What is Operational Resilience?
Operational resilience is the ability to continue providing products or services in the face of adverse market or supply chain events.
At first glance, it’s easy to confuse operational resilience with concepts like business continuity or being agile. Business continuity refers to the specific contingency plans organizations put in place for known emergency scenarios. Agility is simply a quality any business can have, referring to how quickly it can react to a disruption. Both of these are limited in scope and focused on the tactics needed to overcome an immediate, individual problem, such as a tsunami that closes a particular port or a cyberattack through a known software vulnerability.
Operational resilience incorporates these concepts but is a bigger-picture strategy that:
- Maps entities in your supply chain to the business functions they ultimately enable, as well as the strategic goals they support
- Accounts for both known and unknown threats to operations
- Establishes repeatable processes that convert lessons-learned into institutional knowledge
In a time where supply chain disruption is costing organizations an average of $182M annually in lost revenue alone, building resilience has never been a greater priority. An operational resilience strategy consists of three core principles:
- Deep Planning: By broadening the scope of risk-related planning, organizations can move from a response-driven model to a prevention-focused approach that enables supply chain resilience. Deep planning requires creating a complete inventory of your extended supply chain and the latest risks within it, connecting those entities to the strategic business objectives they support, and modelling potential future scenarios.
Per Interos’ research, most organizations only have visibility into half of their suppliers, and only one-tenth of companies continuously monitor them for risks.
- Cross-functional Coordination: A threat to the supply chain is a threat to the entirety of your organization. This makes the job of managing risk the responsibility of not just your entire enterprise, but also your immediate partners and vendors. 8 in 10 supply chain leaders agree that this kind of collective responsibility is necessary to protect against disruption. This requires close coordination between different business units to set objectives, develop KPIs, and execute on tactics.
- Data-based Decisions: There are countless new technologies changing the way businesses understand and make decisions about their operating environment, including AI, machine learning, big data storage and processing – and more. These tools can create a new depth and breadth of supply chain resilience and understanding —if they are leveraged correctly.
Organizations looking to do so will need to continuously evaluate multiple risk factors across the many tiers of their extended supply chain, including geopolitical, financial, restrictions, cyber, operational, and environmental/social/governance (ESG) risks.
As the intense disruption of the past several years has shown, the connections that make up the global economy are incredibly complex and fragile. Even the well-prepared cannot totally insulate themselves from its effects. But they will be able to develop plans to mitigate its impact and emerge as a more competitive player in its wake.
Organizations without an operational resilience framework:
- Struggle to react to disruptive events as they occur
- Duplicate efforts as a result of disparate/siloed business units and suboptimal communication
- Face revenue losses and brand damage resulting from product/service disruptions
Meanwhile, organizations with a successful operational resilience strategy:
- Monitor both potential and imminent risks continuously, preemptively adjusting to mitigate disruption and maximize opportunities
- Efficiently and cooperatively identify disruptions, assess the possible business impact, and act decisively
- Anticipate and plan for potential high-risk disruptive events, and build both the institutional knowledge and organizational structure to quickly respond to them
Only organizations with operational resilience are able to minimize disruptions, recover from shocks faster, protect their reputations, and ultimately capitalize on opportunities. Operational resilience will be the new standard sought by corporate boards and government leaders. Neither can afford to wait days or weeks to understand a disruption when competitors or hostile actors are acting faster. They need to act now. “I didn’t know,” is no longer an acceptable answer.
Interos is the operational resilience company — reinventing how companies manage their supply chains and business relationships — through our SaaS platform that uses artificial intelligence to model and transform the ecosystems of complex businesses into a living global map, down to any single supplier, anywhere.
But the right technology isn’t the only part of being an operationally resilient organization. Keep reading to learn more about the organizational steps you can take to become one, or you can contact us here to learn more.
Creating an Operational Resilience Strategy: Rethinking Your Personnel
Both commercial and government entities seeking to build operational resilience will find challenges inside and outside their organizations. Overcoming these requires three key organizational shifts:
- Instill collective responsibility: Risk management is often confined to the purview of individual persons and business departments like procurement, compliance, or information security. Instilling a culture of collective responsibility and breaking down interdepartmental barriers is essential for any organization looking to get proactive, increase effectiveness, and decrease response times when it comes to risk.
- Focus on prevention over response: Far too many organizations adopt a reactive posture to risk management. To instill operational resilience, they need to instill a culture of prevention and anticipation, pre-modelling potential disruption scenarios and assessing potential alternative supplier options.
