• About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact
  • Menu

The Risk Coalition

  • About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact
green-tree-photo-1080401.jpg

Moving from risk to resilience

July 08, 2020

If there is one enduring lesson from the COVID crisis for organisations of all sizes it has to be that risks, considered historically during planning cycles to be remote, can and do materialise.  Indeed, such risks have materialised with increasing frequency in recent years, arising not only from the pandemic, but also from extreme weather events, cyber security attacks, significant data protection breaches and macro-economic disruptions.

It is no longer sufficient to have a great system of risk identification, evaluation and assessment, although for many organisations this is still something they must strive for.  To thrive companies must be agile, adaptable and resilient.  Resilience is the ability to prevent, adapt, respond to, recover and learn from operational disruption.  It’s about creating, preserving and recovering value in the event of risks materialising.

Within the financial services sector the concept of resilience has been the subject of discussion for the last couple of years.  In 2019 the Bank of England, together with the Prudential Regulatory Authority (PRA) and the Financial Conduct Authority (FCA), published a Joint Discussion Paper on Operational Resilience intended to start a dialogue on the requirement for a stronger framework with clearer principles.  The proposals require financial services companies to identify important business services and be clear, through the expression of tolerances, on the maximum acceptable level of disruption that “severe but plausible” risks could be allowed to have on the business. 

Having been party to many discussions, webinars and other forums since lock-down commenced it is clear that resilience is part of the new business language, the new normal for organisations emerging from the crisis.  In the past short-term objectives have often ruled, leading to practices such as just-in-time supply chains and lowest cost offshoring of critical activities.  In the future, companies that can demonstrate embedded resilience - commercial, financial and operational – such that they can withstand shocks and emerge stronger will be valued more highly.  Investors are recognising that the ability to navigate calmly through emerging risks and shocks creates sustainable value. 

Risk and resilience exist side by side.  They are flip-sides of the same coin.  To be resilient it is critical to understand risks, to dynamically stress-test scenarios and understand the “severe but plausible” consequences, across all aspects of the business.  In the same way that risk cannot be owned or assessed solely by a Chief Risk Officer, resilience must be factored into all aspects of the organisation by suitably trained and aware leaders.  The Board and Executive need to hold the mirror up and be honest about where the weaknesses are, and invest to strengthen their responses.

We should all have a desire to avoid operational failures.  We are experiencing the personal pain that they cause as we live through recovering from the pandemic.  Taking responsibility for prioritising business resilience is a critical responsibility for all leaders.

Carolyn Clarke, Brave Consultancy

Tags: Carolyn Clarke
Prev / Next

Blog

Featured
Apr 15, 2025
Vera Cherepanova
The future of ESG: navigating a fragmented landscape
Apr 15, 2025
Vera Cherepanova
Apr 15, 2025
Vera Cherepanova
Mar 6, 2025
Mo Warsame, Gavin Hayes
Internal audit and risk management must work together to navigate uncertainty
Mar 6, 2025
Mo Warsame, Gavin Hayes
Mar 6, 2025
Mo Warsame, Gavin Hayes
Sep 4, 2024
Polly Williams, Mia Harris
Three key threats of phishing to be aware of
Sep 4, 2024
Polly Williams, Mia Harris
Sep 4, 2024
Polly Williams, Mia Harris
Aug 25, 2024
Felix Ritchie
Principles versus rules in data and corporate governance
Aug 25, 2024
Felix Ritchie
Aug 25, 2024
Felix Ritchie
Jul 16, 2024
Jane Hunter, Mia Harris
How can you maintain high standards in your business without suffering burnout?
Jul 16, 2024
Jane Hunter, Mia Harris
Jul 16, 2024
Jane Hunter, Mia Harris
Jun 2, 2024
Afshan Moeed
Enforcement of individual accountability in UK banking: a new boardroom recipe for change or continuity?
Jun 2, 2024
Afshan Moeed
Jun 2, 2024
Afshan Moeed
May 28, 2024
Craig Morris, Mia Harris
Three exciting new developments for AI in 2024 that you need to know about
May 28, 2024
Craig Morris, Mia Harris
May 28, 2024
Craig Morris, Mia Harris
May 24, 2024
Stefan Hunziker
The stuff of nightmares: risk management is shut down, and nobody notices
May 24, 2024
Stefan Hunziker
May 24, 2024
Stefan Hunziker
Mar 20, 2024
Neil Tinegate
What should boards know about digital technology?
Mar 20, 2024
Neil Tinegate
Mar 20, 2024
Neil Tinegate
Mar 15, 2024
Francis Kean
The insolvency risk for company directors - are you swimming naked?
Mar 15, 2024
Francis Kean
Mar 15, 2024
Francis Kean
Feb 29, 2024
Andy Watkins-Child
Are you sitting comfortably?  Cyber risk, board attestations and the implications for NEDs
Feb 29, 2024
Andy Watkins-Child
Feb 29, 2024
Andy Watkins-Child
Oct 24, 2023
Mamun Madaser
Risk management and internal audit should collaborate to navigate the poly-crisis of risk
Oct 24, 2023
Mamun Madaser
Oct 24, 2023
Mamun Madaser
Oct 18, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 2
Oct 18, 2023
Jim Watson
Oct 18, 2023
Jim Watson
Oct 13, 2023
Nisha Sanghani
Risk management and internal controls: much (needed) work to do as a result of the proposed changes to the UK Corporate Governance Code
Oct 13, 2023
Nisha Sanghani
Oct 13, 2023
Nisha Sanghani
Oct 9, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 1
Oct 9, 2023
Jim Watson
Oct 9, 2023
Jim Watson