Business resilience is an organisation’s ability to quickly adapt to disruptions while maintaining continuous business operation, safeguarding people and assets and maintaining or even building brand equity. The concept itself is not new; but it has a name that encompasses the range of disciplines for identifying and managing business risks, change, disruption, crises and emergencies. The result is an approach that strengthens the business by reducing cost, exposure, and stress; ensures compliance and builds a constructive culture.
As a CIO you are constantly strengthening your system’s capability, working to improve recovery competence and to reduce down time, whether caused through implementation of change, information and data security, infrastructure failures, supplier dependency, data corruption or system/software failures. The question is how?
The CIO is a key player in company-wide efforts to improve information, operational and organisational resilience. It is important for you because what affects one part of the organisation has flow on effects to the rest of the business operations, your staff, reputation and clients.
Just as you would expect another part of your organisation to implement information and security strategies that are set by your team, you need to be across what they are doing and understand the associated risks. Development of a new product or service capability in one area provides both opportunity and risk for the whole organisation.
Consider what triggers your sixth sense that disruption is looming. There are so many variables such as markets, new technologies, political climates, public sentiment, activism, organisational change, economics and even the weather. You need to understand what trends matter to your business or the industry in which you operate. Interpreting these trends and emerging issues is critical so that you are positioned for the pre-emptive strike that mitigates the disruption or potential impact. This takes intelligence, planning, proven processes and a diligent team.
Many organisations are seeking to improve resilience through a number of methods including increasing cyber security capability. Cyber-resilient organisations are better positioned to keep pace with evolving threats, thereby helping them to avoid financial damage, negative publicity, and loss of customers’ trust.
Resilient businesses are utilising intelligence and investigation specialists, investing in sophisticated prevention, detection and response systems and building environments that are secure and trusted. They are linking into business continuity activities by aligning recovery capability and business expectations of maximum acceptable outage times. Organisations must the understand interdependencies between each business unit, systems dependency and supplier capability. Management teams are investing in incident management and crisis leadership training to ensure that their people are prepared to manage change, disruption and crises.
Organisations are learning quickly that resistance is futile and resilience is finite unless you plan, engage, prepare, test, re-engage, pilot, re-engage and rollout (and are prepared to roll back when absolutely necessary). Project management, change implementation and management need to be planned for and managed with precision and rigour.
Market leaders are finding that resilience needs to be owned by the entire C-suite rather than by one manager. CIOs are working to understand whether their innovation or enablement strategies leave them more vulnerable and are challenged by how a business can protect itself and increase enablement.
Take the time to understand how your organisation can take on organisational change and new technologies with minimal disruption. Review your plans and procedures to manage issues, crises and emergencies and ensure they are fit for purpose. A few fundamentals will ensure you are on the track to a more resilient organisation and culture:
- Identify, assess and manage risks associated with the change or projects
- Engage and empower stakeholders – staff, stakeholders, clients – take them on the journey with you
- Resource appropriately
- Communicate with and train staff
- Understand and document how to undertake automated processes manually (the old way)
- Find a balance between sprinting and BAU (business as usual)
- Value your people, encourage their input and ideas and have fun
- Understand what your competition is doing in this space
- Set up processes for practising and improving your resilience and ensure your approach is sustainable and getting results.
A resilient organisation understands its vulnerabilities; works to prevent problems from happening; prepares to cope with whatever the world throws at it; and responds flexibly, creatively and with agility to bounce back better than before.
Resilience cannot be added after-the-fact or on a sporadic, discretionary basis. It must be part of the fundamental operating model—ingrained at the outset into objectives, strategies, processes, technologies—and even culture.
Resilience is not just a cool term used by the C-Suite to impress Boards and shareholders, it is relevant to every part of the business and when developed effectively improves productivity, customer relationships and culture. A constructive approach to resilience can reduce down time, generate strategies to manage disruption and buy time for issues and problems to be resolved. It is of paramount importance that systems and IT infrastructure and all operations are robust and supported by teams who are able to respond flexibly and creatively to disruption regardless of the cause.
Samantha Ford is Senior Consultant, Tigertail Australia
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.