Extended enterprise risk management survey 2018

Article

Extended enterprise risk management survey 2018

Focusing on the climb ahead

The third edition of the Extended Enterprise Risk Management (EERM) survey shows that EERM has continued to benefit from greater executive awareness allowing organisations to tackle the topic with renewed focus and investment.

Consistent with global trends, we have seen Third Party Risk Management (TPRM / EERM) become a key priority for organisations here in Australia, particularly in financial services, energy & resource and retail industries.

EERM has continued to benefit from greater executive awareness allowing organisations to tackle the topic with renewed focus and investment. This is even more important due to the threats of high profile business failure, illegal third-party actions, or regulatory action with punitive fines.

The survey findings reveal organisations are taking an earlier, more strategic view of risk drivers to create value and identify new opportunities. Despite this awareness, and some associated improvements in third-party governance and risk management, six key areas exist where further effort is required by most organisations.

Whilst many organisations here in Australia are in the design or business case phases of third party risk management programmes, only a handful have successfully implemented holistic frameworks underpinned by a fit for purpose technology solution.

The key themes from our global survey include:

Inherent risk and maturity

  • Organisational self-assessment of overall EERM maturity continues to improve at a slower pace despite a perceived increase in the inherent risks in third-party dependence.

Business case and investment

  • EERM is increasingly focused on exploiting the upside of risk and demonstrating tangible benefits—a significant shift from only managing the downside of risk.

Centralised control

  • Organisations are centralising many elements of EERM roles, structures, and technologies
  • Centres of Excellence (COEs) and Shared Service Centres (SSCs) represent the dominant operating model, along with an increased focus on market utility models.

Technology platforms

  • Technology decisions for EERM solutions are now being made centrally and a three-tiered technology architecture is emerging.

Sub-contractor risk

  • Organisations are lacking appropriate visibility and monitoring of sub-contractors engaged by third-parties.

Organisational imperatives and accountability

  • Ultimate ownership and accountability for EERM suggest it is established in the C-suite, with need for improvement in engagement
  • Challenges over internal coordination, talent and processes represent areas of highest (organisational) concern over EERM.

The survey results reflect a renewed focus in the last year on enhancing extended enterprise risk management maturity amid increasing perceptions of dependence on third-parties, although moving up the maturity curve has been slower than expected. This report also reflects an emerging shift to include more centralised oversight and management for extended enterprise risk management across the more decentralised or federated structures to enable increased risk-awareness and consistency.

Extended enterprise risk management survey 2018

Download the report
Did you find this useful?