Resilience is buzzing around. It is used in various contexts. A way for individuals to approach and handle changes, a variety in the approach to safety and as a business continuity item written down in a new norm, ISO 22316.

Risk based thinking

A small sidestep. One of the main focus points of the ISO 9001:2015 version is the introduction of risk based approach. Not only applicable in the ISO 9001, but also in the High-Level Structure of other norms. Unfortunately risk based thinking is not always embedded as it should be, as we become aware in various settings. Risk based thinking is often stuck at the level at which the organization has drafted a risk register. An overview in which, usually static, the effects of uncertainty are highlighted, with an applicable risk matrix and possible actions to mitigate or downsize the risks.

Risks are not mitigated by listing them in an overview. Having an overview of risks is not required according to ISO 9001, it can be a tool to use to mitigate risks, at the same time it is not always the right cure for the problem. Neither does it prevent short cuts.

The purpose is to properly handle processes by actions and decisions which are well balanced. It is aimed at the dynamic process of taking the right decision at the right moment. Not trying to barrier off all possible scenarios.

Ownership and competencies

Essential in this process is that the person or persons involved, have the ownership and competencies to take the right decisions. The individuals and teams need to know which flaws may exist in the process and how and what to do when these occur. Some might have been thought of in advance, however we cannot foresee all irregularities. You expect your personnel to take the right decision at unexpected events, even when the situations are more stressful then expected. Risk based thinking is not only relying on a register, it is part of a behavior-based approach to new and changing circumstances.

And what has it to do with resilience?

Resilience is the new robust

Resilience is more than risk management. It requires a different approach. It means you need to acknowledge that you can run into unforeseeable circumstances. You need to understand how well the organization is prepared to cope with that. You must be able to recognize the symptoms which may attribute to a slow response or even worse, no response to changes or disruptions. Resilience is the new robust. In some companies it is addressed to inform and train people to adapt to and cope with unforeseen circumstances at work and in private life. In other companies it is used to ‘shake up’ as a whole, a transformation with new strategies to define purpose and refreshed project and team impulses.

ISO 22316

ISO 22316 directive for organizational resilience is drafted to understand the signs which contribute to resilient behavior and absorb or adapt to the changing environment. Some changes are flagged far before they really hit. Others just knock on the door at an inappropriate moment. Some can damage reputation or even continuity. Others can support the organization to see new advantages or undiscovered territory. For example, changes embedded in the UN Sustainable Development Goals are known well ahead. Disruptive technologies might seem to come ‘overnight’. We all aware of what Uber, AirBnB and other upcoming brands did to well established markets.

“You’re never ready”

To handle unexpected situations in an organization means you are never ready. Leadership, management, teams and individuals need to understand that you cannot always be ‘fully in control’  in classical terms. There will be factors influencing performance expected and unexpected. Learn to deal with them is the best you can do.