Promoting Organizational Resilience – Instituting Risk-based Approach into Organizational Governance

Promoting Organizational Resilience - Instituting risk-based approach into organizational governance

Have you ever wondered why some companies seem to weather storms better than others? It all comes down to organizational resilience. 

It’s time to take charge and promote resilience in your workplace! By instituting a risk-based approach to your organizational governance, you can safeguard your company against unforeseen events and challenges. Overall, organizational resilience (OR) is the ability to bounce back from obstacles, adapt to changes, and continue thriving despite adversity.

Why is this so important? Because when organizations prioritize resilience, they are better equipped to handle challenges, mitigate risk, and come out on top. 

Here’s a statistic for you: companies with strong resilience plans are able to recover from major incidents at an average of 67% less time, compared to those without a workable OR action plan (Source: IBM Resilient study).

Now that we understand the importance of organizational resilience, let’s dive deeper into what it actually means and how it can be achieved.

What is organizational resilience?

Organizational resilience is not just a buzzword; it has real-world implications for businesses.

Did you know that companies with high organizational resilience experience less negative impact on their stock prices during crisis situations? According to Forbes, resilient companies have an average decline of only 13.9% in stock prices compared to 26.3% for non-resilient companies. (Source: Forbes)

Organizational resilience(OR)  is highly coveted. But how do you define it and what can a company do about it? To answer this, let’s start by exploring the different dimensions to focus on when building a resilient organization.

Navigating ESG risks with a risk-based approach: Anticipate, Adapt, Absorb, Recover

4 dimensions of organizational resilience

In times of crisis, organizational resilience is key. To effectively increase resilience, businesses need to understand what they can do to enhance their ability to bounce back. Here are four different dimensions to focus on, when building your strategy

1) Organization and People – Focus on employee well-being and flexibility in the face of change. Example: Offering mental health resources and remote work options.

2) Information and Technology – Have strong communication channels and agile technology systems in place. Example: Implementing cloud-based systems for remote collaboration.

3) Partners and Suppliers – Cultivate strong relationships and diversified partnerships to mitigate supply chain disruptions. Example: Building partnerships with multiple suppliers to ensure consistent access to necessary materials.

4) Value Streams and Processes – Continually review and optimize processes for efficiency and effectiveness. Example: Conducting regular process audits and implementing Lean principles to reduce waste.

What can businesses do to increase their resilience?

It’s clear that building organizational resilience is crucial, but how does it affect different aspects of an organization? Let’s take a closer look.

OR is the potential of a company to adapt and bounce back from unexpected challenges. It can be measured in the level of preparedness or limits of flexibility that a company can exhibit in the face of sudden disruptions. Let us explore an example – the COVID-19 pandemic had disrupted almost every business in some way. 

For a company like Amazon, their resilience has been tested over the past year with the pandemic-induced increase in online shopping. However, Amazon’s investments in automation and logistics enabled them to adapt quickly and efficiently to the surge in demand.

Companies need to be adaptable, agile, and prepared to handle the unexpected. So, what can businesses do to increase their resilience? Here are some key insights: 

1. Foster a culture of collaboration and open communication 

2. Develop and maintain contingency plans 

3. Invest in technology and infrastructure 

4. Embrace flexibility and experimentation 

5. Learn from mistakes and continuously improve 

Unforeseen events can happen at any moment, causing disruption to our daily lives and our businesses. You never know when you’ll need to tap into that extra level of resiliency. So why not make it part of your strategy to strengthen your company’s resilience today?

Building resilience takes effort and commitment, but the rewards are endless. Organizations with higher resilience are able to quickly pivot their operations, implement alternate working solutions, and make changes to their business models to accommodate the new normal. 


The need for organizational resilience

Now you know the amount of effort and strategy that goes into building organizational resilience. However, if your doubting mind is questioning whether your business needs to invest in that effort, let’s put those doubts to rest. Instead, we can explore why you need to build OR in more detail.

Here are some ways it can affect different aspects of your organization:

Workforce: retaining talent and embracing change

Stay ahead of the competition and keep your star performers!

Organizational resilience helps in retaining talent and adapting to changes in the workplace. For instance, remote work policies have become essential during the pandemic.

Finances: surviving economic storms with resilience

Weather the crash, thrive!

Resilient organizations have a better chance of surviving economic downturns. A study found that companies with at least six months of cash reserves have a 2.1x greater likelihood of surviving an economic downturn (JPMorgan Chase Institute)

Customers: trust and loyalty amidst challenges

Delight customers, win hearts!

