Operational Risk Management: Reaping the Benefits

The question is usually not whether a company needs a business continuity and availability solution, but whether what’s currently in place is sufficient. To get a quick indication, see how you measure up to the resiliency spectrum, which categorizes five different levels of resiliency and productivity:

Fragile – In a fragile environment, unreliable IT reduces productivity. This type of environment is plagued by downtime issues and lacks measurement, security policies, continuity plans and key performance indicators (KPIs). It typically involves some incident management, backups and reactive reporting.

Delicate – In this type of environment, when things don’t go as planned, IT reduces productivity. Characteristics of a delicate environment include off-site disaster recovery and backup, incident management, mitigation of downtime risk and defined security policies. This environment incorporates some IT process training, but largely relies on having the right people in the right place at the right time.

Stable – A stable environment features mostly reliable IT that is mostly productivity neutral. Business needs and processes are understood and incorporated into the security and disaster recovery plans that are established. In addition, monitoring and reporting tools including post incident reports (PIRs), and change management policies and procedures are in place.

Durable – In a durable environment, business can count on IT, as IT can scale-up if required. The solution is reliable, ITIL practices are mature and key IT services have been identified. SLAs and measurement are in place and security and disaster recover plans are regularly tested. This environment is further characterized by proactive measures such as planning for change and isolated process improvement activities.

Resilient – The ideal environment is a resilient environment where business productivity is very high due to IT. IT is transformed into a business differentiator with best-in-class IT service management and cost structure. There are regular business continuity plan rehearsals and regular testing of security plans. There are SLAs established for all key IT services and ITIL/ITSM practices adhere to ISO20000 standards.

Budget – How Much is Enough?

One of the most challenging aspects of operational risk management is balancing risk against the cost of protecting the business. The key is taking a methodical approach that addresses each business process in terms of the level of availability needed, how much data the business can afford to lose, how long the business process can afford to be down and the level of protection that’s needed.

Once the acceptable level of downtime is determined for each business process, goals for recovery time, data loss and security and availability can be set and used as the basis for developing a solution that requires an appropriate level of investment.

The Benefits

Adopting a holistic, proactive approach to business continuity and availability can be a complex process as it requires integration not just of technology, but of people and processes, too.

But once the IT environment has been assessed and stabilizing actions taken, IT staff are more productive and have more time to focus on improvement projects that can benefit many areas of the business because they’re no longer consumed with putting out fires. Also, the availability of critical applications becomes more reliable and more automatic, creating greater trust in IT’s ability to deliver.

Then, as the IT environment becomes optimized, IT performance against KPIs improves, resulting in improved output to business and greater processing capability, which improves staff productivity.

For example, a manufacturing company that grapples with an unreliable supply chain that results in loss of business can optimize the environment through business continuity and availability solutions, reducing or eliminating operational risk until it becomes a differentiator.

Finally, once the necessary resilience is achieved, IT is more valued as a competitive advantage. Benefits at this stage include improved business financial performance, corporate reputation and share price.

Achieving operational excellence has a powerful effect on increasing customer loyalty and strengthening supplier relationships. In today’s world, the benefits of superior operational risk management don’t stop at what might be saved, but extend into what might be gained.

John Bennett leads the worldwide Business Continuity & Availability (BC&A) solutions group for HP, which is focused on helping customers reduce operational risk and ensure continuous operation of critical business processes.