Your SlideShare is downloading. ×
Operational Resilience: Can they see it; test it; prove it?
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Operational Resilience: Can they see it; test it; prove it?


Published on

Published in: Technology, News & Politics

  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • About CSA:BCM Consulting ServicesDisaster Recovery SitesComplete Continuity TrainingRepresentation at BCI boardComplete Continuity Training
  • PersonalIntroductionBackgroundAbout CSAIntroduce title
  • Here’s a quick overview of the aspects we are going to examine in this presentation. We will look at some definitions of resilience and how it applies in different contexts.
  • We can examine the concept of resilience in various contexts.Go through them ----- bottom up.This is not necessarily a comprehensive listing but the thing to note is that these contexts of resilience are not mutually exclusive entities. In a sense, the resilience of one context affect all the others and indeed the resilience of one context leads to the resilience of all and of course the opposite is true. And looking at resilience in the totality of the different contexts shown above, you could say that the resilience of our planet is as strong as its weakest link.
  • Lets turn our attention if we may, to the question of why does resilience matter? Why is it needed in our world?To my mind the simple answer is that resilience is needed because our civilisation at stake from causes of our own making, quite contrary to the stereotypes created by Hollywood movies which suggest that the our greatest threats are from external forces.
  • ANSWERING THE QUESTION WHY RESILIENCE IS NEEDED IN OUR WORLD?The frequency of disasters in modern times, has removed all reservations regarding their certainty. Catastrophes on the scale shown in the above recent events are no longer a rarity but a certainty. Our anxieties no longer centre around the issue of IF but when and where next, will the next catastrophe occur.During the course of the first quarter of this year (2010) alone, 3 major catastrophic earthquakes have struck various locations on the globe – in Haiti, Chile, and China. The devastation caused by these earthquakes runs into millions of dollars for the affected private enterprises, whilst the cost to communities and families is incalculable.On other fronts, the imbalances in our social and economic spheres continue to deepen, consigning our world into a perpetual state of instability in which the threat of terrorism often plays out with tragic impacts on governments and private organisations alike.
  • WHY RESILIENCE IS NEEDED IN OUR WORLDWe are living in very turbulent times; times fraught with higher levels of risk perhaps more than at any other point in the history of mankind. The range of threats arrayed against any organization in today’s environment has become a perplexing catalogue of unknowns which can strike at any time. It is now widely acknowledged that worst-case operational disruptions are becoming less of a rarity – a phenomenon which is causing much anxiety for executives. Wars can leads to global supply chain disruptions. Pandemics can cause widespread workforce continuity issues.
  • And so to my mind, in view of all of this, it is instructive that we begin to explore the adoption of a unified resilience continuum which takes into account the various contexts in which we frame resilience. Such a continuum must establish on a progressive scale from say zero to 100, the measure of resilience that can be assigned to each entity contributing to the resilience of our way of life. The value in such a resilience continuum is tremendous. I believe it can help us to establish the minimum acceptable threshold of resilience in each context which will ultimately affect the overall resilience (and therefore the sustainability) of our civilisation.
  • If we attempt to examine resilience as series of mathematical equations, the following becomes clearly apparent.....And so in the end we can see that there exists mutually symbitiotic resilience correlations which we need to leverage. But far more significant is the resilience of private organisations because as we can see resilient organisations lead to resilient families and resilient sociteies and ecosystems.
  • Private sector resilience is crucial because in achieving it, we take the first step in attaining societal resilience.
  • Gary Hamel in a paper published in the Havard Business Review had this to say about the role (and indeed the meaning) of the organisations we work for in our lives......... And let me add, that in view of the central importance of organisations in defining our way of life, we can ensure their longevity but only once we have succeeded in making them resilient.
  • To be fair, as much as private institutions play role in enabling societal resilience, they can also be resilience destroyers. You only have to look at the current unfolding BP Oil Spill crisis in the Gulf of Mexico to see how private organisations can destroy societal and indeed ecosystem resilience.
