Resilience through Rolling Planning: Insights from CIOs’ Industry Experience and Academic Research
By Dr. Tamara Leuthe (Senior Researcher), Sönke Claussen (CEO, Bee360), Prof. Dr. Christian Hürter (CIO, Deutz), Andreas Polak (CIO, Flender), Björn Lügger (CIO, Lowell Financial Services), Axel Schnuck (CIO, Deutsche Pfandbriefbank)
Executive Summary
IT organizations face mounting pressure: software costs rising over 10% in 2025, tightening regulations (DORA, AI compliance), geopolitical volatility, and rapid technological change. Resilience is now a core leadership capability. This report positions rolling planning as the central mechanism to build it. Rolling planning replaces rigid annual budgets with continuous, cycle-based reviews of resources, budgets, and priorities, which creates an always-current picture of IT capacity and financials for structured, fact-based decisions.
Key Findings
Five CIOs from mechanical engineering, banking, financial services, and corporate real estate validated five core findings:
- Strategy comes first. Without a long-term strategy, rolling planning stays tactical. Its value lies in anchoring operational decisions to strategic direction.
- Structured responsiveness over speed. Rolling planning enables rapid adaptation only when action plans and interdependencies are clearly understood alongside the data.
- Transparency alone is insufficient. Sound decisions require the right level of detail, clear responsibilities, and decentralized authority.
- Involvement means accountability. Resilience grows when employees own realistic commitments, not when everyone co-determines priorities.
- Regularity drives risk resilience. Continuous cycles surface financial, personnel, and operational risks early, which enables deliberate mitigation.
Recommended Actions for CIOs
- Anchor rolling planning to a clear IT and corporate strategy before optimizing cycles.
- Enable decentralized decision-making within defined financial and strategic guardrails.
- Build transparency on capacities, costs, and dependencies at the right level of detail.
- Embed accountability by making employees owners of their commitments.
- Use planning cycles as a risk management instrument. Review, reassess, and act.
Resilient IT governance is not achieved by planning more. It is achieved by steering better.
Abstract
IT organizations are operating in an environment of rising software costs, increasing regulatory pressure, geopolitical uncertainty, and rapid technological change. At the same time, expectations toward IT continue to grow: it must ensure stable operations, drive innovation, and execute strategy with constrained resources. In this context, resilience becomes a core leadership capability. IT must not only react quickly to change, but do so in a structured, strategically aligned, and sustainable way.
This report positions rolling planning as a central lever to enable such resilience. By continuously reviewing and adjusting resources, budgets, and priorities in defined cycles, rolling planning creates transparency, strengthens decision-making, and supports coordinated adaptation in a constantly changing environment without falling into operational hecticness. However, rolling planning alone is not sufficient. Its impact depends on clear strategic guardrails, decentralized decision-making within defined limits, transparency over capacities and dependencies, and a culture of responsibility.
The findings build on academic foundations and were refined through a focus group with five CIOs from different industries. Their practical insights form the basis for a structured framework and five concrete steps toward resilient IT steering. The report provides executives with actionable guidance on how to move from reactive planning to resilient governance. It is not achieved by planning more, but by steering better under uncertainty.
1 | The Initial Situation: Common Challenges
Today’s IT landscape is shaped by a combination of growing cost pressure, increasing regulatory demands, and rapid technological change. Rising software costs, expanding compliance requirements, and the unprecedented possibilities created by technologies such as AI are fundamentally changing how IT must be managed. Therefore, CIOs must adopt a new mindset, because in this environment, IT must not only deliver efficiently in the short term but remain resilient to external influences in the long term.
Financial pressure is intensifying, with software spending expected to rise by more than 10 percent in 2025 (Statista, 2025). At the same time, the pressure to consistently execute strategic initiatives is growing. New technologies, such as GenAI, create both expectations and urgency. Organizations must adopt these technologies to remain competitive while avoiding fragmented or uncoordinated investments. Meanwhile, regulatory developments such as the Digital Operational Resilience Act (DORA) and emerging AI regulations require specialized skills and significantly raise cybersecurity and compliance requirements. In addition to technical expertise, effective communication, training, and change management are essential for supporting new workflows, which often put additional strain on IT organizations that are already operating at or beyond capacity.
These pressures are exacerbated by the constant need to adapt processes and solutions. Existing systems must be reviewed, modernized, or replaced continuously, and IT strategies must be refined accordingly. While external partners can accelerate transformation, excessive reliance on them can result in the erosion of internal knowledge and long-term capabilities. Therefore, to remain capable of acting under uncertainty, IT organizations must carefully balance make-or-buy decisions and deliberately invest in building internal competence.
