Operational Resilience

Operational Resilience
Operational Resilience


In today’s environment of rapid digital change, growing cyber concerns and outages impacting the financial sector, operational resilience continues to be top of mind for industry executives around the world.  It’s not just the firms within the industry that are focused on the topic. With the issuance of the Discussion Paper on Operational Resilience by regulators in the UK this summer and the recent issuance of a similarly themed paper by the Monetary Authority of Singapore, the regulators have sent a clear message that this will be an area of increased focus in the coming years.
Protiviti’s financial services industry subject matter experts developed a framework with which firms can approach and evaluate operational resilience. This framework provides a structure that can be leverage to help understand, prevent, and recover from extreme-but-plausible events that may impact critical business services provided by the organisation.


Providing smart, proactive solutions throughout a firm’s journey to operational resilience

  1. Identify Critical Business Services. Understand your business services and formalise those that are critical. Critical business services are those that have been identified through separate regulatory obligations, or that meet established criteria that demonstrates a broader economic importance beyond the firm.
  2. Establish Impact Tolerance. Establish agreed upon impact tolerances for critical business services. Extending beyond traditional recovery time objectives, impact tolerance represents the point at which the interruption has a broad impact and threatens the on-going viability of the service.
  3. Understand Economic Impact. Understand the effects an operational resilience event will have on the broader economy and financial sector. Create processes and procedures to minimise any negative impact.
  4. Implement Appropriate Governance. Establish proper governance functions and implement resilience programme based upon the needs of the organisation’s critical business services.
  5. Test & Improve. Test the extreme-but-plausible scenarios to better understand realistic recovery times vs established impact tolerance. Testing will indicate where investment in technology or processes is needed in order to stay within tolerances.
  6. Continue to Evolve Foundational Elements. Business resilience, cyber resilience, third party resilience, technology resilience - all foundational elements of your programme should continue to evolve and be supported by a ‘tone from the top’ focused on resiliency.

Since each financial institution is unique, we tailor operational resilience programmes to fit your organisational strengths and needs. Our dedicated professionals consider industry standards and leading practises as they work directly with your team to develop a custom solution that can accelerate your organisation’s assessment, implementation and sustainability of Operational Resilience, while gaining efficiencies throughout the process. 


Resilience Assessment

Assess the firm’s current practises with regards to operational resilience, including existing foundational elements of cyber resilience, business resilience, third party resilience and technology resilience.

Business Services Formalisation

Analyse existing business services to determine criticality, establish initial impact tolerance methodology, and create economic impact scenarios for business services defined as critical.

Resilience Programme Implementation

Design and implement a resilience programme leveraging Protiviti’s framework, with a focus on governance and alignment with foundational elements.

Maturing Foundational Elements

Address known deficiencies in foundational elements of operational resilience.

Resilience Scenario Testing

Challenge existing resilience practises through enterprise-wide scenario testing to simulate extreme-but-plausible scenarios impacting critical business services of the firm.


Access Our Blogs On Operational Resilience