Assessing Patient Perceptions of Telehealth

Learn about our 2022 National Healthcare Research Project

4 steps to better business resilience

Business resilience

Business resilience is a term that seems to have many meanings for many people, but at its heart, it is about maintaining the ability to deliver on your objectives through volatility in the environment you operate within, whether that volatility is driven by the unintended consequences of planned activities or unexpected and unplanned activities.

Planned work, increased risks and associated treatment expense:

Sometimes newer industries (for example recreational domestic drones, third party food delivery services, hire a bicycle, etc.) are still discovering unexpected outcomes as a result of their product or service becoming prolific in society.

  • Recreational drones are considered, by air flight authorities, as a serious hazard when used near airports and experts are hired to bring the drones down (not usually in a controlled way)
  • Third-party food delivery services are faced with new OH&S hazards travelling further than before on a hybrid bicycle/light motorbike in heavy traffic/poor weather conditions and most of the time, late at night
  • The bicycle hire organisations have a lot of damaged bicycles and must pay for bicycle retrieval from rivers, large drain ways and private property

Unplanned work, increased risks and associated treatment expense:

Large scale events driven by external factors (usually have originated outside of the business) can prove challenging.

  • Pandemic (COVID-19) and associated lockdowns
  • Public opinion shift (e.g. eco/environment, political, modern slavery, privacy, quality, etc) with a secondary impact of ‘swift change in demand’
  • Environmental disasters (drought, floods, earthquakes, nuclear incidents, oils spills, etc.)

This all boils down to the need to:

  • Understand what is most important to you in achieving your objectives, and how you might be impacted by unintended consequences of planned activity and unplanned activity – Understand your vulnerabilities
  • Actively monitor and, if possible, prevent unplanned consequences on your activity – Actively monitor and prevent
  • Prepare for when, not if, your business is interrupted, whether it be people, process, technology and have plans to maintain your operations during these interruptions – Actively plan and test business continuity
  • Have robust plans to recover if you are interrupted – Active plan and test disaster recovery

Industry approach – The 4 steps to better business resilience

1. Understand your vulnerabilities

Risk identification and assessment (click here for our free business resilience assessment)

Acknowledge the potential effort and cost.

2. Actively monitor and prevent

Risk treatment and reduction

Ensure that what is preventable is identified as a risk and has appropriate treatment and ownership. In some instances, mitigation (proactive control of risk triggers) may be an option; in other instances transfer may be an option (third party monitoring or maintenance); and in some instances, total avoidance may be an option (removal of the risk by altering strategy significantly).

Knowing what you can control and influence, and what the costs and benefits of this may be, could help you prevent unnecessary business interruptions and maintain operations when others in your industry or area do not – although not all serious business interruptions can be avoided.

3. Active business continuity planning/testing

Risk mitigation and response to realisation

Business continuity planning is focused on knowing how to continue core business services in absence of some or all the supporting people, processes, technology and infrastructure which you may expect to ordinarily have access to.

It is important to know when, why and how to respond to an emerging threat (risk potential to become an incident). A Business Continuity Plan (BCP) provides the ability to be able to respond to early warnings/near misses and incident occurrence. Business must continue to operate to remain viable in the long term.

The aim of Business Continuity Planning is to design a plan, develop and test processes to follow, establish decision-making criteria and knowing what needs to be done, in what order, by who, to minimise the impact of an incident on all aspects of the business.

a) Detect (Identify early warning signs)

b) Respond (Determine approach based on pre-determined scenarios within the BCP)

c) Recover (Execute the BCP to recover lost services)

d) Restore (Restore to original state prior to the incident)

4. Active disaster recovery planning/testing

Risk mitigation and response to realisation

Disaster recovery planning is focused on knowing how to recover the technology/infrastructure required for the business to operate efficiently. A disaster is generally an unplanned event that may cause disruption for any period and may not be controllable (e.g. a tsunami cannot be stopped no matter what we do).

It is important to know when, why and how to respond to an emerging threat (risk potential to become an incident). A Disaster Recovery Plan (DRP) provides the ability to be able to respond to early warnings/near misses and incident occurrence. Business must continue to operate (even if this means service quality changes slightly for a period during recovery activity).

The aim of Disaster Recovery Planning is to design a plan, develop and test processes to follow, establish decision-making criteria and knowing what needs to be done, in what order, by who, to restore impacted technology and infrastructure to return the business back to peak efficiency as soon as practical.

a) Design (What, When, Who, How and Priority Order)

b) Develop (BCP driving key infrastructure recovery priority)

c) Test (Physical and Desktop based testing possible incident scenarios)

d) Improve (Seek ways to reduce the incident rate or outage time through infrastructure)

The above is by no means comprehensive, but instead gives us an insight into the thinking around business resilience.

So, you may wish to ask:

  1. Have I identified key risk scenarios that would hurt my business?
  2. Are we preventing and monitoring these potential scenario triggers?
  3. Do I have a Business Continuity Plan?
  4. Do I have a Disaster Recovery Plan?
  5. Who is assigned to proactively own and drive the business resilience activities?

If I don’t know the answers to the 5 questions above, then I would benefit from an assessment of my current status.

Assess your business resilience via our assessment tool here. 

Insync offers a high-level assessment, in-depth assessments, and assistance in developing roadmaps for business resilience programs so that you can do ‘the doing’ yourself and augment your skillset along the way.

Learn more about our capabilities and services in Resilience.

Want to learn more?

Enable your business to reliably prepare for and navigate disruption. Learn more about our Resilience capabilities here.

Related insights

Financial crime needs a transformation – why and how?

Technology is the source of increased financial crime. What's the need behind financial crime transformation & what's the starting point for organisations?

A proven and pragmatic approach to better decision making in turbulent times

Our proven & pragmatic approach to better decision making in turbulent times. The Business Risk Scenario Model (BRSM) results in a one-page summary.

So you think you are risk averse?

An important call on businesses to identify, measure & assess risks despite their current positioning, with discussion as to why managing risk is important.

To make better decisions you need 6 things

The real game is making decisions. Now. Without perfect information. In the middle of a VUCA (Volatile, Uncertain, Complex and Ambiguous) world.