At the same time, external volatility is increasing. Market shifts, new competitors, and strategic realignments demand rapid and flexible adjustments. Political and geopolitical developments may necessitate location decisions such as establishing new production sites (e.g., in the US) or IT capabilities in different regions (e.g., new hubs in India) or responding to sovereignty requirements. Internally, conflicting objectives and a lack of transparency between business and IT departments often make it difficult to prioritize initiatives and allocate scarce resources effectively.
Against this backdrop, resilience becomes a core capability of IT organizations. In this context, resilience does not mean avoiding change but rather being able to respond to it quickly, consciously, and in a structured manner without falling into operational chaos or losing strategic direction. One key approach to achieving this resilience is rolling planning. By continuously adjusting resource and financial planning in defined cycles, rolling planning provides the transparency, flexibility, and decision-making foundation required to navigate uncertainty.
The following chapter introduces the concepts of resilience and rolling planning as they are understood in this report and examines how rolling planning can serve as a central enabler of resilient IT organizations.
2 | The Proposed Solution: How Rolling Planning Enables Robust IT Steering
This chapter provides the theoretical and experience-based foundation for the following chapters that evaluate these messages from the CIOs perspectives and from an academic and consulting background. Given the variety of definitions of resilience across different fields of research, the following section provides a definition to establish a common understanding. First, the concept of rolling planning is introduced.
2.1 Rolling Planning: From Annual Plans to Continuous IT Steering
Rolling planning refers to a continuous planning approach in which resources, budgets, and schedules are regularly reviewed and updated. Instead of rigid, one-time annual planning, planning is updated in short, fixed cycles and adapted to new information, changing conditions, and current developments (for details see: https://cmdu.org/effective-resource-and-financial-management-via-rolling-planning/). The aim of this approach is to always have an up-to-date and transparent picture of the use of resources and financial means. Deviations between planning and reality become apparent at an early stage and can be taken into account in a timely manner. This creates a robust basis for fact-based decisions that support both operational and strategic management (for details, see https://cmdu.org/effective-resource-and-financial-management-via-rolling-planning/).
Rolling planning ensures that IT planning remains strategically aligned (direction setting) and creates transparency by clearly distinguishing between run (operations) and change (projects and pipeline projects) and taking into account quotas for continuous improvements. Regular updates enable decentralized decision-making based on current data, e.g., for prioritizing releases or adjusting capacities.
Figure 1: The solution is to continuously use the deviation between status quo and goal and steer and adapt accordingly.
One key objective of the approach is to avoid overload, especially in IT. Increased transparency and realistic planning lead to a noticeable reduction in workload, which in turn strengthens employee motivation and commitment. At the same time, rolling planning increases flexibility, enables resources to be used efficiently, controls costs, and ensures planning reliability without losing the necessary adaptability (see https://cmdu.org/effective-resource-and-financial-management-via-rolling-planning/).
2.2 Resilience Beyond the Buzzword: Understanding Organizational Resilience
The concept of resilience has a long history and became popular and a buzzword in the years of the Covid-19 pandemic. Regardless of its etymological origin of the Latin word “resilire”, which means “to bounce back” (Briguglio et al., 2005, 7), the term is defined differently regarding the context of discipline. For instance, in psychology, resilience is defined as a person’s ability to overcome challenges and adversity. (Langland et al., 2026, 6). In engineering, resilience is defined as the robustness of structures, i.e., their ability to withstand physical forces such as fire, impact, or explosion without disproportionate damage (ibid.). In the field of ecology, resilience has been defined as the ability of systems to absorb shocks and persist despite disturbances (Connelly et al., 2017, 1).
Taking the different definitions into account, resilience can be understood as the ability of a system to prepare for, absorb, recover from, and adapt to disruptive events while maintaining its core purpose and functions of the system (Connelly et al., 2017, 2). Table 1 summarizes the findings of our literature research and distinguishes between four different expressions of resilience of an organization.
Table 1: Systematization of organizational resilience.
(Source: Own illustration based on Briguglio et al., 2005; Clément/ Rivera, 2016; Connelly et al., 2017; Duchek, 2020; Hatton/ Charlotte, 2021; Husni et al., 2025; Ibrahim et al., 2023; Langland et al., 2016; Lichte et al., 2022; Shaya et al., 2022; Walker et al., 2004).
