Driving resilience from the Board down: How to convince your Board on the criticality of operational resilience
Driving operational resilience should be on your agenda for 2024. Here are a few ways to articulate the significance of operational resilience to your Board.
By AnsaradaTue Dec 19 2023CEO-CFO, Security and risk management, Governance Risk and Compliance, Board
Around the globe, regulators are stressing the importance of operational resilience, especially for financial service companies. By integrating operational resilience, your organization conforms to what regulators expect, meeting standards like the FCA’s P21/3 Building Operational Resilience and APRA’s CPS 230 Operational Risk Management, and decreasing the likelihood of facing penalties and legal problems.
If you work in an industry that isn’t ‘resilience’ regulated yet, you can expect this to change in the near future. Industries facing high rates of transformation are particularly susceptible to disruption, which makes building resilience crucial.
Conveying the importance of this concept to the Board is a pivotal step in fortifying your organization against the myriad of disruptions it could potentially face.
Driving operational resilience should be on your agenda for 2024. Here are a few ways to articulate the significance of operational resilience to your Board.
The Board’s strategic role in operational resilience
a. Accountability beyond compliance
b. Safeguarding reputation and stakeholder trust
Operational disruptions can tarnish an organization's reputation and erode stakeholder trust. Stress the Board’s role in setting clear roles and responsibilities for senior managers, ensuring that every facet of operational risk management aligns with preserving the organization's integrity and standing in the market.Communicating risk profile and taking decisive action
a. Informed decision-making through regular updates
b. Proactive approaches to business continuity
Illustrate the Board’s role in approving Business Continuity Plans (BCP) and setting tolerance levels for disruptions. Stress that this proactive approach positions the organization to withstand disruptions seamlessly, mitigating financial and reputational damage that can result from unanticipated events.Testing, refinement, and vendor management
a. Refining strategies through testing
b. Extending resilience to service providers
In the interconnected business ecosystem, service providers are potential weak links.According to research from KPMG, nearly three in every four (73%) businesses had at least one major disruption that was directly attributable to third parties between the years 2019-2022. Four in 10 (38%) weathered three or more disruptions in that same period. And that number continues to climb.
Convey the Board’s pivotal role in approving service provider management policies and reviewing risk and performance reporting on these partners. This broadens the scope of operational resilience, ensuring a robust defence against disruptions across the entire supply chain.
A strategic imperative for long-term success
Regardless of the Board members or Senior Leadership members you have these discussions with, it’s important to note that operational resilience is not a standalone task; it's a strategic imperative for long-term success.
By fulfilling these responsibilities, the Board isn't just meeting compliance requirements but is actively steering the organization toward a future where it can thrive amidst uncertainties and bounce back stronger from challenges. Operational resilience, when championed from the top down, becomes a cornerstone of sustained success and growth.
Build a resilient organization with Ansarada GRC
Ansarada GRC delivers a world-first Operational Resilience solution with modules designed to help you ensure you are operating within acceptable impact tolerances.
Our platform covers risk management, control assessment, event tracking, contract management, policy compliance, regulatory scanning and more. It not only maps critical processes, but also enhances visibility into third-party resources, supply chains, digital assets, and cybersecurity.