Operational Resilience: Can they see it; test it; prove it?


Published on

Published in: Technology, News & Politics
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • About CSA:BCM Consulting ServicesDisaster Recovery SitesComplete Continuity TrainingRepresentation at BCI boardComplete Continuity Training
  • PersonalIntroductionBackgroundAbout CSAIntroduce title
  • Here’s a quick overview of the aspects we are going to examine in this presentation. We will look at some definitions of resilience and how it applies in different contexts.
  • We can examine the concept of resilience in various contexts.Go through them ----- bottom up.This is not necessarily a comprehensive listing but the thing to note is that these contexts of resilience are not mutually exclusive entities. In a sense, the resilience of one context affect all the others and indeed the resilience of one context leads to the resilience of all and of course the opposite is true. And looking at resilience in the totality of the different contexts shown above, you could say that the resilience of our planet is as strong as its weakest link.
  • Lets turn our attention if we may, to the question of why does resilience matter? Why is it needed in our world?To my mind the simple answer is that resilience is needed because our civilisation at stake from causes of our own making, quite contrary to the stereotypes created by Hollywood movies which suggest that the our greatest threats are from external forces.
  • ANSWERING THE QUESTION WHY RESILIENCE IS NEEDED IN OUR WORLD?The frequency of disasters in modern times, has removed all reservations regarding their certainty. Catastrophes on the scale shown in the above recent events are no longer a rarity but a certainty. Our anxieties no longer centre around the issue of IF but when and where next, will the next catastrophe occur.During the course of the first quarter of this year (2010) alone, 3 major catastrophic earthquakes have struck various locations on the globe – in Haiti, Chile, and China. The devastation caused by these earthquakes runs into millions of dollars for the affected private enterprises, whilst the cost to communities and families is incalculable.On other fronts, the imbalances in our social and economic spheres continue to deepen, consigning our world into a perpetual state of instability in which the threat of terrorism often plays out with tragic impacts on governments and private organisations alike.
  • WHY RESILIENCE IS NEEDED IN OUR WORLDWe are living in very turbulent times; times fraught with higher levels of risk perhaps more than at any other point in the history of mankind. The range of threats arrayed against any organization in today’s environment has become a perplexing catalogue of unknowns which can strike at any time. It is now widely acknowledged that worst-case operational disruptions are becoming less of a rarity – a phenomenon which is causing much anxiety for executives. Wars can leads to global supply chain disruptions. Pandemics can cause widespread workforce continuity issues.
  • And so to my mind, in view of all of this, it is instructive that we begin to explore the adoption of a unified resilience continuum which takes into account the various contexts in which we frame resilience. Such a continuum must establish on a progressive scale from say zero to 100, the measure of resilience that can be assigned to each entity contributing to the resilience of our way of life. The value in such a resilience continuum is tremendous. I believe it can help us to establish the minimum acceptable threshold of resilience in each context which will ultimately affect the overall resilience (and therefore the sustainability) of our civilisation.
  • If we attempt to examine resilience as series of mathematical equations, the following becomes clearly apparent.....And so in the end we can see that there exists mutually symbitiotic resilience correlations which we need to leverage. But far more significant is the resilience of private organisations because as we can see resilient organisations lead to resilient families and resilient sociteies and ecosystems.
  • Private sector resilience is crucial because in achieving it, we take the first step in attaining societal resilience.
  • Gary Hamel in a paper published in the Havard Business Review had this to say about the role (and indeed the meaning) of the organisations we work for in our lives......... And let me add, that in view of the central importance of organisations in defining our way of life, we can ensure their longevity but only once we have succeeded in making them resilient.
  • To be fair, as much as private institutions play role in enabling societal resilience, they can also be resilience destroyers. You only have to look at the current unfolding BP Oil Spill crisis in the Gulf of Mexico to see how private organisations can destroy societal and indeed ecosystem resilience.
  • The duality of organisations.... Looking at it from a ying-and-yang perspective, we can see the duality of organisations as we start examining ways in which these organisations can on the one hand be resilience enablers ...... Or if they are left to make wrong choices, they can contribute to the destruction of societal resilience.
  • So clearly there is a compelling case as to why we need to understand operational resilience.Just what is operational resilience..... It is the “sum total of all measures to ........................................”
  • And now more than ever, the imperative for resilience in our time for pvt organisation has been accentuated by our dependency on technology....All of these factors have made us hyper-sensitive to non-routine events/ disruptive events and disasters.