Proactive organizational resilience is the ability to prepare for potential crises and unforeseeable events so that they do not catch a company or its IT organization by surprise. It involves identifying potential threats early and implementing preventive measures. This characteristic is strategic and long-term and is characterized by IT capabilities and social capital, such as knowledge transfer and collaboration. For example, an IT organization is proactively resilient if it establishes clear architectural principles for the company’s ERP target picture for 2035 to avoid later misjudgments and integration problems.
Risk resilience as another expression of resilience is the ability to withstand crises and negative external influences as they arise. The focus is on maintaining short-term stability and key business processes in the face of disruption. This capability is influenced by factors such as innovative strength, robust digital infrastructure, and organizational agility. By maintaining critical systems (e.g., ERP or production IT) via stable and standardized release cycles, the IT organization promotes the company’s risk resilience. Automated tests and clear quality and acceptance gates ensure that operations remain stable even under regulatory pressure or resource constraints.
Reactive organizational resilience is the ability to respond quickly, effectively, and coordinated during and after a crisis. The focus is on limiting damage, ensuring continuity, and restoring functionality through immediate adaptation measures. For IT organizations, this requires the ability to reprioritize projects, reallocate resources, and adjust decisions at a moment’s notice to react to e.g., unexpected audit findings, regulatory requirements, or new project dependencies.
Recovery, the final expression of resilience, is an organization’s ability to stabilize itself sustainably after a crisis. This ability includes learning from the crisis and adapting in the long term. It is supported by innovation, agile decision-making processes, and digital transformation initiatives. IT organizations demonstrate their recovery capability by systematically analyzing processes, redefining decision-making rules, and developing architectural guidelines after a failed rollout or missed integration opportunities. Being capable of learning out of past failures, allows IT to implement future projects and plans more robustly.
2.3 Bridging Rolling Planning and Resilience for Long-Term Value Generation
Rolling planning is a key enabler of reactive organizational resilience. It allows IT organizations to continuously update and flexibly adjust resource and financial data. Clearly defined, regular planning cycles (e.g., monthly for projects, quarterly for continuous improvements and services) establish planning as an ongoing process rather than a one-off, reactive measure. This provides an up-to-date and reliable picture of the resource situation, enabling a quick and informed response to internal and external changes. The high level of transparency that the rolling planning approach enables also reveals dependencies between projects, initiatives, or systems. This creates the basis for short-term reprioritization and resource reallocation. Thus, the following hypothesis is concluded:
Beyond pure responsiveness, rolling planning supports reactive resilience by maintaining strategic orientation even in crises. In phases of unexpected events, there is a risk that organizations will fall into operational hecticness or unreflective behavior. Rolling planning counteracts this effect by consistently focusing on strategically relevant projects and deliberately limiting less prioritized activities (e.g., using buckets for smaller demands called continuous improvements). When it is clear which initiatives contribute to the long-term goals and where the organization should be heading, necessary short-term adjustments can be specifically classified and aligned with the overarching goal. This promotes coordinated, calm responsiveness even under pressure. Summarized:
Figure 2: Hypotheses Model.
In addition, rolling planning strengthens the risk resilience of IT organizations by preparing for informed decision-making. Based on constantly updated resource, cost, and capacity data, options for action become transparent, as it is clear where capacities are tied up and where there is room to maneuver. This transparency is created by a structured and coordinated planning process that involves all relevant levels (from management to team leads to employees). Regular planning should not be seen as a purely operational routine, but as a prerequisite for conscious, consistent decisions in uncertain situations. Transparency alone does not automatically make organizations crisis-proof, but it reduces uncertainty and increases the likelihood that decisions will be better informed, even under pressure.
A key contribution to proactive organizational resilience lies in building social capital. Rolling planning actively involves employees in the planning process, thereby strengthening motivation and personal responsibility. This involvement should not be understood as a “wish list” approach, but rather as an application of the principle of self-planning: employees take responsibility for realistic commitments within clearly defined parameters and explicitly answer what they can achieve. This commitment is supported by quantitative guidelines that create transparency about available capacities and utilization, thereby aligning individual assessments with organizational goals.
