Operational Resilience

[OR] [P1-S5] Develop and Embed Governance in Operational Resilience?

Written by Moh Heng Goh | Mar 28, 2023 3:57:41 PM

What is Governance?

Embedding operational resilience in the governance structure is essential. 

This will start with the board of directors and senior management, who will actively oversee the organisation’s operational resilience framework concerning its strategy and risk appetite, which empowers them to make the correct investment and risk decisions.

Challenges at the Board Level

The challenge in implementing OR is that, despite the COVID-19 experiences, the board and most senior management are often informed of the response after an event. 

There is an urgent need to reassess and revise the roles and responsibilities of the board and senior management.  It must be realigned, which can pose a challenge to the appointed operational resilience lead.

Resilience in its complete form is seldom considered by the board and senior management during risk management reviews, especially in metrics and statements related to risk appetite.

Strong Change Management

This top-down perspective is vital for organisations to effectively communicate their OR objectives and foster a robust risk management culture.  

Operational resilience must be fully embedded into change management processes and procedures and implemented by executive management.

Review Adequacy of OR Governance

Does the organisation have appropriate arrangements in place in OR governance?  Are they adequately embedded? These may include the following?

  • Is the OR governance strategy effective and sustainable, and is this aligned with the business strategy?
  • Is there sufficient oversight and monitoring of the OR risk appetite and investment decisions?
  • Is there reporting on the adequacy and appropriateness of its response to a disruptive event?
  • Is the relevant and adequate management information (both quantitative and qualitative) flowing through OR committees and to the Board?
  • Is there a set of Key Risk Indicators (KRIs)  linked to the drivers of OR and operational availability?
  • Whether the organisation’s risk appetite statement gives recognition to operational disruption as a critical risk and quantifies the amount of disruption that could be tolerated in the event of an incident
  • Is the risk appetite statement sufficiently clear?
  • Does the risk appetite statement include metrics and limits, and are they subject to an annual review by the Board?
  • Is there an aligned and integrated framework for OR  management within the risk management framework?
  • Are the roles and responsibilities adequately allocated for managing and OR reporting, particularly those between the organisation's first and second lines of defence?

How to Develop and Embed Governance?

The is to establish robust governance mechanisms to support the implementation of operational resilience. This involves:

Develop Governance Framework
  • Develop a governance framework that outlines the organisation's roles, responsibilities, and accountability for operational resilience.
  • Define the decision-making processes, escalation procedures, and reporting lines to ensure adequate oversight and coordination.
Implement Policies and Procedures
  • Develop and implement comprehensive policies and procedures that guide operational resilience practices, incident response, and recovery processes.
  • Ensure that these policies are aligned with regulatory requirements and industry best practices.
Conduct Training and Awareness
  • Conduct training programs and awareness campaigns to educate employees about operational resilience, their roles and responsibilities, and the organisation's policies and procedures.
  • Foster a culture of resilience and proactive risk management across the organisation.
Establish Monitoring and Reporting
  • Establish monitoring mechanisms to track the effectiveness of operational resilience initiatives.
  • Assess and report regularly on key performance indicators (KPIs) and metrics to senior management and the board of directors.
  • Utilise these insights to pinpoint areas for improvement and make informed decisions about resource allocation.

  Definition Explanation Definition  
  Operational Resilience Framework is to connect all the organisation's risk management and corporate governance activities  
  Governance refers to organisational structures and processes that are designed to ensure accountability, transparency, responsiveness, stability, empowerment, and broad-based participation  
  Risk Appetite is the amount and the type of risks an organisation is willing to take or absorb. This is the amount and type of risk an organisation will pursue or retain.  
  Change Management It is a broad term used to define how an organisation prepares and implements change.    
         
"Plan" Phase of the OR Roadmap
Assess Capability and Maturity Analyse Gap Develop Strategy and Roadmap Confirm Risk Appetite Develop and Embed Governance  
 

 

More Information About Blended Learning OR-5000 [BL-OR-5] or OR-300 [BL-OR-3]


To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.

If you have any questions, click to contact us.