Operational Resilience: Can they see it; test it; prove it?

  • 1,846 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,846
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
0
Comments
0
Likes
4

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • About CSA:BCM Consulting ServicesDisaster Recovery SitesComplete Continuity TrainingRepresentation at BCI boardComplete Continuity Training
  • PersonalIntroductionBackgroundAbout CSAIntroduce title
  • Here’s a quick overview of the aspects we are going to examine in this presentation. We will look at some definitions of resilience and how it applies in different contexts.
  • We can examine the concept of resilience in various contexts.Go through them ----- bottom up.This is not necessarily a comprehensive listing but the thing to note is that these contexts of resilience are not mutually exclusive entities. In a sense, the resilience of one context affect all the others and indeed the resilience of one context leads to the resilience of all and of course the opposite is true. And looking at resilience in the totality of the different contexts shown above, you could say that the resilience of our planet is as strong as its weakest link.
  • Lets turn our attention if we may, to the question of why does resilience matter? Why is it needed in our world?To my mind the simple answer is that resilience is needed because our civilisation at stake from causes of our own making, quite contrary to the stereotypes created by Hollywood movies which suggest that the our greatest threats are from external forces.
  • ANSWERING THE QUESTION WHY RESILIENCE IS NEEDED IN OUR WORLD?The frequency of disasters in modern times, has removed all reservations regarding their certainty. Catastrophes on the scale shown in the above recent events are no longer a rarity but a certainty. Our anxieties no longer centre around the issue of IF but when and where next, will the next catastrophe occur.During the course of the first quarter of this year (2010) alone, 3 major catastrophic earthquakes have struck various locations on the globe – in Haiti, Chile, and China. The devastation caused by these earthquakes runs into millions of dollars for the affected private enterprises, whilst the cost to communities and families is incalculable.On other fronts, the imbalances in our social and economic spheres continue to deepen, consigning our world into a perpetual state of instability in which the threat of terrorism often plays out with tragic impacts on governments and private organisations alike.
  • WHY RESILIENCE IS NEEDED IN OUR WORLDWe are living in very turbulent times; times fraught with higher levels of risk perhaps more than at any other point in the history of mankind. The range of threats arrayed against any organization in today’s environment has become a perplexing catalogue of unknowns which can strike at any time. It is now widely acknowledged that worst-case operational disruptions are becoming less of a rarity – a phenomenon which is causing much anxiety for executives. Wars can leads to global supply chain disruptions. Pandemics can cause widespread workforce continuity issues.
  • And so to my mind, in view of all of this, it is instructive that we begin to explore the adoption of a unified resilience continuum which takes into account the various contexts in which we frame resilience. Such a continuum must establish on a progressive scale from say zero to 100, the measure of resilience that can be assigned to each entity contributing to the resilience of our way of life. The value in such a resilience continuum is tremendous. I believe it can help us to establish the minimum acceptable threshold of resilience in each context which will ultimately affect the overall resilience (and therefore the sustainability) of our civilisation.
  • If we attempt to examine resilience as series of mathematical equations, the following becomes clearly apparent.....And so in the end we can see that there exists mutually symbitiotic resilience correlations which we need to leverage. But far more significant is the resilience of private organisations because as we can see resilient organisations lead to resilient families and resilient sociteies and ecosystems.
  • Private sector resilience is crucial because in achieving it, we take the first step in attaining societal resilience.
  • Gary Hamel in a paper published in the Havard Business Review had this to say about the role (and indeed the meaning) of the organisations we work for in our lives......... And let me add, that in view of the central importance of organisations in defining our way of life, we can ensure their longevity but only once we have succeeded in making them resilient.
  • To be fair, as much as private institutions play role in enabling societal resilience, they can also be resilience destroyers. You only have to look at the current unfolding BP Oil Spill crisis in the Gulf of Mexico to see how private organisations can destroy societal and indeed ecosystem resilience.
  • The duality of organisations.... Looking at it from a ying-and-yang perspective, we can see the duality of organisations as we start examining ways in which these organisations can on the one hand be resilience enablers ...... Or if they are left to make wrong choices, they can contribute to the destruction of societal resilience.
