the report concludes.

Download your copy here.