Enterprise-Wide Resilience Planning Imperatives for an Uncertain Business Environment

When it comes to resilience planning, enterprise leaders have their hands full. Maintaining continuity of critical operations in the face of an uncertain economic environment, the lingering effects of pandemic-related supply chain disruptions, an uptick in climate-driven catastrophic events and more has created a situation in which conventional strategies are simply not as effective as they once were.

Those strategies tended to put cybersecurity, business continuity, disaster recovery and a range of other risk-management initiatives into separate, often disconnected siloes. But now, many organizations have recognized that an impactful resilience strategy will require enterprise-wide planning and sustained integration to optimize the effectiveness of how their organizations will nimbly respond to business disruptions.

Factors to consider and who’s in charge?

Technology leaders we’ve spoken with over the last year are nearly unanimous in detailing the numerous factors they now need to consider when taking a holistic look at resilience planning. Here’s a quick synopsis:

  • Automated resilience testing – are the right architectures being utilized to optimize technology resilience?
  • Cloud migration — leveraging both on-premise and cloud resources while reconciling continuity of operations in both environments; is there a path to alignment?
  • Security – requires a significant time investment and having the right skillsets onboard; what level of risk is the organization willing to take?
  • Third-party resilience – do vendors’ resilience capabilities match or exceed the organization’s needs to bounce back quickly?
  • Regulatory environment – will regulatory requirements impact the resilience planning and response process?
  • Innovation includes people and processes – it can’t be said enough: people and processes drive successful resilience innovation; does the enterprise have a high-performing team that is confident in how resilience should work?

With so much to consider in establishing a dynamic resilience strategy, it’s clear there are bound to be competing interests. Priorities are in the eye of the beholder. Who calls the balls and strikes? And how are priorities rationalized? What we’ve discovered is likely no surprise to any leader as leaders tend to be myopic depending on where they sit in the organization. But it’s imperative that all leaders involved in resilience planning are marching toward the same objective. This is a shift in thinking and requires the voice of one strong leader who can monitor and maintain collaboration across the enterprise. We’ve found it’s best for that individual to be someone who understands technology and how the business utilizes that technology. That leader should direct where the resilience plans reside and how they will satisfy organizational objectives. He or she should also have clearly defined roles, with measurable objectives and responsibilities, to keep people engaged, involved and understanding their role in the success of the program. Finally, leaders influencing resiliency should be conversant in the formal strategy and how the people, processes and technology dependencies (and other types of dependencies, i.e., third parties) work together in one cohesive and flexible solution.

Balancing competing priorities

This strong leader is ready to develop and deliver an ironclad resilience program for the enterprise but must carefully dance through competing priorities in order to accomplish that feat. Perhaps the most intimidating hurdle could be finding the right balance between innovation and legacy processes. There is likely to be resistance from the “we’ve always done it this way” crowd, who are likely to hang on to the old ways unless they can be gently convinced to change. There will be bridges to be crossed to bring both top-level executives and mid-level managers into agreement on what a resilience strategy means and why it is important. Then, the implementation gaps between strategy and execution will need to be closed, as the resilience leader synchronizes both strategic priorities and tactical issues that need to be considered. To do this, a successful resilience leader will engage with business partners across the organization and understand their needs, involving them as appropriate. A good resilience plan will continuously evolve as the organization adapts to its changing priorities.

The ”ilities” and the “ations” – chaos engineering

During a recent roundtable conversation with technology leaders from a variety of organizations, one of the attendees brought up the “ilities” and the “ations” that need to be considered when putting a resilience plan in place. The “ilities” include things like scalability – will the plan adapt with the organization’s needs? Or capabilities – can third-party vendors deliver when needed? Then there are the “ations,” including innovation, applications, synchronization, operations, orchestration and more.

We often suggest our clients address the “ilities” and “ations” by harnessing the power of chaos engineering, or breaking things on purpose — and we found that many leaders in our roundtable group already do this. Chaos engineering provides the enterprise a common understanding of how to apply resilience principles, skillsets and architectures to manage in a hybrid environment. Testing an organization’s resilience before actual chaos happens helps identify where tactical teams need to enhance response capabilities and whether communication is cohesive. It forces silos to be knocked down. Seeing what can happen from different perspectives ultimately paves the way for a resilience plan that ensures the synchronization we mentioned above.

This topic is worth spending more time on, so we are planning a follow-up blog in which we will discuss how we progress through complicated situations – and every resilience plan is complicated, no matter the size and scope of the organization.

The resilience challenges we see today are only going to grow more complex. Take the necessary steps now to get a resilience program underway that addresses both the hearts and minds of the organization. We can help.

To learn more about our business continuity and resilience planning solutions, contact us or download our Guide to Business Continuity and Resilience.

Matthew Watson

Managing Director
Technology Strategy and Operations

Dugan Krwawicz

Technology Risk and Resilience

Subscribe to Topics

Protiviti’s Patrick Gilgour discusses how IT leaders should establish proactive and collaborative partnerships, while also touching on the importance of ongoing monitoring of key partnership metrics. https://ow.ly/YyBE50QHZZe #ProtivitiTech #CIO

NIST released version 2.0 of its Cybersecurity Framework this week. Find out how the updated framework expands its core guidance to help organizations of any size and sector manage and reduce their cybersecurity risks. https://ow.ly/CPUC50QJpoG #ProtivitiTech #Cybersecurity

NIST released version 2.0 of its Cybersecurity Framework this week. Find out how the updated framework expands its core guidance to help organizations of any size and sector manage and reduce their cybersecurity risks. https://ow.ly/CPUC50QJpoG #ProtivitiTech #Cybersecurity

“Privacy practitioners need to stay really in lockstep with what’s happening from an emerging perspective and be able to respond quickly,” says Sameer Ansari on approaching #Privacy training amid rapidly emerging technology. https://ow.ly/ZBBC50QI0tr #ProtivitiTech

Research out of Protiviti and the London School Economics finds that the productivity of Gen Z and millennial workers is affected, in part, due to the friction with older managers. Learn more: https://ow.ly/V68C50QHj14 #Protiviti #Generations

Load More