The document discusses the shift from business continuity management to business resilience. It provides an overview of business continuity management and outlines some of the key components. It then discusses why organizations need to focus on business resilience given increasing threats and disruptions. The key aspects of building resilience include organizational engagement, executive support, understanding dependencies, and designing processes to react and adapt to crises. A resilient organization is one that can absorb impacts and continue delivering its objectives.

1. From Business
Continuity to
Business Resilience
AMCHAM T&T’s ARISE
Committee - BCP Workshop
AMCHAM T&T’s ARISE Committee- BCP Workshop
James Trim

2. A
A Full-Service
Emergency
Management
&
Business
Continuity
Resource
Company

3. Introduction
 James Trim, MSc, CBCP, CBRA
 Principal Consultant
jt@jamestrim.com
 Formerly Divisional Manager EHSS - NGC
 Involvement in TTEMAS ~20 yrs, Vice President - 10 yrs.; President
TTEMAS - 4 yrs; Honorary Member.
 CBCP (2000); CBRA (2009) BCMIE Member.
 Member of ASSE, NFPA

4. Briefing Agenda
 Overview of the business continuity management and business
resilience processes
 The significance of business continuity management and resilience:
the new normal for your business.
 Resilient organisation and leaders configurations
 Why Culture Matters

5. Background
 BCM is a fully recognised element of corporate governance within the
Code of Practice for Corporate Governance (King III).
 Growing threats, and major catastrophic events (COVID-19) are
presenting enormous challenges for organisations.
 Less organizational access to adequate support.
 Businesses need to be designed for resilience (to react and stay ahead
of crises of various kinds).
 SME most likely have to pivot their business models and prepare for
the new normal.

6. Business Continuity Management – Overview
BCM is a series of dynamic, interlocking initiatives - core components:
₋ Emergency Plan – enablement of life and safety; what to do when things go
wrong
₋ Disaster Recovery Plan – recapture of infrastructure and technologies; what
to do to get it back to normal (now subsumed in BCP)
₋ Crisis Management Plan – playbook to mobilize and communicate during a
disaster; what to tell people
₋ Business Continuity Plan – retrieval and resumption of business processes;
what to do in the meantime to continue delivery of products and services at
an acceptable predefined minimum level and safeguard the interests of key
stakeholders (process-driven approach).
₋ Business Resiliency - the ability to deliver on the vision and brand promise, in
the face of a crisis (more strategic approach).
₋ Governance ─ strategic oversight and management of the program

7. Some Real Benefits of BCM
 A foundation to understand operational dependencies;
 A framework for making decisions related to the resources to mitigate risks;
 Preparation and planning to minimize likelihood and business impact of potential events
and incidents;
 Growing of core competencies and culture for managing through a disruption / crisis;
 Continuity of key services to maintain a viable ongoing business;
 Reduction and management of uncertainty;
 Aid to meeting legal and moral commitments
 Protection of:
₋ Staff & staff confidence
₋ Assets
₋ Reputation
₋ Economic position
 A firm level of security for both suppliers and customers
Lack of preparedness hurts business
7

8. Top Challenges to BCM Success
 Limited executive support and organizational engagement
 Process centric, organisational silos
 Supply chain and third party risks
 Increasing and constantly evolving risk landscape and cyber risks
exposing limitations
 What makes a BC programme successful
• Organizational engagement
• Executive support and leadership for a culture of readiness
• Designed as a basis for resilience (to react and stay ahead of crises of various
kinds)

9. The Shift in BCM Thinking
 Not merely a compliance issue anymore;
 Growing threats, and catastrophic events (e.g. COVID-19) have raised BCP
to the board and CEO level;
 Increased need to evaluate products/service delivery, customer demands,
business capabilities, and partners;
 Absolute necessity for data and the ability to make timely decisions in a
time of crisis; and,
 Need for strategic capability - evolvution and rebranding BCM towards
“Business Resiliency”.

10. Why Business Resilience?
 Business interruptions are often the result of big and small
events;
 Disruptive events are almost inevitable consequence of
operating in a complex environment;
 Growing threats, disruptions, and attacks, demand more
dynamic response;
 More strategic holistic approach through interaction and
combination of strategic and operational factors;
 Being properly prepared is fundamental to an efficient
restoration of normal business operations; and,
 A competitive advantage - the focus is on how to best
preserve value in these complex environments.

