Operational Resilience inertia set in for many firms amid competing priorities, and they spent Q1 2023 remobilising their Operational Resilience programmes to get through the 2023 self-assessment process. In refreshing the programme and taking a view on how to gear up for the 2025 deadline, firms have accepted that developing maturity is essential in creating resilient operations that protect the firm, and the firm’s customers.
For firms remobilising their programmes, and looking for direction on maturity activities between now and 2025, we suggest two good places to start:
- Review current capability, resilience documents and supporting processes and enhance those in line with regulatory and operationally effective objectives
- Develop and implement a Resilience Target Operating Model to in turn ensures regular, repeatable reporting to evidence ongoing management of Operational Resilience
This article delves into a proposed strategy for developing a Target Operating Model, in conjunction with our previous piece on the review process.
The Target Operating Model should be created collaboratively with the business to ensure that it reflects the desired end state, covering governance, structure, roles and responsibilities, integration with other protective disciplines, processes, programme efficiencies, people and culture, and an annual programme of resilience activities.
The end state Target Operating Model should align with regulatory requirements, internal strategy and desired resilience maturity and enable:
- Greater capabilities to identify, respond, adapt, recover and learn from service disruptions through integrated resilience management
- Effective response to future resilience requirements (e.g., DORA)
- Senior Management and Board to govern Operational Resilience more effectively
The Target Operating Model should be informed by your review, and you should start by working with the business, to:
- Agree a desired state of resilience maturity and how this can be measured/evidenced
- Document a strategic vision that articulates how resilience will be managed firm wide, aligning the resilience programme with corporate goals and objective
That strategic vision provides your North Star to 2025 and creates the necessary parameters to start developing the Target Operating Model.
Considerations for inclusion in your Target Operating Model should be:
- Operational Resilience framework, standards, and controls, aligned to the strategy and desired maturity
- Governance processes, committee structures, and defined roles and responsibilities via a RACI document
- Integration with your other protective disciplines (Impact assessments, Third-Party Risk Management Controls, incident categorisation)
- Processes, procedures, and annual cycle of BAU activities across Operational Resilience and MI reporting to operationalise and enable the embedding of the Target Operating Model
To enquire how our Operational Resilience specialists can help your firm with moving to Operational Resilience maturity, enquire here or book a time with one of our consultants here now
