The latest resilience news from around the world

The strategic value of resilience

In the final article in his series on organizational resilience, Robin Robin Gaddum looks at the strategic value of resilience; why this is important; and how to embed organizational resilience into strategic programmes.

When I started this series of articles about the future of resilience, I wanted to address its potential to add value by bridging the divide between risk management and performance improvement. My first resilience article introduced the topic and defined organizational resilience. This is the fourth and final article in this series, which focuses on its strategic value.

If organizational resilience is to earn its place on the board’s agenda, it must demonstrate value in terms that the board understands and recognises as strategically important. Otherwise, Resilience managers will find themselves, like Harry Potter and the business continuity managers I described in my people resilience post, consigned to the cupboard under the stairs only to be summoned in case of emergency.

Resilience becomes strategically important when it demonstrably enables and facilitates achievement of the organization’s strategic objectives. Referring to the diagram below, the first step is to operationalise resilience in the ‘organization today’ and then embed resilience into the organization’s strategic ‘transformative programmes’ that will deliver the ‘desired future state’.

Organizational resilience diagram

So how does this work in practice?

I wouldn’t start from here!

There’s a well-known joke about someone in Ireland asking for directions to Dublin, to which the local’s response is, “If I were you, I wouldn’t start from here.” It seems to me that when any major transformation journey is initiated, everyone spends an inordinate amount of time trying to understand where they are starting from. We always need to know who currently does what, how, with what, where, and so on. The point is, you need to know your current state to establish your best route to achieving the desired future state.

So, where am I?

If every successful Transformative Programme spends a significant proportion of its time and effort on current state discovery, then maintaining accurate information has a value and enhances an organization’s agility and its change readiness by minimising this initial step.

In my previous article I wrote about mapping the organization’s internal and external dependencies across a number of conceptual layers, which might describe function, process, IT application, location, and so on. We can use this map combined with our increasingly instrumented and interconnected world to acquire and validate data needed to create a self-updating dashboard of business processes’ ‘capabilities and capacity’ that are critical to the firm’s product and service delivery. Organizations often have the data they need in order to do this, but don’t realise it or appreciate how much simpler it has become to exploit it: the data remains ‘dark’ to them.

Beyond the value in responding to incidents, this kind of operational resilience tool acts as an accelerator for transformative programmes that help the organization achieve its strategic objectives. Furthermore, the data captured, once viewed through a business analytics lens, generally offers new insights that lead to new and faster pathways to achieving the organization’s desired future state.

At last, we know exactly where we are, all of the time.

Build on solid foundations

Embed resilience into strategic planning and major transformative programmes from the start, making resilient thinking part of your organization’s DNA.

Policy and strategy should drive conscious and intelligent executive decisions that strike an acceptable balance between cost, risks and value over the long term. Far too frequently, the long term focus is on cost and value with lip service paid to pricing sustained, protective risk mitigation into the equation. Incorporating resilience into a transformative programme’s design from the start is perhaps an order of magnitude cheaper than a forced retrofit: if that’s even possible.
Imagine trying to retrofit cyber security controls to a 20-year-old satellite orbiting 20,000km above the earth.

Skimping on risk mitigation is short-sighted. It is frustrating to be called so frequently in the aftermath of a serious disruptive event rather than at those inflection points where there is an opportunity to avoid exactly these kind of situations arising in the future.

Metrics and thresholds

Once defined, a transformative programme’s baseline risk tolerance can be documented and monitored over its life cycle.

This is important. Major transformative programmes frequently take years from inception to completion. Over time, key personnel come and go; new features are requested; budgets reviewed; cost savings sought, and so on. Consequently, there is a natural tendency for transformative programmes to focus on cost reduction at the expense of risk as they progress.
Without a baseline of risk tolerance and appropriate governance, the designer’s best intentions at the programme’s inception may be forgotten with more risk insidiously creeping out of tolerance, without anyone noticing: until something goes wrong.

Constant vigilance

Organizations are complex and in a constant state of change, as is the business environment and the wider world in which firms operate. Some change happens so gradually that you might fail to appreciate its significance in time to take appropriate action. Other change may be self-imposed to achieve your organization’s desired future state and brings second and third order effects, which reveal new and unforeseen risks.

Resilient organizations are alive to these possibilities and constantly review their changing environment to determine how they can thrive and survive through agile adaptation.

This is not something that can be assigned to some sort of enterprise risk ‘ivory watchtower.’

This should be part of the organization’s culture and should cut collaboratively across functions to leverage different areas of specialist knowledge and expertise.

So what?

Resilience is not just about risk avoidance. Resilient organizations are outward looking, forward thinking, opportunity seeking, agile and engaging places to work.

Unified by a common purpose and values, resilient organizations leverage the power of their people and their brand. A culture of self-examination, learning and constant reinvention in the context of understanding their own ecosystem and the environment in which they operate, makes them more likely to survive and more importantly thrive.

The real value of organizational resilience is the competitive advantage these attributes offer. An accurate view of how your products and services are delivered, your current demand, surge capacity and key dependencies provides information that enables and accelerates business change. A culture of curiosity and continually striving to improve drives that all important and forward-leaning posture of opportunity identification and innovative exploitation.

Combining these behaviours and information insights provides the means to define and deliver new opportunities and transformative programmes with greater confidence and at pace. This in turn enables strategic business change, which will keep you ahead of your competition, both existing and new entrants.

As a board member or senior executive, why wouldn’t you want to do that?

The author

Robin Gaddum is currently Associate Partner, Resilience at IBM. Robin can be contacted at

Read the previous articles in the series:

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.