Covid19 has laid bare the global dependence and failures of organizations and supply chains for sustained delivery of products and services and during a global crisis. It is clear that almost all organizations are in survival mode with a complete shutdown of the global economy and dependence on China for critical medical supplies, medicine and equipment. The time period to the beginning of a recovery is uncertain at this point, with the lack of comprehensive population testing being a key driver of this uncertainty followed by a limited visibility of the vaccine availability date.
It is also clear that organizations and society, in general, should improve resilience. Resilience is defined as the ability to withstand and recover quickly from adverse or very adverse conditions. In this post, I will discuss a framework for resilience and how to plan and execute organization resilience. This framework is top down with multiple levels and it is essential to break down each level into sub-levels and sub-components all the way to the operating process level. We will then be in a position to determine measurements at each level and roll-up to determine resilience preparedness. It is critical all organizations think seriously about resilience 24/7 once Covid19 has passed.
At the highest level, organizational resilience comprises of internal resilience and external resilience. Internal resilience is the ability to withstand and recover internally from very adverse events. External resilience is the ability of the external connectivity of the organization to withstand and recover from very adverse events. Both should complement one another for the total organization to be resilient.
At the next level, internal resilience can be comprised of four components. Each component should be defined and standardized as do the attributes at each level. These components are People, Process, Technology, and Risk resilience. We can break down People resilience into physical well being, emotional well being, and preparedness culture attributes. Process resilience can be sub-divided into safety stock, product mix, production mix capabilities. Technology resilience can be broken down into cyber security, digital transformation, and infrastructure attributes. Risk resilience can comprise of enterprise risk management. Each of these attributes can be further dis-aggregated to its next level. For example, physical well being – how well is an organization physically (can be very challenging to define and quantify both legally and personally) – can be split into physical fitness, disease types, etc. Safety stock can be broken into amount of stock to carry, the type of stock, etc. Product mix can be split into critical products, amount needed, etc.
External resilience can be comprised of supply chain resilience and regulation resilience. Supply chain resilience consists of attributes, such as, regionalized suppliers, multi-source suppliers, multi-distribution capabilities, and technology enablement of the supply chain itself. Regulation resilience refers to the ability to manage for local quota variations, changes to local cyber laws, and JV requirements. Often these regulations are adhoc or occur very quickly in response to a local or for Covid19, a global disaster.
The initial framework is shown in the diagram in the link.
What is the call to action (plan and execute)?
- Review the framework for rational and validity, and identify inconsistencies or errors.
- Add other components at various tiers (I am sure I have missed many).
- Identify attributes at the lower levels with the thought of measurable attributes.
- Further build the framework.
- Test the framework at individual organizations.