How ready are organisations in France to embrace risk as an opportunity?
“Whilst resilience is about having the agility to succeed despite all stress, an organization’s resilience is most apparent in the way that it anticipates, responds to and recovers from operational risk.”
Sungard AS’ Chris Butler opened a recent business dinner in Paris with these remarks. He emphasized the importance of combining a defensive with an offensive risk management mindset in order to be resilient in today's complex business environment, asking the question: “How can we take advantage of risk in a fast-changing IT landscape?”
Chief Information Officers are faced with numerous security challenges, including legacy and shadow IT, globalised supply chains, and cyber breaches. The focus on resilience is essential to improving business operations in response to all these challenges. It’s not just about managing the risks on a day-to-day basis – businesses must use the risks as an opportunity to develop and strengthen their processes.
“That's why you have to make sure that your supply and demand relationships are flexible in time of crisis, your leadership is prepared to operate in a complex, uncertain and unstable environment and that while operating in an interconnected market, you have more than just business and IT continuity in place,” Butler said.
As one guest from a public-sector organisation observed, having a flexible relationship with the supply chain is a real challenge. They have to go through tenders with fixed conditions which can easily be out of date by the time the work is delivered. She added, however, that crises could in context be a real opportunity:
“They make introducing flexibility, kicking off new projects and getting higher budgets easier; as these measures become necessary to overcome the crisis.”
Using these opportunities to review your responses and develop them accordingly is the key to resilience, and turns the risk into a focal point for improvement. No matter how comprehensive your plans might look on paper, there will always be new factors to consider:
“We had thought of lots of different potential incidents and, for example, secured our ATMs with cameras. Then someone came along and just ripped entire machines out of the wall – we were completely stymied!” a CIO of a private banking group said.
Cyber attacks can also catch companies unawares – especially as computer viruses and hacking techniques rapidly change face.
“We were once attacked with a completely new kind of virus that would pretend to have disappeared and then suddenly click on again,” the IT and technology director from an international banking group said.
Just developing procedures and getting the IT infrastructure right is not enough on its own. Butler stressed how critical it is to ensure a company’s leadership is prepared and flexible enough to respond positively in a complex and unstable situation. As one participant from an international banking group said:
“We had the perfect contingency plan in place except for that we hadn't decided who would push the button. So instead of three days, it took us three weeks to react!”
The embracing of risk as an opportunity for development and improved resilience must come from the top. This can be a challenge for countries, like France, whose cultures don’t generally view failure as something positive. The idea of ‘failing forward’, however, is beginning to gain traction, as evidenced by the Sungard AS dinner's theme which drew considerable interest from local delegates.
“Modern organisations are information dependent,” Butler said. “The CIO must create an agile, responsive and flexible information system to ensure the organisation retains competitive advantage.”
By following the principles of readiness assessment, procedure development – both internally and with your supply chain – and flexible, forward-thinking leadership, the opportunities inherent in unavoidable operational risks are considerable.
For more information, visit www.sungardas.com