  • Perhaps amongst the plethora of fears confronting shareholders, none is greater than the threat of an operational disruption.....Why ... Because OD destabilise organisational resiliene which in turn erode shareholder value and which in turn can have far reaching repercussions on society.
  • Take the aviationchaos wrought by the icelandic volcano as a case in point....Among other things it brought trans-continental supply chains to their knees. At the onset of the crisis, no-one would have predicted that the crisis would severely affect flower growing farmers in Kenya whose livelihoods and indeed the livelihoods of their children depend on flower exports. Look at what this farmer in Kenya had to say.... Elsewhere in the world, due to the volcano induced air transportation restrictions, there were other dire consequences for patients awaiting bone marrow transplants and the like....And I would like to put it to you that most these repurcussions could have been avoided if the organisations caught up in this crisis one way or the other were operationally resilient.
  • How then does an organisation set about the task of making itself resilient...... Keeping in mind that organisational resiliency translates to resilient societies and ecosystems.
  • One of most compelling solutions in our time which can be applied towards the effort of making our organisations resilient is BCM – Business Continuity Management
  • These are some of the reasons why BCM is the ideal candidate to enable organisational resiliency:It has a mission critical focus ....analyses vulnerability impacts across the entire enterprise, but focuses on protecting mission critical/ vital functions and the resources which support them.It sets parameters for recovery rapidity – how quickly mission critical functions and activities should be recovered in order to ensure survival and continuity of operationsIt considers the important aspect of organisational risk tolerance (and more on this later).............. Carry on in this vein until list is exhausted...
  • Most interestingly however is the fact that increasing BCM capability and maturity, leads to a corresponding increase in operational resilience. In otherwords, as an organisation’s BCM comptency increases so does its level of resilience; its ability to bounce back and continue operating after disruptive events.
  • So now we see that developing and adoptinga BCM Capability and Maturity model is a key prerequisite for organisational resiliency. But what are some of the critical success factors which should be included in such a model..... From my experience working in the field of BCM at ContinuitySA, the following are the non-negotiable critical success factors which should be considered.
  • Once the critical success factors have been established, you then have a set of objective criteria which can be used to measure organisational resilency as proposed here...
  • This in turn, will give your organisational resiliency meaningful VISIBILITY and VALIDITY in that you can at a glance, determine the resilience perfomance of your organisation, and pin point areas of weakness which need to improved. So with the dashboard, you can represent to your stakeholders the results of your efforts to build resilience in the organisation.
  • BCM also allows you to set non-negotiable parameters to ensure that in the event of a disruptive event, mission critical activities which sustain the organisation, are recovered before a point of no return is reached. This point of no return is expressed as the Maximum Tolerable Period of Disruption. Recovery Time Objectives which do not exceed this absolute measure of risk tolerance are then apportioned for each vital resource and the critical activities it supports.
  • Which brings me to the end of my presentation at which point I wish to impress on you this one thought which I trust will be translated into action all over the world......“The world desperately needs a unified approach to resilience and this role must be championed by Organisational Resiliency Managers who:Will integrate cross disciplinary DRR and RM interventions;Facilitate end to end resilience across geographical locations Be driven by a mandate and culture of ensuring organisational longevity – organisations which exist not only to make profit but contribute to a sustainable world throughout the ages
  • And so we come to an end of our presentation, which has considered the link between organisational resiliency and making our civilisations a resilient and therefore a sustainable one.
  • Thank you for your interest and attention. I hope we can continue to discuss this linkage between private sector resilience and societal resilience during the course of the conference. I have brought with me a limited number materials which explain the role my company plays in helping private organisations become operationally resilient which I am glad to share with any of you that might be interested. I will now take any questions that you might have. Thank you once again.
  • Operational Resilience: Can they see it; test it; prove it?

    1. 1.
