Pragmatic and flexible outcomes by helping organisations identify priorities that require targeted investment
Traditionally, organisations have invested in continuity and redundancy measures purely for reasons of process assurance. However, in a world of diminished tolerances for disruption or reputational damage, and where every organisation is in a constant state of change, these redundancies can be critical to daily operations.
As heightened expectations become increasingly difficult to manage, businesses and governments must take advantage of every opportunity to convert adversity into benefit.
Identify opportunities in volatile markets and contexts, particularly in the face of changes and challenges like disruptive market participants
Redefine customer and partner expectations in the face of uncertainty by remaining a step ahead
Reduce complexity to align business activities with opportunities for growth and advantage when market conditions rapidly change
Access richer and more timely insights to make better informed decisions in the face of ambiguity during fast-moving crises
Considerations for executives
The resilience of organisations is comprised of factors affecting people, assets, processes and stakeholder networks (including third party providers). It is therefore essential that executives consider:
- Do we understand how our resources, customers, processes and third parties are linked, so that we can accurately assess risk impacts?
- Do we know how critical new systems and assets will be to properly resource acquisitions for the resilience they need?
- Could our organisation effectively manage a major incident or crisis – like a protracted outage, asset loss, cyber-attack or disruptive market player?
- How do we monitor and manage threats to our operations and strategy?
- Do we know our plan to respond to a crisis, and how we would integrate with third parties (such as suppliers and industry bodies) to manage a shared issue?
- Do we consistently monitor incidents to identify trends in root causes, and the effectiveness of our overall responses?
- How prepared are our people to deal with a major incident, in terms of leadership, mental toughness, tolerance of additional demands and community support?
- Do we know who our most critical people are, and what we will do if they are unavailable?
- What would we do if we lost access to a large volume of our staff at once?
- What kind of tolerances and redundancies are built into our key assets, like IT systems and buildings?
- What would we do if we lost access to a critical asset – like our customer database, investment records or our building?
- What assurances do we have that we are prepared to manage rapid surges and troughs in demand?
- Do we understand what our critical processes are, and what they depend on to function?
- Do we have a plan in place to restore critical processes in the event they are stopped?
- Do we ensure that we have assurance our suppliers are capable of maintaining their business through major shocks?
- Do we have a clear view of what we depend on our suppliers for, and which of our resources they control?
- Do we know how our customers typically respond to problems such as a loss of supply? Will they wait for us to resume service, or are our goods and services easily replaced?
- Do we understand what it would take to regain our market position and/or reputation following a loss?
Board visibility of business outages has always been high. However, the effectiveness of incident monitoring and remediation programs has traditionally been inhibited by a lack of in-house resources and data to analyse problems on an individual basis; and, the trends seen across the business that could be leading to them.
Globally, boards are looking to executive teams to provide better visibility of incidents through enriched, data-driven reporting.
Resilience is adapting to change in order to preserve or secure advantage.
How we can help
Resilience is derived from a network of interdependent factors that come together to absorb shocks, and adapt to new circumstances.
KPMG’s Business and Technology Resilience specialists deliver pragmatic and flexible outcomes by helping organisations identify priorities that require targeted investment.
To do this, we draw together global experts from across KPMG – including Cyber Security, Data & Analytics, Social Media Intelligence Group and the Performance Clinic – to develop industry leading solutions for our clients.
Our specialists and multi-disciplinary teams can assist with:
Providing independent assessments of continuity risks; organisational preparedness for crises and disruptions; technology resilience; and organisational performance in incident response.
Work with you to develop a pragmatic, measurable resilience investment strategies to optimise your expenditure, and improve your services.
Development of ‘final line of defence’ arrangements for Crisis Management, Business Continuity Management, Emergency Management, Incident Management, IT Disaster Recovery and IT Service Continuity Management.
Support for the implementation of resilience programs, including for executive crisis leadership; infrastructure hardening; and, people resilience.
Development of enriched analysis of business processes, systems and resources for business impact – including for criticality, resilience, dependencies and interdependencies.