What if Sisyphus was resilient?

Written by Cigdem Oktem and Norris James. All opinions expressed are our own and not intended to represent the views of any company.

Albert Camus’ The Myth of Sisyphus has a certain cheerless appeal that seems suitable to these times – a human doomed to spend his days rolling a big boulder up a steep hill, only to have it roll down again and start over the next day. [note: while there are complexities and nuances to the story many academics have analyzed endlessly, for the purposes of our writing we will stick with the headline story.] You would think at some point doing the same thing day after day would cause him to try different avenues and approaches. But he remained resistant. What if, instead, he was resilient? What if he tried to learn lessons from each day’s exertions – changed the angle, moved in increments over days to conserve energy, pushed it back down himself – would that have enabled progress? Hard to tell in the confines of a philosophical exercise, but easier to consider in the real-world context of risk management where the same boulders (aka risks) are pushed up the same hills over and over.

In this article we share our personal thoughts and observations on how leaders in the boardroom and c-suite are turning the dial from risk management to resiliency to avoid repeating the same efforts with little to show.

Mind (over) matters

The word ‘resilience’ is everywhere these days, although like many ideas that go from concept to verbal meme it has become somewhat diluted.  While there is some variability among the definitions of resilience, they basically come down to ‘the capacity or ability to successfully respond and adapt to difficult and changing circumstances.’  What we find useful about this definition is both ‘ability’ and ‘changing circumstances.’ ‘Ability’ suggests there is discipline to be applied to create capabilities. ‘Changing circumstances’ acknowledges the constant volatility and variability within which companies are operating today. What is missing, however is the foundational element of mindset.

This is where the framework of the systems iceberg model can be helpful. Where the mindset/mental state underlying everything, then leads to particular structures and processes being put in place. These in turn create the habits and patterns that manifest in the organization, resulting in the outcomes that are at the top of the iceberg and can thus be seen above the metaphorical waterline. The graphic below lays out the contrasts we see. If leaders are limited to a risk management mindset, then the systems and processes put in place are designed to identify and mitigate known risks periodically. The behaviors that result inadvertently include: minimizing risk, creating a gap between business and risk management, and inability to adapt to changing circumstances.

In contrast, starting with a resilience mindset leads to structures and processes in place that are more integrated and continuous. The behaviors and patterns that result are adaptive, learning from what went right and wrong, and optimizing risk. Ultimately leading to an outcome of organizational flexibility in being able to sense, respond and adapt.

Without the foundational resilience mindset – articulated and demonstrated by the board and c-suite – an organization will not put in the systems & support that create the patterns of behavior that ultimately lead to the desired outcome of being able to sense and respond as needed to emerging risks that can derail the organization.   

SP + ERM (yes, we know) = R E S I L I E N C E

An integrated resilience governance framework helps boards and c-suites: 1. optimize alignment between business operations and continuity objectives; 2. optimize investment decisions through defensible analysis; and 3. validate the organization’s holistic response toward unplanned disruptions in a world marked by volatility and uncertainty. By embracing this approach, organizations can examine diverse aspects of resilience, including strategy, operations, finance, technology, environment and risk interconnections. This framework involves the active participation of stakeholders, such as customers, employees, suppliers, regulators, and communities, in the development, implementation, and evaluation of resilience strategies and enables an organization to proactively prepare for, address, and recover from a range of challenges and disruptions. Key elements can include:

·       Integrating strategic planning and ERM for insights into risks that can impact achievement of strategic and performance objectives by aligning and enabling processes and teams involved.

·       Building capabilities to have insights into emerging risks for visibility, which can then be translated into action by processes that have flexibility and can adapt.

·       Having a Risk Intelligent Operator (RIO) which complements risk management tasks, embedding AI and analytic tasks to produce unbiased information about risks, the forces surrounding them, and how risks are interconnected.

Crisis is risk spelled differently

Just as ERM has often existed separately from strategic planning, so has crisis management been essentially separated from ERM. Yet, we now live in a time of permacrisis where the crises are never-ending. To treat crisis management as a stand-alone, one-off event with an ad hoc response is to guarantee less than optimal outcomes and disproportionate negative impact. Some directors have gone further and said that companies need to “treat disruption as a potential crisis.”

Once again considering the resilience mindset leads to a different approach to crisis management as well. Where it is essential to embed the lessons learned from past and current crises to ensure better responses in future. Where resilience means anticipating crises and therefore continuously scanning the horizon. Having dedicated resources with skills and experiences to be able to evaluate the crisis-du-jour and determine the level and potential for impact and apply the lessons learned from the past.

If you think this sounds similar to our discussion of ERM, you are not alone. We think so too. In fact, we see crisis management as one element of a Resilience Framework the integrated ERM and Crisis Management.  This integration is a strategic and designed to identify, evaluate, prepare for and respond to emerging risks, potential threats, hazards, and sudden crisis and disasters that could impact an organization's operations and goals. We believe organizations that adopt this approach and framework can enhance their ability and capacity to withstand, absorb, recover from, and adapt to business disruptions within an ever volatile and intricate environment.

Several advantages of implementing a Resilient ERM and Crisis Management Framework include:

·       Aligning the organization's risk and crisis management with its strategic objectives and priorities

·       Providing a comprehensive and consistent overview of the organization’s risk profile and risk tolerance

·       Enhancing decision-making and performance by integrating risk-return analysis and trade-offs

·       Strengthening the organization’s risk culture and governance by defining roles, enhancing accountability, and promoting collaboration

·       Enabling the organization to proactively anticipate and effectively respond to emerging risks, opportunities, crises, and disruptions

Integrating Crisis Management – including skillsets and tools – with ERM should enable the organization to minimize distractions and increase the organization’s value and reputation by demonstrating resilience, and preparedness to deal with unforeseen disruptions that significantly impact overall business performance. This is likely to be even more effective when industry or market disruption is viewed through the lens of crisis.  

Helping Sisyphus embrace resilience

While there is little we can do to help our fictional friend Sisyphus become more resilient, we hope that our thoughts and observations prove helpful to others. Directors are embracing the mindset of resiliency and guiding their management teams and organizations to bring in adaptive and integrated processes and systems – aligning ERM and Crisis Management with Strategic Planning. One area we did not cover is also ensuring that compensation principles enable the flexibility needed for resilience. That is a conversation for another time. In the meantime, below are a few questions that boards may wish to consider for resiliency.

·       Do we effectively anticipate and respond to changes in the environment that may impact our strategy? How do we assess that effectiveness?

·       Are we leveraging insights on risks and crisis scenarios to design and implement flexible strategic plans? 

·       How is the organization using AI to enhance resilience, i.e. creating scenarios?

·       How are the organization’s strategic planning and ERM and Crisis Management processes aligned? How are the individuals responsible for each interacting with each other?

·       How are post-mortems being conducted and with whom? How are lessons learned being embedded into current processes and decisions?

·       What is the organization doing to enhance sensing and scanning of the environment to anticipate changes and emerging crises?

·       How effective are we at reducing negative impact of unforeseen crisis on our reputation and stakeholder relationships?