The Benefits of Achieving Workforce Resilience

Resilience, one of the most popular and trending concepts in recent years, is also receiving significant attention in IT related to continuity, audit, governance, risk, privacy and information security. From an IT perspective, it has applications in various areas such as cyberresilience, IT resilience, operational resilience and data resilience. Resilience has come to the fore at a very serious level beyond IT, especially in dealing with the complex situations posed by the COVID-19 pandemic, and it has received a lot of attention in applications related to mental and emotional healing. Resilience is essential not only for individuals but also for organizations and their systems, processes and technology. Organizations need systems that can handle unexpected hiccups without crashing the whole operation, adaptable processes that have a plan B (and C), and technologies that create a shield against cyberthreats or sudden crashes.¹ Organizations would benefit from focusing on how to use relevant frameworks and upskill their teams to build a resilient workforce.

Defining Resilience

Resilience, as defined by the American Psychological Association (APA), is the successful adaptation to difficult or challenging life experiences through mental, emotional and behavioral flexibility.² McKinsey offers a similar definition, stating that resilience involves not only recovering quickly from a crisis but also bouncing back better and thriving.³ These definitions emphasize the ability to overcome difficulties and emerge stronger from the process.

Workforce resilience, a broader concept, encompasses not only individuals but also institutions, asserting that systems, processes and technology also must be resilient. Workforce resilience requires more than knowledge, culture and motivation. Mental resilience, the belief in one's ability to adapt to various conditions, is a critical element as it empowers individuals to navigate and adapt to various conditions as a cohesive unit.

Several common features contribute to effective workforce resilience:

• Calm in the face of pressure and challenges at work
• Intrinsic motivation or self-motivation to excel without external stimuli
• Adaptability to changing circumstances
• A sense of belonging and a shared purpose within the organization
• Positivity and optimism in the face of adversity
• A focus on the future, quickly generating new solutions to address challenges

Although not every team member needs to possess all these attributes, having a majority of resilient employees creates an environment where others can adapt and meet the requirements to be resilient. Teammate support for one another, along with managerial assistance, enhances resilience. Happy employees supported by their teams and colleagues are less likely to leave for minor reasons or succumb to work-related setbacks.⁴

Identifying and addressing issues related to mental well-being, work motivation and adaptation requires proactive measures. To prevent problems from escalating, regular meetings with working groups should be conducted, not solely focused on business matters but also aimed at identifying potential challenges. After the COVID-19 pandemic, remote work arrangements limited communication, making it even more crucial to increase engagement and detect issues early.

Banking Example

To illustrate the concept of workforce resilience, consider an example from the banking industry. Imagine an exceptional IT team within a leading banks, recognized as one of the best. This team's success was not solely attributed to its boutique size and expertise, but also to its commitment, prioritization of mutual support, willingness to work, openness to innovation, and confidence because management always had its back. These factors, combined with the team's extraordinary self-motivation, led to remarkable achievements. The institution provided all the necessary elements for employees to thrive, including processes, technology, systems and other support.

However, an unforeseen event occurred, and the bank was taken over by the state to prevent its collapse and protect thousands of customers. This event caused shock waves among the employees. The incredible work, planned projects and enthusiasm of surpassing competitors suddenly came to a halt, leaving everyone in a state of uncertainty. Although there were no immediate financial changes, some employees sought alternative job opportunities due to concerns. Those who remained worried about an uncertain future. Despite these challenges, they decided to stay with the institution, realizing their ability to face difficulties, feeling secure and understanding that their financial situation remained unaffected.

The employees who chose to stay with the institution demonstrated resilience by quickly adapting to the new circumstances, acknowledging the changed environment and the state takeover of the bank, maintaining a positive attitude and remaining focused on their work, despite the uncertainty. Employees engaged in open communication with each other and with management to stay informed about the situation and potential future plans. Employees collaborated and supported each other, fostering a sense of unity to navigate the challenges together. They focused on the bigger picture, realizing that challenges were temporary and that staying with the institution could offer long-term benefits, and they maintained an adaptive mindset, being open to change and learning from the experience, which helped them build personal and professional resilience. They demonstrated patience and perseverance, understanding that recovery and stability take time. Finally, they remained loyal to the institution and its values, seeing themselves as integral to its success.

Strong governance fosters stability, agility and adaptability within the workforce, enabling resilience in the face of uncertainty.

The power to make such a decision, to persevere and to demonstrate workforce resilience is remarkable.