    2. 2. Operational Resilience: See it. Prove it. Test it.<br />Millington Gumbo, MBCI, MIRM<br />Senior BCM Consultant, ContinuitySA<br />IDRC Davos 2010<br />2 June 2010<br />
    3. 3. Agenda<br />Definitions and Context<br />Why resilience matters<br />The link between private sector & societal resilience<br />Operational Resilience in a private sector context<br />How to build, measure and test Operational Resilience<br />Conclusions<br />IDRC Davos 2010<br />
    4. 4. Resiliency<br />The ability to bounce back from adversity<br />The ability to return to the status-quo after going through a traumatic event <br />The ability to recover readily from a disruption<br />IDRC Davos 2010<br />© ContinuitySA<br />
    5. 5. The Resilience Context<br />The planet<br />Civilisation<br />International Institutions<br />Regional Institutions<br />Governments<br />National/ public Institutions<br />Local government entities/ Cities<br />Private Organisations<br />Ecosystems<br />Communities<br />Families<br />Individuals<br />IDRC Davos 2010<br />© ContinuitySA<br />
    6. 6. Why Resilience Matters<br />Because our civilisation is at stake from man-made/ internal factors (and not necessarily external threats as per the stereotypes created by Hollywood movies).<br />IDRC Davos 2010<br />© ContinuitySA<br />
    7. 7. Why Resilience Matters<br />The certainty of disasters in a turbulent world and turbulent times<br />Oil spills<br />Terrorism<br />Earthquakes<br />IDRC Davos 2010<br />© ContinuitySA<br />
    8. 8. Why Resilience Is Needed<br />The certainty of disasters in a turbulent world and turbulent times<br />Pandemics<br />The Ark<br />War and/or threats of War<br />IDRC Davos 2010<br />© ContinuitySA<br />
    9. 9. The Resilience Continuum<br />Private <br />organisations<br />Local <br />government<br />National <br />institutions/<br /> governments<br />Ecosystems<br />Communities<br />Families<br />Individuals<br />0<br />20<br />40<br />60<br />80<br />100<br />No resilience<br />Abundant resilience<br />IDRC Davos 2010<br />© ContinuitySA<br />
    10. 10. Some Resilience Equations<br />Resilient Individuals = Resilient Families<br />Resilient Families = Resilient Communities<br />Resilient Communities = Resilient Ecosystems<br />Resilient Ecosystems = Resilient Local Governments<br />Resilient Local Governments = Resilient National Government<br />Resilient Private Organisations = Resilient Communities/ Societies + <br /> Resilient Families + Resilient Ecosystems<br />IDRC Davos 2010<br />© ContinuitySA<br />
    11. 11. The Importance of Private Sector Resilience<br />Achieving private sector resilience is the first step to attaining societal resilience<br />IDRC Davos 2010<br />© ContinuitySA<br />
    12. 12. Why Private Sector Resilience Matters<br />“Institutions are vessels into which we as human beings pour our energies, passion and our wisdom. <br />We often hope to be survived by the organisations we serve. <br />For if our genes constitute our individual biological serves, our institutions constitute our collective purposeful selves”.<br />Gary Hamel & Lisa Valikangas <br />IDRC Davos 2010<br />© ContinuitySA<br />
    13. 13. Why Private Sector Resilience Matters<br />Private institutions are <br />Resilience Enablers<br />Private institutions can also <br />be Resilience Destroyers<br />IDRC Davos 2010<br />© ContinuitySA<br />
    14. 14. Private Sector Organisations & Resilience<br />As Resilience Destroyers:<br />As Resilience Enablers:<br />Climate change agents - <br />Pollution of ecosystems<br />CO2 emissions <br />Environmental degradation<br />Wealth creation<br />Employment<br />Corporate Social <br />Investment<br />Capital and infrastructural<br />investments<br />IDRC Davos 2010<br />© ContinuitySA<br />
    15. 15. Understanding Operational Resiliency<br />The sum total of all measures to ensurecontinuity of operations after a disruptive event. <br />Emergency Response<br />Crisis Management<br />Business Continuity<br />Supply chain integrity<br />Workforce continuity<br />Stakeholder engagement<br />Market share protection<br />Reputation management<br />IDRC Davos 2010<br />© ContinuitySA<br />
    16. 16. The imperative for resilience in our time<br />for private sector organisations<br />The age of super-automation <br />Unparalleled <br />co- dependencies and global supply chains<br />Unrelenting natural catastrophes<br />The ever present threat of terrorism<br />Impact on organisational/ business resilience<br />IDRC Davos 2010<br />© ContinuitySA<br />
