Internal Audit and the Shift Toward Organizational Resilience
Organizations are increasingly shifting from a reactive risk management approach to one focused on long-term resilience. According to Jim Enstrom, senior vice president and chief audit executive at Cboe Global Markets, risk functions have traditionally emphasized business continuity — restoring operations after disruptions. Today, however, the focus is expanding to organizational resilience: a proactive, strategic mindset that embeds adaptability into everyday operations.
“You’re not just waiting for risk to happen, but taking a holistic, forward-thinking approach,” says Enstrom. This includes not only addressing internal systems such as technology, but also external factors like cloud infrastructure and critical third-party vendors.
Organizational resilience is also being reinforced through new regulations that require companies to demonstrate their preparedness and adaptability in the face of uncertainty. This edition of Global Best Practices explores:
- Recent regulatory developments focused on resilience
- One company’s practical experience in enhancing resilience
- The growing role of internal audit in supporting resilient organizations
Internal auditors are well-positioned to guide organizations through this shift by assessing not just how risks are managed, but how resilience is built into the core of the business.
