Exploring the link between organisational resilience and crisis management
In a world increasingly dominated by interest in the headline-obsessed short news cycle, fashion trends and the minutiae of celebrities’ lives, core values that underpin the strength of our communities are sometimes overlooked, or even mocked as a relic of ‘history’. One such value is ‘personal resilience’, the character, grit and determination that people demonstrate every day in achieving their personal goals and in making the world a better place for those around them. It is this ‘personal resilience’, which to a large degree defines the Australian character and is rooted in its difficult early history, that has enabled the transformation of an unyielding land into a rich, productive, and proud country that has survived the exigencies of war, pandemic disease, dislocation and distance, and countless natural disasters. It is central to the egalitarian spirit of Australians, and their unsentimental but optimistic attitude to the sometimes significant challenges that life presents. This is as true as much today in 2009 as it was in 1909. Tragic and momentous events in the nation’s history have brought out some of the best human qualities including personal resilience, ingenuity, selflessness, courage, compassion and practicality. This decade, terror attacks in Bali and Jakarta, home-grown terror threats in Australia, increasing bouts of anti-corporate civil protest, unprecedented drought, and the yearly threat of major bushfire and other extreme weather events have increasingly thrown Australians back upon those so-called ‘old fashioned’ personal qualities that define character and help build communities that can survive shocks and disaster. However, there are significant differences between threats prevalent in 2009 and 1909. The nation’s critical infrastructure, in utilities, telecommunications, energy, financial services, food production & distribution, and health & community services, are far more complex and interlinked than before. They are also heavily dependent on technologies that did not exist a century ago. These days, organisational survival is counted in minutes and days, not weeks and months. Companies that cannot restore material services in short order risk losing substantial market share and possibly face losing their licence to operate, incurring hefty fines and claims for compensation. Organisations that suffer disasters resulting in injuries to their staff face severe public opprobrium if they fail to manage human needs effectively. Corporate threats are increasing. Between 1994 and 2003, 50 percent of the largest global companies suffered declines in share price value of more than 20 percent in a single one-month period. Up to half of this group took two years or more to recover to the share price level before the drop occurred. A disproportionate number of these value loss events occurred around ‘low-frequency, high-impact’ events such as September 11.(Ref: Deloitte Touche Tohmatsu, ‘Disarming the Value Killers’, 2005) That is why the term ‘resilience’ is coming into prominence within the management boards of public and private enterprises alike all across Australia. The country’s corporate and community leaders increasingly understand the relevance of a concept that encompasses both the technological and systemic, as well as the human and cultural factors, that help organisations and communities thrive in an era of uncertainty, ever-increasing change, competitive pressures, and exogenous threats. It is no longer acceptable that responses to corporate threats are treated in a piecemeal, ‘siloed’ way. Front-line managers cannot assume that ‘information technology is someone else’s responsibility’, unaware of the recovery capabilities in place for their key systems. IT disaster recovery managers and business continuity teams both need to know and understand what the other is doing. Organisations are not abandoning the traditional risk management disciplines of IT service continuity and business continuity management. These disciplines are still relevant and vital. Rather, they seek ways that focus on ‘hardening’ the organisation against risks, so that their organisations are less crisis-prone, or such that the negative effects of disruptions are mitigated by an inbuilt infrastructure resilience, redundant systems, and well-trained staff. Risk-intelligent executives place as much emphasis on identifying and mitigating significant corporate risks through a continual process of risk assessment, risk transfer and mitigation before an event occurs, as on plans that help them restore critical activities afterwards. These executives do not expect to find a ‘silver bullet’ to organisational resilience. Rather, they understand that resilience is developed as a result of making targeted investments in capability. Crisis events are managed first and foremost by people, supported by systems, processes, and technology, in that order. Organisations should focus on a resilience framework that maximises organisational capacity in the key areas of: • people and culture, supporting a coherent and coordinated human response during periods of stress and incomplete information; By enhancing their resilience to threats, organisations can raise the threshold beyond which a problem triggers a crisis threatening their very survival. An organisation with high ‘resilience maturity’ exhibits a higher crisis threshold trigger point than other organisations. Mitigating foreseeable risks need not be expensive or difficult. A simple plan to store critical IT data back-ups off site on a regular basis may be the simple precaution that saves a business when disaster strikes the head office or the data centre. Sometimes more complex strategies are needed, but this is not the starting point. It is important for management to assess their ‘current’ and ‘desired’ state of organisational resilience before embarking on any resilience-building activities. All efforts must be tailored to the actual risk profile and environmental threats faced by the organisation – there is no ‘one-size-fits-all’ for corporate investment of limited time, money and human resources in resilience planning. Significantly, organisations increasingly understand the human dimension of resilience. Crisis events put staff under unprecedented levels of stress that, despite increased automation and powerful decision-support systems, create the risk that people will make the wrong decisions under pressure, potentially exacerbating negative human and financial impacts. Plans that are untested are unproven – and since it is people that are fundamental to the execution of all plans, it is vital that staff at all levels be given regular opportunity to participate in exercises that simulate corporate business disruptions and crisis events, to identify and iron out deficiencies in paper-based plans, and to develop a ‘crisis ready’ mentality. Author: Alex Serrano is a Sydney-based business continuity management specialist in the Risk Services practice of Deloitte Touche Tohmatsu. He provides audit and advisory services to corporate and government sector clients in organisational resilience, business continuity, crisis management, and IT service continuity. This article was first published in Continuity Forum News. For more details visit http://www.continuity.net.au/
•Date: 23rd January 2009• Region: Australia/World •Type: Article •Topic: BC general |
SPONSOR: Business Continuity from Backup Technology
Copyright 2010 Portal Publishing Ltd • Privacy policy • Contact us • Site map • Navigation help