What is the linkage between risk management and resilience?

  • 12 Mar 2018
  • Sean

This question leads to other questions. Are risk management and resilience functions within an organization, or are they simply philosophies and mindsets? Is resilience a byproduct of a good risk management program, or is it the other way around? These are questions our industry needs to further examine.  While we solicit your feedback, here are a few thoughts to consider:

Over the last decade, many Business Continuity Management (BCM) programs have rebranded themselves to “Business Resiliency” programs. “Resilience” sounds much better than “recovery” or “continuity,” not only in capabilities but also in nomenclature. However, if you take a look under the hood, a business resiliency program is essentially the same program with a new title. Renaming does bring additional value, as it represents a shift in thinking. This shift and doing things differently may affect our budgets, resources, workflow, but it will help to achieve a successful program? As labels continue to evolve (e.g., recovery to continuity to resilience to agility), we must be cognitive of the importance to our organizations and end users. 

Some will argue that we need less management of risk (defensive posture) and more of resilience (offensive posture). Preparation, prevention, mitigation, and deterrence are essential ingredients for risk management and resilience. Though these techniques are defensive in nature, they can create a reactive culture. 

I find it best to think of resilience as health. It is a way of being. Resilience is a model that emulates our immune system.  It is designed to keep bad things from happening, but more importantly, it is able to withstand a shock (within reasonable bounds), and recover and become stronger. Resilience promotes healthiness as an organism, just as it promotes healthiness within an organizations. The resilience of an organization can be measured by how quickly and successfully it is able to recover from disruptions. 

More on
About the author

Sean Murphy


I founded Lootok, Ltd. in 2006, and currently serve as the President and CEO. My vision was to establish Lootok as a new kind of business continuity consulting company - one that draws from dynamic industries such as education, design, and branding - to breathe new life into the practice. ➞➞For more information feel free to connect with me here on LinkedIn or check out our website: www.lootok.com I have over 25 years of contingency experience, with 18 years of consulting experience in operational risk management and business continuity management and 7 years military contingency planning. I have worked and trained both nationally and internationally in the risk and business continuity industry, specializing in advisory services for Crisis Management and Communication, Business Continuity, Incident and Emergency Management, Supply Chain and Business Partner Risk, and Governance. Prior to founding my own practice, I was a Vice President at Marsh & McLennan Risk Consulting and a Senior Consultant at Ernst & Young. I have performed risk assessments, strategy development, and plan execution for a multitude of industries including banking, brokers/dealers, contact centers, government, healthcare, insurance, manufacturing, retail, telecommunication, and utilities.