- Manage external risk: Organizations typically focus on managing risk within the walls of their company. But most companies rely on an expansive collection of partners, suppliers, and vendors they fundamentally know little about. Discovering third, fourth, and fifth-party relationships across the extended supply chain is critical in determining which of those connections are ultimately positive or negative for the business.
To help organizations address this challenge, Interos has developed the concept of a Resilience Operations Center (ROC), a cross-departmental center of excellence focused on centralizing the personnel and capabilities needed to manage risk and build resilience. The fundamental principles of the ROC are laid out on this page.
Institutionalizing Operational Resilience Requires New Tools
While assembling the right people and processes is essential for building resilience, an effective strategy requires adopting the right tools. Traditional solutions such as manual surveys, Governance, Risk, and Compliance (GRC) tools, or Supply Chain Management (SCM) software are limited in both scope and function. Because of the limited scope of their design, they often contribute to the siloing of risk information, and do not have sufficient information on external supplier relationships or risk-relevant events as they occur.
Successfully building operational resilience requires tools that are able to:
- Automatically map your entire supply chain to the Nth Tier
- Continuously monitor suppliers for risk-related events across multiple risk factors
- Model the effects of potential changes in your greater supplier ecosystem
Effective mapping, monitoring, and modeling of global supply chains requires access to a large amount of data on a continuously shifting number and variety of companies and risk-related occurrences. The only way to accomplish this at scale, efficiently, is to leverage the power of technologies such as machine learning, AI, and Natural Language Processing (NLP). These force-multipliers enable businesses to:
- Instantly visualize multiple tiers of their business and supplier relationships
- Assess latent supply chain and vendor ecosystem risk across multiple factors
- Identify opportunities for building supply chain resilience through supplier diversification and potential avenues for cost-savings via acquisitions or supplier consolidation
Achieving operational resilience will not prevent disruption. But it will:
- Provide the intelligence and advanced insights needed to mitigate losses and identify new opportunities within your business ecosystem
- Enable you to plan effectively with full knowledge of the supply chain implications of major business decisions and respond as a unified organization when acting to address disruption
- See and understand relevant business relationships and the inherent risks those relationships create – while communicating that information with the entire organization
The past few years have exposed the intricacy and fragility of global supply chains. Major disruptions are more common and impactful than ever before, but fortunately advanced technologies and improved business processes can help organizations map, monitor, and model their global supply chains to build resilience and create new opportunities.
Adapting the SOC Model to Become an Operational Resilience Framework
For years businesses and organizations have centralized IT security functions using the Security Operations Center (SOC) model, which has been an invaluable organizational structure for managing and responding to security risks and many supply chain threats.
Today we know that cyber threats only represent a small portion of the risks posed to supply chains. Continuous disruption — driven by geopolitical and operational risk, as well as environmental, social, and governance (ESG) risks — has done considerable damage to the global economy. How companies operationalize around risk has changed as well, including newly prominent business uniters such as risk managers and procurement teams taking on greater responsibility for risk management. All of these teams need actionable, data-backed risk intelligence and a coordinated approach to be effective.
By bringing formerly isolated business units together, the Resilience Operations Center (ROC) helps organizations address these challenges, creating an enterprise-wide operational model that infuses effective supply chain risk management (SCRM) across the organization. With a shared understanding of risk, business can react to risk in real time and improve outcomes.
Where Does Supply Chain Vulnerability Originate?
Everyone in the business community has experienced the intense disruption of the past several years. The immediate causes are often easy to understand — inflation, geopolitical conflicts, and a wide array of disasters have all played their part — but we have to look back even further to understand why these individual events have had such immense impact.
One of the major causes has been a decades-long reliance on Just-In-Time (JIT) or lean supply chains. This approach emphasizes cost-efficiency over all other priorities — purchasing components from the lowest-cost supplier and maintaining the lowest amount of inventory possible to save on storage costs.
JIT supply chains naturally incentivize outsourcing to many different suppliers who often hyper-specialize in production of just a few kinds of components. Their components (either physical or digital) are then passed onto other suppliers responsible for assembling the final product. This approach also encourages regional specialization, and production of specific components has become concentrated in areas with favorable economic conditions.
This created highly globalized supply chains that are incredibly cost-efficient — but also incredibly fragile, greatly magnifying the potential impact of individual supply chain threats. During previous periods of minimal disruption detailed contingency planning may have been of limited value, but we have all seen the consequences of this approach. Disruption is not a matter of “if,” it is a matter of “when.” The next big supply chain upheaval is coming, and you need to be prepared. “I didn’t know” is no longer an acceptable excuse.
