Organisational Resilience, importance of having a Plan B!

colmgaytonColm Gayton, specialist in Organisational Resilience, writes for DIT on how organisations can build capability to deal with the current climate of change, uncertainty and turbulence many are facing.  Colm graduated in 2011 from DIT College of Business with an MSc in Strategic Management. He has since held posts in the NHS and University Sector, consulted on a global Resiliency programme for a leading pharmaceutical company and is currently working with Bank of Ireland in the Group Business Continuity Management Team.

My first role within the resiliency field was in the NHS. Simply put, it was a roller-coaster of a ride and the best environment to challenge my competencies. Organisational Resiliency is a much more mature practice in the UK, with legalisation such as the Civil Contingencies Act 2004 driving the resilience agenda forward. With the NHS classified as “Category 1” responders, it’s expected thatThe NHS needs to be able to plan for and respond to a wide range of emergencies and business continuity incidents that could affect health or patient safety” – The Trust planned and managed various disruptive events from utilities failures, severe weather and supply chain disruptions. We had to develop contingency plans for mass casualty events (thankfully never invoked) ranging from terrorist attacks to chemical incidents, including “white powder” incidents. Because of my MSc in Strategic Management, my role expanded into the Operations Directorate, where we developed plans for winter and flu seasons, including “playbooks” for ensuring Bed Capacity within the Trust (a critical activity to ensure patient flow so the Trust could maintain its emergency care functions).

Personal Protective Equipment (PPE)
Image: National Ambulance Resilience Unit

We also monitored outbreaks, such as flues (Swine / Avian) and more virulent issues (Ebola) so that we had Pandemic contingencies for staff and patients alike. We had to invoke our NHS “Ebola” algorithm twice in A&E – thankfully both cases were negative. It’s no joke to get suited up in CBRNe kit in August in the South of England for a protracted period of time!

The experiences and learnings I took from the NHS role have crossed over to other sectors I’ve worked in and have shaped my development as a resiliency practitioner.

Organisational Resilience

Organisational Resilience, as defined in ISO 22317 (The international standard on Organisational Resilience, 2015), “is the ability of an organization to absorb and adapt in a changing environment to enable it to deliver its objectives and to survive and prosper”.

Organisational resilience has become a staple buzzword for business lexicons in recent years.  As organisations have marched in to the 21st Century, the connectedness and globalisation of economies that has had many positive benefits, has proven to have a darker side, with volatility, uncertainty, complexity, ambiguity and crisis velocity now impacting on organisations’ operations. We are now forewarned daily about cyber-attacks, terrorist attacks, supply chain disruptions, reputation risks and natural disasters that cause disruptions (impacting financially and reputationally) and more importantly, bring change (Planned and Unplanned) to the organisation as it tries to adapt to the ever evolving environments it operates in. Organisations are now seeing the benefits in being agile and flexible in their processes, culture and structures, developing the adaptive capacity to meet the challenges faced by the seemingly never ending “turbulence” in their operating environments. Long gone are the days of “riding out the storm”. Organisations must face up to the harsh realities, and evolve their organisations to react to the threats (and opportunities; although when in the midst of a crisis, opportunities seem a life time away!), adapting to “survive and prosper”.  As Charles Darwin stated (and has been quoted on numerous organisational resilience papers) “it is not actually fitness or size or strength that matters. It is the ability of the species to adapt to what is happening around them that determines how they survive and develop.

There is no single approach to enhance an organisation’s resilience.  There are recognised management disciplines, such as Risk Management, Business Continuity Management, and Crisis Management that contribute towards resilience but, on their own, these disciplines are inadequate to maintain an organisation’s overall resilience.  Organisational resilience is driven by the collective interactions, activities and supports made by all technical and management areas of expertise.  Organisational Resilience must also come with a caveat, as advised in the international standard on Organisational Resilience, “Organizations can only be more or less resilient; there is no absolute measure or definitive goal.”  Even organisations such as Amazon, and its famed Amazon Web Services (AWS), with its resilience considered to be “designed to deliver 99.999999999% durability” suffered an outage on the 28th February 2017.  As is stated on the Continuity Central website  – “Nothing is bulletproof.  Vulnerabilities are more transparent than people realize and therefore require more robust analysis on a constant basis.”

One of the main case studies reviewed by resiliency practitioners (Andreas Norrman, Ulf Jansson, 2004) focuses on the fire at a Phillips plant in Albuquerque in New Mexico. The incident never made the headlines in the US or Europe but it would have a great impact on the future of two well-known Europe brands. The plant provided mobile phone chips to handsets designed by Ericsson and Nokia. Although the fire itself was small, and contained quickly (within 10 minutes) by the site’s fire team, the smoke and water damage to “clean” areas, and the damage to the millions of chips on-site, was to have very different outcomes for both Nokia and Ericsson.