  • The duality of organisations.... Looking at it from a ying-and-yang perspective, we can see the duality of organisations as we start examining ways in which these organisations can on the one hand be resilience enablers ...... Or if they are left to make wrong choices, they can contribute to the destruction of societal resilience.
  • So clearly there is a compelling case as to why we need to understand operational resilience.Just what is operational resilience..... It is the “sum total of all measures to ........................................”
  • And now more than ever, the imperative for resilience in our time for pvt organisation has been accentuated by our dependency on technology....All of these factors have made us hyper-sensitive to non-routine events/ disruptive events and disasters.
  • Perhaps amongst the plethora of fears confronting shareholders, none is greater than the threat of an operational disruption.....Why ... Because OD destabilise organisational resiliene which in turn erode shareholder value and which in turn can have far reaching repercussions on society.
  • Take the aviationchaos wrought by the icelandic volcano as a case in point....Among other things it brought trans-continental supply chains to their knees. At the onset of the crisis, no-one would have predicted that the crisis would severely affect flower growing farmers in Kenya whose livelihoods and indeed the livelihoods of their children depend on flower exports. Look at what this farmer in Kenya had to say.... Elsewhere in the world, due to the volcano induced air transportation restrictions, there were other dire consequences for patients awaiting bone marrow transplants and the like....And I would like to put it to you that most these repurcussions could have been avoided if the organisations caught up in this crisis one way or the other were operationally resilient.
  • How then does an organisation set about the task of making itself resilient...... Keeping in mind that organisational resiliency translates to resilient societies and ecosystems.
  • One of most compelling solutions in our time which can be applied towards the effort of making our organisations resilient is BCM – Business Continuity Management
  • These are some of the reasons why BCM is the ideal candidate to enable organisational resiliency:It has a mission critical focus ....analyses vulnerability impacts across the entire enterprise, but focuses on protecting mission critical/ vital functions and the resources which support them.It sets parameters for recovery rapidity – how quickly mission critical functions and activities should be recovered in order to ensure survival and continuity of operationsIt considers the important aspect of organisational risk tolerance (and more on this later).............. Carry on in this vein until list is exhausted...
  • Most interestingly however is the fact that increasing BCM capability and maturity, leads to a corresponding increase in operational resilience. In otherwords, as an organisation’s BCM comptency increases so does its level of resilience; its ability to bounce back and continue operating after disruptive events.
  • So now we see that developing and adoptinga BCM Capability and Maturity model is a key prerequisite for organisational resiliency. But what are some of the critical success factors which should be included in such a model..... From my experience working in the field of BCM at ContinuitySA, the following are the non-negotiable critical success factors which should be considered.
  • Once the critical success factors have been established, you then have a set of objective criteria which can be used to measure organisational resilency as proposed here...
  • This in turn, will give your organisational resiliency meaningful VISIBILITY and VALIDITY in that you can at a glance, determine the resilience perfomance of your organisation, and pin point areas of weakness which need to improved. So with the dashboard, you can represent to your stakeholders the results of your efforts to build resilience in the organisation.
  • BCM also allows you to set non-negotiable parameters to ensure that in the event of a disruptive event, mission critical activities which sustain the organisation, are recovered before a point of no return is reached. This point of no return is expressed as the Maximum Tolerable Period of Disruption. Recovery Time Objectives which do not exceed this absolute measure of risk tolerance are then apportioned for each vital resource and the critical activities it supports.
  • Which brings me to the end of my presentation at which point I wish to impress on you this one thought which I trust will be translated into action all over the world......“The world desperately needs a unified approach to resilience and this role must be championed by Organisational Resiliency Managers who:Will integrate cross disciplinary DRR and RM interventions;Facilitate end to end resilience across geographical locations Be driven by a mandate and culture of ensuring organisational longevity – organisations which exist not only to make profit but contribute to a sustainable world throughout the ages
  • And so we come to an end of our presentation, which has considered the link between organisational resiliency and making our civilisations a resilient and therefore a sustainable one.
