WHAT IS CORPORATE RESILIENCE AND HOW IS IT

ACHIEVED

Bruce BraesDavid Brooks

Disagreement exists whether Organisational Resilience is –

A Behaviour, An Ability or

Principle.

So What Is Corporate Resilience ?

What is Resilience?Engineering: Resilience is the property of a material to absorb energy when it is deformed elastically and then, upon unloading to have this energy recovered.Psychology: Resilience in psychology is the positive capacity of people to cope with stress and adversity.Ecology: In ecology, resilience is the capacity of an ecosystem to respond to a perturbation or disturbance by resisting damage and recovering quickly.Networking: Resilience is the ability to provide and maintain an acceptable level of service in the face of faults and challenges to normal operation.Organisations: Resilience is defined as “the positive ability of a system or company to adapt itself to the consequences of a catastrophic event.

ASIS Organisational ResilienceResilience is an organization’s ability to quickly, efficiently, and effectively adapt to a change, such as disruptive events (natural, intentional or unintentional), by implementing adaptive, proactive and reactive strategies. (Marc Siegel Sydney 2010)

BCI Organisational Resilience“Holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities."

Source: Australian Journal Emergency Management

Our Understanding of Organisational/Business Resilience

Resilience & Maslow

BASIC NEEDSICT Disaster RecoveryWork Area Recovery

SECURITY NEEDSRisk Management, Information Security

CULTURAL NEEDSProgramme Management, Teams & Processes, Training

REPUTATIONAL NEEDSCrisis ManagementCrisis Communications

DEVELOPMENT NEEDSContinuous ImprovementExercising

The First Dimension Enterprise Risk Management (ERM) Corporate Security Management (CSM) Business Continuity Management (BCM) Health Safety & Environmental Management (HSE) Governance & Compliance Management (GCM) Information Security Management (Infosec) Emergency Response & Crisis Management (ERCM)

Source: Australian Journal Emergency Management

The Second Dimension

Mission & Goals

Business Strategies

Policies & Procedures

Organisation & Human Resources

Business Processes

Information & Technology

Facilities & Equipment

The Third Dimension Values

Leadership

Change Sensitivity

Integration

Interdependencies

Agility

Awareness

Communication

 

Source: Australian Journal Emergency Management

Source: Dr Amy Lee, Stephenson Resilience

Source: AS/NZ ISO 31000 2009

How Can Risk Management Assist

Adapted from D. Brooks 2004

And What of Security

And Business ContinuityAvoidance Prevention Protection

PreparednessResponseRecovery

And Then There Are A Few StandardsAS/NZS ISO 31000 2009 Risk Management Standard AS/NZS ISO 9001 2008 Quality Management SystemAS 8001 2003 Fraud & Corruption ControlAS 8000 2003 Good Governance PrinciplesAS 3745 2010 Planning for Emergencies in FacilitiesAS/NZ 5050 2010 Business Continuity – Managing disruption related

risk

AS 4083 2010 Planning for Emergencies – Health CareBS 7799 Information Security ManagementBS 31100 2011 Risk Management: Code of PracticeBS 25999-2 2007 Business Continuity managementASIS SPC. 1 2009 Security, Preparedness and Continuity Management

Systems

ISO/IEC 10181 1996 Security frameworksISO/IEC 13335 2001 IT security managementISO TR 13569 2005 Financial services - information security

guidelines

ISO 20858: 2007 Ships and marine technology -- Maritime port facility security assessments and security plan development

IS0 28001 2007 Security Management Systems for the supply chain

LEADERSHIPThe Top Down Dynamic

• Leadership align O.R. with business objectives• Leadership uses O.R. to seize new business practices e.g.

technology• Leadership embraces new organisational principles i.e. corporate

governance• Leadership drives and supports change in internal and external

environments• Leadership MUST delegate operational responsibility to business

units• Leadership MUST value diversity• Leaders MUST protect shareholder value• Leadership can use O.R. to deliver long term value

Source: Australian Journal Emergency Management

Organisational Resilience is also BOTTOM UP

• The numerous functional processes including Security Management, Risk Management, BCM, Health & Safety, Governance, Internal Audit, Financial Management drive O.R from bottom up

• Businesses MUST nurture Creativity and Learnability within to allow bottom up influence on O.R.

• Behaviours and Trust must be embedded from the Bottom Up

• Communication MUST be a two way interaction Bottom up as well as Top Down

Source: Australian Journal Emergency Management

SO WHERE TO FROM HERE?• Identify and understand the essential

elements of Organisation Resilience• Capture the principles• Deliver a practical O.R. model to assist

organisations to become more resilient• Ultimate aim to gain consensus as to

what organisational actually is

Source: Australian Journal Emergency Management

Thank You

Questions

Source: Australian Journal Emergency Management

Bruce BraesAECOMPerthWestern Autraliabruce.braes@aecom.com

Dr. David BrooksSchool of Computer & Security ScienceEdith Cowan UniversityPerthWestern Australiad.brooks@ecu.edu.au