11. Business Continuity v. Business Resilience
 BCM as per ISO: to provide a framework for building organizational
resilience, which will allow the organization to respond accordingly, in
a way that protects the business, its reputation, and all other
stakeholders.
 BCM predicates impact upon business capability and is central to
building resilience and sustainability;
 Today’s ever more dynamic and unpredictable business environment
demands a state of resilience; and,
 Two types of resilience: organizational resilience and operational
resilience.

12. Business Continuity v. Business Resilience
(cont’d)
 “Resilience” is an evolutionary phase of business continuity.
 Resilience takes continuity principles out of the silos and integrate
them with all disaster recovery and emergency preparedness
initiatives for a more robust response to any threat.
 Resilience focuses:
• not just on how to get back to business, but on positioning to protect brand
equity, resources, and staff from threats in the first place; and,
• how to best preserve value in complex environments and continuous change.

13. Pre-conditions of Resilience
The ISO 22316:2017 standard defines organizational resilience as:
“The ability of an organization to absorb and adapt in a changing environment to enable it to
deliver its objectives and to survive and prosper.”
 Resilience demands:
• Understanding the core that sustains it, and identify gaps and manage them
• Behaviour that is aligned with a shared vision and authentic purpose to cultivate engaged
employees.
• An up-to-date understanding of the organization’s context
• Ability to absorb, adapt, and effectively respond to change
• Good governance and management
• Diversity of skills, leadership, knowledge, and experience
• Coordination across management disciplines and contributions from technical and scientific
areas of expertise
• Effective risk management
 It is the capacity and confidence to protect and sustain critical business processes in the
face of a disruption.

14. Character of Resilient Organizations
Positioned to overcome a variety of business interruptions
and can:
₋ Absorb the impact from an interruption/disaster
₋ Deliver on the mission - protecting their sources of revenue
₋ Build trust and emotional connection with stakeholders
₋ Reduce liability loss exposure
₋ Enhance their image and credibility
₋ Potentially reduce cost of doing business
₋ Build organization-wide consensus and a culture of
preparedness
Organization must decide the outcomes required to achieve
success (tied to its value proposition) by becoming resilient..

15. Business Resilience Strategy Considerations
Resilience is an enterprise-wide strategy that considers:
• Culture: Clearly define and document your organizational culture entwined with
employee engagement.
• People: Everyone should be trained and understand their role and participate in
exercises (i.e., tabletops) to build muscle memory and more depth in critical
roles.
• Process: Your processes should be aligned to adapt to various scenarios and
tested regularly. The people should understand the process and procedures
around incident, emergency, and crisis response.
• Infrastructure: The infrastructure should align with the business expectations of
business resiliency.
• Leadership: Your BCMS leadership team should start with the executive team and
have a clear scope.
• Partners: Engage the right ecosystem of technology partners to keep your
organizations BCMS in alignment with the company’s expectations.
Adopted from: https://ivision.com/blog/it-supports-business-resilience-disaster-preparedness-technology/

16. Traits of Resilient Leaders
 Complex, disruptive events require sound leadership and capacity to
effectively address uncertainty.
 Must be able to interpret trends and societal moods, drive change
internally, and build strong relationships with diverse constituencies.
 Focus particular attention on high-impact, low-probability risks that
could jeopardize the company’s future;
 Show how ethics and integrity are embedded in organisational
culture.

17. Resilient Organization Indicators
 Indicators for building a resilient organization are:
−Leadership
−People engagement
−Situational awareness
−Change readiness
−Innovation
−Relationships and network
Develop a model for assessing resilience measures in place
Source: https://www.metricstream.com/insights/BCM-pathway-organizational-resilience.htm

18. Role of Department Heads
 The responsibility for planning for a significant
interruption and resuming normal business falls
to department leadership
 Business continuity and operational resilience are
core competencies to establish and maintain
command and control of businesses at all times

19. Questions For Department Heads
 What are the organization’s top ten risks
 Critical functions identified?
 Chief products and services identified?
 Most likely risks at location and that of supply chain known?
 Backup for crucial job functions and incident response tasks?
 Avoidance of disruption of service when key locations are closed?
 Current backups of all important data?
 Plan is without vulnerabilities?