An organization that can weather tough times gains trust and loyalty from its customers. During the pandemic, some restaurants offered contactless delivery to meet customer demands.

Processes: identifying risks, pivoting successfully

Stay agile, adapt, and succeed!

Resilient organizations can identify potential risks and adapt quickly. The ability to pivot can prevent a business from failing. Take, for example, businesses that pivoted their manufacturing to produce personal protective equipment during the pandemic.

Stakeholder’s trust: inclusive plans, strong resilience

Together we thrive, unbreakable!

With trust established, stakeholders are more likely to be flexible in the face of unexpected events. Plans that are adaptable and inclusive of all stakeholder needs will lead to more resilient outcomes. Involving stakeholders in decision-making can provide unique perspectives and increase overall buy-in. This shared ownership will ultimately lead to more informed and resilient decisions. In the event of an unforeseen crisis or challenge, stakeholder trust can mean the difference between quickly resolving the issue and experiencing long-term damage. An organization with strong stakeholder trust will have a more supportive community to help them weather any storm.

Community: supporting and building trust

Give back, and grow stronger!

Resilient organizations give back to their communities. They help support their community during tough times, building trust and brand loyalty. Many organizations donated resources during COVID-19 to support healthcare workers.

Innovation: embracing change, driving transformation

Revolutionize your way forward!

Resilient organizations can innovate and adopt new technology quickly. Many businesses have accelerated their digital transformation during the pandemic, enabling them to reach customers online

Benefits of promoting organizational resilience

As the saying goes, tough times don’t last, but tough companies do. Just building it is not enough, promoting organizational resilience can make all the difference in uncertain times. Here are some direct benefits of fostering organizational resilience that organizations can expect:

  • Increased revenue: Resilient companies are 47% more likely to have experienced revenue growth in the last 12 months. (Source: Forbes)
  • Better retention: 94% of employees would stay with their current employer longer if the company invested in their learning and development. Resilient companies are more likely to provide these opportunities. (Source: LinkedIn Learning)
  • Improved collaboration: Companies with resilient cultures have higher levels of collaboration, resulting in more creative and innovative ideas. (Source: Harvard Business Review)
  • Reduced costs: Resilient companies are better prepared for crisis situations, which can reduce costs associated with downtime and lost productivity. (Source: Deloitte)
  • Stronger reputation: Resilient companies are viewed as more trustworthy and reliable, which can positively impact brand reputation and customer loyalty.
  • Enhanced employee engagement: Resilient companies prioritize employee well-being and provide resources to support mental health. This can lead to higher levels of employee engagement and satisfaction. 

How to get there? 

Now that we understand the benefits, let’s explore how organizations can actually achieve organizational resilience.

Organizational resilience has taken center stage due to the rapid succession of global crises. Companies are learning that resilience isn’t just an option, but a necessity.

Governance plays a crucial role in creating and sustaining organizational resilience.  What is it? Governance is the framework that guides decision-making processes, roles, and responsibilities within an organization to achieve its objectives.

Let’s dive into what governance means in the context of organizational resilience.

In particularly this context, governance establishes policies and procedures that ensure 

  • Effective risk management to implement a risk-based approach to governance
  • Crisis response on successful identification and assessment of the risks
  • Business continuity planning on successful applications of risk treatment

Successful establishment of governance in any organization requires a Top-down approach.

This means that the leaders, the board, and senior management are primarily responsible for ensuring effective governance. This includes having a clear chain of command and communication protocols. Their role involves identifying and assessing risks, making informed decisions, and creating plans to address them.

That being said, achieving resilience cannot depend on the individual culpability of the senior management. It requires everyone to be on board, working together, and constantly striving towards it.

Understanding risk-based approach to governance

Transitioning your organization to a risk-based approach to governance may seem daunting, but the benefits are worth the effort. You just have to trust the process! Let us walk you through it.

By taking a risk-based approach, you’re not just checking boxes or following rules for the sake of compliance. You’re actively assessing the potential threats to your organization and implementing effective controls to prevent them. 

Here are 5 benefits you can expect from applying a risk-based approach to governance in your organization.