The Benefit of Frameworks

In today's dynamic business landscape, organizations face numerous challenges that can disrupt operations and influence workforces. To navigate these challenges effectively, organizations can cultivate a resilient workforce capable of adapting and thriving amidst uncertainty by using several frameworks:

• Governance and management—Effective governance and management practices are foundational to workforce resilience. COBIT^® provides guidance on governance and management of enterprise IT.⁵ By aligning with COBIT's principles, organizations can establish clear roles and responsibilities, define decision-making processes and ensure strategic alignment. Strong governance fosters stability, agility and adaptability within the workforce, enabling resilience in the face of uncertainty.⁶
• Risk management—Proactive risk management is crucial for workforce resilience. The ISACA Risk IT Framework offers a comprehensive approach to identifying, assessing and managing IT-related risk.⁷ By leveraging the Risk IT Framework, organizations can effectively identify potential risk areas, implement risk mitigation strategies and monitor and evaluate risk exposure. This enables organizations to proactively address risk that could impact the workforce, enhancing their resilience.
• Information systems operations and business resilience—Resilient workforces rely on robust information systems operations and business resilience. The ITIL Framework provides guidance on managing IT services and ensuring business continuity.⁸ By adopting ITIL best practices, such as change management, availability management, IT service continuity management, security management and continual service improvement, organizations can enhance information systems operations, establish disaster recovery plans and implement business continuity strategies. These measures strengthen the resilience of the workforce, ensuring uninterrupted operations during disruptions.⁹
• Infrastructure resilience—Building a resilient workforce requires a resilient infrastructure. COBIT, in conjunction with the US Cybersecurity and Infrastructure Security Agency (CISA) Infrastructure Resilience Planning Framework (IRPF), which offers a broad set of good practices that support the adoption of such infrastructure management processes,¹⁰ provides valuable guidance on infrastructure resilience. Organizations can leverage these frameworks to establish a robust physical and digital infrastructure, implement redundancy measures and ensure continuity of critical systems. By aligning with these frameworks, organizations enhance their infrastructure resilience, enabling their workforces to operate effectively during challenging times.¹¹
• Software development and business processes—Agile software development practices and efficient business processes contribute to workforce resilience. COBIT, in combination with Agile methodologies such as Scrum, Kanban, Extreme Programming (XP) and Lean,¹² provides valuable insights in this domain. Organizations can adopt Agile principles to streamline business processes and optimize software development practices. These principles, articulated in the Agile Manifesto, include four key values: individuals and interactions over processes and tools, working solutions over comprehensive documentation, customer collaboration over contract negotiation, and responding to change over following a plan.¹³ Following these principles enables the workforce to embrace change, respond rapidly and adapt to evolving business needs.

Resilience enables governance professionals to proactively identify and address risk, adapt governance frameworks to address new technologies and regulatory requirements, and drive organizational success through strategic decision-making.

Impacts to Audit, Risk, Governance, Privacy and Security

Workforce resilience plays a crucial role in the effective implementation and management of audit, governance, risk, privacy and information security.¹⁴

For a workforce to be resilient, audit professionals must possess the necessary skills, including critical thinking, problem solving, ethical judgment, risk management and regulatory knowledge skills. These skills enable auditors to effectively navigate complex IT environments, stay updated with emerging technologies and adapt their audit approaches accordingly. Resilient auditors should possess adaptability and agility to be better equipped to handle unexpected situations, manage audit timelines and deliverables and maintain a strong focus on quality and accuracy.¹⁵

Governance professionals can become resilient by focusing on both their skill development and their mindset. Some of the skills they should have include the ability to participate in feedback and reflection, critical thinking, emotional intelligence, time management and desire for continuous learning. Resilient governance professionals are able to lead and manage IT governance initiatives effectively. They can navigate organizational changes, shifting priorities and stakeholder expectations while ensuring the alignment of IT with business objectives. Resilience enables governance professionals to proactively identify and address risk, adapt governance frameworks to address new technologies and regulatory requirements, and drive organizational success through strategic decision-making.

Workforce resilience is crucial in the risk domain as it enables professionals to identify, assess and respond to emerging risk effectively. Resilient risk professionals can quickly adapt their risk management strategies to changing business and IT landscapes. They possess the skills to evaluate the impact of new technologies, emerging threats and regulatory changes on organizational risk profiles. Resilience also helps risk professionals in developing robust risk mitigation strategies, establishing risk-aware cultures and promoting effective risk communication.

Privacy professionals cultivate resilience by developing a blend of skills, knowledge and adaptable strategies that empower them to navigate the intricate terrain of data protection and privacy regulations. They gain this ability by engaging in continuous learning, networking and mentoring and by having an adaptable mindset and problem-solving skills. They take a collaborative approach and have effective communication and risk assessment abilities. By integrating these practices and qualities into their professional journey, privacy professionals equip themselves with the resilience needed to navigate the intricate and ever-changing world of data protection and privacy regulations. Resilient privacy professionals are able to assess privacy risk, implement appropriate controls and respond to privacy incidents effectively. They can adapt privacy programs to new technologies, emerging threats and changing regulatory requirements while ensuring compliance and maintaining customer trust.

Resilient information security professionals are vital for protecting organizations against evolving cyberthreats and safeguarding information assets. They possess the technical expertise, critical thinking abilities and adaptability required to address emerging security challenges effectively. Resilience enables information security professionals to identify vulnerabilities, respond to security incidents promptly, implement robust security controls and continuously monitor and enhance security practices to counter new threats and technologies.

Overall, workforce resilience ensures that professionals can adapt to changing environments, effectively address emerging challenges and drive organizational success in an ever-evolving digital landscape. Resilient professionals are better equipped to navigate uncertainties, embrace technological advancements and contribute to the overall resilience of their organizations.