  • So clearly there is a compelling case as to why we need to understand operational resilience.Just what is operational resilience..... It is the “sum total of all measures to ........................................”
  • And now more than ever, the imperative for resilience in our time for pvt organisation has been accentuated by our dependency on technology....All of these factors have made us hyper-sensitive to non-routine events/ disruptive events and disasters.
  • Perhaps amongst the plethora of fears confronting shareholders, none is greater than the threat of an operational disruption.....Why ... Because OD destabilise organisational resiliene which in turn erode shareholder value and which in turn can have far reaching repercussions on society.
  • Take the aviationchaos wrought by the icelandic volcano as a case in point....Among other things it brought trans-continental supply chains to their knees. At the onset of the crisis, no-one would have predicted that the crisis would severely affect flower growing farmers in Kenya whose livelihoods and indeed the livelihoods of their children depend on flower exports. Look at what this farmer in Kenya had to say.... Elsewhere in the world, due to the volcano induced air transportation restrictions, there were other dire consequences for patients awaiting bone marrow transplants and the like....And I would like to put it to you that most these repurcussions could have been avoided if the organisations caught up in this crisis one way or the other were operationally resilient.
  • How then does an organisation set about the task of making itself resilient...... Keeping in mind that organisational resiliency translates to resilient societies and ecosystems.
  • One of most compelling solutions in our time which can be applied towards the effort of making our organisations resilient is BCM – Business Continuity Management
  • These are some of the reasons why BCM is the ideal candidate to enable organisational resiliency:It has a mission critical focus ....analyses vulnerability impacts across the entire enterprise, but focuses on protecting mission critical/ vital functions and the resources which support them.It sets parameters for recovery rapidity – how quickly mission critical functions and activities should be recovered in order to ensure survival and continuity of operationsIt considers the important aspect of organisational risk tolerance (and more on this later).............. Carry on in this vein until list is exhausted...
  • Most interestingly however is the fact that increasing BCM capability and maturity, leads to a corresponding increase in operational resilience. In otherwords, as an organisation’s BCM comptency increases so does its level of resilience; its ability to bounce back and continue operating after disruptive events.
  • So now we see that developing and adoptinga BCM Capability and Maturity model is a key prerequisite for organisational resiliency. But what are some of the critical success factors which should be included in such a model..... From my experience working in the field of BCM at ContinuitySA, the following are the non-negotiable critical success factors which should be considered.
  • Once the critical success factors have been established, you then have a set of objective criteria which can be used to measure organisational resilency as proposed here...
  • This in turn, will give your organisational resiliency meaningful VISIBILITY and VALIDITY in that you can at a glance, determine the resilience perfomance of your organisation, and pin point areas of weakness which need to improved. So with the dashboard, you can represent to your stakeholders the results of your efforts to build resilience in the organisation.
  • BCM also allows you to set non-negotiable parameters to ensure that in the event of a disruptive event, mission critical activities which sustain the organisation, are recovered before a point of no return is reached. This point of no return is expressed as the Maximum Tolerable Period of Disruption. Recovery Time Objectives which do not exceed this absolute measure of risk tolerance are then apportioned for each vital resource and the critical activities it supports.
  • Which brings me to the end of my presentation at which point I wish to impress on you this one thought which I trust will be translated into action all over the world......“The world desperately needs a unified approach to resilience and this role must be championed by Organisational Resiliency Managers who:Will integrate cross disciplinary DRR and RM interventions;Facilitate end to end resilience across geographical locations Be driven by a mandate and culture of ensuring organisational longevity – organisations which exist not only to make profit but contribute to a sustainable world throughout the ages
  • And so we come to an end of our presentation, which has considered the link between organisational resiliency and making our civilisations a resilient and therefore a sustainable one.
  • Thank you for your interest and attention. I hope we can continue to discuss this linkage between private sector resilience and societal resilience during the course of the conference. I have brought with me a limited number materials which explain the role my company plays in helping private organisations become operationally resilient which I am glad to share with any of you that might be interested. I will now take any questions that you might have. Thank you once again.

Transcript

  • 1.
  • 2. Operational Resilience: See it. Prove it. Test it.