From the perspective of resilience research in the humanities and social sciences, this approach is particularly effective because autonomy, self-efficacy, and intrinsic motivation are key drivers of individual resilience (Lyng et al., 2025). These continue to have an effect at the team and organizational level and strengthen the resilience of the entire IT organization in the long term:
Finally, rolling planning makes a direct contribution to risk resilience by making risks visible at an early stage and mitigating them in a targeted manner through regular planning cycles. Continuous review of capacities, dependencies, and priorities enables early detection of bottlenecks, risks to stable operations, and classic planning and project risks. In the spirit of integrated risk management in the planning area, these risks can be systematically assessed and incorporated into decision-making processes. In this way, rolling planning helps to ensure short-term stability and maintain critical IT services even under uncertain conditions:
3 | The Identified Solution: Rolling Planning as a Resilience Lever
Based on the focus group discussions with the CIOs, the initial hypotheses were critically reviewed and refined. The resulting insights were brought together into a clear set of framework conditions and prerequisites for resilient IT management. Building on these findings, five practical steps are outlined to show how rolling planning can be systematically applied to strengthen and sustain IT resilience.
Focus Group
Our focus group consisted of five CIOs from different industries, including mechanical engineering and manufacturing, banking, corporate real estate, and financial services. While the banking context tends to be stable, cyclical, and strongly dependent on interest rate trends and supervisory board requirements, industries such as financial services and industrial environments are more dynamic (e.g., due to technological developments). Despite these differences, all CIOs pursued an increasingly integrated IT strategy that was closely aligned with the business strategy.
In context of strategy, AI was not only understood as an internal efficiency initiative, but also as an integral part of the product and service offering (e.g., predictive maintenance approaches using sensor data such as sound, temperature, or vibrations). This understanding aligned with the CIOs’ operating models, which ranged from process- to service-oriented. IT organization size ranged from 120 to 220 internal employees, supplemented by nearshore and offshore locations (e.g., for cost savings) as well as international hubs (e.g., for scale effects).
In response to current geopolitical conditions and time zone considerations, IT resources had been built up in the United States, which underlines the growing relevance of political factors in IT location strategies. The CIOs’ IT budgets were comparable, ranging from approximately €25 million to €70 million, and were unanimously viewed from an EBIT perspective. However, budget control mechanisms differed, ranging from classical IT key figures and overall cost analyses to tightly controlled profit and loss (P&L) approaches.
Participatory and transparent leadership approaches dominated among the CIOs, albeit with varying degrees of democratic decision-making and strategic control. In contrast, process responsibility was predominantly centralized, apart from the IT organization operating under a matrix structure. These differences were also reflected in organizational structures: while industrial companies were structured around business units and group functions, financial services organizations tended to operate with business domains and shared services. Moreover, all CIOs worked for internationally operating companies active in up to 80 countries and across approximately 110 global locations. The diversity of the group was particularly valuable for expanding our understanding of resilient IT management, as contrasting contexts made underlying success factors more visible.
3.1 Revision of Hypotheses
While the CIOs generally agreed with the hypothesis, they highlighted several areas that needed clarifying. Firstly, the meaning of ‘quickly’ in the context of rolling planning was discussed. It was agreed that updates should not be considered permanent adjustments but rather take place at clearly defined, regular intervals. Constant real-time updating, on the other hand, was deemed neither useful nor manageable. It was also noted that the hypothesis is closely related to the definition of rolling planning and thus describes a necessary but not sufficient prerequisite for organizational responsiveness.
Furthermore, the CIOs emphasized that the ability to respond to change does not depend solely on the availability of up-to-date data. Rather, it is crucial that concrete action plans are in place based on this data, and that their interdependencies are understood. Only when it is transparent how initiatives, resources, and budgets are linked targeted decisions can be made about what should be prioritized, postponed, or stopped.
Another key point was how to handle events that arise outside regular planning cycles, such as a crisis occurring before the next scheduled review. The CIOs emphasized that rolling planning does not mean reflexively stopping existing projects and replacing them with new initiatives. Rather, responsiveness is demonstrated by the ability to consciously reprioritize by deciding which activities can be reduced or suspended, where resources should be reallocated, and whether additional financial resources should be used to secure external support. This requires decisiveness and transparency about dependencies in order to realistically assess which activities the organization can temporarily scale back without jeopardizing its strategic direction or operational stability.
The discussion deliberately emphasized a distinction from the previous hypothesis. The focus shifted from the speed of the response to its quality, calmness, and strategic classification. The participants emphasized that rolling planning does not automatically promote a focus on long-term goals. Rather, this effect requires that robust strategic planning already exists. Without a clear long-term vision (e.g., through multi-year or annual planning), rolling planning remains predominantly tactical. This assessment aligns with the statements in the underlying white paper, which asserts that rolling planning does not replace strategy but rather supports its implementation (https://cmdu.org/effective-resource-and-financial-management-via-rolling-planning/).
