Plea for a Resilient Infrastructure

to an incident and minimise any adverse impact to the organisation, as opposed to putting up and building a fence around the organisation hoping that threats won't get through.

Resilience echoes strongly with the concept of enterprise risk management. Organisations should learn how to manage risks effectively so that they can cope with accidents and other unforeseen events whilst leveraging business opportunities along the way. What is pretty well understood and measured by finance organisations in terms of credit and market risks, very seldom encounter the same quality when it to operational risks, reputational risks, or ICT risks.

Since unforeseen events are difficult to list down, organisations should have the right “reflexes” to ensure the company can efficiently respond to any problem that may arise. Examples of “reflexes” are business continuity plans, contingency plans and risk governance strategies among others.

Organisations should be prepared to bend like a bamboo against a strong wind as opposed to a big oak tree which would simply get blown down. They have to be nimble, agile and highly adaptive to their environment.

Once the mind-set has been clearly established, the next step would be to establish a governance team to facilitate a conducive environment for the organisation to be resilient.

The team translates this mind-set to several initiatives or activities that enhance the organisation’s adaptability and turns challenges and disruption into opportunities for innovation.

A mobile workforce, for example, is already an element of resilience. By being mobile, employees no longer need to be in the office to do their job. However, to achieve such a goal, it is necessary to have an underlying infrastructure to support it, such as cloud.

With cloud computing, employees are able to maximise their time available to work with and update business systems. In addition, it makes them much more efficient as it enables more “real time” decision making and knowledge sharing environment in a secure way.

Benchmarking resilience

Embracing the idea of resilience does not mean throwing everything you currently have in place. It is a matter of thinking somewhat differently. The task required to convert an existing environment to a resilient one is not that much of a huge task. It is a matter of identifying what needs to be changed.

This also leads to the need to organise risk dialogues with the top management, so as to have an accurate view of risk exposure. Without risk dialogues, the organisation runs the greater risk of missing opportunities to expand the business and as well as ignoring tell-tale signs of risks that can substantially affect the services or products you deliver.

A common denominator of risk-aware companies is the kind of organisational culture they have – it is honest, open and one that leverages the best skill sets to fire fight risk.

Oftentimes, the biggest challenge is getting people to talk about things without the worry that they will be ridiculed, adding that by having this culture, the organisation can avoid making the same mistakes and minimise the impact of unforeseen situations.

This kind of culture allows organisations to identify risks, figure out how it is going to affect the company compared to how it will affect its competitors in the industry.

Executives and leaders also need to engage with experts who have substantial experience in building resilient infrastructures, so that they can identify the tasks and processes that need to be changed in order to improve their organisation’s resilience.

Looking back at several events such as the financial crash in 2008 and the Christchurch earthquake in 2011, it is important that we derive lessons from these experiences and incorporate that in the organisation’s risk assessment system.