    Millington Gumbo, MBCI, MIRM
    Senior BCM Consultant, ContinuitySA
    IDRC Davos 2010
    2 June 2010
  • 3. Agenda
    Definitions and Context
    Why resilience matters
    The link between private sector & societal resilience
    Operational Resilience in a private sector context
    How to build, measure and test Operational Resilience
    Conclusions
    IDRC Davos 2010
  • 4. Resiliency
    The ability to bounce back from adversity
    The ability to return to the status-quo after going through a traumatic event
    The ability to recover readily from a disruption
    IDRC Davos 2010
    © ContinuitySA
  • 5. The Resilience Context
    The planet
    Civilisation
    International Institutions
    Regional Institutions
    Governments
    National/ public Institutions
    Local government entities/ Cities
    Private Organisations
    Ecosystems
    Communities
    Families
    Individuals
    IDRC Davos 2010
    © ContinuitySA
  • 6. Why Resilience Matters
    Because our civilisation is at stake from man-made/ internal factors (and not necessarily external threats as per the stereotypes created by Hollywood movies).
    IDRC Davos 2010
    © ContinuitySA
  • 7. Why Resilience Matters
    The certainty of disasters in a turbulent world and turbulent times
    Oil spills
    Terrorism
    Earthquakes
    IDRC Davos 2010
    © ContinuitySA
  • 8. Why Resilience Is Needed
    The certainty of disasters in a turbulent world and turbulent times
    Pandemics
    The Ark
    War and/or threats of War
    IDRC Davos 2010
    © ContinuitySA
  • 9. The Resilience Continuum
    Private
    organisations
    Local
    government
    National
    institutions/
    governments
    Ecosystems
    Communities
    Families
    Individuals
    0
    20
    40
    60
    80
    100
    No resilience
    Abundant resilience
    IDRC Davos 2010
    © ContinuitySA
  • 10. Some Resilience Equations
    Resilient Individuals = Resilient Families
    Resilient Families = Resilient Communities
    Resilient Communities = Resilient Ecosystems
    Resilient Ecosystems = Resilient Local Governments
    Resilient Local Governments = Resilient National Government
    Resilient Private Organisations = Resilient Communities/ Societies +
    Resilient Families + Resilient Ecosystems
    IDRC Davos 2010
    © ContinuitySA
  • 11. The Importance of Private Sector Resilience
    Achieving private sector resilience is the first step to attaining societal resilience
    IDRC Davos 2010
    © ContinuitySA
  • 12. Why Private Sector Resilience Matters
    “Institutions are vessels into which we as human beings pour our energies, passion and our wisdom.
    We often hope to be survived by the organisations we serve.
    For if our genes constitute our individual biological serves, our institutions constitute our collective purposeful selves”.
    Gary Hamel & Lisa Valikangas
    IDRC Davos 2010
    © ContinuitySA
  • 13. Why Private Sector Resilience Matters
    Private institutions are
    Resilience Enablers
    Private institutions can also
    be Resilience Destroyers
    IDRC Davos 2010
    © ContinuitySA
  • 14. Private Sector Organisations & Resilience
    As Resilience Destroyers:
    As Resilience Enablers:
    Climate change agents -
    Pollution of ecosystems
    CO2 emissions
    Environmental degradation
    Wealth creation
    Employment
    Corporate Social
    Investment
    Capital and infrastructural
    investments
    IDRC Davos 2010
    © ContinuitySA
  • 15. Understanding Operational Resiliency
    The sum total of all measures to ensurecontinuity of operations after a disruptive event.
    Emergency Response
    Crisis Management
    Business Continuity
    Supply chain integrity
    Workforce continuity
    Stakeholder engagement
    Market share protection
    Reputation management
    IDRC Davos 2010
    © ContinuitySA
  • 16. The imperative for resilience in our time
    for private sector organisations
    The age of super-automation
    Unparalleled
    co- dependencies and global supply chains
    Unrelenting natural catastrophes
    The ever present threat of terrorism
    Impact on organisational/ business resilience
    IDRC Davos 2010
    © ContinuitySA
  • 17. The imperative for resilience in our time: Shareholder’s number 1 fear
    Operational disruptions/ disasters
    destabilise organisational
    resiliency
    Non routine events can destroy
    shareholder value
    But they can also have far reaching
    repercussions on society...
