WHAT IS CORPORATE RESILIENCE AND HOW IS IT
ACHIEVED
Bruce BraesDavid Brooks
Disagreement exists whether Organisational Resilience is –
A Behaviour, An Ability or
Principle.
So What Is Corporate Resilience ?
What is Resilience?Engineering: Resilience is the property of a material to absorb energy when it is deformed elastically and then, upon unloading to have this energy recovered.Psychology: Resilience in psychology is the positive capacity of people to cope with stress and adversity.Ecology: In ecology, resilience is the capacity of an ecosystem to respond to a perturbation or disturbance by resisting damage and recovering quickly.Networking: Resilience is the ability to provide and maintain an acceptable level of service in the face of faults and challenges to normal operation.Organisations: Resilience is defined as “the positive ability of a system or company to adapt itself to the consequences of a catastrophic event.
ASIS Organisational ResilienceResilience is an organization’s ability to quickly, efficiently, and effectively adapt to a change, such as disruptive events (natural, intentional or unintentional), by implementing adaptive, proactive and reactive strategies. (Marc Siegel Sydney 2010)
BCI Organisational Resilience“Holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities."
Source: Australian Journal Emergency Management
Our Understanding of Organisational/Business Resilience
Resilience & Maslow
BASIC NEEDSICT Disaster RecoveryWork Area Recovery
SECURITY NEEDSRisk Management, Information Security
CULTURAL NEEDSProgramme Management, Teams & Processes, Training
REPUTATIONAL NEEDSCrisis ManagementCrisis Communications
DEVELOPMENT NEEDSContinuous ImprovementExercising
The First Dimension Enterprise Risk Management (ERM) Corporate Security Management (CSM) Business Continuity Management (BCM) Health Safety & Environmental Management (HSE) Governance & Compliance Management (GCM) Information Security Management (Infosec) Emergency Response & Crisis Management (ERCM)
Source: Australian Journal Emergency Management
The Second Dimension
Mission & Goals
Business Strategies
Policies & Procedures
Organisation & Human Resources
Business Processes
Information & Technology
Facilities & Equipment
The Third Dimension Values
Leadership
Change Sensitivity
Integration
Interdependencies
Agility
Awareness
Communication
Source: Australian Journal Emergency Management
Source: Dr Amy Lee, Stephenson Resilience
Source: AS/NZ ISO 31000 2009
How Can Risk Management Assist
Adapted from D. Brooks 2004
And What of Security
And Business ContinuityAvoidance Prevention Protection
PreparednessResponseRecovery
And Then There Are A Few StandardsAS/NZS ISO 31000 2009 Risk Management Standard AS/NZS ISO 9001 2008 Quality Management SystemAS 8001 2003 Fraud & Corruption ControlAS 8000 2003 Good Governance PrinciplesAS 3745 2010 Planning for Emergencies in FacilitiesAS/NZ 5050 2010 Business Continuity – Managing disruption related
risk
AS 4083 2010 Planning for Emergencies – Health CareBS 7799 Information Security ManagementBS 31100 2011 Risk Management: Code of PracticeBS 25999-2 2007 Business Continuity managementASIS SPC. 1 2009 Security, Preparedness and Continuity Management
Systems
ISO/IEC 10181 1996 Security frameworksISO/IEC 13335 2001 IT security managementISO TR 13569 2005 Financial services - information security
guidelines
ISO 20858: 2007 Ships and marine technology -- Maritime port facility security assessments and security plan development
IS0 28001 2007 Security Management Systems for the supply chain
LEADERSHIPThe Top Down Dynamic
• Leadership align O.R. with business objectives• Leadership uses O.R. to seize new business practices e.g.
technology• Leadership embraces new organisational principles i.e. corporate
governance• Leadership drives and supports change in internal and external
environments• Leadership MUST delegate operational responsibility to business
units• Leadership MUST value diversity• Leaders MUST protect shareholder value• Leadership can use O.R. to deliver long term value
Source: Australian Journal Emergency Management
Organisational Resilience is also BOTTOM UP
• The numerous functional processes including Security Management, Risk Management, BCM, Health & Safety, Governance, Internal Audit, Financial Management drive O.R from bottom up
• Businesses MUST nurture Creativity and Learnability within to allow bottom up influence on O.R.
• Behaviours and Trust must be embedded from the Bottom Up
• Communication MUST be a two way interaction Bottom up as well as Top Down
Source: Australian Journal Emergency Management
SO WHERE TO FROM HERE?• Identify and understand the essential
elements of Organisation Resilience• Capture the principles• Deliver a practical O.R. model to assist
organisations to become more resilient• Ultimate aim to gain consensus as to
what organisational actually is
Source: Australian Journal Emergency Management
Thank You
Questions
Source: Australian Journal Emergency Management
Bruce BraesAECOMPerthWestern [email protected]
Dr. David BrooksSchool of Computer & Security ScienceEdith Cowan UniversityPerthWestern [email protected]
Top Related