Against this backdrop, the effectiveness of rolling planning was emphasized when strategic guidelines were in place. In this case, it enabled short-term adjustments while maintaining focus on long-term goals. Thus, rolling planning was seen less as a driver of strategic goal setting and more as a mechanism for managing operational decisions in line with strategy. It is worth noting in this context that strategic or long-term guidelines, such as organizational structure and size, inherently define the limits and possibilities for adaptation and scaling. Rolling planning, therefore, represents a way to make the most of these given circumstances. Moreover, when these structural boundaries and underlying assumptions are actively monitored throughout the planning process, rolling planning can help operationalize strategic controlling, bridging the gap between high-level strategic intent and day-to-day operational execution.
Regarding operational hecticness, the CIOs agreed that operational dynamism is not necessarily negative. They viewed a certain amount of hecticness as an expression of human interaction, decisiveness, and speed, which can even be productive in certain situations. However, operational activity becomes problematic when it unfolds in a disorderly or undirected manner or becomes detached from strategic goals. In this context, rolling planning provides guidelines that channel operational dynamics in an orderly, goal-oriented manner.
Additionally, the wording of the hypothesis was critically reflected upon. Several participants felt that the term “promotes” was potentially misleading because it implies that rolling planning generates strategic orientation itself. They suggested using the terms “enables” or “supports” for greater precision. This clarifies that rolling planning stabilizes the implementation of existing strategies but does not dictate their content.
Practical examples (e.g., ERP strategies) showed that strategy-compliant implementation often requires patience. In such cases, rolling planning helps align operational measures consistently with the target vision, even when short-term requirements or disruptions necessitate adjustments. Thus, rolling planning supports calm, resilient responsiveness without completely suppressing operational flexibility.
The discussion revealed a variety of opinions. There was general agreement that regular planning and structured stakeholder involvement create a clear, shared understanding of capacities, costs, and priorities. One participant summed it up as follows:
“Transparency is a necessary but not sufficient condition for making strategic goals visible and providing guidance in day-to-day operations.”
The CIOs also emphasized that transparency alone is insufficient to prevent operational chaos in crisis situations. They highlighted the existing organizational structure and clearly defined responsibilities as critical factors determining how and whether transparency is used for decision-making. Even when transparency about capacities, costs, and priorities is present, the ability to make decisions can be limited if structural conditions prevent quick or clear decisions.
Additionally, the CIOs warned against over-engineering. Too much detail in capacity and cost planning can limit flexibility, and in extreme cases, lead to additional complexity and operational chaos. The CIOs therefore emphasized the importance of the right level of detail: precise enough to provide guidance and a basis for decision-making, but not so granular that adjustments become difficult. They also highlighted the usefulness of regular status checks, as these make it possible to monitor costs, capacities, and target achievement without questioning fundamental strategic decisions with each cycle. In this sense, rolling planning provides support not through constant replanning, but rather through a stable structure that allows for targeted interventions when necessary.
Once more, the discussion revealed mixed opinions. While the active involvement of employees was generally recognized as important for organizational resilience, warnings were issued against undifferentiated involvement. Specifically, it was emphasized that including all employees in every planning or decision-making process can result in an overwhelming number of opinions, hindering rather than supporting decision-making and planning. This is why the meaning of “involving employees” was further clarified in the context of rolling planning. It does not mean allowing employees to vote on project priorities or strategic decisions. Instead, it follows the principle of “turning those affected into participants” by encouraging employees to take responsibility for their tasks and commitments. The key question is whether and to what extent they can realistically deliver the planned services and tasks. Simply put: “Can you do it?”.
This approach allows for a realistic evaluation of capabilities and fosters self-efficacy and a sense of responsibility. Thus, rolling planning contributes to strengthening resilience in dynamic environments, not through maximum participation, but through clearly assigned responsibility.
The importance of regular planning cycles was emphasized as a key element of project and planning risk mitigation. Such cycles are essential because risks can change or emerge over time due to shifting conditions, new dependencies, or external influences. Frequent planning makes project and planning risks visible earlier, enabling timely assessment. At the same time, these cycles allow previously identified risks to be reviewed to determine whether they remain relevant or are intensifying or diminishing.
The CIO discussion also highlighted that financial resources represent only one dimension of risk mitigation. While financial constraints may lead to the deliberate acceptance of certain risks (e.g., the continued use of legacy systems or the postponement of necessary measures), non-financial risks are equally significant. These include resource and personnel-related risks (e.g., loss of key employees due to illness, recruitment by competitors, or other unforeseen events). Although these risks cannot be fully controlled, they must be made transparent and systematically considered in the planning process.
