Operational Resilience Series
BGBann_Playbook_Crisis Management

[OR] [P1-S5] Develop and Embed Governance in Operational Resilience?

The need to embed operational resilience in the governance structure is essential.  Thinks of governance is the setup of organisational structures and processes designed to ensure accountability, transparency, responsiveness, stability, empowerment, and broad-based participation in oversight and execution of operational resilience. 

The Board and senior management must actively oversee the organisation’s operational resilience framework concerning its strategy and risk appetite, which empowers them to make the correct investment and risk decisions.

This blog [OR-P1-S5] elaborates on the content for Stage 5 of the "PLAN" phase or P1 of the OR Planning Methodology.  

Course Participants: This blog is a pre-reading for the Operational Resilience Expert Implementer course participants.

Certification Application: The "How To" section is designed to assist successful participants in completing their Certification Application Form or CAF.

Moh Heng Goh
Operational Resilience Certified Planner-Specialist-Expert

OR PM Develop and Embed GovernanceOR PM Plan Embarking the Operational Resilience JourneyWhat is Governance?

OR Governance BCMPediaEmbed operational resilience in the governance structure is essential. 

This will start with the board of directors and senior management, who will actively oversee the organisation’s operational resilience framework concerning its strategy and risk appetite, which empowers them to make the correct investment and risk decisions.

Challenges at the Board Level

The challenge in implementing OR is that despite the COVID experiences, the board and most senior management are informed of the response after an event. 

There is an urgent need to change these roles and responsibilities as the board and senior management.  It must be re-aligned, which can challenge the appointed operational resilience lead.

Resilience in its complete form is seldom considered by the board and senior management during risk management review, especially in the metric and statement for risk appetite.

Strong Change Management

This top-down perspective is vital for organisations effectively communicating their OR objectives and fostering a robust risk management culture.  

Operational resilience must be fully embedded into change management processes and procedures and implemented by executive management.

Review Adequacy of OR Governance

Does the organisation have appropriate arrangements in place in OR governance?  Are they adequately embedded? These may include the following?

  • Is the OR governance strategy effective and sustainable, and is this aligned with the business strategy?
  • Is there sufficient oversight and monitoring of the OR risk appetite and investment decisions?
  • Is there reporting on adequate and appropriate testing of its response to a disruptive event?
  • Is the relevant and adequate management information (both quantitative and qualitative) flow through OR committees and to the Board?
  • Is there a set of Key Risk Indicators (KRIs)  linked to the drivers of OR and operational availability?
  • Whether the organisation’s risk appetite statement gives recognition to operational disruption as a critical risk and quantifies the amount of disruption that could be tolerated in the event of an incident
  • Is the risk appetite statement sufficiently clear?
  • Does the risk appetite statement include metrics and limits, and are they subject to an annual review by the Board?
  • Is there an aligned and integrated framework for OR  management within the risk management framework?
  • Are the roles and responsibilities adequately allocated for managing and OR reporting, particularly those between the organisation's first and second lines of defence?

How to Develop and Embed Governance?

The is to establish robust governance mechanisms to support the implementation of operational resilience. This involves:

Develop Governance Framework
  • Develop a governance framework that outlines the organisation's roles, responsibilities, and accountability for operational resilience.
  • Define the decision-making processes, escalation procedures, and reporting lines to ensure adequate oversight and coordination.
Implement Policies and Procedures
  • Develop and implement comprehensive policies and procedures that guide operational resilience practices, incident response, and recovery processes.
  • Ensure that these policies are aligned with regulatory requirements and industry best practices.
Conduct Training and Awareness
  • Conduct training programs and awareness campaigns to educate employees about operational resilience, their roles and responsibilities, and the organization's policies and procedures.
  • Foster a culture of resilience and proactive risk management across the organization.
Establish Monitoring and Reporting
  • Establish monitoring mechanisms to track the effectiveness of operational resilience initiatives.
  • Assess and report regularly on key performance indicators (KPIs) and metrics to senior management and the board of directors.
  • Use these insights to identify areas for improvement and make informed decisions regarding resource allocation.

  Definition Explanation Definition  
  Operational Resilience Framework is to connect all the organisation's risk management and corporate governance activities OR Operational Resilience Framework  
  Governance refers to organisational structures and processes that are designed to ensure accountability, transparency, responsiveness, stability, empowerment, and broad-based participation OR Governance BCMPedia  
  Risk Appetite is the amount and the type of risks an organization is willing to take in or absorb. This is the amount and type of risk an organisation will pursue or retain. New call-to-action  
  Change Management is a broad term used to define how an organization prepares and implements change.  OR Change Management BCMPedia  
         
"Plan" Phase of the OR Roadmap
Assess Capability and Maturity Analyse Gap Develop Strategy and Roadmap Confirm Risk Appetite Develop and Embed Governance  
OR PM Plan Assess Capability and Maturity OR PM Plan Analyse Gap New call-to-action New call-to-action OR PM Develop and Embed Governance  

 

More Information About Blended Learning OR-5000 [BL-OR-5] or OR-300 [BL-OR-3]


To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.

BL-OR-3 Register Now BL-OR-3_Tell Me More BL-OR-3_View Schedule
BL-OR-5_Register Now BL-OR-5_Tell Me More  [BL-OR] [3-4-5] View Schedule
[BL-OR] [3] FAQ OR-300

If you have any questions, click to contact us.Email to Sales Team [BCM Institute]

FAQ BL-OR-5 OR-5000
[BL-OR] [3] What is BL-OR-3 Course?

New call-to-action

[BL-OR] [3-4-5] What is BL-OR-5 Course?

Comments

 

More Posts

New Call-to-action