Operational resilience is critical for today’s modern business. Establishing operational resilience will ensure you can continue to provide business services in the face of any adverse operational event—such as fire, pandemic, weather, and cybercrime—and do so in compliance with shifting regulatory obligations. The Bank of England in conjunction with the PRA and FCA recently released new policies to protect customers of financial organisations and to assure financial market stability. They have imposed an aggressive timeline to implement policy requirements leaving businesses needing to act very quickly to meet the March 2021 deadline. One of the most effective ways to achieve operational resiliency is to partner with an experienced expert third party, like KA2. Through our partnership with ServiceNow, a leader in digital workflows for enterprise operations, we’re able to deliver ServiceNow’s best-in-class Integrated Risk Management (IRM) suite of applications that help you manage risk and resilience in real time.
However, there’s a bit of homework to be done first. Before building an operational Risk framework with KA2 and ServiceNow, your organisation should first conduct an initial discovery exercise, we have highlighted five key elements:
- Business readiness: Your business case for Resiliency and Risk frameworks should focus on improving risk visibility, aligning your efforts to organisational priorities, and delivering forward-thinking insights so you and your team can act quickly and decisively in the face of an adverse event. Leadership must also bring understanding, ownership, and accountability to the resiliency journey. Ask: Is my organisation engaged with this goal? Are they supportive of it?
- Outcome alignment: Effective Resiliency and Risk frameworks are built on a foundation of clear outcomes that are understood and desired by all stakeholders. This includes not just the operational outcomes, but also the milestones and activities along the journey, as well as the outcomes that align with other business objectives, such as structures, workflows, and policies.
- Data audit: Catalogue the data you have, where it “lives”, and how it’s currently protected. This audit should also include your processes, people, and technology—including vendor relationships and third-party platforms. Ultimately, effective Resiliency and Risk frameworks will integrate data collection, improve data sharing, and better protect data from breaches.
- Define toolsets: As you audit your data, identify toolset gaps and needs. What technology do you have today? What is needed to deliver the intended outcomes? This might mean investing in an entirely new toolset, such as ServiceNow for tracking and visualising risk in real time, or it might mean sunsetting legacy tools and migrating to the cloud for improved automation.
- Understand investment: A key element of your initial discovery exercise is to determine what it will cost to deliver your intended outcomes. A good place to start is to define a clear business case for investment and connect your operational resiliency outcomes to business goals—following a cost versus performance approach to measure against the need to meet your defined outcomes. Remember, effective Resiliency and Risk frameworks will reduce overall costs through enhanced automation, limit penalties from compliance violations, and provide better protection against damaging cyberattacks.
Investing in risk and operational resiliency will help your organisation improve transparency and accountability, respond to changing regulatory requirements, enhance vendor relationships, reduce risk, and gain efficiencies—all of which support secure business growth. Please get in touch with us to learn more about the KA2 structured approach to achieving operational resilience.