In summary, rolling planning was assessed as a supportive, though not self-sufficient, contributor to risk resilience. This approach strengthens the IT organization’s resilience by combining planning, transparency, and regular reviews, thus enabling risks to be identified and addressed at an early stage. However, effective mitigation ultimately requires deliberate decision-making, clear prioritization, and, depending on the situation, the targeted use of financial, personnel, or organizational measures.
3.2 Synthesis of Discussion: Structural and Organizational Conditions and Their Prerequisites for a Resilient IT Organization
In the following, we outline the conditions that must be met and the prerequisites that support a resilient management of an IT organization.
Clear and Comprehensive Planning Principles
Resilient IT management requires reliable input variables. Costs, available resources, services, and time dependencies (e.g., contract terms or licensing models) must be transparent. Otherwise, necessary budget or capacity adjustments cannot be planned in a timely manner. Financial guidelines should be clearly set by management to enable realistic decisions.
For decisions to be realistic and planning to be truly rolling, decisions must be made at the level where the necessary information is available. This, together with regular control cycles, requires a corporate culture and adequate structure that enable decentralized decision-making. At the same time, active management support is essential to establish clear financial guidelines, ensure prioritization decisions, and provide backing in crisis situations. Without such support, transparency and planning efforts remain ineffective.
Strategic Orientation as a Stable Reference Point
Rolling planning unfolds its full benefits only when a clear corporate and IT strategy is in place. Strategy defines the overall direction, while roadmaps structure its operational implementation. Strategic goals must be translated into operationally actionable terms (e.g., by developing a long-term ERP target architecture to prevent short-term requirements from resulting in inconsistent stand-alone solutions) and their validity must be reviewed regularly. A clear strategic orientation can only serve as a reliable reference point for IT management if there is a shared understanding of strategic goals and guiding principles. A common mindset (e.g., “embracing imperfection”) encourages the regular review of assumptions, learning from deviations, and making necessary adjustments without questioning the overarching strategic direction. In this sense, strategic orientation must not only be formally defined but also embedded in everyday organizational practice.
Transparency About Status, Goals, and Dependencies
Resilience requires a clear understanding of both the current state and the intended objectives. Progress, deviations, and risks must therefore be measurable. A solid understanding of enterprise architecture helps to identify dependencies at an early stage (e.g., when multiple projects rely on a central legacy system, unrecognized dependencies can lead to bottlenecks and increased operational risk). However, transparency regarding status, objectives, and dependencies cannot be achieved through data alone; it also requires regular exchange and structured interactions. Sharing successes strengthens motivation and fosters acceptance. Equally important is the clear communication of purpose and meaning (best supported through simple language, visual representations, and storytelling) to secure employee buy-in and enable active participation.
Integrated Steering Across Departmental Boundaries
Resilient IT does not operate in isolation. IT and corporate planning must be closely aligned, and the business must be actively involved. Only when departments participate in prioritization decisions at an early stage can IT capacities be effectively directed toward business-critical initiatives. Furthermore, integrated IT governance requires a solid understanding of enterprise architecture. Only when technological structures and dependencies are transparent can plans be developed realistically and the implications of decisions properly assessed. Such architectural understanding links strategic objectives with operational planning and ensures that resilience is embedded not only organizationally but also technically.
In summary, a resilient IT organization and its governance do not require more planning, but rather clearer guardrails and integrated decision-making. Rolling planning enables responsiveness to unforeseen events, stability during crises, and the institutionalization of learning and continuous improvements after crises. IT is steered resiliently when strategy provides orientation, rolling planning creates structure, transparency (e.g., regarding capacities and costs) enables decision-making, responsibilities are decentralized, and learning is deeply embedded (see Figure 3).
Figure 3: 5 steps for resilient steering of an IT organization using rolling planning.
4 | The Essence of Receiving Resilience and Long-Term Value Through Rolling Planning
First, rolling planning establishes the structural conditions for rapid response, but it does not replace leadership and decision-making ability. The added value does not come from more frequent updates, but from clearly defined cycles, transparency about dependencies, and the willingness to deliberately prioritize, stop, or use external options when necessary.
Secondly, rolling planning does not replace strategy. Its added value lies in channeling operational momentum and consistently aligning decisions with long-term objectives, even under pressure. This requires clear strategic guidelines and the discipline not to confuse operational adjustments with strategic changes in direction.