Both companies were informed of the initial assessments of the damage. Both reacted differently. Commentators have suggested that organisational cultural might explain the differing responses to the incident. When informed of the disruption to production, Nokia created a “Crisis Team” to investigate further. This team reviewed what was known from the information available and looked at possible scenarios. It started to challenge Phillips on the longevity of the clean-up and the impacts to the manufacturing cycle. Soon it became apparent, that Phillips would not have the capacity to meet the demand required by both Nokia and Ericsson. Nokia, because of its initial assessments, moved forward on this and secured additional capacity from Phillips sites across the globe, including having a Phillips plant re-tasked to produce mobile phone chips. Nokia monitored the situation on a daily basis to ensure that capacity met their demand. Over the next 12 months, Nokia was in the position to maintain supply to its customer base, maintaining its market share.

The response from Ericsson was very different.  Ericsson had accepted early assurances that the fire was unlikely to cause significant disruptions to supply, and settled down to wait it out. When it became apparent that the disruption would be prolonged and Phillips would not have the capacity to maintain its supply, Ericsson now had to face the reality that it had no other source of supply. Nokia had already taken it all. They had no “Plan B”. Ericsson ended up merging with Sony to survive this disruptive incident. Nokia went on to dominate the mobile phone market.

Nokia and Ericsson were hit by the same disruptive incident but yet one recovered and thrived and the other barely survived. When thinking about reducing an organisation’s vulnerability to disruption, senior management need to look at increasing its resilience to ensure their organisation’s sustainability.

There are a number of key elements to developing resiliency within an organisation. British Standard BS 65000:2014 (now replaced by ISO 22317), has an interesting diagram that provides a blueprint for developing resiliency.

Figure 1 – Developing Resilience (BS 65000:2014)

Key factors include:

  1. Be Informed (Situational Awareness) – An organisation needs to be aware of its environments, internally and externally, identifying the risks, events and opportunities that might influence or compromise its resilience.
  2. Set Direction – Top management support (critical to developing resilience) should ensure that the organisation should have a clearly identified purpose, vision, values and priorities to develop its resiliency, which should be shared and understood by all within the organisation.
  3. Bring Coherence – All technical areas of expertise should be aligned to achieve coherence across the various management disciplines. Knowledge should be actively shared across all areas of the organisation so that any threats, risks or opportunities can be addressed by the organisation as whole.  Key influencers include change management and internal communications.
  4. Develop Adaptive Capacity – The organisation should develop the agility and flexibility to adapt to “turbulence” in the operating environment, switching from “Business as Usual” to adaptive actions (generally adjusting structures, processes and culture) to adjust to the new environment.
  5. Strengthen the organisation – Top management should focus on the organisation’s capability to manage disruptive incidents, risks and unplanned changes, ensuring that resilience is incorporated into decision-making and change management. Key to this is mitigation and control of disruptive events and risks identified.
  6. Validate and Review – Organisations should undertake testing / exercising to demonstrate the effectiveness and efficacy of their control measures. Such events (in a controlled environment) can allow the organisation to make mistakes, learning and improving as they identify what worked and what didn’t. It should inform the organisations’ understanding of its resilience capability and prompt any necessary changes needed to improve its performance.

Commentators suggest that we are in an “age of crisis”. Even today, PwC have just released their latest CEO Pulse report that indicates CEOs predict a growing number of crises in the next 3 years. The threats and challenges faced by organisations will continue, and with ever increasing complexity, organisations (and their senior management) need to improve their capabilities to overcome the “turbulence” and develop innovative and transformational changes to adapt to their operational environments.

There must be an on-going effort to build agility and flexibility by redesigning operational processes, the transformation of organisational cultures, different relationships with stakeholders such as customers, and suppliers and finally, new approaches to leadership that can adapt to the changing times organisations are facing.

Despite the volatility, uncertainty, complexity and ambiguity, organisations that develop resiliency, can and will, bounce back from adversity. It is suggested that this adversity can lead to greater innovation within these organisations as they look “outside the box” for solutions and responses. By being proactive, organisations can not only navigate through the crisis but they can emerge stronger, creating a sustainable future for themselves.

Key Points:

  • Organisational Resilience, as defined in ISO 22317, “is the ability of an organization to absorb and adapt in a changing environment to enable it to deliver its objectives and to survive and prosper”.
  • Organisational Resilience needs a holistic approach to the “turbulence”, requiring alignment of collective interactions, activities and supports made by all technical areas of expertise.
  • Achieving resilience is not easy; it takes time and effort. It requires senior management to show strong leadership to build and sustain resilience in an increasingly volatile, uncertain, complex and ambiguous (VUCA) environment.

Colm Gayton, specialist in Organisational Resilience, graduate MSc in Strategic Management.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s