  • Thank you for your interest and attention. I hope we can continue to discuss this linkage between private sector resilience and societal resilience during the course of the conference. I have brought with me a limited number materials which explain the role my company plays in helping private organisations become operationally resilient which I am glad to share with any of you that might be interested. I will now take any questions that you might have. Thank you once again.
  • Transcript

    • 1.
    • 2. Operational Resilience: See it. Prove it. Test it.
      Millington Gumbo, MBCI, MIRM
      Senior BCM Consultant, ContinuitySA
      IDRC Davos 2010
      2 June 2010
    • 3. Agenda
      Definitions and Context
      Why resilience matters
      The link between private sector & societal resilience
      Operational Resilience in a private sector context
      How to build, measure and test Operational Resilience
      IDRC Davos 2010
    • 4. Resiliency
      The ability to bounce back from adversity
      The ability to return to the status-quo after going through a traumatic event
      The ability to recover readily from a disruption
      IDRC Davos 2010
      © ContinuitySA
    • 5. The Resilience Context
      The planet
      International Institutions
      Regional Institutions
      National/ public Institutions
      Local government entities/ Cities
      Private Organisations
      IDRC Davos 2010
      © ContinuitySA
    • 6. Why Resilience Matters
      Because our civilisation is at stake from man-made/ internal factors (and not necessarily external threats as per the stereotypes created by Hollywood movies).
      IDRC Davos 2010
      © ContinuitySA
    • 7. Why Resilience Matters
      The certainty of disasters in a turbulent world and turbulent times
      Oil spills
      IDRC Davos 2010
      © ContinuitySA
    • 8. Why Resilience Is Needed
      The certainty of disasters in a turbulent world and turbulent times
      The Ark
      War and/or threats of War
      IDRC Davos 2010
      © ContinuitySA
    • 9. The Resilience Continuum
      No resilience
      Abundant resilience
      IDRC Davos 2010
      © ContinuitySA
    • 10. Some Resilience Equations
      Resilient Individuals = Resilient Families
      Resilient Families = Resilient Communities
      Resilient Communities = Resilient Ecosystems
      Resilient Ecosystems = Resilient Local Governments
      Resilient Local Governments = Resilient National Government
      Resilient Private Organisations = Resilient Communities/ Societies +
      Resilient Families + Resilient Ecosystems
      IDRC Davos 2010
      © ContinuitySA
    • 11. The Importance of Private Sector Resilience
      Achieving private sector resilience is the first step to attaining societal resilience
      IDRC Davos 2010
      © ContinuitySA
    • 12. Why Private Sector Resilience Matters
      “Institutions are vessels into which we as human beings pour our energies, passion and our wisdom.
      We often hope to be survived by the organisations we serve.
      For if our genes constitute our individual biological serves, our institutions constitute our collective purposeful selves”.
      Gary Hamel & Lisa Valikangas
      IDRC Davos 2010
      © ContinuitySA
    • 13. Why Private Sector Resilience Matters
      Private institutions are
      Resilience Enablers
      Private institutions can also
      be Resilience Destroyers
      IDRC Davos 2010
      © ContinuitySA
    • 14. Private Sector Organisations & Resilience
      As Resilience Destroyers:
      As Resilience Enablers:
      Climate change agents -
      Pollution of ecosystems
      CO2 emissions
      Environmental degradation
      Wealth creation
      Corporate Social
      Capital and infrastructural
      IDRC Davos 2010
      © ContinuitySA
    • 15. Understanding Operational Resiliency
      The sum total of all measures to ensurecontinuity of operations after a disruptive event.
      Emergency Response
      Crisis Management
      Business Continuity
      Supply chain integrity
      Workforce continuity
      Stakeholder engagement
      Market share protection
      Reputation management
      IDRC Davos 2010
      © ContinuitySA
    • 16. The imperative for resilience in our time
      for private sector organisations
      The age of super-automation
      co- dependencies and global supply chains
      Unrelenting natural catastrophes
      The ever present threat of terrorism
      Impact on organisational/ business resilience
      IDRC Davos 2010
      © ContinuitySA
    • 17. The imperative for resilience in our time: Shareholder’s number 1 fear
      Operational disruptions/ disasters
      destabilise organisational
      Non routine events can destroy
      shareholder value
      But they can also have far reaching
      repercussions on society...
