Q2 Magazine 2023
COO Operational Resilience verses Agility
1. How should the COO navigate this delicate balancing act between both operational, even organisational resilience, and business agility?
2. What are the real challenges and issues in trying to balance resilience on the one hand and agility on the other? How conflicting are they?
3. What systems, processes, even people, can a COO put in place to systematise and account for both agility and resilience at the same time?
4. What actionable and practical advice for COOs would you give so they can try to achieve this balance?What do
5. COOs have to bear in mind in terms of security, access and privacy, i.e. do COOs need to provide robust and resilient services that are secure, yet allow for flexible access and agile services? Please expand.
6. How can COOs use data to deliver both resilience and agility? How important is visibility on how a business operates, i.e. dashboards, drill down on operational data etc?
7. If COOs get the balance between resilience and agility right, what will it allow them to achieve, where are the opportunities?
It is a misconception that operational resilience and agility are opposing forces, battling for supremacy, driving in opposite directions, when they are complementary. For any company to progress, embedding resilience and embracing agility is fundamental to delivering enhanced business performance, whilst minimising risk in this pursuit.
The COO sits at the centre of each company and therefore is well positioned to oversee the adoption of resilience and agile policies and their governance: this statement is somewhat of a simplification as every COO mandate is different, in ownership and influence. To this end, it is their influence on the CEO that is key to success, where leadership, culture, education, governance, and technology are the component parts that enable the marriage of operational resilience to agility to work in harmony.
The Covid-19 pandemic and subsequent credit crunch, along with the Russian-Ukrainian crisis, have demonstrated that companies need to be prepared for unforeseen events. Pre-pandemic, most companies had in all but name, developed an operational resilience strategy, with the FCA stating that “Firms that had mapped their important business services ahead of the pandemic found themselves in a much stronger position”.
This is true; financial services companies adapted well to the seismic shift in working patterns, although you could argue the lack of preparedness to a pandemic was a comprehensive failure of the imagination by all. If functionality dedicated to foresight had been in place, asking the ‘so what if?’ then the industry would have been better positioned to meet this challenge more effectively, leveraging a resiliency and agile approach to deal with the unforeseen.
The COO, the executive leader shadowing the CEO, found themselves at the centre of all business activities throughout the pandemic and this position of enhanced influence, visibility and in many cases, mandate, has been carried forward into a post-pandemic operation. At the heart of this emerging mandate is addressing the challenge in bridging and uniting operational resilience, ensuring the safety of the franchise, with agility more closely aligned to enhancing competitive advantage and productivity.
How? Formula 1 is a good example. Whilst the objective is to go as fast as possible, to be as responsive and agile as possible to changing circumstances, you still need to have breaks and protection to ensure you achieve the objective. Just as operational resilience is a regulatory requirement, so are the laws that demand Formula 1 to be compliant and safe. Formula 1 engineers work with this duality by looking at this dichotomy through a single lens.
This is akin to a financial markets business, where the sales and traders are seeking to maximise revenues and profits, where behavioural and technological agility brings competitive advantage, but controls and conduct measurement ensure whatever they do is done within the law without impeding business momentum. More so, being a bank with a reputation for safeguarding client money, with strong control governance, is a regulatory and client expectation and being best of breed brings competitive advantage.
It is therefore not just governance, process, and procedures but a state and frame of mind that is needed to marry the two, as opposed to balance them. The COO’s central position, having the CEO’s patronage and support, is the platform from which this mindset, education and cultural adoption can be effectively delivered.
Some have advocated the introduction of roles such as Operational Resilience Champion, to support the delivery of regulatory initiatives/other. This would mean tasking the resilience champion to shape and articulate the resilience vision and set the resilience framework in which the company and teams within it work. This appears an unnecessary and duplicative appointment when the office of the COO is already positioned to undertake this task. If anything, such an appointment will add confusion and possibly lead to fractures and inefficiencies in the adoption of these policies and vision. More so, in such an appointment you are establishing a delineating line between operational resilience and agility, when you are trying to bring the two together in unison.
Ensuring the principal departmental heads across the business, operations, technology, and centralised services are bought into this single vision, whilst empowering them to manage their own approach within the company’s (reliance or agile) framework, is the message the CEO needs to make to empower the COO with this responsibility.
One area that has evolved from the pandemic and is a sibling of operational resilience, is the management and governance of non-financial risk (NFR).
NFR is portrayed as being arguably the primary challenge for industry leaders in the coming years. Until recently it was a term used inconsistently, having different definitions one sector to another or one competitor to another in the same sector. Within banking, Armstrong Wolfe’s research showed that most in-business COOs had been acting as the de facto head of NFR, without determining as such. The importance of managing NFR in an operational resilience context has led to a review and re-evaluation of the approach to NFR management.
Market leading thought is to integrate operational and enterprise risk, and first line operational risk, conduct and controls into one function, reporting into the office of the COO. The COO is therefore charged with delivering insights and counsel on the aggregated view of NFR to the executive, facilitated through agile working practices and technological innovation, judgment, and data. The delivery of robust and reliable horizon scanning through this evolution may well be the foundation stone of the COOs office and its importance moving forward.
Whether it is developing a firm-wide approach to NFR or other developments, the following are good points of reference for the COO to define the problem statement and build a business case:
- Use agile principles and roles to deliver resilience initiatives
- Adopt agile design to identify possible risks and threats
- Embed NFR management within agile governance
Using agile principles to create resilient companies will be a challenge for executive leadership if they are to manage disruption going forward. Doing so will not just enable them to respond to business regulatory demands, but to adapt to future uncertainty through the adoption of an integrated approach to managing NFR from the 1st line.
As noted in paragraph 2 above:
“To this end, it is their influence on the CEO that is key to success, where leadership, culture, education, governance, and technology are the component parts that will enable the marriage of operational resilience to agility to work in harmony.”