18 December 2020
By Lewis Martin – firstname.lastname@example.org
This year has seen a renewed focus on the threat of business disruption and the importance of operational resiliency. However, disruptions come in many forms, from service outages and supply chain disruptions to natural disasters, cyberattacks and even geopolitical conflicts or trade wars. Businesses are at the mercy of these external forces, each of which could result in significant financial, reputational or legal losses. It’s more important than ever for today’s modern organisations to build resiliency into your operations to navigate these periods of uncertainty.
Building operational resilience into your business relies upon your technology and processes, your ability to provide resilient services, and an adaptable workforce that can handle change at pace. This must all happen concurrently as you continue to serve your customers and protect your workforce. Not surprisingly, digitally advanced organisations tend to have stronger operational resiliency capabilities, while also gaining the benefit of tangible value. According to one study, companies with operational resiliency outperform peers by 30% during periods of crisis.
With risk management and resilience now at the top of the C-Suite priority list, technology leaders are well positioned to play a crucial role in strengthening their organisation’s operational resilience. By focussing on technology that provides the greatest benefit and consolidating risk across the organisation, technology leaders can help usher in an effective operational risk strategy. Any efforts here must also be ingrained into the culture and need to be considered when designing and implementing other aspects of your infrastructure. In this post, I share three considerations to keep in mind on your journey toward a more resilient operation.
Plan Early, Plan Often
The pandemic reminds us all to be prepared for the unexpected. Few companies were ready for the impact of it. However, those with a current and effective contingency plan in place were able to quickly put it into action. These organisations rapidly adopted remote work practices, powered more self-service options and boosted network capacity. While other companies did indeed have contingency plans, often these were outdated and therefore couldn’t provide full business continuity amidst the pandemic.
Our first consideration is all about planning. Invest time to think strategically about what your organisation depends on to serve your customers and your workforce and deliver services. And, just as importantly, think about what could possibly go wrong with these dependencies. This should include people, processes and technology – and how they all work together.
I mentioned the role of culture above. What general traits were common to the organisations that were more prepared than others? The consulting firm McKinsey suggests that incumbents who are “winning the digital transformation battle” shared a few key attributes, including: digital speed and resources, a readiness to reinvent, an all-in commitment from leaders, data-driven decisions and a focus on the customer.
If this doesn’t describe the culture of your organisation, don’t worry. There are tools available to help you get there. This is why we’re especially delighted about our partnership with ServiceNow, a leader in digital workflows for enterprise operations. ServiceNow’s Business Continuity Management (BCM) solution enables business and technology leaders to plan, exercise and effectively recover from business disruptions. With the BCM solution, you can follow a structured process to prioritise critical business functions, map dependencies, develop crisis response plans and quickly recover when bad things happen – all from a single platform.
Cloud is Critical
Another consideration for building operational resiliency into your business is the cloud. Organisations that invest in cloud-based technologies and services, like those from ServiceNow, are able to scale faster and further, while limiting interruptions.
You likely already use cloud-based services to some degree. The 2020 IDG Cloud Computing Survey finds that more than 80% of enterprises have at least one application or segment of computing infrastructure in the cloud today, and nearly a third of IT budgets are expected to be dedicated to the cloud next year. According to the same IDG survey, many businesses will prioritise cloud services for three application areas: disaster recovery, identity management and content delivery. (The most common obstacle reported with the cloud is data privacy and security challenges.)
Yet what about a cloud-based risk management infrastructure? By building such an infrastructure (one that is similar to or supported by ServiceNow), you can transform inefficient processes across your organisation into a single, integrated risk programme that grows with your firm as your needs change.
For example, ServiceNow’s Governance, Risk, and Compliance (GRC) solution helps transform inefficient processes across your extended enterprise into an integrated risk programme. It includes platform capabilities that simplify cross-functional integration, communication and processes with a common repository for all systems, people and applications.
According to a study, global corporate directors and C-suite executives rated the “impact of regulatory change and scrutiny on operational resilience, products and services” as their topmost concern this year. ServiceNow’s GRC solution will automate best practice lifecycles, unify compliance processes and provide assurances around their effectiveness. It also includes audit management to scope and prioritise audit engagements as well as vendor risk management to institute a standardised and transparent process for risk assessment and risk response with business partners and vendors.
There are myriad benefits of the GRC solution. Your organisation will be better prepared to:
Automation Drives Agility and Resilience
That brings us to our third consideration in building operational resiliency: automation. Companies that leverage self-service, machine learning and workflow automation across the organisation are better positioned to resolve common tasks quickly and effectively and keep daily tasks running seamlessly.
Today’s modern organisations are turning to service management to automate risk, controls, processes and assurance structure. ServiceNow GRC is a prime example. It provides a cloud-based and centralised platform for compliance and audits. It also integrates seamlessly with ServiceNow’s Configuration Management Database (CMDB) and vendor risk management to provide a comprehensive and integrated view of services and users. One result is quicker and more effective decision-making, a key aspect of building a more resilient organisation.
The GRC solution also automates risk assessment by identifying and managing risks in a single register. Self-assessments can be scheduled to collect information about existing and emerging risks, and the accuracy of controls. This allows you to accurately gauge your risk exposure in real time. Further, it creates a consistent process for automatically creating and responding to issues, reducing remediation time from weeks to only minutes.
I think we’re all looking forward to turning the last calendar page on 2020. Why not start 2021 with a bang and make it the year your technology team leads the charge to strengthen operational resilience at your organisation. We’ve seen the outcome of one disaster, and we can help you prepare for the next one, while taking into account people, processes and technology. As a leading ServiceNow Partner, we’re uniquely qualified to deliver market-leading service management solutions to your organisation.
KA2’s ServiceNow GRC offering provides an accelerated 60-day outcomes-focused delivery. It’s underpinned by our security-led KA2 Smarter Framework—a proven delivery methodology to ensure defined outcomes are met at pace and within budgetary spend. Overall, our approach and tooling are strategically designed to accelerate project delivery, while ensuring that all internal and external control, audit and information security points are met and exceeded.
Please get in touch today to arrange an initial chat.