Utilising established standards to manage risk

The world is entering a new era of circumstances never experienced before, changing operations, societies and economies. A dramatic restructuring of the economic and social order is taking place following the COVID-19 outbreak. As China leads the recovery and shows a path towards overcoming this pandemic, organisations will have to reinvent themselves in order to not only survive but also to thrive in these challenging times. In other words, as Paulo Lopes of the British Standards Institution (BSI) explains, to ensure lasting success, organisations must become ‘resilient’ and foster this quality throughout their operations.

Any system will break if put under sufficient stress, and when it does, it must
have the ability to spring back. The same can apply to opportunity; is an organisation capable of mobilising to maximise its market openings? Organisational resilience provides a framework for leaders to do both, helping them and their organisations adapt and succeed.

Great leaders understand that truly resilient businesses innovate, creating new products and markets, always staying one step ahead of competitors. Executives want to build resilience but often are unable to see the path to reach that goal, though our interconnected world demands that they be ready for near constant change. Using a standards-based approach to guide your resilience strategy is the most effective way to protect corporate reputation, stakeholder sentiment and the bottom line.

Many organisations already use standards to manage risk in three major categories: cybersecurity, supply chains and operations. Some examples include:

• ISO 27001, which addresses cybersecurity risk by building systems that bolster information security, reduce the likelihood of an incident, optimise responses if one occurs and mitigate any resulting damage;
• ISO 28000, which helps teams build awareness of all associated risks in supply chain security management, as well as relevant mitigation and control measures; and
• ISO 9001—the world’s most recognised quality management standard—which emphasises continuous improvement, cost reduction and sustainable management strategies.

Setting up a strong business continuity management system (BCMS) such as ISO 22301 will reduce the frequency and impact of disruptions, and assist in returning to ‘business as usual’ as swiftly as possible despite obstacles. With such a BCMS in place, employees, partners and clients can all trust that the organisation can endure major disruptions, such as the coronavirus outbreak. Business continuity requires an organisation to look at its specific circumstances and come up with solutions to ensure it can look after its people and stay operating no matter what happens.

More and more organisations are using the standards listed above, and integrating and coordinating them efficiently is critical to creating a truly resilient organisation.

Organisational resilience is a vital next step in management thinking, as it encompasses all the different management systems, processes and operations. The standard BS 65000 provides a framework for leadership to build resilience, not only within an organisation but across networks and in partnership with others. The standard defines organisational resilience as “the ability of an organisation to anticipate, prepare for, respond and adapt to incremental change and sudden disruptions in order to survive and prosper.”

There are clear similarities between organisational resilience and the theory of evolution. As Charles Darwin famously said: “It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is the most adaptable to change, that lives within the means available and works co-operatively against common threats.”

To achieve resilience, it is key to have clear insights and intelligence on the organisation and its supply chain, so that informed, tactical and strategic decisions can be made in a timely manner. Reliable processes, delivered consistently over time, are fundamental to achieving and maintaining high customer satisfaction.

The model in Chart 1 illustrates the framework to achieve resilience. It features three elements: product excellence, process reliability and people behaviour, which combined provide the customer with the best overall experience.

In addition, there are three core domains that are often identified by organisations as issues and are critically important in achieving organisational resilience:

• Operational resilience: includes quality, health & safety, environmental, business continuity and other business processes with the objective to address customer needs, run operations smoothly, value staff and effectively govern the business.
• Supply chain resilience: ensures supply chain continuity, minimises security risks, protects brand reputation and mitigates social risks by focussing on supply chain partners and their visibility, transparency and continuity by asking about their identity, location, products, processes and behaviour.
• Information resilience: focusses on managing and securing information, protecting infrastructure, enabling trust and reputation, ensuring regulatory compliance and safeguarding both digital and traditional sources of physical, digital and intellectual information security.

When this model is implemented correctly, organisations are able to drive strategic adaptability through a common vision and purpose; create an agile leadership by allowing leaders to take measured risks with confidence, and respond quickly and appropriately to both opportunities and threats; and implement robust governance demonstrating accountability across all organisational structures, based upon a culture of trust, transparency and innovation.

This Darwinian approach will help European companies operating in China become the most adaptable to change and create truly resilient organisations that will not only survive but thrive and prosper in this remarkable era we are currently living in.  

BSI was founded in 1901, became the world’s first national standards body and a founding member of the International Standards Organization (ISO). BSI became a globally recognised expert in best practice, serving 84,000 clients in 193 countries in a number of sectors including aerospace, automotive, built environment, food, information and communications technology and healthcare.

Paulo Lopes is the director of Strategic Partnerships Greater China at BSI. He has more than 12 years of global work experience in strategy, consultancy and standards. At BSI, Paulo builds partnerships with multinational companies and government organisations in China to enable them to become more resilient in their management systems.