What Is Corporate Resilience


Published on

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Before we begin I would like to set a baseline upon which this presentation is based.Research being conducted for PhD in Australia, USA, UK, Singapore, New Zealand and Hong KongThis presentation represents our understanding from research conducted until now and may not be universally acceptedWhen we use the term Organisational Resilience we refer to Corporate or Business Resilience
  • Arguments prevail that Organisational Resilience is a rebranding exercise by policy makers. Disagreement exists whether Organisational Resilience is - a framework, process or outcome. Resilience is used extensively in both government and corporate environments; however, there is conjecture as to what Corporate or Organisational Resilience is. The presentation provides a framework that defines and applies corporate resilienceDoes a Standard provide the resolution?
  • The concept of resilience in academic terms has its origin in fields psychology and child behaviour (Coutu, 2002; Reinmoeller & VanBaardwijk, 2005). Resilience is a fundamental quality of individuals, groups, organisations and systems as a whole to respond productively to significant change that disrupts the expected pattern of events without engaging in an extended period of regressive behaviour (Horne III & Orr, 1998)
  • ASIS promotes organisational resilience as an abilityThe Business Continuity Institute promotes Organisational Resilience as a process
  • We understand Organisational Resilience as a STATE or CULTUREIt relies upon both Top down and Bottom up interactions i.e LEADERSHIP and PROCESSIt is about It is about ADAPTABILITY TENACITY FLEXIBILITYIt must be FIT FOR PURPOSE = is different for every organisation
  • Resilience & Maslow’s Theory can be easily mapped against each other
  • ASISSPC 1 is a very good tactical tool to assist implementation
  • One of the principal barriers to organizational maturity in this area is that frequently,resilience elements are viewed as separate, with separate sponsors, stakeholders,audiences and objectives.Security generally sits at middle management level, as do Information Security, Health &Safety, BCM etc., with only Crisis Management regularly engaging Senior Management.To truly embed resilience in an organization, all other aspects of resilience must beregarded as part of an integrated whole, owned and driven by senior management andencouraging both individual and collective resilience in all areas of operations. This must bethe level of maturity which we should be promoting organisations to aspire to.We are unlikely ever to see a Security Director on the main board, but if all theResilience disciplines are seen as part of an integrated organizational resilience model directly tied to brand, reputation, stakeholder value or share price, perhaps one day alongside the CEO, CIO and CFO we might see a CRO (Chief Resilience Officer) whose job is to protect the intrinsic value of the organization.
  • What Is Corporate Resilience