Third, rolling planning prevents operational chaos not through more planning, but through the right balance of transparency, structure, and decision-making ability. The key factors are an appropriate level of detail, clear responsibilities, and regular status checks rather than constant reprioritization.
Fourth, employee participation only strengthens resilience when it clearly assigns responsibility. Rolling planning does not deliver added value through broad co-determination, but by empowering employees to make realistic commitments and take responsibility for their contributions. The key is to involve the right people at the right level in a targeted manner.
Fifth, rolling planning increases risk resilience not through risk avoidance, but through transparency and regularity. The decisive factor is not whether risks exist, but whether they are identified early, consciously accepted, or deliberately mitigated. Planning thus becomes a control instrument for ensuring stability rather than a substitute for risk management.
Finally, the following central interpretations for CIOs can be derived from our hypotheses:
H1 addresses the structural prerequisite for rapid response. However, it is not sufficient on its own to ensure organizational resilience.
H2 focuses on the quality and composure of the response under pressure. It only becomes effective when strategy, transparency, and decision-making capability are aligned through rolling planning.
H3 strengthens sound decision-making based on transparent options. Like H2, it only becomes effective when strategy, transparency, and decision-making capability are aligned through rolling planning.
H4 builds proactive resilience through social capital and personal responsibility. It marks the transition from being well-managed to being truly resilient.
H5 increases risk resilience through early risk identification and regular reviews. Like H4, it marks the transition from being well-managed to being truly resilient.
Taken together, these interpretations position rolling planning as a key lever for preparing IT organizations to be resilient, adaptable, and capable of decisive action – not despite increasing uncertainty and volatility, but precisely because of it. While rolling planning does not eliminate crises, it enables decisive action, sustained focus, and organizational resilience.
About the Authors
Dr. Tamara Leuthe
Senior Researcher · Bee360 GmbH
▾
Dr. Tamara Leuthe
Senior Researcher · Bee360 GmbH
With her extensive experience as an industrial engineer, Tamara looks at IT management challenges from both a technical and business perspective. As an innovation expert, she is aware of future developments. She has gained practical experience at the interface between science and business in numerous innovation and transformation projects, which has sharpened her understanding of the associated challenges. Her holistic view of companies and her drive to develop comprehensible solutions for complex challenges bring new ideas and aspects to the composition of the management of IT organizations.
Sönke (Sonny) Claussen
CEO · Bee360 GmbH
▾
Sönke (Sonny) Claussen
CEO · Bee360 GmbH
Sönke (Sonny) Claussen is Founder and CEO of Bee360, an enterprise platform for adaptive IT governance. Over two decades, he has worked with CIOs across industries to integrate strategy, architecture, financial management, and capacity planning into coherent operating models. His work is grounded in the conviction that technology organization is not a tools problem but a structural one: the decisions that determine whether transformation succeeds or fails happen at the level of governance, decision rights, and resource allocation. He holds a Master’s degree in Computer Science and is a participant in Harvard Business School’s Owner/President Management program. He relocated with his family to Boston in 2025 to build Bee360’s US presence.
Prof. Dr. Christian Hürter
CIO · Deutz AG
▾
Prof. Dr. Christian Hürter
CIO · Deutz AG
Christian is an accomplished academic and practitioner in the intersection of technology and business. With a strong background in process optimization/automation, organizational resilience and target operating models, he has contributed to various projects that explore how IT organizations can navigate uncertainty and enhance their adaptability. His insights stem from years of experience as CIO as well as from systematic exchange with many CIOs across diverse industries, enabling him to bridge theoretical concepts with practical applications. Christian is committed to empowering organizations to achieve strategic alignment and operational excellence through innovative management practices.
Andreas Polak
CIO · Flender
▾
Andreas Polak
CIO · Flender
As the Group CIO Andreas is responsible for the global IT organization, which was spun off from Siemens in a complex project in 2023, following the sale of Flender to the Carlyle Group. He has successfully established his IT department as a valuable business partner. He is currently focusing on achieving the optimal balance between internal and external IT resources, having used an innovative methodological approach to determine the competencies and costs of the IT organization. Prior to joining Flender, he began his career as a global infrastructure specialist at BT Global Services, occupying various roles at different levels. He then assumed the role of Head of Infrastructure, Voice and Security Operations at Heidelberger Druckmaschinen AG.
