COVID Highlights Need For Operational Resilience Planning

Published On February 01, 2021

To say the COVID-19 pandemic has sharply underlined the need for operational resilience would be an understatement.

Within two months of the onset of the crisis more than 100,000 small businesses had already shut down permanently. In September, consumer review site Yelp estimated that 60% of the shuttered businesses it tracked would never reopen.

Many organizations probably thought they had adequate disaster recovery/business continuity plans in place thanks to automated data backup and cloud services. What they didn't anticipate was the impact of downstream supply chain disruptions, quarantines that kept customers and employees at home and the sudden inaccessibility of paper records.

Traditional approaches to recovery and continuity no longer meet the needs of most organizations. Both of these mature disciplines were built for a time when they had more control over their own destinies. Neither was enough to protect those 100,000 failed businesses.

BEYOND DISASTER RECOVERY

A new discipline called operational resilience is gaining favor with its proactive approach to keeping the lights on and the incoming business flowing. It blends business continuity, vendor risk management, cybersecurity controls and other disciplines into a cohesive plan that anticipates all the potential points of disruption, assesses the organization's tolerance for risk and assigns responsibility for taking preparatory action.

Today many organizations outsource certain business functions, including accounting, payroll, IT, marketing and even human resources. Outsourcing has many benefits, but it also creates risks. For example, a cyberattack on a storage provider could cause an organization's internal IT operations to grind to a halt, with ripple effects on suppliers and customers.

DRIVE TO DIGITAL

One of the best hedges against disruption is to transition existing paper processes to digital workflows that better withstand changes in the workplace.

COVID-19 has prompted many organizations to rethink the purpose of offices and the way information is handled by distributed and remote workers. This process should undergird resilience planning. Assess your future office space needs in the context of any changes to work-from-home policies your organization may be considering. Conduct a thorough inventory of paper files and assess what can be digitized, discarded or moved to long-term off-site storage. Keep in mind that digital files are far easier to retrieve, share and integrate into automated workflows than paper documents. The more you can digitize the more flexible your remote work policies can be and more agile your organization.

Think beyond the office as well. For example, one consequence of the pandemic many organizations didn't anticipate was that the flow of postal mail would be squeezed by lack of people and concerns about contamination. Given that 80% of companies still use paper checks to pay suppliers and more than 70% of invoices arrive in envelopes, the loss of mail delivery can significantly impact a business. Engaging a digital mailroom service that scans and classifies incoming mail plugs this potential hole while having the residual benefit of streamlining workflows.

Operational resilience covers not only internal preparedness but also residual impacts beyond the four walls of the company. Audit teams need to understand the risks posed by an organization's reliance on external vendors as well as the risks that those vendors also face.

In supply chains with multiple dependencies and secondary and tertiary suppliers, the complexity of this task is daunting. Organizations should consider enlisting the help of external experts and technology providers that can help simplify the web of relationships that must be analyzed.

Taking a proactive approach to resilience planning involves people at all levels of the organization. Here are just a few ways to be operationally resilient:

• Clearly defined accountability along with the capability to anticipate disruption rather than simply respond to it
• Risk metrics incorporated into operational decision-making
• Robust communication between stakeholders so that functional leaders have insight into potential disruptors

It's a big job, but given the existential risks that COVID-19 has exposed, can your organization afford not to tackle it?