The establishment, management and maturity of an enterprise wide resilience capability requires that a reporting and monitoring framework exists. This should include:

• Governance Body - A pro-active board or committee that the reporting goes to for actioning, follow up and resolution.
• Feedback mechanism - A way for the governance body to provide feed back to the business and accountability to the business.
• Business Area Resilience Owner - An owner responsible for resilience capability and activities in a given area of business to make sure the reporting and required activities occur.
• Audit Function - A function for auditing resilience capability.

An effective framework covers three aspects of resilience reporting:

• Resilience Capability Reporting - Addresses the resilience capability of the enterprise against a minimum resilience standard, i.e. is a business area able to respond to a crisis?
• Resilience Risk Reporting - Details the acceptance of the resilience risks and what is being done to address them, i.e. is the resilience capability (ability to manage a crisis) commensurate with the gaps in business sustainability and the risk exposure.
• Iceberg Reporting - Executive summary of the major risks and issues impacting a business, i.e. what are the big ticket items impacting the enterprise and can we manage them if they occurred?

Further details around the development and management of an enterprise wide resilience capability are presented in this document.