What can you learn from how other organisations are strengthening their risk resilience? How often do you seek to capture the upside of risk and turn it into something valuable?
Best practices may not be where you expect them. They might come from other sectors, regions or organisational types. PwC collaborated with the World Economic Forum to identify and share the experiences of foremost experts and global leaders — primarily around anti-corruption, catastrophic risks, cyber risks and supply chain risks.
Take time to consider how these 10 best practices might also strengthen your organisation’s resilience:
Educate continuously to instil organisational values. It takes only one part of an organisation to damage the whole, so a strong common culture and set of values are vital to support your organisation’s resilience. To mitigate corruption-related risk, Royal HaskoningDHV (RHDHV) introduced a comprehensive and continuous education system to embed business integrity at all levels.
Collaborate to spur transparent information. In complex and vast global networks, transparency of information from individual actors to decision makers enhances risk-resilient decisions. Barrick Gold Corporation elevated the effectiveness of its anti-corruption and supply chain due diligence — and improved trust in third-party information — by collaborating with globally networked non-profit organisations.
Show zero tolerance to critical risk breaches. Some risk events should be unacceptable to organisations — and seen to be so. To mitigate the threat of corruption, Skanska introduced an internal “five-zero” policy to govern operations. The five pillars of the policy are: zero loss projects, zero environmental incidents, zero workplace accidents, zero ethical breaches and zero quality defects.
Challenge assumptions constantly. As the speed of global change accelerates, the assumptions that form the basis for risk-resilient decisions no longer remain valid. The World Health Organisation (WHO) continuously questions core assumptions to advance influenza vaccine manufacturing. In 2009, the fallout from the H1N1 pandemic caused WHO to challenge the assumption that multinational pharmaceuticals could accelerate production for developing markets. As a result, WHO initiated schemes to promote domestic vaccine manufacturing capabilities in developing countries and increase their access to vaccines.
Support your employees, and they’ll support your organisation. Without a resilient workforce, your organisation will not be able to be resilient during and after crises. In the early 1990s, after Hurricane Andrew hit the US state of Florida, local businesses took a variety of approaches, supported by pre-event planning, to help the local workforce get back on their feet. These businesses saw that in supporting their employees, their employees were able to support their business and maintain a resilient local economy.
Take decisions based on independent and reliable data. During a crisis, when data can be compromised and unreliable, accurate and trusted data is crucial to make the right, informed decisions. Deutsche Bank’s Japanese operations were able to make the right decisions in the midst of the Fukushima Daiichi disaster on the back of independently gathered risk data, at a time when other information sources were conflicted.
Rehearse: crisis practice makes perfect. Crises rarely strike organisations, but when they do, senior management and risk managers must be ready and prepared to act. Again, Deutsche Bank has initiated a global programme to train managers in real-life crisis simulations so that when a catastrophe does occur, the organisation is set to respond with speed and confidence.
Set up early-alert systems to allow for decisive action. In most crises, speed counts. Having in place information and systems that can detect nascent threats helps your organisation rapidly quash and combat these before they impact. In defending themselves against the growing danger of cyber-attacks, the United States government has set up an agency that detects emerging cyberthreats and delivers alerts, along with mitigation strategies, to critical infrastructure organisations.
Place responsibility for resilience at the top. Resilient organisations are able to identify trends, adjust to changing environments and collaborate throughout the organisation. Only with senior involvement is this possible. With increasing cyber-risks, many financial organisations have elevated responsibility for cybersecurity from IT departments to group divisions, and ensured board-level oversight.
Share knowledge in trusted networks. Global supply chains, critical dependencies and systemic threats mean that individual organisations rely on the resilience of a much wider network of which they are a part. In sharing sometimes-sensitive information and knowledge with a trusted network, the resilience — not only of individual organisations, but of the wider network — can be improved. In combatting cyber-threats to critical infrastructure, the Australian government has set up a trusted network of organisations to share critical information and security strategies that allow for rapid response and resilient defences.
Access the World Economic Forum’s full report here: Leading Practices Exchange: Managing Risk and Building Resilience