Exiting a crisis, the governance framework is a critical area of an operational resilience program that should be reassessed.
As a key part of an organization’s enterprise risk management and operational risk framework, operational resilience touches all areas of the organization. It is therefore important to reassess if the centralized operational resilience governance function responded effectively during a crisis. For any organization that did not have existing operational resilience program, the crisis will allow it to use actions taken throughout to form the foundations for building out a formal governance framework.
A post-crisis review of an operational resilience governance framework should include the following steps:
- Assess the effectiveness of board oversight. Board and senior management should own the operational resilience plan and the oversight structure should provide them the ability to make quick strategic decisions in times of crisis.
- Analyze the impact of communications to employees and customers. A crisis naturally breeds uncertainty among all stakeholders; it is crucial for management to maintain open lines of communications regarding response actions taken.
- Consider the amount of collaboration across departments. Operational resilience governance should break down organizational silos and allow for coordinated responses.
- Assess the effectiveness of escalation procedures. To enable a rapid response by senior management, any breaches of risk or impact tolerances should be escalated in a timely manner.
- Assess the effectiveness of training and awareness programs. Relevant employees should be prepared and proficient in executing the operational resilience action plan.
- Review the clarity of roles and responsibilities. Critical personnel/ departments should be aware of the role they play in maintaining critical operational capabilities and the dependencies by other personnel/ departments.
An effective operational resilience governance framework provides the foundation to build resilience across all parts of the organization and bring together the individual operational resilience programs of each organizational silo.
With the reassessment of the operational resilience governance framework complete, we will next look at reassessing the critical business processes identified as part of the operational resilience.
Interested in learning more about managing post-pandemic risks and requirements?
Download our guidebook for a roadmap for leaders to decisively deploy actions that correspond to the shape of the future state economy, all while mitigating new and emerging cyber and operational risks.