What is Governance?
Embed operational resilience in the governance structure is essential.
This will start with the board of directors and senior management, who will actively oversee the organisation’s operational resilience framework concerning its strategy and risk appetite, which empowers them to make the correct investment and risk decisions.
Challenges at the Board Level
The challenge in implementing OR is that despite the COVID experiences, the board and most senior management are informed of the response after an event.
There is an urgent need to change these roles and responsibilities as the board and senior management. It must be re-aligned, which can challenge the appointed operational resilience lead.
Resilience in its complete form is seldom considered by the board and senior management during risk management review, especially in the metric and statement for risk appetite.
Strong Change Management
This top-down perspective is vital for organisations effectively communicating their OR objectives and fostering a robust risk management culture.
Operational resilience must be fully embedded into change management processes and procedures and implemented by executive management.
Review Adequacy of OR Governance
Does the organisation have appropriate arrangements in place in OR governance? Are they adequately embedded? These may include the following?
- Is the OR governance strategy effective and sustainable, and is this aligned with the business strategy?
- Is there sufficient oversight and monitoring of the OR risk appetite and investment decisions?
- Is there reporting on adequate and appropriate testing of its response to a disruptive event?
- Is the relevant and adequate management information (both quantitative and qualitative) flow through OR committees and to the Board?
- Is there a set of Key Risk Indicators (KRIs) linked to the drivers of OR and operational availability?
- Whether the organisation’s risk appetite statement gives recognition to operational disruption as a critical risk and quantifies the amount of disruption that could be tolerated in the event of an incident
- Is the risk appetite statement sufficiently clear?
- Does the risk appetite statement include metrics and limits, and are they subject to an annual review by the Board?
- Is there an aligned and integrated framework for OR management within the risk management framework?
- Are the roles and responsibilities adequately allocated for managing and OR reporting, particularly those between the organisation's first and second lines of defence?
How to Develop and Embed Governance?
The is to establish robust governance mechanisms to support the implementation of operational resilience. This involves:
Develop Governance Framework
- Develop a governance framework that outlines the organisation's roles, responsibilities, and accountability for operational resilience.
- Define the decision-making processes, escalation procedures, and reporting lines to ensure adequate oversight and coordination.
Implement Policies and Procedures
- Develop and implement comprehensive policies and procedures that guide operational resilience practices, incident response, and recovery processes.
- Ensure that these policies are aligned with regulatory requirements and industry best practices.
Conduct Training and Awareness
- Conduct training programs and awareness campaigns to educate employees about operational resilience, their roles and responsibilities, and the organization's policies and procedures.
- Foster a culture of resilience and proactive risk management across the organization.
Establish Monitoring and Reporting
- Establish monitoring mechanisms to track the effectiveness of operational resilience initiatives.
- Assess and report regularly on key performance indicators (KPIs) and metrics to senior management and the board of directors.
- Use these insights to identify areas for improvement and make informed decisions regarding resource allocation.
| |
Definition |
Explanation |
Definition |
|
| |
Operational Resilience Framework |
is to connect all the organisation's risk management and corporate governance activities |
|
|
| |
Governance |
refers to organisational structures and processes that are designed to ensure accountability, transparency, responsiveness, stability, empowerment, and broad-based participation |
|
|
| |
Risk Appetite |
is the amount and the type of risks an organization is willing to take in or absorb. This is the amount and type of risk an organisation will pursue or retain. |
|
|
| |
Change Management |
is a broad term used to define how an organization prepares and implements change. |
|
|
| |
|
|
|
|
"Plan" Phase of the OR Roadmap
| Assess Capability and Maturity |
Analyse Gap |
Develop Strategy and Roadmap |
Confirm Risk Appetite |
Develop and Embed Governance |
|
|
|
|
|
|
|
|
More Information About Blended Learning OR-5000 [BL-OR-5] or OR-300 [BL-OR-3]
To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.
|
|
|
|
|
|
|
|
|
|
If you have any questions, click to contact us.
|
|
|
|
|
|