What's new

P2.T7.20.16. Striving for operational resilience

Nicole Seaman

Director of FRM Operations
Staff member
Learning objectives: Compare operational resilience to traditional business continuity and disaster recovery approaches. Describe elements of an effective operational resilience framework and its potential benefits.


20.16.1. Operational resilience is different than traditional business continuity and disaster recovery (BC/DR) planning. In regard to this contrast between resilience and BC/DR, which of the following statements is TRUE about operational resilience?

a. The primary focus of operational resilience is recovery
b. Operational resilience emphasizes physical hazards or perils
c. Operational resilience develops uniform (aka, standard) tolerances and scenarios across business units
d. Operational resilience ignores organizational silos in favor of end-to-end delivery of critical services

20.16.2. According to Oliver Wyman, in striving to build operational resilience, each of the following is (true as) a key question that the board and senior management should be asking EXCEPT which is misguided?

a. What are our critical business services, and what is our measure of criticality (because we should focus on the potentially critical components of service delivery across organizational silos)?
b. What is our risk appetite for resilience risk, and how is risk appetite reflected in our impact tolerances (because resilience is different than, but incorporated into risk appetite statements and metrics)?
c. Does the organization understand the dependencies of critical business services on organizational assets (because the traditional focus on assets in silos might ignore dependencies)?
d. Have we prepared distinct, customized incident response regimes for each different incident type (because a single incident response regime is inferior to different incident response regimes)?

20.16.3. Because his firm wants to establish an operational resilience program, Peter has drafted the following four-step approach that he will propose to his boss:

I. Establish the Foundation: in this step, the firm will assign accountabilities, establish a baseline of the organization's capabilities, and articulate the organization's critical business services
II. Provide Visibility to the Board: this step will include identifying an initial set of metrics (including resilience program metrics) to provide ongoing reporting to the board
III. Specify Launch Date and Execute full-scale rollout to all critical services: this step will include a motivational countdown to R-day (aka, R-3, R-2, R-1 ... Resilience Day) the day when the organization formally switches over to a status of resilience
IV. Expand the Program: this step will drive resilience improvements, and expand the program to enhance capabilities

According to Oliver Wyman, which of the steps is misspecified; aka, incorrect?

a. None of the four steps are correct
b. Only the second step (II.) is incorrect; the other steps are correct
c. Only the third step (III.) is incorrect; the other steps are correct
d. All of the steps are correct

Answers here: