Article Authors
Highlights of the April 2024 edition of the HBK Risk Advisory Services webinar series hosted by William J. Heaven, CPA/CITP. CISA, CSCP, Senior Director, HBK Risk Advisory Services, and featuring Mike Janko, author and Director of Global Business Continuity at The Goodyear Tire & Rubber company.
All organizations seek to be resilient, yet most do not have a clear definition of what that means for them or a plan to manage the journey to becoming resilient. Operational resilience integrates all operations activities under one clear business continuity management structure with a focus on risk appetite, tolerance levels, and impacts on both internal and external stakeholders. Resilient deployment includes benchmarking and continual improvement of the organization’s programs. As well, the organization’s leaders must demonstrate personal resilience.
- Internal audit is a critical part of Goodyear’s continuity program. Goodyear counts more than 75,000 associates and has 57 manufacturing plants in 23 countries, and a presence in every country in the world.
- To have excellence in operational resilience you must align with your organization’s strategy.
- Goodyear supports responsible operations by identifying and mitigating risks.
- In 2023, the company managed 113 events and crises categorized by involvement of a) less than a day, b) a day to a week, and c) more than a week.
- Nearly 26 percent of events took “more than a week,” defined as large-scale involvement on critical events that could have an impact on associates or operations.
- Resilience team purpose, process and outcome:
- Purpose: to be the most resilient global tire manufacturer
- Process: to align with Goodyear’s business; to implement activities that support operational resilience
- Outcome: to avoid complexity that compromises quality; to implement activities that promote successful strategic execution; to maintain the continual improvement approach that has led to the company’s success.
- Resilience is defined as the ability to prepare for and adapt to changing conditions and recover rapidly from operational disruptions; more commonly, “be tough.”
- Standards, certifications, and ISO compliance requirements:
- Two parts to ISO compliance for Goodyear: auto industry and aircraft industry
- Use external auditor annually for each audit of functions in protocols in the ISO standards.
- Auditors for business continuity are interested in operational resilience: How do you identify risks? What’s critical to you? Do you plan for it? How do you test your plans? Are all your teams aligned with global and regional processes? Can you show us the evidence and a focus on IT security because of potential impacts of ransomware?
- ISO 22301 – new ISO standards for business continuity:
- Defined as: “… specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.”
- Required to be labeled/certified as a resilient organization.
- Resilient organizations’ teams can rebound, embrace, adapt, recover rapidly, track issues, manage risk, continually improve, create competitive advantage.
- Terms for resilient individuals include: strong, persistent, tenacious, tough, mentally strong, handles stress, optimistic, sense of humor, gratitude, in shape, survivor.
- Benefits of resilience:
- Shareholder confidence: Leaders can say an event had minimal effect or business interruption.
- Associate support: Employees know they are the number-one focus of the organization and will be okay no matter what happens.
- Consistent with supplier contractual commitments: looking through entire supply chain to ensure good relationships and a continuity plan for quick recovery.
- Showing business value: meeting the needs of customers, maintaining continual improvement (for any incidence you’re making notes on what worked well and what needs improvement).
- Standards compliance
- Hurricanes are the most significant property related event: No matter how you plan the impact will be severe, but you can take certain actions to minimize impact on property and business continuity.
- Even if there is no hurricane, you’re prepared for other natural disaster types of incidents.
- Need a toolbox with powerful tools:
- A policy in place with a team and structure
- A charter for governance committee: whose on the committee and what here roles they play, and steps you take to implement policy
- Project plan: problem-solving tools to identify your risks and your plan to identify them; short and long-term plans. Project planning includes objectives for associates and resilience team members.
- Blocks of work: the most critical things to do this year; evaluate blocks of work to make adjustments
- Scorecard: KPIs that are drivers of the team’s success; a calendar of activities
- Tracking to plan: assessment of annual operating plan; how leaders are implementing objectives; finding gaps and what can be improved upon
- Deployment to support and sustain resilience:
- Aligned global and regional roadmap
- Maturity model-based objectives
- Operational resilience governance (leadership at all levels)
- Supporting defined team’s capability (awareness training and messaging)
- Benchmarking and continual improvement (sharing best practices and what is done with auditing team with others)
- Business continuity strategic elements: Goal is to be the most resilient global tire manufacturer
- Aligned maturity of excellence: What does good, better, best look like and where do we want to be in our ten professional practices
- Strengthen governance – all about execution
- Support defined team capabilities: Do we have the right people in the right places to succeed
- Benchmarking: What “world class” and “best in class” are compared to our execution
- Every time you expose your team through an exercise to a risk or a crisis or event you’re doing well, getting them prepared.
- Aligning your teams: primary and secondary roles
- Governance
- Operationally focused
- Regional teams
- Tactical teams
- Functional teams
- Your title, role and responsibilities
- Reporting structure
- Turn risks into opportunities via:
- Annual risk surveys
- Tracking of incidents, crises, and events
- External advice on trending risks
- Determining top operational risks
- “Polycrisis” focus – multiple concurrent risks affecting you at once
- Internal audit reinforces awareness of business continuity as an important business process
- Implement standardized business continuity audit checklist
- Internal discussion with site leadership and business continuity contact for validation of what is expected
- Among the objectives of Goodyear’s 2024 BC business continuity audit:
- Business continuity function has been formalized and integrated into local processes.
- Business continuity leader at each location has been identified and is supported by plant leadership team.
- Global business continuity processes are being followed and tested.
- Critical function and resources have been identified and are supported.
- Business continuity software is being used where required.
- Communication with business continuity leadership is open and frequent.
- ISO compliance is in place for auto and aircraft industries where appropriate.
- There is clarity among management relative to incidents, crises, and business continuity events.
- Advice: government agencies offering templates to get your business continuity program started:
- ready.gov
- DRI International
- U.S. Chamber of Commerce
- Key messages:
- The only thing harder than being resilient is explaining why you aren’t.
- Most important to getting started is leadership support.
"*" indicates required fields