Conclusion

By referencing frameworks and addressing the skills needed for specific domains, organizations can identify the key elements necessary to build a resilient workforce.

From effective governance and risk management to robust information systems operations, infrastructure resilience and human resources management, frameworks offer valuable guidance. By aligning with these frameworks, organizations can cultivate a workforce that is adaptable, engaged and capable of navigating uncertainty with resilience, driving long-term success.

Building workforce resilience is an ongoing process. It requires a commitment from leaders and the entire organization to create a supportive and adaptive culture. By ensuring that teams have the necessary skills and techniques, organizations can cultivate a resilient workforce.

Workforce resilience is not only beneficial during times of crisis, but also contributes to long-term success and sustainability.

Endnotes

¹ Kuntz, J.; S. Malinen; K. Näswall; “Employee Resilience: Directions for Resilience Development,” Consulting Psychology Journal: Practice and Research, vol. 69, iss. 3, 2017, http://doi.org/10.1037/cpb0000097
² American Psychological Association, “Resilience,” http://www.apa.org/topics/resilience
³ McKinsey & Company, “What Is Resilience?” 17 January 2023, http://www.mckinsey.com/featured-insights/mckinsey-explainers/what-is-resilience
⁴ Lim, D.; H. Hur et al; “Workforce Resilience: Integrative Review for Human Resource Development,” Performance Improvement Quarterly, vol. 33, iss. 1, 2019, http://doi.org/10.1002/piq.21318
⁵ ISACA, COBIT^®, 2019, USA, http://xuk9.letaoyizs.com/resources/cobit
⁶ De Haes, S.; W. Van Grembergen et al; “COBIT as a Framework for Enterprise Governance of IT,” Enterprise Governance of Information Technology: Achieving Alignment and Value in Digital Organizations, Springer, Switzerland, 2019, http://doi.org/10.1007/978-3-030-25918-1_5
⁷ ISACA, Risk IT Framework, 2^nd Edition, USA, 2020, http://store.letaoyizs.com/s/store#/store/browse/detail/a2S4w000004Ko9VEAS
⁸ AXELOS, “What Is ITIL?” http://www.axelos.com/certifications/itil-service-management/what-is-itil
⁹ Cervone, F.; “ITIL: A framework for Managing Digital Library Services,” OCLC Systems & Services: International digital library perspectives, vol. 24, iss. 2, 2008, http://doi.org/10.1108/10650750810875430
¹⁰ Watson, G.; J. Ahn; “A Systematic Review: To Increase Transportation Infrastructure Resilience to Flooding Events,” Applied Sciences, vol. 12, iss. 23, 2022, http://doi.org/10.3390/app122312331
¹¹ Brown-Neuhaus, V.; C. Harloe et al; “Credit Ratings & Climate Change Resilience: A Framework for Assessing Airports, Seaports, & Toll Roads,” George Mason University, 2022, http://hdl.handle.net/1920/12855
¹² Kirvan, P.; M. Pratt; “Agile Manifesto,” April 2023, http://www.techtarget.com/searchcio/definition/Agile-Manifesto
¹³ Ibid.
¹⁴ Giniat, E.; J. Farrell; “Reform Requires Resilience: A Holistic Model for Success: In This Environment, Resilience Is the Key to Organizational Survival and a Holistic Governance, Risk, and Compliance Model Is the Key to Driving Resilience,” Healthcare Financial Management, vol. 64, iss. 7, 2010, http://go.gale.com/ps/i.do?id=GALE%7CA235857277&sid=googleScholar&v=2.1&it=r&linkaccess=abs&issn=07350732&p=AONE&sw=w&userGroupName=anon%7E4be1e5a3&aty=open-web-entry
¹⁵ Rees, C.; L. Breen et al.;“Understanding Individual Resilience in the Workplace: The International Collaboration of Workforce Resilience Model,” Frontiers in Psychology, vol. 6, 2015, http://doi.org/10.3389/fpsyg.2015.00073

HAKAN KANTAS | CRISC, CDPSE, ISO 22301 LA, ISO 20000 LI, ITIL V3, TOGAF 9

Is the director of an IT continuity management department where he is responsible for operational resilience, IT continuity management, disaster recovery, IT capacity and performance management, data management and EU General Data Protection Regulation (GDPR) compliance. He began his career in the mid-1980s as a writer and editor at Mac World, PC World and PC Magazine in Turkey. He began his IT career at Pamukbank in 1993. He was the chief information officer (CIO) of Vaillant Group in 2007-2008. He joined Halkbank in 2008. He created an IT risk management methodology at the first bank in Turkey and led IT service management and continual service improvement projects that delivered comprehensive innovative transformations to implement global best practices in IT through a service-oriented approach and IT process models. He is a gold member of ISACA, an Institute of Electrical and Electronics Engineers (IEEE) Senior Member, a member of the Association for Computing Machinery (ACM) and the Business Continuity Institute (BCI) and a former board member of the itSMF-Turkey Chapter.