Third Party Risk Management - Consultancy, Assessment & Advisory

Strategies for Building Resilience

Resilience is a watchword for every risk management team and every governing board. Resilience represents the ability of entities to avoid, prevent, adapt, respond to, recover from, and learn from operational disruptions.[i] While ensuring business continuity is a key aspect of business resilience, resilience and continuity are related but are not the same.[ii] Understanding your own organisation’s resilience requires close and ongoing examination of your organisation’s internal AND external business operational procedures and continuity plans and processes.

Anticipating, responding to, adapting, and recovering from disruptions is an everyday part of the ongoing quest for improved organisational resilience. The rise in ransomware, the pandemic, and increasing Environmental, Social, and Corporate Governance (ESG) concerns have expanded the necessary awareness of disruptive events, and placed increased emphasis on the costs and other impacts of disruptions. Building strategies to improve resilience is a means of hedging the bet against such events, especially those that can cause significant disruption.

Resilience requires a complete understanding of the interdependencies with other organisations, whether they be third parties or competitors. Robust risk management anticipates where problems are most likely to occur and develops approaches to minimise disruptions. Organisations need to design and exercise a repeatable process to guide the review of their own and their vendors’ business operational procedures, controls, and continuity recovery plans. Mapping business processes end-to-end is critical.

A robust review should include:

Adopt a holistic approach to resilience. Even without a global pandemic impacting supply chains, vendor business resilience and availability should be top-of-mind for all organisations. Determine where the weakest links in your supply chain may put your organisation at the greatest risk and establish and work with those parties to strengthen their resilience. When an event occurs affecting your industry peers, examine what happened, observe what the response was, and determine its effectiveness. Explore what your organisation can do differently to make enhance your organisation’s continuity and become more resilient going forward.

Resilience planning and programs are living processes that must incorporate today’s challenges and anticipate the uncertainty and changes that emerge as risk environments evolve. Strong resilience demands that practitioners and boards understand and anticipate organisational needs, which requires firms to have a comprehensive understanding of both the state of internal operations and across vendor ecosystems. As ESG, insurance, and other stakeholder challenges continue to evolve, organisations will be held to aa higher standard for building robust and dynamic strategies that support operational resilience.

With the right support from executive management and boards, improved resilience is in reach!

[i] Shared Assessments Glossary. 2020-2021. Adapted from: Bank of England – Consultation Paper | CP29/19 Operational resilience: Impact tolerances for important business services. December 2019.

[ii] The ISO 22300:2018 standard defines business continuity as: “The capability of an organisation to continue the delivery of products or services at acceptable predefined levels following a disruption”. ISO. 2021. The ISO 22316:2017 standard defines organisational resilience as: “The ability of an organisation to absorb and adapt in a changing environment to enable it to deliver its objectives and to survive and prosper.” Good risk management is an essential part of resilience. Learning feeds both sides of the equation. How the business prepares for something vs how it responds.

This article was originally published by Shared Assessments and is shared with their kind permission.