    2. 2. Disagreement exists whetherOrganisational Resilience is – A Behaviour, An Ability or Principle. So What Is Corporate Resilience ?
    3. 3. What is Resilience?Engineering:Resilience is the property of a material to absorb energy when it is deformed elasticallyand then, upon unloading to have this energy recovered.Psychology:Resilience in psychology is the positive capacity of people to cope with stress and adversity.Ecology:In ecology, resilience is the capacity of an ecosystem to respond to a perturbation ordisturbance by resisting damage and recovering quickly.Networking:Resilience is the ability to provide and maintain an acceptable level of service in the face offaults and challenges to normal operation.Organisations:Resilience is defined as “the positive ability of a system or company to adapt itself to theconsequences of a catastrophic event.
    4. 4. ASIS Organisational ResilienceResilience is an organization’s ability to quickly, efficiently, and effectively adapt toa change, such as disruptive events (natural, intentional or unintentional), byimplementing adaptive, proactive and reactive strategies. (Marc Siegel Sydney 2010) BCI Organisational Resilience“Holistic management process that identifies potential threats to an organizationand the impacts to business operations those threats, if realized, might cause, andwhich provides a framework for building organizational resilience with thecapability for an effective response that safeguards the interests of its keystakeholders, reputation, brand and value-creating activities."
    5. 5. Our Understanding ofOrganisational/Business Resilience Source: Australian Journal Emergency Management
    6. 6. Resilience & Maslow DEVELOPMENT NEEDS Continuous Improvement Exercising REPUTATIONAL NEEDS Crisis Management Crisis Communications CULTURAL NEEDS Programme Management, Teams & Processes, Training SECURITY NEEDS Risk Management, Information Security BASIC NEEDS ICT Disaster Recovery Work Area Recovery
    7. 7. The First Dimension Enterprise Risk Management (ERM) Corporate Security Management (CSM) Business Continuity Management (BCM) Health Safety & Environmental Management (HSE) Governance & Compliance Management (GCM) Information Security Management (Infosec) Emergency Response & Crisis Management (ERCM)
    8. 8. Source: Australian Journal Emergency Management
    9. 9. The Second Dimension Mission & Goals Business Strategies Policies & Procedures Organisation & Human Resources Business Processes Information & Technology Facilities & Equipment
    10. 10. The Third Dimension  Values  Leadership  Change Sensitivity  Integration  Interdependencies  Agility  Awareness  Communication
    11. 11. Source: Australian Journal Emergency Management
    12. 12. Source: Dr Amy Lee, Stephenson Resilience
    13. 13. How Can Risk Management Assist Source: AS/NZ ISO 31000 2009
    14. 14. And What of Security Adapted from D. Brooks 2004
    15. 15. And Business Continuity Avoidance Prevention Protection Preparedness Response Recovery
    16. 16. And Then There Are A Few Standards AS/NZS ISO 31000 2009 Risk Management Standard AS/NZS ISO 9001 2008 Quality Management System AS 8001 2003 Fraud & Corruption Control AS 8000 2003 Good Governance Principles AS 3745 2010 Planning for Emergencies in Facilities AS/NZ 5050 2010 Business Continuity – Managing disruption related risk AS 4083 2010 Planning for Emergencies – Health Care BS 7799 Information Security Management BS 31100 2011 Risk Management: Code of Practice BS 25999-2 2007 Business Continuity management ASIS SPC. 1 2009 Security, Preparedness and Continuity Management Systems ISO/IEC 10181 1996 Security frameworks ISO/IEC 13335 2001 IT security management ISO TR 13569 2005 Financial services - information security guidelines ISO 20858: 2007 Ships and marine technology -- Maritime port facility security assessments and security plan development IS0 28001 2007 Security Management Systems for the supply chain
    17. 17. LEADERSHIP The Top Down Dynamic• Leadership align O.R. with business objectives• Leadership uses O.R. to seize new business practices e.g. technology• Leadership embraces new organisational principles i.e. corporate governance• Leadership drives and supports change in internal and external environments• Leadership MUST delegate operational responsibility to business units• Leadership MUST value diversity• Leaders MUST protect shareholder value• Leadership can use O.R. to deliver long term value
    18. 18. Source: Australian Journal Emergency Management
    19. 19. Organisational Resilience is also BOTTOM UP • The numerous functional processes including Security Management, Risk Management, BCM, Health & Safety, Governance, Internal Audit, Financial Management drive O.R from bottom up • Businesses MUST nurture Creativity and Learnability within to allow bottom up influence on O.R. • Behaviours and Trust must be embedded from the Bottom Up • Communication MUST be a two way interaction Bottom up as well as Top Down
    20. 20. Source: Australian Journal Emergency Management
    21. 21. SO WHERE TO FROM HERE?• Identify and understand the essential elements of Organisation Resilience• Capture the principles• Deliver a practical O.R. model to assist organisations to become more resilient• Ultimate aim to gain consensus as to what organisational actually is Source: Australian Journal Emergency Management
    22. 22. Thank You QuestionsBruce Braes Dr. David BrooksAECOM School of Computer & Security SciencePerth Edith Cowan UniversityWestern Autralia Perthbruce.braes@aecom.com Western Australia d.brooks@ecu.edu.au Source: Australian Journal Emergency Management