Operational Resilience: Can they see it; test it; prove it?

Operational Resilience: See it. Prove it. Test it.
Millington Gumbo, MBCI, MIRM
Senior BCM Consultant, ContinuitySA
IDRC Davos 2010
2 June 2010

Agenda
Definitions and Context
Why resilience matters
The link between private sector & societal resilience
Operational Resilience in a private sector context
How to build, measure and test Operational Resilience
Conclusions
IDRC Davos 2010

Resiliency
The ability to bounce back from adversity
The ability to return to the status-quo after going through a traumatic event
The ability to recover readily from a disruption
IDRC Davos 2010
© ContinuitySA

The Resilience Context
The planet
Civilisation
International Institutions
Regional Institutions
Governments
National/ public Institutions
Local government entities/ Cities
Private Organisations
Ecosystems
Communities
Families
Individuals
IDRC Davos 2010
© ContinuitySA

Why Resilience Matters
Because our civilisation is at stake from man-made/ internal factors (and not necessarily external threats as per the stereotypes created by Hollywood movies).
IDRC Davos 2010
© ContinuitySA

Why Resilience Matters
The certainty of disasters in a turbulent world and turbulent times
Oil spills
Terrorism
Earthquakes
IDRC Davos 2010
© ContinuitySA

Why Resilience Is Needed
The certainty of disasters in a turbulent world and turbulent times
Pandemics
The Ark
War and/or threats of War
IDRC Davos 2010
© ContinuitySA

The Resilience Continuum
Private
organisations
Local
government
National
institutions/
governments
Ecosystems
Communities
Families
Individuals
0
20
40
60
80
100
No resilience
Abundant resilience
IDRC Davos 2010
© ContinuitySA

Some Resilience Equations
Resilient Individuals = Resilient Families
Resilient Families = Resilient Communities
Resilient Communities = Resilient Ecosystems
Resilient Ecosystems = Resilient Local Governments
Resilient Local Governments = Resilient National Government
Resilient Private Organisations = Resilient Communities/ Societies +
Resilient Families + Resilient Ecosystems
IDRC Davos 2010
© ContinuitySA

The Importance of Private Sector Resilience
Achieving private sector resilience is the first step to attaining societal resilience
IDRC Davos 2010
© ContinuitySA

Why Private Sector Resilience Matters
“Institutions are vessels into which we as human beings pour our energies, passion and our wisdom.
We often hope to be survived by the organisations we serve.
For if our genes constitute our individual biological serves, our institutions constitute our collective purposeful selves”.
Gary Hamel & Lisa Valikangas
IDRC Davos 2010
© ContinuitySA

Why Private Sector Resilience Matters
Private institutions are
Resilience Enablers
Private institutions can also
be Resilience Destroyers
IDRC Davos 2010
© ContinuitySA

Private Sector Organisations & Resilience
As Resilience Destroyers:
As Resilience Enablers:
Climate change agents -
Pollution of ecosystems
CO2 emissions
Environmental degradation
Wealth creation
Employment
Corporate Social
Investment
Capital and infrastructural
investments
IDRC Davos 2010
© ContinuitySA

Understanding Operational Resiliency
The sum total of all measures to ensurecontinuity of operations after a disruptive event.
Emergency Response
Crisis Management
Business Continuity
Supply chain integrity
Workforce continuity
Stakeholder engagement
Market share protection
Reputation management
IDRC Davos 2010
© ContinuitySA

The imperative for resilience in our time
for private sector organisations
The age of super-automation
Unparalleled
co- dependencies and global supply chains
Unrelenting natural catastrophes
The ever present threat of terrorism
Impact on organisational/ business resilience
IDRC Davos 2010
© ContinuitySA

The imperative for resilience in our time: Shareholder’s number 1 fear
Operational disruptions/ disasters
destabilise organisational
resiliency
Non routine events can destroy
shareholder value
But they can also have far reaching
repercussions on society...
IDRC Davos 2010
© ContinuitySA

The imperative for resilience in our time: The far reaching implications of an operational disruption
Volcanic Eruption.
Global Disruption
IDRC Davos 2010
© ContinuitySA

Making organisations resilient
Resilient Private Organisations = Resilient Communities/ Societies +
Resilient Families + Resilient Ecosystems
IDRC Davos 2010
© ContinuitySA

Making organisations resilient
The Solution: Business Continuity Management (BCM)
IDRC Davos 2010

Why BCM is the ideal resilience enabler
IT Service Continuity
Sites resilience
Mission critical focus
Workforce continuity
Sets parameters for recovery rapidity
Supply chain integrity
Considers risk tolerance
Customer/community focus
Addresses pre-event risk mitigation issues
Single view of vulnerability impacts across the core and extended enterprise
before and after the disruptive event
IDRC Davos 2010
© ContinuitySA

Why BCM is a resilience enabler for organisations
High
Operational Resilience
Low
Low
High
BCM Capability and Maturity
IDRC Davos 2010
© ContinuitySA

Developing aBCM Capability and Maturity Model:Critical Success Factors
Executive Leadership and Support
Maintenance Reviews and Audits
Resources/ Expertise
Single point of failure management
BCP Testing
Recovery Infrastructure
End to end risk mitigation measures
Strategy to achieve RTO
Business Continuity Plans
Strategy to achieve RPO
Incident Management Framework
Incident Response Framework
IDRC Davos 2010
© ContinuitySA

Measuring organisational resiliency using a BCM Capability and Maturity Model
94>100%
Level 5 – Recoverability is certifiable to BS 25999
Level 4 – Can recover ALL mission critical functions within agreed RTOs and possibly even thrive in the aftermath of a disruption using proactive methods
61>94%
41>60%
Level 3 – Can recover SOME mission critical functions within agreed RTOs using a combination of proactive and reactive methods
21>40%
Level 2 – Can recover limited functions/ processes via informal and undocumented methods
0>20%
Level 1 – Will not recover or survive
IDRC Davos 2010
© ContinuitySA

BCM and Organisational Risk Tolerance
Maximum Tolerable Period of Disruption
Disrupted business processes
No go zone
“Unchartered territory”
Decision
time
Invocation >>>
RTOs & RPOs
IT
Notification
Premises
3rd parties
RTOs
RTO
People
IDRC Davos 2010
© ContinuitySA

Role of Organisational Resiliency Managers in Societal Resilience
Integrating cross-disciplinary disaster reduction & risk management interventions
End to end resilience facilitators across geographical locations
Driven by a mandate and culture of institutional longevity
IDRC Davos 2010
© ContinuitySA

Resilient Private Organisations = Resilient Communities/ Societies + Resilient Families + Resilient Ecosystems + a Resilient Civilisation
Ultimately and if necessary, the same BCM principles from
the private sector could be applied to help humanity
survive a cosmic catastrophe and continue our civilisation
elsewhere in the universe .
Beyond a cosmic catastrophe…
AD 200X ?
Present Day…
IDRC Davos 2010
© ContinuitySA

Thank you for your attention
Millington Gumbo, MBCI, MIRM
Senior BCM Consultant @ ContinuitySA
Mobile: +27 72 217 7183 or +27 83 260 9173
Landline: +27 11 554 8000
millington.gumbo@continuitysa.co.za
millington.gumbo@googlemail.com
LinkedIn:http://za.linkedin.com/pub/millington-gumbo/a/a15/542
** Allpictures courtesy of Google images **

Operational Resilience: Can they see it; test it; prove it?

by Global Risk Forum GRFDavos

Accessibility

Categories

Upload Details

Usage Rights

1 Embed 18

Statistics

Operational Resilience: Can they see it; test it; prove it? Presentation Transcript