Roads to Resilience

Principles of resilience

The five principles of resilience are difficult to achieve. Each one is essential for achieving resilience, as no one of them is more important than the others, nor can any of them be ignored. The components of the principles identified by the research are listed in Table 1.1 and the principles themselves are described below: 1.  Resilient organisations have exceptional risk radar. Risk radar helps an organisation identify issues before they develop into major incidents, it gives an early warning, and helps risks to be considered in aggregate and different types of risk information to be collated. This is achieved by ensuring that everyone in the organisation is aware of the importance of risk and the need for vigilance, in relation to strategy, tactics and operations . No one individual and no single function (such as the risk management department) can be as effective at detecting risks as an organisation with high involvement. 2.  Resilient organisations have resources and assets that are flexible and diversified. They establish clear operational risk appetite positions and then identify potential weaknesses through scenario analyses and stress-testing of strategy, tactics and operations . They use the diversity of resources to reduce risk and develop the necessary skills for risk management, throughout the organisation and beyond. This could include avoiding single points of failure, reducing dependence on single critical resources, including suppliers, markets, brands, products, investors, knowledge and customers. Resilient organisations are aware of intangible assets such as reputation and develop proactive strategies to manage these assets. 3.  Resilient organisations value and build strong relationships and networks. Resilient organisations do not just manage risk within their own organisational boundaries. They proactively manage risk throughout their networks of customers, suppliers, contractors and business partners. A customer-centric approach is crucial, as it shapes the way all types of relationships are formed. Openness with all stakeholders engenders trust and loyalty, as well as a desire to collaborate and share information. This means that when adversity hits an organisation, all stakeholders communicate with each other.

4.  Resilient organisations have the capability to ensure decisive and rapid response. A key characteristic of rapid response is that an organisation not only has defined processes for dealing with predictable risks, but (perhaps more importantly) also the ability to respond to and cope with the unexpected. To achieve this, employees have the skills, structures, motivation and empowerment to respond appropriately. They are able to respond swiftly to an incident to ensure that it does not escalate into a crisis or disaster and to restore the organisation to a (perhaps new) normal as quickly as possible. procedures and staff training are always being tested, refined and enhanced. This results in employees being self-critical and willing to openly admit mistakes and report near-miss incidents in the knowledge that this openness will strengthen the resilience of the organisation. Every potential adverse event or circumstance is identified, analysed and evaluated, so that lessons are learned and improvements made to strategy, tactics, processes and capabilities. 5.  Resilient organisations review and adapt to changes and adverse events. Risk management Figure 1.1 shows that underlying and embracing the principles of resilience are four business enablers. These business enablers define and support the business model for the organisation. They are people and culture; business structure; strategy, tactics and operations ; and leadership and governance . As indicated by the figure, the enablers can, in combination, be used to support resilience. The ways in which the business enablers lead to increased resilience are context-specific, as they depend on the size, nature and complexity of the organisation, as well as its business environment and wider capabilities. All organisations have these enablers in place, but their differing nature indicates why there are different roads to resilience. Every organisation has the capability to achieve increased resilience, but it requires risk professionals and boards to decide how each of the business enablers can be enhanced to change the way an organisation views risk management and the achievement of increased resilience. Business enablers

19

Roads to Resilience: Building dynamic approaches to risk to achieve future success