Those who head up operations at many firms increasingly need an ambidextrous approach. On the one hand, they must deliver growth through business agility, which involves innovating at pace. On the other, they need to deliver a resilient organisation; one that is stable, secure and predictable, where new operational threats and risks must be overcome. Marrying the two isn’t easy.
The litany of challenges that now test chief operating officers is long, whether it is digital and data-led transformation, the Covid pandemic, Russia’s war in Ukraine, soaring energy and commodity prices, supply-chain constraints, the sustainability agenda, evolving cyber risks or new regulation. At the same time, COOs must ensure firms stay ahead of the competition and generate new business.
This year’s World Economic Forum’s Global Risks Report is a good illustration of why businesses need a belt-and-braces approach: 42% of the 12,000 global business leaders surveyed said the outlook for the next three years would be “consistently volatile with multiple surprises” while 38% expected “fractured trajectories separating relative winners and losers”.
Yet many firms struggle to combine operational resilience with business agility, whether that’s to do with siloed business units and the data they hold, legacy systems, traditional ways of doing things or the sheer complexity of organisations. But the past few years have shown that many firms are more resilient and agile than they may have thought – able to adapt and thrive, as well as absorb shocks.
“There are many lessons to be learned from the pandemic, in circumstances where we were forced to be agile,” says Kate Stonestreet, global chief operating officer of law firm Baker McKenzie.
The challenge, she says, is to retain this flexibility moving forward and embed it in a company’s culture. “This will position businesses well for the coming years, the potential downturn or any future crises we may face,” she explains.
Stonestreet believes agile working enables firms to be resilient, allowing “real-time responsiveness” that creates strength in operations. It also facilitates efficient decision making if it’s underpinned by good governance that is aligned with strategy,” she says.
“Agility, while not always easy to achieve, allows for a speed of response that is certainly necessary in the current climate.”
Driving ambition
There is an increasing realisation that, with the right people, processes and platforms in place, resilience and agility can go hand in hand; that these qualities aren’t at loggerheads with each other but are instead complimentary. Both are fundamental to delivering business performance while minimising risk. And it is the COO, rather than any other top-level executive, who should be the one to deliver.
“The COO – the executive leader shadowing the CEO – found themselves at the centre of all business activities throughout the pandemic, and this position of enhanced influence, visibility – and, in many cases, mandate – has been carried forward into many a post-pandemic operation,” says Maurice Evlyn-Bufton, chief executive officer of COO financial services advisory firm Armstrong Wolfe.
“The chief operating officer also sits at the centre of each company and therefore is well positioned to oversee the adoption of resilience and agile policies, and their governance,” he says. “It is their influence on the CEO that is key to success.”
Evlyn-Bufton likens the agility and resilience balancing act to Formula One racing. While the objective is to go as fast as possible – to be as responsive and agile as you can to changing circumstances – you still need to use the brakes sometimes to ensure you finish the race.
“Racing engineers work with this duality all the time,” he says. “It is a particular frame of mind that is needed to marry the two, as opposed to balancing them.”
Having a clear operational strategy and an organisational design in place matters. When looking to make a firm more resilient, a good start is to map all business processes, work out whether you have the right talent, systems and technology to deliver on this, then prioritise change accordingly.
“True resilience comes from knowing when and how to rewire the processes, and that requires people in the organisation who understand the big picture,” says Dr Sandra Bell, group head of organisational resilience at Novuna, a financial services firm.
Her advice is always to focus on the people and culture; the rest will follow. “Organisations are complex socio-economic systems and will behave in unpredictable ways. To be resilient, you need people who can sense when things are going wrong, know when to stand fast, yet are willing and able to alter what they are doing to bring things back on course.”
Having a high-performing team around the COO that collaborates effectively is crucial. The chief of operations must also have a firm eye on customers, be agile themselves – willing to embrace change, challenges and complexity – with a strong commitment to deliver on short- and long-term goals, and to be accountable for them, too.
Some businesses have advocated the introduction of new roles, such as operational resilience champions, to support such initiatives. But while these roles can help to prioritise the delivery of operational resilience, they can also end up delineating it from business agility, which can be problematic for firms trying to bring the two together.