      IDRC Davos 2010
      © ContinuitySA
    • 18. The imperative for resilience in our time: The far reaching implications of an operational disruption
      Volcanic Eruption.
      Global Disruption
      IDRC Davos 2010
      © ContinuitySA
    • 19. Making organisations resilient
      Resilient Private Organisations = Resilient Communities/ Societies +
      Resilient Families + Resilient Ecosystems
      IDRC Davos 2010
      © ContinuitySA
    • 20. Making organisations resilient
      The Solution: Business Continuity Management (BCM)
      IDRC Davos 2010
    • 21. Why BCM is the ideal resilience enabler
      IT Service Continuity
      Sites resilience
      Mission critical focus
      Workforce continuity
      Sets parameters for recovery rapidity
      Supply chain integrity
      Considers risk tolerance
      Customer/community focus
      Addresses pre-event risk mitigation issues
      Single view of vulnerability impacts across the core and extended enterprise
      before and after the disruptive event
      IDRC Davos 2010
      © ContinuitySA
    • 22. Why BCM is a resilience enabler for organisations
      Operational Resilience
      BCM Capability and Maturity
      IDRC Davos 2010
      © ContinuitySA
    • 23. Developing aBCM Capability and Maturity Model:Critical Success Factors
      Executive Leadership and Support
      Maintenance Reviews and Audits
      Resources/ Expertise
      Single point of failure management
      BCP Testing
      Recovery Infrastructure
      End to end risk mitigation measures
      Strategy to achieve RTO
      Business Continuity Plans
      Strategy to achieve RPO
      Incident Management Framework
      Incident Response Framework
      IDRC Davos 2010
      © ContinuitySA
    • 24. Measuring organisational resiliency using a BCM Capability and Maturity Model
      Level 5 – Recoverability is certifiable to BS 25999
      Level 4 – Can recover ALL mission critical functions within agreed RTOs and possibly even thrive in the aftermath of a disruption using proactive methods
      Level 3 – Can recover SOME mission critical functions within agreed RTOs using a combination of proactive and reactive methods
      Level 2 – Can recover limited functions/ processes via informal and undocumented methods
      Level 1 – Will not recover or survive
      IDRC Davos 2010
      © ContinuitySA
    • 25. Tracking Operational Resilience using a BCM Capability and Maturity model
      IDRC Davos 2010
      © ContinuitySA
    • 26. BCM and Organisational Risk Tolerance
      Maximum Tolerable Period of Disruption
      Disrupted business processes
      No go zone
      “Unchartered territory”
      Invocation >>>
      RTOs & RPOs
      3rd parties
      IDRC Davos 2010
      © ContinuitySA
    • 27. Role of Organisational Resiliency Managers in Societal Resilience
      Integrating cross-disciplinary disaster reduction & risk management interventions
      End to end resilience facilitators across geographical locations
      Driven by a mandate and culture of institutional longevity
      IDRC Davos 2010
      © ContinuitySA
    • 28. Resilient Private Organisations = Resilient Communities/ Societies + Resilient Families + Resilient Ecosystems + a Resilient Civilisation
      Ultimately and if necessary, the same BCM principles from
      the private sector could be applied to help humanity
      survive a cosmic catastrophe and continue our civilisation
      elsewhere in the universe .
      Beyond a cosmic catastrophe…
      AD 200X ?
      Present Day…
      IDRC Davos 2010
      © ContinuitySA
    • 29. Thank you for your attention
      Millington Gumbo, MBCI, MIRM
      Senior BCM Consultant @ ContinuitySA
      Mobile: +27 72 217 7183 or +27 83 260 9173
      Landline: +27 11 554 8000
      ** Allpictures courtesy of Google images **