Risk Modeling and Enterprise Resilience Roadmaps
Enterprise architects and strategy leaders need to be on the front foot to help their organization manage disruption caused by external shocks and crises, such as pandemics.
Enterprises need a centralized view of Technology and Operations Resilience as well as People and Process Resilience. A useful set of steps to work through when building roadmaps for resilience, and to manage and mitigate risk include:
Step One: Detection
- Integrate and centralize company data (Excel, Visio, SharePoint etc)
- Model systems, technology and infrastructure. Pull together Application Catalogs, Application Landscapes, Infrastructure Registers, Process Diagrams, and Business Capability Maps.
- Identify which critical processes may not be resourced sufficiently or may need management (e.g. essential work carried out by contract workers, processes for communicating with customers if systems are down, etc).
- Graph database views of connected applications, infrastructure and processes can help to visually identify dependencies, where processes are reliant on systems or infrastructure.
Step Two: Containment
- Focus Resources using Risk Scoring: a function of the probability of a scenario taking place and its impact. This allows your teams to zero in on particularly vulnerable areas of the business, in which the impact of failure is severe, and probability of it taking place is also high.
- Impact scores should include costs, and in various industries also other severe outcomes such as danger to life.
- Plan for the best and prepare for the worst by assessing a range of scenarios. Availability algorithms can be used to measure resilience. Other metrics which can be aggregated using algorithms include Performance, Reliability, Resource Utilization, Response Time, Security.
- Focus on providing real-time KPIs which help the business understand what is happening in the external environment, with consumers and customers.
Step Three: Adaptation
- Set out strategies for risk mitigation: model target states which have higher resilience ratings, i.e. where some redundancy is built in. Build roadmaps to identify steps to reach this target state.
- Use algorithms to compare metrics of highest concern across future state options.
- Track remediation projects using Gantt charts
Step Four: Recovery
The path back to normal conditions (or a new normal) will depend on the degree to which demand may have been delayed or foregone. Demand for some products may also have increased temporarily and may readjust downwards. Each of these scenarios can be mapped out, to anticipate how processes, infrastructure and technology can support recovery.
- Recovery scenarios will be useful in making data-driven and level-headed adjustments to support growth following a period of shock and perhaps pessimism
- Crises can accelerate the adoption of technologies and business models, such as increased remote working, supporting higher uptake of cloud-based systems
In the longer term, companies are likely to rethink their reliance on one source of supply, aiming to diversify and decentralize supply chains and possibly technology as well. Companies are also likely to consider the crisis-management and supply chain effects of external shocks more seriously as part of general risk management and enterprise architecture.
Enterprise Architecture for Resilience
Resilience is the ability of a system (incl. People, Processes and Technology) to respond to challenges resulting from negative impacts and changes. It is useful to consider several domains:
Resilience and External Shocks
- Operational & Technology Resilience – The ability of systems and technology to perform during and after shocks
- Organizational Resilience – The ability of organizations to take actions to reduce impact of shocks
- Supply Chain Resilience – The ability of trade networks to continue moving goods and people under constrained conditions
- Social Resilience – The ability of the communities and workplaces to manage negative consequences
- Economic Resilience – The capacity of enterprises and economies to absorb economic losses
Architecture and business strategy leaders need to be prepared to navigate acute shocks and chronic stresses. These include cyberattacks, economic downturns, natural disasters, terrorist attacks, and pandemics.
Social Resilience and Remote Working
If your team is working remotely, double down on connecting and communicating with stakeholders using online collaboration and data management tools.
Check in and engage with people more regularly, to ensure lines of communication are open and to catch problems early. Social software such as MS Teams, online conferencing and other cloud-based digital collaboration tools are part of this.
ABACUS offers a cloud-based collaborative environment with centralized data repository which integrates with other digital business tools to support remote working.
Operational Resilience: Audit Critical Services, Processes, Tasks, Infrastructure and Access
Help your line-of-business stakeholders to anticipate any gaps which might stop core services being delivered in enforced remote working environments, or where key people or teams are unable to travel or unwell.
Consider which roles and duties: Can be done, even partially, without a physical presence in the workplace, Cannot be done, even somewhat, outside of the physical office, and Status is uncertain / adjustments may be needed.
Identify whether cross-training or handover notes on essential tasks, access etc. are necessary. (More here)
Teams Working Remotely, Watch Out For…
- “Business-led IT” overlap – Keep track by ensuring your application register is online, shareable, editable and searchable
- In workplaces with highly sensitive information, the security implications of remote access need to be assessed, policies updated, and practices reviewed
- Barriers to adoption of remote-working tools: encourage staff to up-skill / recommend training
- Increased use / load issues where either hardware or software contracts updated to provision increased access in a cost-efficient manner
Data-Driven Decision Making & Scenario Planning
Help your lines of business avoid knee-jerk reactions prompted by sudden changes in business conditions, including customer demand (which may be down, delayed or delivered differently). Be ready to pull together metrics which allow data-driven decision making.
Stronger centralized data-management will also pay off as organizations make decisions mid-crisis, and manage the recovery process.
“Confusing data from unverified sources- or the sheer lack of data- can lead to ill-informed decisions being made, escalating employee anxiety and making organizations under-prepared for returning to normal operations.” – Gartner
You may already have a register of essential technology infrastructure rated with associated criticality ratings and an understanding of dependencies.
This connected view of essential processes and technology is a high value understanding enterprise architects can provide to the business in a crisis or rapidly changing business conditions.
Peer-to-peer knowledge sharing and professional development
Online information sources for professional networking and skill development.
For enterprise architecture, user groups and industry bodies include: