Organisational resilience has moved centre stage for many businesses during the pandemic. That is why IRM’s Innovation Special Interest Group has published fresh guidance for risk professionals, which is available here.
The paper defines operational resilience (OR) as the blend of proactive ERM culture and process that focuses on maintaining continuity in a disruptive climate. It provides long-term viability within fast-moving external and internal environments.
“Risk management has always been part of organisational resilience, and ERM plays a vital function in cementing these various disciplines together,” the report says. “ERM determines risk and resilience thresholds, assesses the exposures and impacts while determining priority areas.”
It also integrates perspectives and ensures that resilience components generate outputs that keep actual organisational resilience capabilities within risk appetite, and tolerance. ERM ensures consistency in decision- making processes. It enables organisations to grasp alternatives by scanning the horizon and analysing scenarios that help define bespoke preventative and corrective controls.
“Our discussions indicate that it’s mature and integrated risk management practices that drive and enhance organisational resilience,” the paper says. “To work, these practices must include co-operation that breaks down, potentially damaging silo mindsets.” Risk managers must understand emerging vulnerabilities in order to create agile corporate structures and operations that are embedded in a coherent, consistent and resilient risk culture.
The SIG’s research found that:
Organisations often fall short on OR risk practices. That can be because there is a fundamental lack of maturity in risk cultures and ERM practices. Or, there is little clear clear communication – or commitment – from senior management teams regarding the value of risk management and resilience.
A number of chief risk officers told the researchers that thorough resilience propositions are “sold” in easier after a failure or crisis. “Prior to such failures, one could venture that risk management and resilience was more lip-service than in-depth preparedness,” the report says. “This indicates issues at the strategic cultural level that creates a false assurance from planning that’s more aspirational than practical.”
A lack of connectivity across a meaningful operational resilience framework has caught out many organisations in the current climate, the report concludes.