Breaking down the silos | Cyber Security | Deloitte Netherlands

Article

Breaking down silos - Four practical ways to organise resilience

Typically, organisations tend to achieve resilience through a vast variety of activities under various domains, most commonly via incident management, crisis management, business continuity management, and disaster recovery. However, does this fragmented construction of resilience work in times of crisis?

By Theodorus Niemeijer, Jurgen Schot, Gina Park and Guido Kamp

As defined in earlier article “Be Resilient Be a Bacteria”, resilience is an organisation’s integrated capability to anticipate (for), respond (to) and resolve potential value killers, enabling business agility in the light of any change or disruption. However when organisations conduct resilience in fragmented silos, this may test their ability to respond effectively during disruptive events.

A Resilience Scenario

Integration and communication between teams is essential to incident or crisis management, and reduces the impact that an event can have on the organisation. A fictitious scenario: when an industrial-goods manufacturer was recently confronted with a malfunctioning ERP-system, both the Business Continuity Team (BCT) and Incident Management Team (IMT) initiated their own operations in response to two separate incident tickets. Both responses were based on separate priorities; while the BCT was concerned with the impact of the incident on the business, the IMT immediately focused on containment and of the incident itself. Working in silos, they did not communicate information that may have helped the other in their respective task.

As the incident grew bigger in scope and impact, stress levels peaked at all departments; the Crisis Management Team (CMT) was formally mobilised. The team developed scenarios to anticipate consequences, reviewed alternatives to resume critical business processes, made decisions, and prepared communication statements to personnel, shareholders, customers, suppliers and media. However, they did not align decisions or initiate actions with the BCT nor the IMT. As a result, the BCT and IMT continued their operations without a strategic steer under mounting time pressure. Communication to various stakeholders of each team were different, and stakeholders received conflicting expectations from all sides. Resources were spread to continue all business processes in the organisation, and the organisation’s primary business – the production of car engines – was severely impacted.

Had the CMT aligned its actions and decisions with the other teams, it would allowed the BCT and IMT team to dedicate their capacities more effectively. The lack of communication between these teams and the inability to understand the needs of others led to serious impact on the organisation.

Practical approach for breaking the silos

While the reasons for breaking the silos are evident, it is certainly not an easy task; for some it may mean organisational change. A challenge to maintain expert knowledge may arise - breaking silos without a strategic approach may lead to loss of functional focus and thus dissipation of expertise.
Four main options for breaking silos are distinguished:

  1. Align the various domains
    The least intrusive option and best for organisations with a rather informal culture and style of management. Informal alignment requires the culture of functional leadership to change with a common goal of collaboration. When these domains are (informally) linked to each other, valuable insights can be obtained while ensuring employee expertise.
  2. Operate according to a single policy
    The second option is to develop and adhere to a single policy, and is feasible for organisations which have a less formal culture and have employed multiple resilience experts. The resilience domains remain independent with separate responsibilities and budget, but report to one single responsible manager, who is tasked with combining input from each domain and bringing a single message to executive management. The emphasis is on converged reporting rather than on converged operations (based on AERSM, 2007, see attachment).
  3. Create one core resilience team and leverage expertise from non-Resilience domains
    The third option entails creating a single, core Resilience team. They will act as a ‘spider-in-the-web’, coordinating resilience activities while retaining the in-depth knowledge from employees in each domain. A possible downside is the increased reliance on resource availability from departments (e.g.: IT, Risk, Health & Safety). This option is adequate for organisations with limited experts per resilience domain operating in a less formal environment.
  4. Integrate in one Resilience team
    The most integrative option is to integrate all resilience domains into one team, instead of leveraging experts from different teams (option 3). The centralized responsibility increases cooperation and insights between domains. However, this requires dedicated resources and may result in loss of functional expertise and lack of ‘boots on the ground’. This option is adequate for organisations with risk of experiencing high impact during a disaster, for instance critical infrastructures.

Regardless of options, a solid workable ‘command and control’ structure to bridge the communication gap between silos, is a first good step towards a truly resilient organisation. Increasing globalisation and the demand of shareholders to streamline businesses mean that organisations must be able to anticipate on disruptions for a speedy recovery. When disaster strikes, all domains must come together to act upon a single resilience framework.

More information?

Want to know more about Resilience & Crisis Management? Contact Theodorus Niemeijer or Gina Park via their contact details below.

Vond u dit nuttig?