If it is to identify the potential for loss before it occurs, and be able to take appropriate actions to reduce or avoid loss, then the concept of resilience is fundamental to risk management.
After three or more decades of compliance-oriented risk management driven by regulatory requirements and industry standards, many enterprise organizations are now working to redefine their risk management programs to bring risk and resilience together.
Industry practitioners have found that simply trying to extend a compliance-oriented approach hasn’t worked. Allowing various functional groups or individual departments to develop their own siloed approaches has proven impossible to bring together into a coherent enterprise program after-the-fact. Simply reacting to audit findings is proving less tenable over time as the demands of corporate governance continue to grow.
It is encouraging to see similar recognition across regulators and standards bodies. Last summer, the Bank of England, in conjunction with the Financial Conduct Authority, issued a discussion paper on operational resilience highlighting the need for integrated programs. Other groups are also more formally addressing the challenge – achieving compliance doesn’t necessarily ensure that risk will be managed effectively nor that operations can be sustained at acceptable levels when risks materialize.
In the ever-growing compliance realm, many times what’s been missing is an organization’s ability to achieve and maintain resilience, ensuring that its people, assets, and processes are protected and preserving the trust it has established in the marketplace.
To address these issues and related challenges, Fusion recently hosted an Innovation Day, Fusion’s information sessions that bring leading industry practitioners together to focus on establishing effective operational programs. The common topic is the need to build an “information foundation” that addresses risk and resilience together from the beginning.