Operational Resilience

Operational Resilience
Operational Resilience

Body

What is Operational Resilience?

Operational resilience is an organization’s ability to detect, prevent, respond to, recover and learn from operational disruptions that may impact delivery of important business and economic functions or underlying business services. 

The key components of operational resilience - which include defining and understanding important business services and impact tolerance, as well as completing end-to-end mapping, scenario testing, and regular self-assessments - are essential guideposts on the road to resiliency.

Why is it important?

Resilience is ingrained in our vocabulary, especially in today’s challenging business landscape. In its simplest form, resilience can be defined as the ability to recover from setbacks. Unlike risk, which has a probabilistic component and creates significant uncertainty, operational resilience must be contemplated as an inevitability.

Systems will fail, cyber-attacks will be successful, and pandemics will occur. Having a firm understanding of how to minimize the impact of a disruption to your external stakeholders and the broader economy, knowing where your organization’s vulnerabilities lie, and developing your foundational elements  (e.g., cyber, business, third-party, and technology resilience) will help your organization recover more quickly and minimize customer harm.

What is the connection between operational resilience and business continuity management? 

Business Continuity Management (BCM) is the design, development, implementation and maintenance of strategies, teams, plans and actions that provide protection over, or alternative modes of operation for, those activities or business processes which, if they were to be interrupted, might bring about seriously damaging or potentially significant loss to an enterprise.

All sectors and sizes of companies can benefit from a BCM program. An operational resilience program can enhance and extend traditional BCM practices and concepts by incorporating various approaches such as testing extreme-but-plausible scenarios, front-to-back process mapping and aligning all aspects of cyber, third-party and technology resilience, as illustrated in Protiviti’s Operational Resilience framework.

Assessing Your Organization’s Resilience

Protiviti’s experts will partner with your organization to enhance its operational resilience. Our process involves:

  • Identifying Important Business Services. We will help you understand and identify your important business services and processes. Business services are defined as “important” if their disruption poses a risk to an institution’s safety and soundness or financial stability.   
  • Establishing Front-to-Back Mapping of Business Services. Our team will build upon existing practices to establish and maintain comprehensive mapping of your important processes, applications, third parties, and other components that contribute to delivery of business services.   
  • Understanding and Establishing Impact Tolerance. Our experts will help your organization establish impact tolerances for its important business services. Extending beyond traditional recovery time, impact tolerance represents the point at which an interruption (or resilience event) threatens the viability of business services.
  • Implementing Appropriate Governance. We will work with you to implement proper governance functions and a resilience program based upon the needs of your organization’s business services.   
  • Testing and Improving. Our experts will assist your team through testing the “extreme but plausible” scenarios to better understand realistic recovery times versus established impact tolerance. 
  • Continuing to Evolve Foundational Elements. We will continue to improve your business, cyber, third-party and technology resilience — foundational elements of a solid operational resilience program.
  • Conducting Self-Assessment. Our team will review all aspects of your resilience program and identify areas for improvement. This process will include support for self-assessments of your operational resilience program and documenting your methodologies on identifying important business services and establishing impact tolerances. Testing strategy and outcome and planned improvements would also be part of the self-assessment.

The Operational Resilience Framework

 

Download Brochure

The Evolving Role of the Head of Resilience

Evolving role of the Head of Resilience

 

Download Brochure


SIFMA Premium Associate Member

As one of only 11 Premium Associate Members, Protiviti actively engages with SIFMA committees and working groups, share insights and expertise on crucial industry developments, speak at conferences and events, and contribute to SIFMA’s advocacy efforts for effective and resilient capital markets.

 

Learn More