Achieve operational resilience through EJINSIGHT risk management


Gartner defines operational resilience as “initiatives that extend business continuity management programs to focus on the impacts, risk appetite, and tolerance levels associated with disrupting product or service delivery. services to internal and external stakeholders ”.

If “disruption” sounds familiar to you, it’s because we are living in one of the most volatile times in recent history. The pandemic has created major challenges for supply chains and relationships with third parties, which in turn have had a ripple effect on the market and an organization’s ability to deliver products and services. In this sense, operational resilience is not only achievable, but it is now imperative for organizations.

It is evident that Hong Kong has recognized the urgent need for operational resilience among businesses, with the Hong Kong Monetary Authority (HKMA) developing principles of operational resilience within the banking sector and the Securities and Futures Commission (SFC) having established operational resilience standards. and framework measures to complement the existing guidelines for licensing companies. As governance, risk and compliance challenges are constantly evolving, implementing a strong integrated risk management plan is crucial in order to keep up with constant changes and the introduction of new regulations.

Why is operational resilience necessary?

Due to the acceleration of digitization efforts, Hong Kong companies showed a marked increase in their readiness level on the Cyber ​​Security Readiness Index 2021 published by the Hong Kong Productivity Council, with 68.5% of large companies with centrally managed security with fine-grained control measures.

Cyber ​​attacks and operational failures have forced organizations to identify their most critical business departments, consider vulnerabilities broader than cyberattacks and IT failures, and define a cohesive approach to prevent, adapt and respond. Essentially, operational resilience provides the assurance of protecting against various incidents that may arise within an organization. And these threats such as the pandemic have made building that framework even more vital.

Recently, we have learned a lot about how the world works under pressure. On the one hand, we need to be able to examine which processes worked before, which are still useful, and which are faulty and need to be changed. Often organizations will find that pre-pandemic processes were largely manual and would not be applicable in today’s era, especially considering the large number of organizations with a hybrid working model. or remotely. While these changes may seem overwhelming and perhaps even uncomfortable to some extent, this is the root of what operational resilience is. Being able to pivot in times of change, while showing courage and determination, will lead to positive adoptions when transformation is least expected. Small amounts of progress quickly lead to noticeable large-scale change, which will prove to be beneficial for a top-down organization.

Achieve operational resilience through risk management

One of the first steps in achieving strong operational resilience is understanding the volume and speed of interconnected risks that exist within the organization, as well as third-party risks. Then the switch to automated processes can be done. The implementation of artificial intelligence (AI) technology has become a priority for organizations that want to make their routine processes – be it finance, human resources, marketing or whatever – as efficient. as possible. That being said, human intelligence still reigns supreme, especially when it comes to logical decisions, due to the direct proximity to the process at hand.

AI also makes it possible to manage multiple risks simultaneously, which becomes particularly prevalent in times of chaos. In contrast, a messy manual risk management process can hamper progress.

Finding stability in times of chaos

What happens when conflicting regulatory priorities emerge? After all, there are more than 200 new compliance regulations a day, according to the Boston Consulting Group. Because of this, an organization faces a dilemma when determining which regulation to sort first. Not only do global businesses need to be constantly aware of these regulations, but having a holistic view of regulatory requirements can reveal issues that were previously hidden. Again, AI can establish a common risk platform that leads to a singular number assessing an organization’s perspective on risk. Outside of AI, regulatory priorities can be addressed in boards, where leaders can craft practical solutions to manage risk while forming consensus on their risk management landscape.

Even when the best-designed risk management plan is thought through, several external threats can still arise, such as security breaches and ransomware attacks. Last year, Hong Kong reportedly saw a six-fold increase in tech-related crimes in a decade, with monetary losses reaching nearly HK $ 3 billion. While no risk management plan is inherently perfect, a solution that is carefully designed and executed correctly is the best form of crisis management for an organization.

Looking to the future of operational resilience

An integrated approach to risk management is essential to achieving operational resilience, no matter what type of business you run. As governance, risk and compliance (GRC) solutions become more sophisticated, data gradually shifts from qualitative to quantitative. This means that information that was once complex and difficult to sort through is now easy to understand and translate into action.

Again, AI can’t do everything on its own – people need to stay actively involved in the risk management process. For example, engaging the front line is essential, as they are often your first line of defense. You need to equip them with the physical tools to adhere to all compliance and regulatory policies. Additionally, the combination of digital platforms with AI enables risk managers to interpret and learn from data, highlight patterns, and perform specific tasks and outcomes.

In summary, a strong risk management solution is the cornerstone of operational resilience. With the right processes in place to mitigate risks before they become a real threat, the likelihood of chaos following a crisis drops dramatically. The pandemic is just one example of how businesses can derail when problems like supply chain flaws arise.

While the decisions involved in dealing with growing threats or potential attacks and compliance issues may seem overwhelming, the truth is that achieving operational resilience is not as broad as organizations have imagined. Integrated risk management becomes the key to achieving operational resilience and helping organizations turn volatility into order.

– Contact us at [email protected]


About Author

Comments are closed.