What is Self-Assessment?
A key feature of managing operational resilience is the responsibility of the business service owner to produce an annual Self-Assessment report.
The organisation must submit the Self-Assessment document to demonstrate its resilience and compliance with the regulations.
The content of the Self-Assessment document should be made available to the regulators when required. The self-assessment should focus on the following:
- Ongoing evaluation of the methodology for identifying business services
- Review the approach to prioritizing critical business services.
- Ongoing evaluation of impact tolerances
- Review the organisation’s approach to mapping critical business services.
- Ongoing evaluation of testing scenarios
- Business as usual governance of operational resilience
- Implementation of resilience procedures and ongoing review of procedures (including RACI)
- Training delivered to impacted people and teams in line with newly embedded resilience procedures and any future changes
- Investment and remediation to close out vulnerabilities identified that threaten the organisation’s ability to deliver its critical business services.
How to Provide Self-Assessment?
This stage focuses on self-assessment as part of the "Sustain" phase in operational resilience planning. It emphasizes the importance of regularly monitoring and evaluating your organisation's resilience posture to ensure its effectiveness.
Prepare Self-Assessment
- Define Scope & Objectives.
- Establish what you want to assess (e.g., program effectiveness, specific risks) and tailor the scope accordingly.
- Determine objectives (e.g., compliance, improvement).
- Identify Assessment Criteria.
- Choose relevant criteria aligned with your chosen framework (e.g., BCM Institute OR framework) and consider internal policies, regulations, and industry best practices.
- Choose relevant criteria aligned with your chosen framework (e.g., BCM Institute OR framework) and consider internal policies, regulations, and industry best practices.
- Assemble Assessment Team.
- Select appropriate individuals based on expertise and roles (e.g., risk, operations, IT).
- Include independent assessors if needed.
- Gather Data & Evidence.
- Collect documentation, reports, test results, and other relevant data to support your evaluation.
Perform Assessment
- Review Documentation.
- Evaluate policies, procedures, plans, and training materials against established criteria.
- Identify gaps and inconsistencies.
- Conduct Interviews & Surveys.
- Gather insights from staff at various levels to understand program awareness, training effectiveness, and operational experience.
- Gather insights from staff at various levels to understand program awareness, training effectiveness, and operational experience.
- Analyse & Discuss Findings.
- Discuss data and observations within the assessment team, identifying strengths, weaknesses, and areas for improvement.
- Discuss data and observations within the assessment team, identifying strengths, weaknesses, and areas for improvement.
- Rate Performance.
- Use a defined scoring system (e.g., maturity levels) to assess each criterion and establish an overall program performance rating.
Conduct Reporting & Action Planning
- Develop Self-Assessment Report.
- Document findings, including strengths, weaknesses, risks, and opportunities for improvement.
- Recommend clear and actionable steps for each issue.
- Present Report to Management.
- Communicate key findings, recommendations, and proposed actions to senior management, seeking their approval.
- Communicate key findings, recommendations, and proposed actions to senior management, seeking their approval.
- Develop Action Plan.
- Create a detailed plan with specific activities, timelines, and responsible parties to address identified issues.
- Monitor progress and update the plan as needed.
Additional Explanatory Note
"Sustain" Phase of the OR Roadmap
Introduce Culture Change | Develop Communication Strategy | Implement Training and Awareness | Provide Self-assessment | Conduct Independent Quality Review | |
More Information About Operational Resilience OR-5000 [BL-OR-5] or OR-300 [BL-OR-3] Course
To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.