RiskUKAugust2017
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Resilience Revisited: Turning Our<br />
Attentions To Successes and Failures<br />
Despite widespread<br />
acknowledgement of<br />
the importance of<br />
‘resilience’ to today’s<br />
organisations, in<br />
practice a number of<br />
questions remain<br />
unanswered. Allison<br />
Wylde suggests that,<br />
despite the emergence<br />
of standards and<br />
research, there’s still<br />
deliberation on an<br />
agreed definition for<br />
the term, while<br />
methods for<br />
understanding and<br />
applying resilience are<br />
somewhat unclear<br />
Dr Allison Wylde BSc (Hons) MA<br />
FRGS FHEA DIC (Imperial):<br />
Faculty Member with Cardiff<br />
University’s Business School<br />
and a Research Fellow at<br />
Cardiff University’s Crime and<br />
Security Research Institute<br />
50<br />
www.risk-uk.com<br />
Arguably, the prevailing position around the<br />
definition of resilience and its<br />
understanding and application appears to<br />
arise partly as a result of its trans-disciplinary<br />
nature. As a consequence, a number of<br />
different schools of thought, theories and<br />
approaches have developed over the years, in<br />
turn giving rise to so-called ‘gurus’ on the<br />
discipline aside from those practitioners<br />
operating in this specialist realm.<br />
Findings from a recent UK survey which<br />
asked what resilience means within private<br />
sector organisations found that more than 80%<br />
of respondents named IT disaster recovery as<br />
the most important element of resilience. 55%<br />
suggested that it was security and 45%<br />
favoured Health and Safety.<br />
There’s an important gap in our knowledge<br />
and understanding of resilience. Further<br />
research might assist our comprehension of the<br />
different ways in which resilience may be<br />
understood and applied and its performance<br />
assessed. Clearly, further work must be<br />
undertaken in discussion with practitioners and<br />
those companies responsible for resilience<br />
plans being implemented.<br />
In addition, the specific requirements for<br />
each company, setting and industry need to be<br />
accounted for. In the here and now, we can<br />
focus on recent empirical studies and<br />
discussions concerning the topic of a resilience<br />
‘success and failure’-style approach. The<br />
overarching aim for all of us is to make sense of<br />
resilience as a discipline.<br />
In the field, practitioners typically<br />
concentrate their focus on a particular stage or<br />
phase of resilience. For example, the business<br />
continuity sector has been concerned with the<br />
stages of recovery from – and to – a ‘business<br />
as usual’ mode of operation.<br />
As is the case with the emergency sectors,<br />
security practitioners have tended to focus on a<br />
broader scope for resilience from the<br />
perspectives of anticipation and preparation as<br />
well incident and/or crisis management and<br />
recovery, together with issues of quality (eg ISO<br />
9000:2005) as well as the key drivers of risk<br />
(ISO Guide 73:2009 and ISO 31000:2009) and<br />
the supply chain (ISO 28002:2011).<br />
Engineers were arguably the first to adopt a<br />
reliability (ie repeatability) lifetime-focused<br />
approach. For their part, some researchers have<br />
more recently suggested that strengthening the<br />
anticipation element of resilience through<br />
concentrating on understanding ‘successes’, as<br />
well as failure, may provide benefits.<br />
Resilient system<br />
According to Hollnagel 1 , a resilient system will<br />
exhibit several different traits or ‘abilities’.<br />
First, there’s the ability to respond. It’s all about<br />
knowing what to do or being able to respond to<br />
regular and irregular changes, disturbances and<br />
opportunities by activating prepared actions or<br />
adjusting the current mode of functioning<br />
within the host organisation.<br />
Then there’s the ability to monitor. Knowing<br />
what to look for, or being able to monitor that<br />
which is or could seriously affect the system’s<br />
performance in the near term (either in a<br />
positive or negative way). The monitoring must<br />
cover the system’s own performance as well as<br />
what happens in the environment.<br />
Next on Hollnagel’s list is the ability to learn.<br />
Knowing what has happened or otherwise<br />
being able to learn from experience, and in<br />
particular learning the right lessons from the<br />
right experiences.<br />
Last, but by no means least, there’s the<br />
ability to anticipate. Here, the focus is squarely<br />
on knowing what to expect or being able to<br />
anticipate developments – such as potential<br />
disruptions, novel demands or constraints, new<br />
opportunities or changing operating conditions<br />
– further into the future.<br />
It’s interesting to note that, from a<br />
policymaker’s perspective, concerns regarding<br />
resilience have largely resulted in the creation<br />
of new standards and guidelines, as well as<br />
additional requirements for governance and/or<br />
safety regulations across organisations and<br />
civil society and during disaster recovery. As a<br />
direct consequence, the requirements for<br />
reporting near misses, due diligence and audit<br />
have increased.<br />
Yet, as the fire at Grenfell Tower in West<br />
London illustrated with such tragic effect back<br />
in June, even in advanced economies disastrous<br />
events and fatalities still occur. Tensions<br />
between the goals of resources versus<br />
efficiencies might have meant that standards<br />
were simply applied as minimum standards,<br />
while collaborations and partnerships may have<br />
fostered confusion and gaps in responsibility.