Skip Ribbon Commands
Skip to main content

Business Resilience: Build the Plan, Success Will Follow.


In the face of potential extreme events like terrorist attacks, blackouts, widespread pandemics and natural disasters, organizations must be prepared to sustain operations for any eventuality, no matter how remote. Given these concerns, many risk managers are asking how they can better prepare for the threats of tomorrow without compromising the ongoing demands of their business today. An organization’s risk management program must provide the direction required to navigate the current economic storm.

Despite these challenging times, many businesses have weathered the economic storm by integrating crisis management elements into their business resiliency plan. Many succeeded because of their willingness to create and adopt a risk management program.

The key elements of a risk management program include: a culture of business continuity, program management, maintenance and audit of plan, develop business continuity strategies, and understanding the business. The most fundamental element, however, is: understanding the business.

Know Your Game
Understanding your business is critical. Even before plans and strategies for mitigating risks are developed your organization needs to first assess the macro and micro of how the organization operates. The essential steps to assessing your business include:

  • Identifying what is critical (from a people, process, and systems perspective);
  • Understanding the threats that could harm the achievement of your objectives, as well as understanding how vulnerable the organization is to those threats;
  • Performing a comprehensive business impact analysis. Many companies already performed such analyses for their tactical threats, such as natural disaster, technological failures and criminal activity or fraud. As a result, this corporate knowledge may be leveraged to understand their critical activities to combat the operational threats caused by the economic downturn.

Benefits of Resiliency
Building and maintaining a resilient enterprise will not only provide an organization with the foundation to survive a crisis but will also:

  • Reduce costs
  • Improve performance
  • Improve customer service
  • Maintain competitive advantage
  • Protect brand reputation
  • Achieve tactical, operational, and strategic objectives

Multiple Assessments for Multiple Risks
The traditional risk management process, which most companies are accustomed to and rely upon, lacks the application
of an effective threat vulnerability analysis and risk assessment. The ineffectiveness of the traditional process was held to account during the recent credit crunch, when many companies were unable to fiscally survive, or lost market share and/or customer confidence. This is because the traditional risk management approach failed to predict emerging threats; it failed to effectively understand how those threats would be mitigated by the organization; the traditional process also failed to establish how these threats affect the short term and long term strategic objectives of the organization.

To effectively manage risk, the risk management process must include provisions to assess (or at least consider) threats, as well as the level of protection the organization currently employs to deter, deny, detect, disrupt and/or devalue the threat—or, to put it simply, the organization’s vulnerability. Although the mitigation options continue to be on an “all hazards” approach, threats are often identified through coordinated action planning, as well as scenario testing. If you identify—and document—exactly what you want your business to achieve, then you can also begin to identify the possible vulnerabilities that could undermine your ability to achieve those goals. Planning for the unexpected then becomes less about planning for an event or crisis and more about finding ways to ensure that the critical parts of your business needed to achieve your goals are protected.

Developing a Culture of Resilience
Faced with the current economic pressures, many firms are reacting by jumping to conclusions to protect profits. Many are freezing infrastructure investments, mothballing new growth projects, and cutting advertising and recruiting investments. Yet, in order for an organization to be resilient, it is necessary that it be innovative and flexible at all times and effectively manage risks presented. In this highly competitive and increasingly global and complex business environment, organizations are continually challenged to determine not only how to manage risks but also the degree of uncertainty and other, associated risks, the institution is prepared to accept as plans are made to maximize opportunities and create stakeholder value.

This challenge—between structured planning and flexibility ingenuity—can be overcome by establishing a culture
of resilience rather that a corporate culture of short-term, reactionary approaches to making decisions.

Why is traditional risk management planning not enough?

We must consider business response and business recovery.

There are three considerations when developing a culture of resilience: strategic planning considerations, operational planning considerations and tactical planning considerations. For a comprehensive method of examining each (and to appreciate the importance of each perspective) visit Canadian Insurance.

However, in the larger picture, these three considerations enable a business to develop operational solutions focused on the customer and strategic solutions, focused on the mediumand long-term objectives (and values) of the organization.

When developing strategic considerations, companies are reminded that even in an economic downturn, customers must remain their number one priority. This can only be maintained if company’s identify their competitive advantage; develop strategies for protecting their assets (financial and otherwise), and undergo a comprehensive risk assessment and business impact analysis, so that decision-makers and employees can truly appreciate real and current threats to the business.

While the challenge may seem daunting, true business resilience is achieved by integrating these concepts and linking them to your organization’s overall risk management program.

Silos need to be eliminated and plans and programs need to be integrated and mutually supported in order to achieve the synergies that will result in true resiliency and cost efficiency.

Scott Crowley is a Partner and an Enterprise Risk Services Leader at Meyers Norris Penny LLP.