In praise of processes
Relying on top talent to bridge the gap between operational resilience and business agility is one thing but it isn’t a fail-safe in the long term. Staff “churn” can leave firms vulnerable. This is where COOs need to put in place robust and repeatable processes, with strong controls that are informed by data and its associated tools (see box).
Systematic approaches are vital, which is why some businesses have adopted “design thinking”, which enables problem solving centred on customer needs. Others have followed the Six Sigma approach and other such tools that can support process improvements. The aim is to provide better structure to operating models, although wholesale adoption of such approaches can be daunting and time-consuming.
“It may not be feasible to do everything, so pick the key initiatives that are fundamental to supporting and protecting the business, and think about whether you have the right organisational design in place to get you there,” says Jacqueline King, chief operating officer for DLA Piper, a global law firm.
Any business can set a course to manage risk, contingency plan and put robust security in place, she says. “The art is to identify areas of opportunity in the market and to be one step ahead, while ensuring a flexible model is in place that allows the business to innovate and adapt to change.”
New legislation, compliance and evolving government policies are sparking investment in better frameworks, whether it’s fresh rules on operational resilience introduced by regulators, such as the Financial Conduct Authority in the UK, or the European Commission’s Digital Operational Resilience Act.
In some cases, a lack of action is no longer an option. Regulated businesses now must show that they can continue to provide services in the face of adverse and disruptive operational events. They will also have to demonstrate that they can anticipate, prevent, recover from and adapt to such events and learn from them – no small feat.
But while it’s true that businesses have finite resources – and COOs have to continually work out where to allocate time, resources and people – King believes resilience and agility can complement one another “if the organisational model is designed in the right way”.
What to do when goals are misaligned
One of the reasons why resilience and agility are hard to deliver at the corporate level is that business units can be at odds with each other. It’s not simply a matter of IT, cybersecurity and operations teams being focused on secure, stable services, while marketing and sales want to break the mould and be agile as they press on with innovative products, but it serves as an example.
If you have a chief information security officer, a business development lead and an operational resilience officer, it’s important that their goals are aligned.
“Rather than sink into a ‘who’s right and who’s wrong?’ battle at a business unit level, when the reality is that everyone is right from their individual perspectives, the smart COO creates a vision for the whole organisation,” says Bell. “They create consensus by helping the different parts of the business to understand how the resilience of their part of the business contributes towards it.”
The same is true of business agility.
Companies will need to get both aspects right if they’re to be successful in the years ahead. The security and threat landscape is constantly evolving. At the same time, firms don’t stay at the top of their sector for long unless they are innovating at pace. Having a “living” business plan in place; one that evolves day to day, helps.
“The trick is not to stifle the business with, say, watertight security procedures but allow for business flexibility with the right controls in place,” says King.
It’s that “flex” that every business is looking to master. The COO who gets it right on all counts will be worth their weight in gold.
How data delivers for the COO
Data is key on every level when it comes to calibrating operational resilience and knowing when to invest in business agility. It is the glue that binds different business units, professions and functions that are trying to marry up the two.
Dashboards, for example, are valuable management tools to measure performance, manage risk and inform decision making. “If it’s not measured, it cannot be managed” is the common mantra. A “single pane of glass”, data-empowered view of the business is therefore vital.
Real-time information is also imperative if a business is to be resilient and agile: no one wants to be looking in the rear-view mirror. It is all about forward-looking capabilities, which allow constant readjustment, experimentation and optimisation. Data monitoring enables businesses to get an early indication that something is going wrong with operations so that it can be corrected before it escalates.
It’s no surprise, then, that more businesses are moving towards digital, data-led approaches to keep up with the competition, with some adding layers of data analytics, and incorporating machine learning and artificial intelligence.
But as businesses transform, new vulnerabilities, security concerns and threats to operational resilience must be considered, such those thrown up when there is a wholesale shift of corporate data to the cloud, for example.
Another big issue now is ensuring you employ staff who are data literate enough to make the most of the information your business generates. A new generation of data-savvy executives is rising through the ranks. As one chief data officer recently quipped, these days, your talent is more likely to speak Python (a programming language) than French.
“Transparency is not a bad thing,” says Jacqueline King, chief operating officer of global law firm DLA Piper. “The flipside of this data is harnessing it to drive the business forward for customer relationship management and trend analyses, for example.
“COOs should not shy away from sharing operational information as this helps senior management with key decision making.”