Driving resilience from the Board down: How to convince your Board on the criticality of operational resilience

As a GRC professional, the task of ensuring operational resilience is almost certainly on your radar. (And if not, here’s why it should be.)
  
Around the globe, regulators are stressing the importance of operational resilience, especially for financial service companies. By integrating operational resilience, your organization conforms to what regulators expect, meeting standards like the FCA’s P21/3 Building Operational Resilience and APRA’s CPS 230 Operational Risk Management, and decreasing the likelihood of facing penalties and legal problems.
 
If you work in an industry that isn’t ‘resilience’ regulated yet, you can expect this to change in the near future. Industries facing high rates of transformation are particularly susceptible to disruption, which makes building resilience crucial.

Conveying the importance of this concept to the Board is a pivotal step in fortifying your organization against the myriad of disruptions it could potentially face.

Driving operational resilience should be on your agenda for 2024. Here are a few ways to articulate the significance of operational resilience to your Board.
 

The Board’s strategic role in operational resilience 

a. Accountability beyond compliance

Operational resilience is more than a regulatory checkbox. Emphasize the Board's ultimate accountability for overseeing operational risk management, including business continuity and service provider arrangements. Framing it as a strategic imperative rather than a mere regulatory requirement underscores its impact on the organization's long-term viability.
 

b. Safeguarding reputation and stakeholder trust

Operational disruptions can tarnish an organization's reputation and erode stakeholder trust. Stress the Board’s role in setting clear roles and responsibilities for senior managers, ensuring that every facet of operational risk management aligns with preserving the organization's integrity and standing in the market.
 

Communicating risk profile and taking decisive action

a. Informed decision-making through regular updates

Board members thrive on real-time information. Emphasize the need for regular updates on the organization’s operational risk and resilience profile. This practice ensures the Board is well-informed, enabling them to make strategic decisions based on a comprehensive understanding of potential risks and mitigations.
 

b. Proactive approaches to business continuity

Illustrate the Board’s role in approving Business Continuity Plans (BCP) and setting tolerance levels for disruptions. Stress that this proactive approach positions the organization to withstand disruptions seamlessly, mitigating financial and reputational damage that can result from unanticipated events.
 

Testing, refinement, and vendor management

a. Refining strategies through testing

Testing is not just a compliance exercise; it’s a pathway to refinement. Showcase how the Board’s review and execution of testing results contribute to an iterative process of enhancing operational resilience. This proactive stance ensures the organization is not just prepared on paper but battle-tested and ready for real-world challenges.
 

b. Extending resilience to service providers

In the interconnected business ecosystem, service providers are potential weak links. 

According to research from KPMG, nearly three in every four (73%) businesses had at least one major disruption that was directly attributable to third parties between the years 2019-2022. Four in 10 (38%) weathered three or more disruptions in that same period. And that number continues to climb.

Convey the Board’s pivotal role in approving service provider management policies and reviewing risk and performance reporting on these partners. This broadens the scope of operational resilience, ensuring a robust defence against disruptions across the entire supply chain.
 

A strategic imperative for long-term success

 
Regardless of the Board members or Senior Leadership members you have these discussions with, it’s important to note that operational resilience is not a standalone task; it's a strategic imperative for long-term success.
 
By fulfilling these responsibilities, the Board isn't just meeting compliance requirements but is actively steering the organization toward a future where it can thrive amidst uncertainties and bounce back stronger from challenges. Operational resilience, when championed from the top down, becomes a cornerstone of sustained success and growth.
 

Build a resilient organization with Ansarada GRC

Ansarada GRC delivers a world-first Operational Resilience solution with modules designed to help you ensure you are operating within acceptable impact tolerances.

Our platform covers risk management, control assessment, event tracking, contract management, policy compliance, regulatory scanning and more. It not only maps critical processes, but also enhances visibility into third-party resources, supply chains, digital assets, and cybersecurity.