    17. 17. The imperative for resilience in our time: Shareholder’s number 1 fear<br />Operational disruptions/ disasters <br />destabilise organisational <br />resiliency<br />Non routine events can destroy<br />shareholder value<br />But they can also have far reaching <br />repercussions on society...<br />IDRC Davos 2010<br />© ContinuitySA<br />
    18. 18. The imperative for resilience in our time: The far reaching implications of an operational disruption<br />Volcanic Eruption.<br /> Global Disruption<br />IDRC Davos 2010<br />© ContinuitySA<br />
    19. 19. Making organisations resilient<br />Resilient Private Organisations = Resilient Communities/ Societies + <br /> Resilient Families + Resilient Ecosystems<br />IDRC Davos 2010<br />© ContinuitySA<br />
    20. 20. Making organisations resilient<br />The Solution: Business Continuity Management (BCM)<br />IDRC Davos 2010<br />
    21. 21. Why BCM is the ideal resilience enabler <br />IT Service Continuity<br />Sites resilience<br />Mission critical focus<br />Workforce continuity<br />Sets parameters for recovery rapidity<br />Supply chain integrity<br />Considers risk tolerance<br />Customer/community focus<br />Addresses pre-event risk mitigation issues<br />Single view of vulnerability impacts across the core and extended enterprise<br />before and after the disruptive event<br />IDRC Davos 2010<br />© ContinuitySA<br />
    22. 22. Why BCM is a resilience enabler for organisations<br />High<br />Operational Resilience<br />Low<br />Low<br />High<br />BCM Capability and Maturity<br />IDRC Davos 2010<br />© ContinuitySA<br />
    23. 23. Developing aBCM Capability and Maturity Model:Critical Success Factors<br />Executive Leadership and Support<br />Maintenance Reviews and Audits<br />Resources/ Expertise<br />Single point of failure management<br />BCP Testing<br />Recovery Infrastructure<br />End to end risk mitigation measures<br />Strategy to achieve RTO<br />Business Continuity Plans<br />Strategy to achieve RPO<br />Incident Management Framework<br />Incident Response Framework<br />IDRC Davos 2010<br />© ContinuitySA<br />
    24. 24. Measuring organisational resiliency using a BCM Capability and Maturity Model<br />94>100%<br />Level 5 – Recoverability is certifiable to BS 25999<br />Level 4 – Can recover ALL mission critical functions within agreed RTOs and possibly even thrive in the aftermath of a disruption using proactive methods<br />61>94%<br />41>60%<br />Level 3 – Can recover SOME mission critical functions within agreed RTOs using a combination of proactive and reactive methods<br />21>40%<br />Level 2 – Can recover limited functions/ processes via informal and undocumented methods<br />0>20%<br />Level 1 – Will not recover or survive<br />IDRC Davos 2010<br />© ContinuitySA<br />
    25. 25. Tracking Operational Resilience using a BCM Capability and Maturity model<br />IDRC Davos 2010<br />© ContinuitySA<br />
    26. 26. BCM and Organisational Risk Tolerance<br />Maximum Tolerable Period of Disruption <br />Disrupted business processes<br />No go zone<br />“Unchartered territory”<br />Decision <br />time <br />Invocation >>> <br />RTOs & RPOs<br />IT<br />Notification<br />Premises<br />3rd parties<br />RTOs<br />RTO<br />People<br />IDRC Davos 2010<br />© ContinuitySA<br />
    27. 27. Role of Organisational Resiliency Managers in Societal Resilience<br />Integrating cross-disciplinary disaster reduction & risk management interventions<br />End to end resilience facilitators across geographical locations<br />Driven by a mandate and culture of institutional longevity<br />IDRC Davos 2010<br />© ContinuitySA<br />
    28. 28. Resilient Private Organisations = Resilient Communities/ Societies + Resilient Families + Resilient Ecosystems + a Resilient Civilisation<br />Ultimately and if necessary, the same BCM principles from <br />the private sector could be applied to help humanity <br />survive a cosmic catastrophe and continue our civilisation<br />elsewhere in the universe .<br />Beyond a cosmic catastrophe…<br />AD 200X ?<br />Present Day…<br />IDRC Davos 2010<br />© ContinuitySA<br />
    29. 29. Thank you for your attention<br />Millington Gumbo, MBCI, MIRM<br />Senior BCM Consultant @ ContinuitySA<br />Mobile: +27 72 217 7183 or +27 83 260 9173<br />Landline: +27 11 554 8000<br />millington.gumbo@continuitysa.co.za<br />millington.gumbo@googlemail.com<br />LinkedIn:http://za.linkedin.com/pub/millington-gumbo/a/a15/542<br />** Allpictures courtesy of Google images **<br />