A New Approach to Supply Chain Resilience is Needed
While many companies use traditional risk management teams to perform disruption and contingency planning, those activities are often narrowly focused on known, predictable threats to first tier/direct suppliers, such as establishing alternates for suppliers located in regions that regularly experience monsoons. However few organizations plan for, or even consider, the potential impact of a global pandemic or the Nth-tier implications of a sudden war.
This lack of comprehensive planning is often exacerbated by the limitations of traditional models for risk management, which frequently rely on manual, survey-based supplier risk assessments. These tools provide limited, often unverified assessments of risk that check the box in regard to compliance but offer little insight into real-world risk exposure and resilience.
Organizations can no longer rely on these outmoded and subjective tools. More and more executive leaders are recognizing the need to respond to risk as it happens and to pre-empt systemic fallout wherever possible, safeguarding business continuity and building value even under adverse circumstances. This is operational resilience, and an effective operational resilience strategy can only be achieved by demanding real-time and continuous visibility into multifactor supply chain risk.
ROC Capabilities Build Operational Resilience
What does a Resilience Operations Center (ROC) do?
A ROC helps to solve the challenges listed above and construct an operational resilience framework by:
- Creating a centralized business unit that can effectively manage risk across your entire supply chain and within the walls of your organization
- Pre-identifying key resources within your organization and preparing them for action when a supply chain risk manifests
- Offering an up-to-date lens into enterprise risk and extended supply chain resilience to enable swift proactive and corrective action for identified issues
- Enabling proactive risk monitoring and shortening response times
- Increasing operational resilience to risk events by providing a meaningful and transparent measurement and reporting structure, increasing an organization’s ability to incorporate lessons-learned from past events
- Enabling easy sharing of risk-related information across the organization and with external suppliers and partners, building a trust-based environment
- Providing comprehensive supply chain insight that makes it easy to deduplicate redundant suppliers or identify potential alternatives for critical commodities
Operational resilience executed within the ROC concept leverages four fundamental ideas to achieve these results.
- Closely pairing SCRM and enterprise objectives
- Eliminating organizational silos
- Creating a new, more-effective approach to threat detection and response
- Providing the necessary speed and knowledge to exploit previously invisible opportunities
You know you’re only as secure as your weakest link.
In a structure as complex as an enterprise’s global supply chain, the weakest link could be your direct vendors’ partners, or their vendors, or any one of the hundreds of thousands of individuals whose labor you directly or indirectly rely on to provide your business’s products or services. This makes operational resilience the responsibility of not just a single business unit, or group of leaders, it’s everyone’s responsibility.
Organizations have long accepted the idea that cybersecurity risk management is an organization-wide responsibility, given that any individual employee or technology asset is a potential in-road for malicious actors. The same viewpoint applies to supply chain risk and resilience, where weakness in any individual segment creates a risk to the entire system, given that suppliers, vendors, and partners rely on each other to vet vendors, partners, and buyers.
Executive Leadership & A Top-Down Approach is Essential to Building Operational Resilience
The ongoing slate of supply chain disruptions has made supply chain risk management and operational resilience a C-level and board-level concern. This is a significant change from just a few years ago, where supply chain concerns were largely viewed as the purview of one or two departments.
Now that operational resilience has the attention of senior leadership, it’s up to those leaders to drive change across the organization from the top-down. Organizations cannot rely on disparate departments to individually recognize the need to create a collaborative, resilient, and cross-operational supply chain practice – leadership needs to step in and coordinate an operational resilience strategy.
Leaving it up to individual teams contributes to gaps in understanding and prioritization, generating more risk. For example, purchasing may select a supplier that generates costs-savings but creates potential compliance issues that legal will have to address. One team wins at the expense of another, potentially negatively impacting the organization as a whole.
Cross-functional business units like the ROC help leadership cut across departmental lines, establish a shared vision of resilience, improve communication and metrics reporting, and keep the organization focused on shared success using procedures and tools such as:
- Coordinated risk assessment
- Supplier relationship mapping
- Continuous monitoring
- Incident response teams
- Single-source-of-truth dashboards
- Insight sharing and real-time alerts
- Closed-loop processes for lessons learned
Activating these functions within a traditional SCRM program is difficult, largely due to reliance on out-of-date surveys, spreadsheets, and siloed operations.
The next major supply chain shock could come tomorrow, next week, or next year, but it will come. The time to implement operational resilience is now.