20. Questions for Department Heads (cont’d)
 Questions for Department Heads
− Have you defined key stakeholders, including competitors and influencers,
− Have you invested in understanding and establishing relationships with regulators
and government stakeholders?
− Do you have a plan to protect employees and reduce attrition of your most talented
employees?
− Which critical operations can keep going, and which ones may need to slow or stop?
− Have you rehearsed and critiqued all of your biggest crisis scenarios at least once in
the past 12 months and implemented improvements to processes or other changes
arising from these exercises?
− Have you thought how to keep your reputation from being severely hurt during the
crisis
− Do you have a sense, based on case law, what the overall legal pathways may be to
resolve the black-swan event?
− Have you identified critical suppliers and considered how existing terms and
conditions will affect you adversely in a crisis?
https://rmas.fad.harvard.edu/business-continuity-and-business-resiliency
Adapted from:

21. Is Your Organization Pandemic Ready?
 Are you prepared to:
₋ Effectively communicate risks to your employees?
₋ Establish measures to mitigate the potential for infection?
₋ Analyze your supply chain to determine your ability to continue operations?
₋ Establish and test plans and procedures to mitigate your pandemic risks?
₋ Manage staff wellbeing and cohesion, productivity planning, and maintaining
a healthy organisational culture in the absence of an office and face-to-face
interactions?
 Is your workforce adaptive, are your processes resilient and supply
chains durable?

22. The Leader’s Role in Engagement
• Understanding the cultures (otherwise they’d be consumed);
• Defining and communicating a powerful desired state;
• Creating a workforce excitement to help drive the organization to the
desired state;
• Making employees feel that they are part of a resilient organization;
• Engaging every team member to contribute their best abilities;
• Innovating key processes that lead to the desired state;
• Organizing people and align resources.

23. What Employees Need to Feel Engaged
 Clear and concise goals and visions
 Goals come from values translated into concrete behaviours
needed for readiness for the challenges
 Clear link between the employee’s work and the company’s goals
 Employees see how their work ultimately contributes to the
success of the business
 Visible leadership
 Managers equipped with the skills needed to lead a team to
success

24. Enablers of Engagement
 Relationships with co-workers and managers
 Authentic leading - congruence between values and actions;
 Goals come from values translated into concrete desired
behaviours
 Trust and integrity
– how well managers “walk the talk” - belief in the senior
leadership team is essential for engagement.
– behaviour throughout the organisation is consistent with
stated values
 Developing and enabling of people to excel
 Line of sight between employee performance and
organizational performance how their work matters

25. Why does Culture Matter?
 Shortcomings in culture express the main barriers to success in
organizational resilience.
 Organizational learning, development and planned change
cannot be understood without considering culture as the primary
source of resistance to change.
 If leaders do not understand the cultures in which they are
embedded, those cultures will manage them.

26. Creating a Culture of Engagement
• Culture has to be shaped - and by those who live it
• Set annual, semi-annual, quarterly, and monthly goals
• Personal accountability with clear expectations motivating
employees to give their best.
• Hold weekly “All-Hands” / daily 15” “stand-up” review team
meetings
• Validation of employees – reminding them that they matter
and have a valued place in the organization.
• Inclusion provides employees with information and offers
them a chance to express thoughts and feelings.

27. How is Culture Shaped & Transmitted?
Culture is perpetuated and transmitted by:
 The leadership interaction, emphasis and values (bringing
distinction) of the organization;
 How leaders talk about the mission and values they
articulate;
 Performance and recognition systems, the organization's
design and structure;
 Its systems and procedures (how things get done); and,
 The criteria used for selection, placement and termination.

28. 28
“Take-Home-Value”
 Disruptive events are almost an inevitable consequence of operating in a complex
environment;
 Small business owners must prepare for the new normal.
 Business Continuity Management has evolved into the resilience process
 An ecosystem with resilience embedded at every layer of the organization is key
to being prepared to respond and staying ahead of any disruption.
 Inadequate testing, training, and plan maintenance will make your plan irrelevant
and unusable and will also fail to improve organizational resilience
 Business Resilience is not complete until you have established a Business
Resilience Culture
 The right corporate culture is the basis for your success.

29. A Reminder…
“5 minutes before the
party is not the time to
learn how to dance.”
Charlie Brown
What more can you do to build Business Resilience in your
company?

30. … questions