Four ways risk leaders are making their risk management frameworks more resilient
A resilient company is one that not only survives, but also thrives, in the face of disruption. Our members have been benchmarking their approaches to building organisational resilience with one another. Here we highlight the key mechanisms they’re using to do this and to better integrate risk and resilience efforts.
Download now [Case Study]: Building organisational resilience
To fully manage risk in a resilient manner, you need to think about how to strengthen your organisation in the long term, not just deal with incidents and events as they arise.
Linking risk management with resilience in the minds of employees throughout the organisation can help make the business more robust and able to deal with future events and risk-related incidents.
Based on candid discussions between risk leaders during member meetings as well as during more bespoke network assistance opportunities, members are taking advantage of our extensive and growing pool of peer-contributed knowledge to help improve their own risk and resilience frameworks.
According to our members’ tried-and-tested approaches across global organisations, there are four main business elements to focus on to make risk management more resilient:
1) Critical assets
How can you “build back differently” – rather than simply “build back” – when a risk event impacts an asset? This should involve a review of how to protect and maintain your organisational outputs, but also how to enhance them. Are there any areas in which the organisation could take on more risk, for example?
2) Critical staff
In addition to identifying risk leaders and champions throughout the organisation, it is important to cross-train staff so that they can handle critical duties in the event of an incident.
Several members have shared in member meetings that they find having all employees join debriefs after an event is also helpful, as is creating a record of:
- crisis training opportunities (and who has completed such training)
- crisis roles held and by who (now and in the past)
- crisis and incident management experiences that different individuals and teams have in different parts of the business
Should an event occur, having this information to hand and the knowledge-sharing it brings could help identify all of the people that can help to manage the response.
3) Critical processes and systems
Flexibility is key here, as is forward planning – Agile work methods have helped many risk functions improve in this area. Think about the changes to processes and systems that you might need during a risk-related event and make sure your systems can handle such changes, if you need them to. For example, can you pay a supplier faster to secure a piece of equipment needed to fix a system failure during a risk event?
(Check out our latest Q&A blog on defining third-party risk management for your organisation.).
4) Critical support networks
When involving employees in incident response plans, don’t forget about other members of your organisational network, such as contractors or suppliers; the former may need to be cross-trained alongside your company employees. You should also connect with your suppliers to review contracts and ensure security of supply during incidents or risk events: for instance, are your contracts watertight enough to ensure your supplier has the reserves specifically delegated to your organisation, and that they are truly available whenever you may call upon them?
Linking resilience with risk management in the minds of your colleagues across the organisation can go a long way towards boosting the robustness of your business.
It is important to remember, however, that this is a continuous process - resilience should be reviewed and revised on an ongoing basis as your business and the market environment changes. This will involve assessing your critical organisational elements and the risks associated with them, as well as doing effective horizon scanning so your organisation is as clued up as possible on what potential threats might impact it.
All members can access our Resilience Better Practice Guidance which includes Intelligence articles, templates and tools to help you build and improve a resilience framework that covers areas such as:
- How to test and measure organisational resilience
- How to maximise business continuity and assurance plans
- How to make the head of risk a true leader within an organisation
To access these resilience materials and other Better Practice Guidance we have for other key risk areas, become a Risk Leadership Network member. Learn more about membership here.