    IDRC Davos 2010
    © ContinuitySA
  • 18. The imperative for resilience in our time: The far reaching implications of an operational disruption
    Volcanic Eruption.
    Global Disruption
    IDRC Davos 2010
    © ContinuitySA
  • 19. Making organisations resilient
    Resilient Private Organisations = Resilient Communities/ Societies +
    Resilient Families + Resilient Ecosystems
    IDRC Davos 2010
    © ContinuitySA
  • 20. Making organisations resilient
    The Solution: Business Continuity Management (BCM)
    IDRC Davos 2010
  • 21. Why BCM is the ideal resilience enabler
    IT Service Continuity
    Sites resilience
    Mission critical focus
    Workforce continuity
    Sets parameters for recovery rapidity
    Supply chain integrity
    Considers risk tolerance
    Customer/community focus
    Addresses pre-event risk mitigation issues
    Single view of vulnerability impacts across the core and extended enterprise
    before and after the disruptive event
    IDRC Davos 2010
    © ContinuitySA
  • 22. Why BCM is a resilience enabler for organisations
    High
    Operational Resilience
    Low
    Low
    High
    BCM Capability and Maturity
    IDRC Davos 2010
    © ContinuitySA
  • 23. Developing aBCM Capability and Maturity Model:Critical Success Factors
    Executive Leadership and Support
    Maintenance Reviews and Audits
    Resources/ Expertise
    Single point of failure management
    BCP Testing
    Recovery Infrastructure
    End to end risk mitigation measures
    Strategy to achieve RTO
    Business Continuity Plans
    Strategy to achieve RPO
    Incident Management Framework
    Incident Response Framework
    IDRC Davos 2010
    © ContinuitySA
  • 24. Measuring organisational resiliency using a BCM Capability and Maturity Model
    94>100%
    Level 5 – Recoverability is certifiable to BS 25999
    Level 4 – Can recover ALL mission critical functions within agreed RTOs and possibly even thrive in the aftermath of a disruption using proactive methods
    61>94%
    41>60%
    Level 3 – Can recover SOME mission critical functions within agreed RTOs using a combination of proactive and reactive methods
    21>40%
    Level 2 – Can recover limited functions/ processes via informal and undocumented methods
    0>20%
    Level 1 – Will not recover or survive
    IDRC Davos 2010
    © ContinuitySA
  • 25. Tracking Operational Resilience using a BCM Capability and Maturity model
    IDRC Davos 2010
    © ContinuitySA
  • 26. BCM and Organisational Risk Tolerance
    Maximum Tolerable Period of Disruption
    Disrupted business processes
    No go zone
    “Unchartered territory”
    Decision
    time
    Invocation >>>
    RTOs & RPOs
    IT
    Notification
    Premises
    3rd parties
    RTOs
    RTO
    People
    IDRC Davos 2010
    © ContinuitySA
  • 27. Role of Organisational Resiliency Managers in Societal Resilience
    Integrating cross-disciplinary disaster reduction & risk management interventions
    End to end resilience facilitators across geographical locations
    Driven by a mandate and culture of institutional longevity
    IDRC Davos 2010
    © ContinuitySA
  • 28. Resilient Private Organisations = Resilient Communities/ Societies + Resilient Families + Resilient Ecosystems + a Resilient Civilisation
    Ultimately and if necessary, the same BCM principles from
    the private sector could be applied to help humanity
    survive a cosmic catastrophe and continue our civilisation
    elsewhere in the universe .
    Beyond a cosmic catastrophe…
    AD 200X ?
    Present Day…
    IDRC Davos 2010
    © ContinuitySA
  • 29. Thank you for your attention
    Millington Gumbo, MBCI, MIRM
    Senior BCM Consultant @ ContinuitySA
    Mobile: +27 72 217 7183 or +27 83 260 9173
    Landline: +27 11 554 8000
    millington.gumbo@continuitysa.co.za
    millington.gumbo@googlemail.com
    LinkedIn:http://za.linkedin.com/pub/millington-gumbo/a/a15/542
    ** Allpictures courtesy of Google images **