  • Better decision-making: With a risk-based approach, you’ll have more accurate and comprehensive data to make informed decisions.
  • Increased visibility: By identifying and assessing risks, you’ll have a better understanding of the potential impact on your organization’s goals.
  • Cost savings: A risk-based approach allows you to allocate resources effectively and avoid unnecessary expenses.
  • Improved compliance: Compliance is not only about ticking boxes. A risk-based approach helps you meet compliance requirements while protecting your organization from potential breaches.
  • Better stakeholder relationships: With an effective risk management program, you’ll be able to reassure stakeholders that their investments are safe. This can strengthen your reputation and build trust.

Now you know why the risk-based approach is your best bet for instituting a fail-safe OR strategy. Next, let’s dive into the practical steps involved.

To explain the process with an example, let’s say you’re planning to launch a new product line. By conducting a risk assessment, you identify the potential risk of regulatory non-compliance. This prompts you to conduct more thorough due diligence, avoid any missteps, and build a solid compliance framework. As a result, you save on potential fines, improve your product’s reputation, and enhance your organization’s credibility.

By adopting this approach, you not only improve risk management but also create an environment where risk is not feared but embraced and managed effectively.

So how do you take the first step and transition your organization to this approach?

Identifying and assessing the risks

Start by identifying all the potential risks that may affect your business. Be sure to consider internal, external, and emerging risks. Once you have identified and assessed the risks, the next step is to develop strategies to mitigate them and monitor the effectiveness of those strategies.

Internal risks

Internal risks come from within your organization and include things like operational inefficiencies or human error. An example of an internal risk could be a team member not following proper protocols resulting in financial loss.

External risks

External risks come from outside your organization and are out of your control. These can include natural disasters, cyber-attacks, or changes in regulations. An example of an external risk is the impact of COVID-19 on businesses worldwide.

Emerging risks

Emerging risks are new and may not be fully understood yet. They can include new technologies, shifts in consumer behavior, or unexpected market trends. An example of emerging risk is the increasing use of AI and machine learning in industries, potentially disrupting job markets.

Evaluate the likelihood and impact of each identified risk. This will help you prioritize your resources and develop appropriate mitigation strategies.

Key tip

Set the risk appetite for your organization at this level. What this means is to determine the level of risk the organization is willing to accept. This will set the tone of your entire risk management approach.

Mitigating ESG risks- Effective risk treatment and monitoring for resilience.

Risk treatment and monitoring

When it comes to risk management, prevention is key, but treatment and monitoring are equally important. Regularly monitor and reassess risks to adjust strategies as needed, especially in the face of emerging risks that may require immediate action. Don’t wait until it’s too late to identify and address potential risks to your business.

Develop contingency plans to mitigate potential internal risks such as data breaches or employee misconduct. Regularly monitor internal controls to ensure their effectiveness. 

Keep an eye on external factors that may impact your business, such as regulatory changes or market volatility. Establish relationships with vendors and partners to maintain business continuity in case of external disruption. 

Identify potential emerging risks that may not be on your radar yet, such as new technology or changes in consumer behavior. Set up cross-functional teams to assess the impact of emerging risks and create mitigation plans.

Practical risk treatment and monitoring practices

  • Internal risk treatment and monitoring can involve regular auditing and assessments of IT systems and data access controls to prevent potential security breaches. It can also include continuous monitoring of financial transactions to detect any irregularities or fraud. 
  • External risk treatment and monitoring may involve tracking changes in government regulations that may affect your industry or engaging with industry associations to stay up-to-date on market trends. It may also include scenario planning to assess the potential impact of an external disruption such as a natural disaster or supply chain disruption. 
  • Emerging risk treatment and monitoring may involve monitoring social media channels and customer feedback to identify potential shifts in consumer behavior that may impact your business. It may also involve keeping up-to-date on emerging technologies such as blockchain or artificial intelligence and assessing their potential impact on your organization.

So far we’ve explored the practical steps to risk treatment, now let’s take a look at how this approach has been implemented by some well-known organizations.

Implementing the risk-based approach in practice – 3 use cases

The practical tips on risk treatment and monitoring that we covered above have been implemented at various levels in some of the most well-known global business brands. The bird’s eye view of the approaches will help explain the impact of risk treatment strategies on the business continuity plans of a brand. The 3 practical examples that we have curated belong to different industries to show the way the strategies pivot to adapt according to the business niche and the crisis expectations.

