For many people, organizational resilience was probably an abstraction before COVID-19. That’s no longer the case. Hence the timely publication of new guidance on embedding risk and resilience management in utilities. This blog post explains more.
As it goes, BSI was preparing to publish PAS 60518:2020 Enterprise risk and resilience in utilities – Guide at the end of 2019 – a time of comparative innocence, it feels, when COVID-19 wasn’t yet named and hadn’t yet wreaked havoc on global economies and health systems.
Of course, that’s not to say that the virus was in any way unexpected or a Black Swan event. On the contrary, everyone in the continuity/disaster/risk/crisis management community had put global pandemic high on their list of potential adverse events, often at the top.
Yet now it’s actually happened, it’s easy to understand why continuity management and organizational resilience have been pushed resolutely to the top of senior management’s to-do list. That said, it’s not a time for knee-jerk reactions. While the appetite for investment in defensive disaster preparedness has likely never been greater; it’s important to stress that our understanding of resilience has also never been more nuanced.
At this point, organizations must recognize that true resilience is not about battening down pre-ordered hatches and surviving until the storm’s passed. Instead, it’s about embedding a cultural awareness and agility that enables adaptive and creative responses in the face of big challenges. It’s about taking a clear-eyed view of what’s happening and moving swiftly to strengthen the organization’s long term capacity for sustainable growth and competitive advantage.
This is why the publication of PAS 60518 is so timely for utilities. This new document can now be your guide to enhancing the organization’s risk and resilience capabilities such that you not only survive in an uncertain world but thrive in it too.
Enterprise risk and resilience management
PAS 60518:2020 is written for use by utilities in the public or private sectors internationally. Specifically: electricity and gas providers, whether in a generation, transmission, distribution, or supply organizations; and water and wastewater providers, including supply, treatment, transmission, and network operation organizations.
The PAS gives guidance on how to implement enterprise risk and resilience management (ERRM). This is designed to work with the business’s existing controls, governance, and oversight and to improve their performance.
This document is also structured to guide utilities along the path to enhancing their risk and resilience capabilities and to allow a basic assessment of maturity to guide you on the next development steps to take.
It also gives guidance on approaches to risk and resilience reporting to communicate the organization’s position in respect of ERRM. It includes industry examples to illustrate its application and aid understanding and guidance on developing an overarching incident management plan to respond to unforeseen extreme events when they occur.
Proactive risk management capacity
The use of the PAS will strengthen your organization’s proactive risk management capacity and risk-based decisions making. It will enable you to build the adaptive capacity to resist, respond, and recover from an increasing array of foreseeable and unexpected dynamic and disruptive challenges. By developing this enterprise risk and resilience management capability, utilities can also identify opportunities where benefits (related to objectives) can be realized.
ERRM can identify positive benefits related to the achievement of objectives. It can also:
- Build your adaptive capacity and your ability to maximize the organizational capability
- Help you identify potential opportunities and encourage innovation
- Improve situational awareness
- Guide risk management, including in areas where more risk could be accepted
- Highlight where business continuity and incident management plans are required
- Improve resilience including response and recovery capability
- Aid decisions on capital investment to increase organizational resistance
- Provide assurance that business plans are robust and satisfy regulatory scrutiny
Good risk and resilience practices take time to build and are driven by the leadership team which is responsible for making these practices part of the utility’s culture, championing change through personal demonstration of their commitment. It is a continuing journey as the social and technological environment changes.
PAS 60518:2020 is designed to provide a path that guides ordered development: improving risk, business continuity, and the resilience of utilities over time. It’s a way to efficiently and effectively tap into authoritative guidance on state-of-the-art thinking in risk and resilience management, which is now needed more than ever.