Björn Lügger
CIO · Lowell Financial Services
▾
Björn Lügger
CIO · Lowell Financial Services
Björn is an experienced CIO with a strong track record in leading IT organizations through transformation, growth, and regulatory complexity. He currently serves as CIO at Lowell Financial Services, where he aligns IT strategy and governance with long-term business objectives. Previously, as CIO at Canyon Bicycles, he transformed IT into a strategic business partner, supporting international growth from 160M€ to 800M€ and scaling digital business models. Björn believes sustainable transformation requires the conscious alignment of people, processes, and platforms — not technology alone. His work emphasizes pragmatic governance, transparent decision-making, and resilient IT organizations. Holding an MBA in International Business and a background in Business Informatics, his experience spans manufacturing, e-commerce, and financial services.
Axel Schnuck
CIO · Deutsche Pfandbriefbank AG
▾
Axel Schnuck
CIO · Deutsche Pfandbriefbank AG
Axel has gained profound experience and overview on IT and digitalization topics in the financial services industry over almost 30 years, covering 10 years in consulting followed by leading IT positions in the Bausparkasse Schwäbisch Hall group, before being responsible as Head of IT in the Deutsche Pfandbriefbank AG since end of 2016.
Más para descubrir
Webinar: Seguro, flexible y escalable — Construye resiliencia de TI
Rolling planning en la práctica: cómo construir resiliencia de TI de forma segura y escalable con Bee360.
Siguiente →References
Briguglio, L., Cordina, G., Farrugia, N., Vella S. (2005). “Conceptualising and Measuring Economic Resilience.” In Pacific Islands Regional Integration and Governance, edited by SATISH CHAND, 26–49. ANU Press. http://www.jstor.org/stable/j.ctt2jbk3w.11.
Connelly, E.B., Allen, C.R., Hatfield, K. et al. Features of resilience. Environ Syst Decis 37, 46–50 (2017). https://doi.org/10.1007/s10669-017-9634-9
Clément, V., Rivera, J. (2016). From Adaptation to Transformation: An Extended Research Agenda for Organizational Resilience to Adversity in the Natural Environment. Organization & Environment, 30(4), 346-365. https://doi.org/10.1177/1086026616658333 (Original work published 2017)
Duchek, S. (2020) Organizational resilience: a capability-based conceptualization. Bus Res 13, 215–246. https://doi.org/10.1007/s40685-019-0085-7
Hatton, T., Charlotte, B. (2021). Building adaptive business continuity plans: Practical tips on how to inject adaptiveness into continuity planning processes. Journal of business continuity & emergency planning. 15. 44-52. 10.69554/TBEX7099
Husni, F., Suwarto, F., Hariandja, E., Tan, J. (2025). Thriving Through Adversity: A Survival Learning Framework for Entrepreneurial Transformation During the COVID-19 Crisis in Indonesia. SAGE Open. 15. 10.1177/21582440251370428.
Ibrahim, A., Amini-Philips, Wasiu, A. (2023). Conceptual Framework for Crisis Preparedness in Facility Operations and Planning. International Journal of Advanced Multidisciplinary Research and Studies. 3. 1320-1329. 10.62225/2583049X.2023.3.1.4982.
Langland, K. S., Manheim, D., McLeod, G., Nacouzi. G. (2016). “Definitions, Characteristics, and Assessments of Resilience.” In How Civil Institutions Build Resilience: Organizational Practices Derived from Academic Literature and Case Studies, 5–10. RAND Corporation. http://www.jstor.org/stable/10.7249/j.ctt1btc0m7.8.
Lichte, D., Torres, F. S., Engler, E. (2022). Framework for Operational Resilience Management of Critical Infrastructures and Organizations. Infrastructures, 7, 70. 10.3390/infrastructures7050070.
Lyng, H.B., Cheek, C. & Haraldseid-Driftland, C. (2025). Two sides of the story: bridging organizational and individual resilience - a qualitative study. BMC Health Serv Res 25, 1050. https://doi.org/10.1186/s12913-025-13013-z
Shaya, N., Abu Khait, R., Madani, R., Khattak, MN (2022). Organizational Resilience of Higher Education Institutions: An Empirical Study during Covid-19 Pandemic. High Educ Policy. 2022 May 3:1-27. doi: 10.1057/s41307-022-00272-2. Epub ahead of print. PMID: 35529423; PMCID: PMC9063249.
Statista (2025). Branchenübersicht. https://de.statista.com/statistik/kategorien/
Walker, B., Holling, C. S., Carpenter, S. R., & Kinzig, A. (2004). Resilience, adaptability and transformability in social-ecological systems. Ecology and Society, 9(2), Article 5. https://doi.org/10.5751/ES-00650-090205
Descargar el informe completo en formato PDF
↓Descargar PDF