Make your organization stronger through adversity - Antifragility and Enterprise Resilience

Make your organization stronger through adversity - Antifragility and Enterprise Resilience

Modern theories of the firm remain focused on transaction costs, operational efficiency, employee motivation, leadership, strategy and other related factors. While any of these may support our success at various times, none of them alone will facilitate it in the long run. Especially not in this age of ever faster change and growing complexity. Factors that enable our company’s long-term viability are Enterprise Resilience and the related concept of Antifragility which enable a company to resist shocks, adapt to a change, and even get stronger with stress and volatility.

The age of upheaval

We are in an ever-shifting maelstrom of change. Climate change causes more frequent and intense natural disasters. Changing climate patterns could potentially wipe out whole island nations on one hand and create new trade routes and energy opportunities in the melting Arctic on the other. In the last 25 years alone we saw thirty-four new nations formed. Borders, political alliances, migration and trade patterns transform ever more swiftly. Technologies emerge or become redundant overnight, disturbing established industries and altering economic futures of entire countries. These or a host of other changes threaten to render our products or services obsolete, cause dramatic shifts in the market and change our customer base for better or worse.

Forget, for a moment, the Internet and the mobile revolution, or potential cryptocurrencies and blockchain revolutions. Just look at the example of desktop PCs. A mere decade ago, they perched in every workspace as the main computing platform. Now, sales of such devices have largely died, outside of a few remaining markets. Their work today occurs on mobile devices, with back-end computing and data collection moving to the cloud and connected devices.

Or look at stand-alone GPS receivers. Not long ago, they were the pinnacle of navigation technology; today they are merely an incidental feature standard on the lowest entry model smartphones and IoT devices. Their makers, such as Garmin or TomTom, survived only by adapting to changes.

Others, like Kodak Co. or Nokia Corp, were not so lucky. These pioneers in film-based photography and digital mobile phones, respectively, failed to adapt to technological upheaval and lost their prominence. Kodak, for decades a corporate giant, was even forced into bankruptcy.

Adaptability is critical in today’s market. We have no all-knowing oracle to predict future developments. Change is on an ever-accelerating climb; a new or disruptive technology may emerge at any moment and upset all our carefully laid plans. Resilient enterprises can take greater risks and respond more quickly when unexpected change occurs. They can better cope when plans go awry. Organizations that have a greater risk tolerance have a distinct advantage over those that do not.

First-hand observations

I was lucky in my career to experience companies on both ends of the spectrum. I saw both, those that used radical changes in their business environments to prosper, and those that failed to adapt and suffered.

I worked with Apple, Accenture, IBM, Experian, Toyota, Expedia, AXA and other regulars on the lists of most innovative companies as well as a number of start-ups. I observed how they used changes in their business environments to their advantage.

On the other hand, Kodak enlisted me in efforts to optimize, automate and digitize film processing (yes, really - digitize film processing) in their futile attempt to reverse digital cameras’ dominance of store shelves. I promoted Nokia’s Symbian OS when iOS was already gaining ground. Other change-impaired clients included Motorola, Sun Microsystems, and European dotcom web technology darling Reef, on whose domain one can now buy sandals. No, correlation does not imply causation.

As I observed those business cycles first-hand, I was also building a background in technology risk, business continuity and disaster recovery. That pairing of backgrounds and interests moved me to jump at a chance to lead PwC Enterprise Resilience – a field that grew out of business continuity and related disciplines and now helps organizations survive, or even prosper, when faced with radical changes in their business environments.

Traditional business resilience

Business resilience, at its core, is an organization’s ability to respond and recover from crises and maintain, or quickly recover, continuous business operations, assets and brand equity.

Resilience typically contains four major capabilities. The first is preparedness. Preparedness encompasses the tactical plans we will enact in case of a disaster or crisis. Preparedness must be implemented cross-functionally through all critical parts of our organization.

Secondly is protection. Protection hardens us against both identified and, where possible, unidentified threats. Protection also includes our contingency plans and the alternatives we will enact if we are completely disrupted.

The third is response. Response encompasses the steps we will take during and immediately after a crisis. It is essential to formulate our comprehensive response before a crisis begins. If we try to devise it in the middle of an emergency, we have already lost.

Lastly is recovery. Recovery describes the activities we will employ to bounce back quickly. We might mistake recovery for activating our Disaster Recovery (DR) plans. DR plans, however, focus on getting us back on our feet at only a basic level. That makes them more of a response function. Recovery has a distinctly tactical bent. It focuses on maintaining or recovering the level of business operations existent before the disruption.

Disciplines that have matured over recent decades to support the traditional approach to business resilience include Crisis Management, Emergency Management, Disaster Recovery, Incident Response, Operational Risk Management and Business Continuity Management.

Today’s enterprise resilience and antifragility

For a somewhat different take on resilience, let’s consider these definitions: Enterprise Resilience enables us “to change before the case for change becomes desperately obvious” and to “withstand systems discontinuities and adapt to new risk environments”. British Standard, BS65000(2014) defines “organisational resilience” as “ability of an organization to anticipate, prepare for, and respond and adapt to incremental change and sudden disruptions in order to survive and prosper.”. PwC defines it as "Resilience is an organisation’s capacity to anticipate and react to change, not only to survive, but also to evolve."

