Be Resilient, I Whispered to My CarGRC | 4 Min Read |05 April 22|by Suneel Sahi
Where There is no Resilience, There are no Results
It’s that time again. I have to give my car in for service and I am adamant that it will be a routine check. There is nothing wrong. The engine roars, there are no warning lights, and the effortless drive in recent times has been particularly smooth.
Still, in the back of my mind, I have this niggling thought that they will find something that needs changing, replacing, or updating.
I know I should not be thinking like this, after all, it’s for my benefit. A car has many parts that need to work in tandem. If there is no battery, your car will not start, if there is no alternator your battery won’t charge, and if there is no petrol, you are not going anywhere. The resilience of a car which comprises of 30,000 parts – is incredible!
Now here is the dichotomy. Similar to cars, organizations need to demonstrate resilience, and work in tandem with other departments, technology, and processes to ensure their critical business operations continue when faced with adverse risk events.
In a recent webinar, I interviewed an ex-Chief Risk Officer and our SVP of Product to decode ‘resilience’ and ‘cyber’. Two pressing words that are shaping boardroom discussions and encouraging regulators to act fast.
Some of the questions that I posed to my panelists include:
- How should organizations manage cyber risk in line with their Enterprise Risk Management?
- What is the difference between Operational Risk and Operational Resilience?
- What is the impact of cyber risk on an organization’s resilience?
- What is the importance of real-time intelligence to be agile?
- How do you use technology to build resilience?
Operational resilience is a firm’s ability to prevent, detect, respond to, recover, and learn from operational disruptions that may impact the delivery of important business functions and services.
Organizations need to think beyond traditional risk management programs and start focusing on strengthening operational resilience. This requires a better understanding of the overall risk profile and appetite through risk quantification, the agility to quickly adapt to the evolving risk landscape, and the ability to minimize the impact of any risk event, recover quickly, and ensure continued business operations in the aftermath of the event.
In the UK, the Financial Conduct Authority, Bank of England, and Prudential Financial Authority are working toward this and implementing regulations and guidelines. In the EU, draft legislation Digital Operational Resilience Act (DORA) has been published, and in Germany, the IDW PS 340 n.F. has been revised.
In the U.S, the Federal Bank regulatory agencies released a paper outlining sound practices for large banks to help them enhance operational resilience and several main financial authorities in the APAC region are stepping up their resilience practices.
How MetricStream Operational Resilience Benefits You?
MetricStream has a clear solution to help you build Operational Resilience, enabling you to:
- View and manage interconnected risks across the organization with a single view of all critical processes and associated key risks
- Leverage proactive risk management with forward-looking risk visibility using predictive risk metrics and indicators that help anticipate and prevent adverse risk incidents
- Stay ahead of threats and vulnerabilities with early warning notifications and proactive remediation mechanisms
- Manage business disruptions and ensure continuity of operations with an accurate picture of third parties and their risk impact on the business
- Support agility and risk-based decision-making by leveraging a single view of the top risks faced by the organization across the first and second lines of defense, through the use of real-time actionable insights.
- Reduce losses and be prepared for adverse risk events through proactive control structures and analytics, and be able to take mitigating actions on failed controls
- Strengthen confidence with regulators and executive management by establishing a strong risk data governance and issue reporting framework with clear lines of accountability
MetricStream’s ConnectedGRC is designed to help you improve resilience and agility through an integrated approach to compliance and risk management that enables you better define, manage, and channel risk to your advantage. Our CyberGRC product line proactively and intelligently manages cyber risk by enabling users to view and aggregate cyber risk data from across the enterprise, including third and fourth-party vendors. Organizations are empowered to build cyber resilience by using the actionable business intelligence to make data-driven decisions.
You can learn more or book a demo here.
In my next blog, I will be discussing ESG and what this means to risk owners and governance structures—which makes me think, for my next service should I be driving an electric car?
This blog is part of the Instagram of Risk Blog Series, authored by Suneel Sahi, VP, Product Marketing at MetricStream, which captures discussions and insights trending in the risk community.
Check out Suneel’s other ‘Instagram of Risk’ ’blogs: