Skip to main content

      The traditional notion of resilience as merely bouncing back from adversity - or as an IT-driven concern focused on system availability, data recovery, and cybersecurity - no longer suffices. Today, resilience has evolved into a far broader, enterprise-wide capability that extends well beyond technology.

      Modern organizations must adopt a proactive stance that enables them not only to withstand disruptions but to thrive amid uncertainty and emerge stronger from challenges. Achieving this requires treating resilience as an enterprise-wide capability built on close collaboration between business and IT.

      This article explores how coordinated efforts across the four pillars of governance, risk management, internal control, internal audit - whether addressed individually or in combination - can strengthen an organization’s ability to anticipate, absorb, and adapt to change.

      We are entering a new era of volatility, one marked not by occasional crises but by constant, multidimensional disruption. Geopolitical tensions are reshaping global value chains, technological breakthroughs such as AI are creating both opportunities and vulnerabilities, while economic uncertainty and regulatory complexity have become the new normal.

      In this context, resilience has moved beyond its roots in crisis management to become a defining characteristic of successful organizations - those capable of anticipating risks, adapting rapidly, and transforming challenges into sustainable competitive advantages.

      Findings from the KPMG Risk and Resilience Survey 2025 highlight the urgency of this transformation:

      • 52% of organizations have not yet integrated their risk and resilience activities or structures.
      • Only 26% benefit from strong collaboration and a cross-functional view of risk.
      • Nearly two-thirds face moderate to severe barriers to effective risk management.

      Our message is clear: to turn uncertainty into opportunity, fragmented and reactive approaches are no longer sufficient. Organizations need a structured, proactive, and an integrated approach to risk and assurance activities.

      The six dimensions of enterprise resilience

      Resilience should not be viewed solely through an operational lens. To achieve long-term value and sustainable performance, organizations need to develop resilience across multiple dimensions: strategic, operational, financial, technological, organizational, and reputational.
      Each dimension represents a different angle of strength and adaptability; together they form a comprehensive view of what it truly means to be resilient.

      Oliver Elst
      Olivier Elst

      Partner | Advisory

      KPMG in Belgium

      • Strategic resilience: The capacity to adapt strategy and business models in response to market shifts and emerging opportunities.
      • Operational resilience: The ability to sustain critical operations through robust continuity planning and rapid recovery capabilities.
      • Financial resilience: The financial strength to absorb shocks through sound liquidity, diversified revenues, and risk management.
      • Technological resilience: Secure, reliable, and adaptive digital systems enabling both protection and innovation.
      • Organizational resilience: A culture that promotes leadership, engagement, and adaptability at all levels.
      • Reputational resilience: The preservation of trust through transparency, ethics, and effective stakeholder communication.

      The four pillars that build resilience

      The foundation of enterprise resilience rests on four interconnected pillars - Governance, Risk Management, Internal Control, and Internal Audit - each playing a distinct yet complementary role in shaping a strong and adaptive organization.

      While these pillars are mutually reinforcing, progress in any one of them strengthens preparedness, consistency, and confidence. Together, they form an integrated foundation for lasting enterprise resilience.

      While this article focuses on these four core pillars - which form the backbone of Enterprise Risk & Assurance (ERA) activities – enterprise resilience is a collective effort that extends beyond them.

      Functions such as Compliance and Legal, Information Security (CISO), Data Protection (DPO), Business Continuity Management, and Third-Party Risk Management all play crucial roles in reinforcing resilience. These areas intersect with the four pillars, providing specialized expertise and safeguards that contribute to a stronger, more cohesive risk and control environment.

      • Governance - The guiding force
        Strong governance provides direction, oversight, and accountability. It ensures that risk and control activities align with strategy and stakeholder expectations, embedding resilience considerations into Management decision-making.

      • Risk management - The foundation of preparedness
        Effective risk management acts as an early-warning system, identifying threats and opportunities before they materialize. It combines dynamic monitoring, scenario analysis, and integrated reporting to support timely, informed decisions.

      • Internal control - Ensuring reliability and consistency
        Internal controls act as the organization’s immune system, ensuring operational integrity and compliance. They detect anomalies, prevent errors and fraud, and provide confidence in information used for decision-making.

      • Internal audit - The assurance and insight function
        Internal audit provides independent and objective assurance on the effectiveness of governance, risk management, and control processes. Beyond compliance, it offers insights that support informed decision-making and continuous strengthening of the organization’s resilience.

      Beyond silos: Integration builds resilience, but every step counts

      Strong individual pillars are valuable, but resilience reaches its full strength when they are connected.
      Operating in silos leads to overlaps, gaps, and inconsistent perspectives, while integration enables a dynamic exchange of information that continuously strengthens the whole system.

      • Risks identified by risk management shape control design and resilience testing.
      • Control weaknesses or audit findings inform the refinement of risk assessments and frameworks.
      • Incident data strengthens both operational controls and preparedness.
      • Governance and technology act as catalysts, connecting and aligning these efforts across the organization.

      Turning integration into action requires translating vision into concrete mechanisms across the four pillars - Governance, Risk Management, Internal Control, and Internal Audit - to strengthen resilience along strategic, operational, financial, organizational, technological, and reputational dimensions, while reinforcing resilience at every level of the organization.

      The benefits of a coordinated approach

      1. Enhanced decision-making: Reliable, comprehensive information supports faster and better decisions.
      2. Improved stakeholder confidence: Demonstrated controls and transparency build trust with investors, customers, and regulators.
      3. Operational efficiency: Coordination reduces overlaps and creates efficiency gains.
      4. Competitive advantage: Superior resilience enables informed risk-taking, and the pursuit of opportunities others avoid.

      From uncertainty to value creation: The path forward

      From reactive to proactive

      Building resilience is an ongoing journey. Success requires leadership commitment, investment in people and systems, and a culture that views uncertainty as an opportunity for growth and innovation.

      Resilience as a strategic capability

      In an era defined by volatility, uncertainty, complexity, and ambiguity, resilience is no longer optional, it is fundamental for survival and success. The current context is not a passing storm but a new climate for business. In this environment, fragmented approaches to governance, risk, control, and assurance activities are not only outdated but dangerous. Resilience must be viewed as a strategic capability, a continuous process of adaptation that distinguishes organizations that merely endure change from those that shape it.

      The way forward

      Resilience is strengthened through four key levers: effective governance, proactive risk management, robust internal control, and a forward-looking internal audit that fosters continuous improvement.

      Yet the real strength lies not in the individual components but in the integration that unites them, supported by technology and a culture of collaboration.

      Resilience is the outcome. Integration can be the enabler.
      Resilience is not a destination, it is a continuous journey of adaptation and improvement, supported by strong collaboration and a shared vision.

       

      KPMG’s Enterprise Risk Services (ERS) define resilience not merely as the ability to recover, but as a proactive state of readiness, adaptability, and sustained performance and continuous improvement in response to new resilience threat.

      We invite you to contact our teams to explore how, together, we can begin building a stronger, more agile, and more resilient organization - today and for the future.

       

      Authors: Raphaël Schair, Principal

      Stay informed

      Be the first to know about top business trends that can drive success for your company.

      Subscribe now
      stay informed