  1. JP Morgan Chase
  2. Bank of America
  3. National Health Service

JP Morgan Chase

JP Morgan Chase has implemented an impressive AML Compliance Program to prevent money laundering and terrorist financing. The AML Program is implemented globally, designed to comply with laws and regulations in the US and other jurisdictions where JP Morgan Chase operates.

The program is risk-based, meaning it is tailored to specific areas and customers with a higher risk of money laundering or terrorist financing.

It is designed to prevent and detect suspicious activity, such as transactions with no apparent economic or lawful purpose or large cash deposits without justification.

The program includes training and education for employees to recognize and report suspicious activity.

JP Morgan Chase works closely with regulatory agencies to ensure compliance with AML laws and regulations.

Overall, the program reflects the company’s commitment to ethical business practices and responsible risk management.

Bank of America

Bank of America takes risk mitigation seriously. Their Anti-money laundering (AML) program includes the detection and reporting of suspicious activity, training employees, and maintaining proper documentation.

BOA’s compliance program focuses on ensuring adherence to laws and regulations, protecting customer data, and conducting regular audits.

Their third line of defense is their corporate audit process which includes identifying potential risks, evaluating controls, and providing recommendations for improvement.

Bank of America also has an Ethics Committee, dedicated to maintaining ethical business practices and addressing concerns or violations. 

They also have global risk committees that oversee risk management across different regions and lines of business.

National Health Service

The National Health Service (NHS) in the UK has made significant strides in improving patient safety and care. Here are 5 risk-based frameworks they’ve implemented to achieve this goal:

  • The NHS Patient Safety Strategy aims to reduce patient harm and create a culture of safety across all NHS organizations.
  • The Patient Safety Incident Response Framework (PSIRF) replaces the Serious Incident Framework and prioritizes learning and improvement over blame and punishment.
  • The NHS Safety Thermometer measures the prevalence of harm and enables organizations to identify areas for improvement.
  • The Sign Up to Safety campaign encourages organizations to make commitments to improve patient safety.
  • The Listening into Action (LiA) approach, engages frontline staff in identifying and addressing patient safety issues.

So we can safely conclude that instituting a risk-based approach brings considerable business benefits. While that is true, there are also challenges and limitations to consider in the process.

Challenges and limitations of implementing a risk-based approach

Challenges and limitations of implementing a risk-based approach

Key takeaways

Here are the key takeaways from our overall understanding of instituting a risk-based approach to OR

  • Understanding and evaluating risk is critical for making informed business decisions.
  • The involvement of cross-functional teams can ensure a more holistic approach to risk management.
  • Risk identification and assessment must be done systematically and comprehensively to identify potential threats and opportunities.
  • Quantitative risk analysis tools like Monte Carlo simulation can help in accurately forecasting potential losses and making more informed decisions.
  • Utilizing advanced technology like machine learning and artificial intelligence can improve the efficiency and effectiveness of risk management processes.
  • Risk-based approaches should be dynamic and continuously reviewed to stay current with changes in the business environment and evolving risks. 
  • An effective risk management program can enhance organizational performance and create opportunities for growth. 
  • Collaboration and communication are key to ensuring everyone is aligned with the risk-based approach and contributes to successful outcomes.

Final thoughts

Are you confident in your organization’s ability to stand strong in the face of unexpected challenges and disruptions? If not, it may be time to consider conducting a gap analysis of your current organizational resilience strategy. 

A gap analysis can help identify what steps may be missing in your current approach, giving you the insight you need to make improvements and strengthen your resilience. It helps you assess the disparity between your desired state and your current state, highlighting areas that need improvement. 

But where do you start? That’s where professional consultancy services come in. 

A professional consultancy can assist you in this process by bringing expertise and objectivity. They will analyze your strategy, conduct interviews, and review relevant documents to identify gaps and shortcomings. 

This comprehensive evaluation provides valuable insights and recommendations for enhancing your resilience strategy. 

Key advantages include 

  • A clear understanding of areas requiring attention 
  • Actionable steps to bridge the gaps 
  • Expert guidance to strengthen your organization’s overall resilience

By working with experienced consultants, you can gain the expertise and guidance you need to create an improved resilience strategy. It will focus on what makes you unique. What sets your brand apart from the competition? Finally, identify it and highlight it in your USP.

The goal of a successful OR strategy is to align your USP with your brand values and goals. This will help you stay consistent and build credibility with your audience.

In other words, organizational resilience is like having a safety net in place that helps a company navigate through challenges and come out stronger on the other side.


Related Posts

Leave a Reply