The keyword in these definitions has morphed from "crisis" to "change" – resilience is required in response to all kinds of change, not just crises. To be resilient, it’s true that you need to be able to manage through an earthquake’s disruption of a supplier’s factory. But you also need to manage through tectonic shifts in consumer purchasing behaviour, by anticipating those shifts and re-orienting the organisation to continue delighting customers.

While the traditional business resilience is focused on maintaining, or quickly recovering, continuous business operations, assets and brand equity, the new approach to enterprise resilience is increasingly looking at how organizations can evolve and ideally prosper from the changes. PwC, the British Standards Institution, and many other organizations and define Enterprise Resilience as such strategic capability.

In the new thinking about Enterprise Resilience, we still want to build an ability to return to approximately where we were before we entered the crisis. We may, however, have evolved along the way, grown stronger as we responded to crises. We want to capture and retain those benefits as well.

A concept related to enterprise resilience is antifragility. Antifragility was coined by Nassim Nicholas Taleb, who explains it as a step beyond resilience or robustness, “that category of things that not only gain from chaos but need it in order to survive and flourish,” or “Antifragility is a property of systems that increase in capability, resilience, or robustness as a result of stressors, shocks, volatility, noise, mistakes, faults, attacks, or failures.” For example, when we exercise, our muscles and our whole body and mind get stronger and more resilient. Furthermore, we get stronger in a healthier way when exercised in a wide variety of ways.

It is then a fortunate confluence of events that, just as the pace of change accelerates, we see disciplines that support enterprise resilience mature and get adopted across enterprises. With this maturity come the practices, methodologies and standards that enable us to integrate these concepts into an organization. That brings us, who manage the larger body of enterprises, to a juncture where we can apply those concepts of Enterprise Resilience to a wide variety of changes and issues, and not just disasters. Adapting and adopting traditional business resilience disciplines and exercising them in a response to any change, positive or negative, is what will make us stronger and build up our enterprise immune system.

Enterprise Resilience is not a magic bullet

Lest we mistake Enterprise Resilience for some buzzword magic bullet management fad, let’s consider where these ideas originated. Enterprise Resilience grew out of traditional and by now well-established business resiliency disciplines and is a superset of most of them. While the individual capabilities are important, Enterprise Resilience is more than just reacting to crisis events as they happen. It is not even just about proactive crisis-proofing the organization. It is about embedding the capability to adapt to any change deeply throughout our organization and regularly exercising it.

The practices behind Enterprise Resilience require more commitment than just approving the idea in an executive meeting and walking away claiming to espouse them. These concepts require hard work to implement well, but, the good news is, Enterprise Resilience is not a new buzzword that would require organizations to adopt a whole new methodology. Even most moderately successful organizations have already built some of the foundations on which Enterprise Resilience can rest. Organizations now have to recognize the broader applicability of traditional business resilience disciplines and make an executive commitment to exercise them regularly.

Are we resilient enough?

Most organizations unfortunately still struggle to implement the basics of the various disciplines that support resiliency, let alone exercise them regularly.

Others embrace Enterprise Resilience and antifragility concepts and apply them to every aspect of their business. One such organization is Netflix. Netflix, in its cloud infrastructure, has implemented an internally developed tool called Chaos Monkey. Chaos Monkey simulates system failures by intentionally causing them – not simulated failures, but actual, randomly generated failures in their production systems. This drives an effort to create a system capable of withstanding serious problems without failing, while simultaneously exposing vulnerabilities so the entire environment can be fortified.

Most IT executives would view the idea of intentionally causing failures in production systems as terrifying, if not downright unthinkable. But ask yourself, when a real disaster strikes, which organization will have a better chance of survival?

Start-ups tend to be antifragile. As they grow, organizations become increasingly fragile and spend lots of effort and money on avoiding chaos, stress and volatility. Yet, in the world where the frequency and impacts of disruptions are increasing, organizations that learned how to benefit from the chaos will dominate.

Wrap up

The pace of technology drives the pace of change we see in the marketplace. Every passing day seemingly brings advances in existing technologies: faster networks, increasingly dense storage and faster and smaller processors. Additionally, we see new technologies emerge: self-driving vehicles, IoT, blockchain, hyper-efficient renewable energy and spaceflight technology driven by corporations and private companies. Technology innovations create immense opportunities, but also make organizations increasingly vulnerable as they become more complex, virtual and interdependent.

To fully understand the potential impact of evolving technologies, a technology background and baseline understanding are key. Technology management should thus drive Enterprise Resilience adoption within our organizations so we can use technological changes to our full advantage and to use technology to be more resilient to other changes in our environment. Building resilience is a prerequisite for taking risks. As Mark Zuckerberg once said “The biggest risk is not taking any risk. In a world that's changing really quickly, the only strategy that is guaranteed to fail is not taking risks.”

----------

(Disclaimer: Postings on this site are my own and don't necessarily represent PwC positions, strategies or opinions.)

----------

Adapted from an article originally published at Ivezic.com on November 2, 2016.

Enjoyed reading your views Marin. These business concepts are equally applicable for governments as they position their countries/cities to build the competitive building blocks of sectors through a strategic lens or at the personal level as we manage the vagaries of life.

PJ Patterson

Host of the Money Matters Podacst | SMSF Investment Specialist | Financial Advisor | Small Business Specialist | Superannuation Investment Specialist

6 年

Awareness around this in every industry is key, completely agree.

Lester, Rihui Li

GAC-Sofinco - Senior IT Risk

6 年

Cybersecurity issue also is a related factors.

要查看或添加评论,请登录

社区洞察

其他会员也浏览了