Do risk management and resilience teams work together in your enterprise?
As executives strive to safeguard their organizations against an array of emerging threats, the equal importance of enterprise resilience cannot be overlooked. Changes are mounting and volatility feels like the new norm.
Traditional risk management disciplines, which aim to identify, analyze, and mitigate threats, remain essential in this uncertain environment. But managing risks individually will leave organizations vulnerable. To navigate change, withstand and recover from disruption, and sustain performance over time, leaders must make resilience the ultimate end goal of their risk management strategies and practices.
A comprehensive and integrated approach to risk management and resilience, with the right capabilities, skills, and tools, will fortify your enterprise. Working together, leaders in risk, compliance, cyber, tech, legal, and internal audit can help ensure stability and continuous improvement in an unpredictable world.
Multiple trends are making organizational resilience a top priority:
1
2
3
4
5
The KPMG Risk and Resilience Survey finds that although many organizations have documented their risk strategies, guidelines, and procedures, only a minority are consistent in applying them. Risks are often addressed reactively, with organizations scrambling to respond to a real-time incident. This directly impedes organizational resilience. Risk management must be continuous and active for organizations to sense and adapt to threats and sudden change.
Integrating risk management and resilience is essential for several reasons:
Holistic view: A comprehensive risk management and resilience program goes beyond the organization’s boundaries, including third-party relationships. This holistic view ensures that risks are identified and managed both within the organization and across its entire network, which is vital in our interconnected business world.
Strategic alignment: Risk management should not be mere compliance exercises. It should be aligned with the organization’s core strategy and decision-making processes. Misalignment can result in significant failures, making organizations vulnerable to risks and undermining their resilience.
Operational intelligence: An integrated approach can significantly enhance operational decision-making. This action-oriented approach ensures that risks are not only identified but also managed proactively, enabling organizations to both exploit opportunities and avoid potential threats.
Crisis transformation: Strong organizational resilience can positively impact a business’s top and bottom lines, driving new revenue opportunities. It fosters a culture of innovation and continuous improvement, allowing businesses to adapt their strategies, products, and services to meet evolving needs and enhance customer experience.
According to the KPMG Risk and Resilience Survey, 48 percent of organizations have a centralized structure for risk and resiliency management, yet only 26 percent have a cross-functional view of risks. In addition, more than two-thirds face moderate-to-strong barriers in trying to manage risks, and only 17 percent extend resiliency plans beyond critical processes.
Building a more resilient enterprise is not only about survival, but also about thriving in uncertainty. By prioritizing resilience, organizations can:
Protect against potential threats and maintain business continuity.
Maintain stakeholder trust and enhance brand value.
Foster a culture of innovation and continuous improvement.
Turn potential crises into opportunities for growth and competitive advantage.
An integrated framework encompasses various resilience disciplines such as business continuity, disaster recovery, crisis management, supply chain, cyber-resilience, and emergency management.
Start by creating or expanding risk management committees with representatives from all major business functions. Utilize a hub-and-spoke model to build advocates and ensure cohesive decision-making. It’s essential to create a common understanding of risk and resilience strategies and policies, fostering better coordination, synergy, and alignment across business functions.
Cross-functional teams should be responsible for delivering the frameworks, policies, and standards that determine how resilience will be implemented. This ensures that all stakeholders have access to the necessary technologies, systems, and physical locations to deliver services to customers and clients.
Regular workshops should be conducted to build trust and identify blind spots. Allow for comfortable decentralization in adopting shared risk and resilience strategies and policies, providing transparency and stakeholder alignment to the organization’s mission.
Enhancing risk and resilience processes with technology and automation allows organizations to shift from reactive to proactive risk management. They can swiftly adapt to new challenges and threats.
Platforms for governance, risk, and compliance; risk monitoring; and advanced analytics are crucial. Survey findings show that organizations utilizing these tools perform better at managing risks.
Tech-enablement strategies should aim to tie insights together, enabling informed decision-making and quick, bold reactions. Ensuring high-quality, up-to-date, and consolidated risk data provides a comprehensive view. Advanced analytics help sense active threats and can illuminate appropriate responses.
Leading technology tools play a significant role in this transformation. AI and machine learning enhance risk detection and response by scanning data sets, enabling proactive management. Cloud computing offers scalability, flexibility, and cost-efficiency while enhancing resilience through redundant and geographically distributed data storage and processing capabilities. Automation streamlines risk management processes, reducing human error and improving response times.
Building a resilient culture throughout the enterprise is essential for long-term success. Senior leadership must be accountable by assigning specific roles such as chief risk officer, chief information security officer, chief information officer, and chief technology officer to manage risk and resilience. Employees, as the first line of defense against risks, should undergo regular training and awareness programs to effectively recognize and respond to potential threats. Additionally, resiliency plans should be periodically tested and updated to ensure they are robust and responsive.
Building a resilient culture requires leadership commitment, making resilience a boardroom discussion and integrating it into an organization’s DNA. Collaboration across departments and with external partners, fostering a culture of open communication and shared responsibility, is vital for building a resilient enterprise.
With an integrated approach to risk and resilience, supported by cutting-edge technology and a strong culture of resilience, organizations can confidently navigate the challenges of an ever-changing business landscape. Read the KPMG Risk and Resilience Survey for more data, insights, and advice on building a resilient enterprise.
In today’s volatile risk environment, organizations face increasingly complex and evolving cyber threats that demand robust resilience strategies. KPMG offers wide-ranging cybersecurity and cyber resilience services designed to help organizations navigate these challenges, leveraging advanced technologies and deep industry experience across protection, detection, response, and recovery. Along with the broad range of KPMG risk services, we help businesses fortify their cybersecurity posture, withstand and recover from cyber incidents, align cybersecurity investments with business goals, and build trust and confidence among stakeholders.
Insight
KPMG Risk and Resilience Survey
Stay ahead of disruption with KPMG research on the state of risk and resilience management. Read the report now.
Insight
6 risk management capabilities that reduce complexity and foster trust and resilience
Current uncertainty and challenges call for a dramatic rethink of the way risk is managed. KPMG helps organizations modernize and optimize their approach.
Insight
Cybersecurity considerations 2025
In an AI-dominated business environment, the foundational principles of cybersecurity are even more critical
Client stories
Client Story
The gold standard of trust
KPMG helped a global auto manufacturer develop an organization-wide strategy to manage insider risk for its most sensitive data.
Client Story
A guiding North Star for cyber risk strength
KPMG helped a FORTUNE 500 omnichannel retailer's enterprise risk team assess and strengthen cloud risk management practices.
More stories
Read about how we help clients manage risks, build resilience, and accelerate value—then let us do the same for you.
