How can GCCs build operational resilience to stand firm on shifting sands?

As GCCs accelerate their growth, the need to strengthen their foundations becomes imperative.

In brief

• The COVID-19 pandemic and subsequent global headwinds emphasized the need for greater operational resilience among organizations.
• GCCs today have evolved into global organizational pivots, and strengthening their resilience should be high on business agendas.

The past few years have required businesses to navigate through a multitude of headwinds, which challenged the future of their operations. The COVID-19 pandemic, global supply chain constraints, a dearth of talent, geopolitical tensions and current economic turmoil have reaffirmed one fact, that disruptions are here to stay. Preparing for the next unplanned event and putting in place robust systems to ensure business continuity is, now more than ever, a key imperative for all business leaders. 

More importantly, the downtime of Global Capability Centers (GCCs) has the potential to impact global operations, given that they have now evolved into strategic and operational engines managing critical business activities. Hence, strengthening their resilience is a critical business need.

EY has identified the five key areas for leaders to focus on, to strengthen operational resilience in the GCC, they are:

1. Digitally enabled operational resilience:

The imperative is establishing an agile, intelligent, and efficient system which can enable a rapid response and recovery for the organization. Technology is key to achieving this objective. Today, leading Business Continuity Management (BCM) program solutions can power every aspect of operational resilience and business continuity from planning and testing right through to managing and recovering from the actual disaster.

With integrated incident response tracking, recovery status monitoring and built-in command centers coupled with advanced features such as AI-driven risk insights, predictive analytics and compliance management, leading technologies can create a program that is fast, flexible, and intelligent. The end state is a centralized BCM platform, which is digitally enabled and accessible to all stakeholders, driving efficiencies and enabling the BCM team to move from spreadsheets and follow-ups to focusing on the bigger picture and strategizing for the next “black swan” moment. 

2. Stronger BCP governance and organization-wide buy-in:

Business continuity planning has been an activity that few executives and function leads get deeply involved in. However, operational resilience cannot be isolated from the rest of the business operations. While the BCM team has centrally developed plans over years, disasters need to be managed by business leaders and employees across locations without warning. It is pivotal to have a cohesive, firmwide operational resilience model which embeds a resilience mindset throughout the organization, and not just treat it as a “tick-in-the-box” activity to be managed by the BCM team.

Further, to drive participation, organizations need to redefine and bolster their BCM governance. This can be achieved by putting in place a dedicated BCM team focused on operational resilience while also introducing cross-functional forums to let business functions contribute to business continuity decisions.

3. Aligning operational resilience strategies to the new hybrid work world:

The COVID-19 pandemic accelerated the shift to a world that is increasingly remote. As the geographical spread of employees has widened, organizations are susceptible to a wider and more unfamiliar range of risks. To be prepared for these risks, organizations need to revisit and adjust the business continuity and disaster recovery plans and strategies to ensure they are relevant to a remote working world.

To start off, entities would need to identify their locations hotspots i.e., places with high employee concentration to focus upon. Another essential task is ensuring the necessary technology infrastructure for seamless remote interactions is in place.

Other critical aspects include training of remote workers, testing in a remote environment, determining where resource backups are to be located and how they are to be trained, as well as how the communication with remote employees should occur during a disaster.

4. Moving from planning to performing:

All business continuity plans and strategies are only as good as the people’s ability to execute them. Comprehensive plans that are regularly stress tested and refined have, in the past, determined the winners and losers during disasters. Thus, putting in place robust testing mechanisms is a critical activity in business continuity and operational resilience planning.

The immediate next step for leaders is to rethink the testing strategy in line with the overall operational resilience plan, while also establishing systems to ensure that learnings are incorporated into the plan for  continuous improvement. BCM leaders then need to answer key questions such as how to test, how often to test and whom to include in the testing. Leading organizations plan a combination of scenario-based tabletop exercises and machine simulations, alternate worksite or offsite mock drills, and automated emergency notification system tests with different employee groups throughout the year.

5. Increasing focus on data and cybersecurity in operational resilience:

Resilience requires foresight and by embracing the predictive power of data, organizations can build agility and accuracy in their plans, enabling them to react to what is coming down the pike before it disrupts their business. On the other end of the spectrum, with the widespread adoption of cloud architecture and remote working methods, data breaches and cybersecurity attacks in themselves could cripple organizations and bring operations to a standstill. With GCCs today acting as global hubs for data and digital skills, cybersecurity would need to be deeply embedded in the business continuity decisions.

To effectively deal with cybersecurity threats, organizations must consider bringing cybersecurity expertise into the business continuity team. Assessment of cybersecurity risks and measures in place at third parties, including major vendors and service providers, is also essential. Lastly, organizations also need to be conscious of where and how their data is stored and backed up – including the effectiveness of fallback procedures in place.