It’s that time again. I have to give my car in for service and I am adamant that it will be a routine check. There is nothing wrong. The engine roars, there are no warning lights, and the effortless drive in recent times has been particularly smooth.
Still, in the back of my mind, I have this niggling thought that they will find something that needs changing, replacing, or updating.
I know I should not be thinking like this, after all, it’s for my benefit. A car has many parts that need to work in tandem. If there is no battery, your car will not start, if there is no alternator your battery won’t charge, and if there is no petrol, you are not going anywhere. The resilience of a car which comprises of 30,000 parts – is incredible!
Now here is the dichotomy. Similar to cars, organizations need to demonstrate resilience, and work in tandem with other departments, technology, and processes to ensure their critical business operations continue when faced with adverse risk events.
In a recent webinar, I interviewed an ex-Chief Risk Officer and our SVP of Product to decode ‘resilience’ and ‘cyber’. Two pressing words that are shaping boardroom discussions and encouraging regulators to act fast.
Some of the questions that I posed to my panelists include:
Operational resilience is a firm’s ability to prevent, detect, respond to, recover, and learn from operational disruptions that may impact the delivery of important business functions and services.
Organizations need to think beyond traditional risk management programs and start focusing on strengthening operational resilience. This requires a better understanding of the overall risk profile and appetite through risk quantification, the agility to quickly adapt to the evolving risk landscape, and the ability to minimize the impact of any risk event, recover quickly, and ensure continued business operations in the aftermath of the event.
In the UK, the Financial Conduct Authority, Bank of England, and Prudential Financial Authority are working toward this and implementing regulations and guidelines. In the EU, draft legislation Digital Operational Resilience Act (DORA) has been published, and in Germany, the IDW PS 340 n.F. has been revised.
In the U.S, the Federal Bank regulatory agencies released a paper outlining sound practices for large banks to help them enhance operational resilience and several main financial authorities in the APAC region are stepping up their resilience practices.
MetricStream has a clear solution to help you build Operational Resilience, enabling you to:
MetricStream’s ConnectedGRC is designed to help you improve resilience and agility through an integrated approach to compliance and risk management that enables you better define, manage, and channel risk to your advantage. Our CyberGRC product line proactively and intelligently manages cyber risk by enabling users to view and aggregate cyber risk data from across the enterprise, including third and fourth-party vendors. Organizations are empowered to build cyber resilience by using the actionable business intelligence to make data-driven decisions.
You can learn more or book a demo here.
In my next blog, I will be discussing ESG and what this means to risk owners and governance structures—which makes me think, for my next service should I be driving an electric car?
This blog is part of the Instagram of Risk Blog Series, authored by Suneel Sahi, VP, Product Marketing at MetricStream, which captures discussions and insights trending in the risk community.
Check out Suneel’s other ‘Instagram of Risk’ ’blogs: