Does your company have plans[1] in place to manage any major disruption situation? Have you considered assessing, diagnosing or auditing your posture in terms of: resilience governance, preparedness for major disruption, response and intervention capability, maturity of your resilience, crisis coordination and/or effectiveness of these plans (if you have any)?
Depending on the type of assessment or audit to be carried out, the criteria for effectiveness should include optimal management of communications in times of crisis, minimal maintenance of operations, coordination of the response as well as the physical safety of employees.
In short, the assessment should enable conclusions to be drawn about the company’s posture and its ability to cope with various contingencies.
The aim of this article is to make you aware of the importance of such an approach, by explaining its various functions. We will therefore limit ourselves to a few points.
Diagnosis, evaluation and audit: what are the differences?
Diagnosis, evaluation and audit differ at certain levels, whether in terms of objectives, methodology or results obtained. All three approaches aim, among other things, to assess the current state, a program, a plan, specific aspects, capabilities, the level of maturity, the effectiveness of processes, and the application of standards/laws and best practices. Diagnosis and evaluation are very similar structured approaches, carried out in a more collaborative framework, where discussions with stakeholders are much more open. Also, unlike auditing, evidence is not necessarily required for each piece of information received. Audit is a more structured and less flexible approach than diagnosis. It seeks to obtain evidence to compare it with specific criteria within a limited perimeter.
However, these three approaches can complement each other and help a company strengthen its ability to combat disruptions and crises.
Why carry out an assessment of your level of preparedness and ability to deal with unforeseen events and/or plans?
Evaluation should be seen as a process of assessment, comparison and continuous improvement, identifying potential weaknesses, opportunities for improvement and areas where the company is well positioned. In particular, it enables to :
- Attest to the company’s level of resilience maturity;
- Bring about changes in the way things are done, and thus stand out from the competition;
- Compare the content of plans with best practices, laws and recognized standards;
- Define strategic, tactical and operational orientations (360° approach);
- Ensure effective corporate governance ;
- Formally make management aware of the current situation;
- Identify deficiencies, issues and challenges;
- Identify opportunities for improvement and blind spots that could represent risks;
- Identify the company’s vulnerabilities and the risks to which it is exposed, as well as the consequences and impacts they may have;
- Obtain favorable levers and support to prioritize risk mitigation actions and the operationalization of recommendations;
- Propose a roadmap to regularize the situation;
- Propose one or more targets to be reached in order to improve the organization’s posture;
- Recommend approaches and alternatives ;
- Etc.
Without diagnosis, evaluation or audit, it is unfortunately possible for efforts to be in vain, not prioritized or not supported by management. This approach provides a picture of the situation and helps determine the next steps based on factual information approved by management, while being effective and relevant in the overall sequencing of the work to be carried out.
A constantly changing landscape
Today’s societal challenges mean that no business is immune to the unexpected. Crises can arise in a variety of ways: a global pandemic, a cyber-attack, a devastating natural disaster, or even political unrest can cause major disruption. In the face of these challenges, it is imperative for organizations to remain agile and constantly adaptable.
Conclusion
Although some companies may be reluctant to do so, preferring instead to maintain the status quo, there is much to be gained by assessing their level of preparedness, their ability to cope with unforeseen events, and their plans, whatever the method chosen. There’s no need to wait until it’s too late: investing in this process will contribute to a company’s long-term survival in a constantly changing environment.
If you’d like the advice of a neutral expert, and the arguments you need to make the right decisions, contact Benoit Racette Services-conseils. Inc. today at [email protected]. We’d be delighted to help you achieve your goals!
[1] In this context, the term “plan” encompasses all the types of resilience plans a company can put in place: business continuity plan, emergency measures plan, crisis management plan, IT disaster recovery plan, etc.