Extended enterprise risk management survey 2019

A piecemeal approach to investment in third party risk management has impaired the speed of the maturity journey, neglected certain risks and adversely affected core basic tasks.

Explore Content


Organisations have stalled on their journey to extended enterprise risk management (EERM) maturity. Only 1% of organisations say they address all important EERM issues, and only another 20% say they address most EERM issues.

The majority of organisations surveyed also believe they have underinvested in third party risk management. Fewer than three in ten think their capital expenditure is the ideal amount or more and they spend the ideal amount or more on EERM staff and other operating costs.

One of the main reasons for this maturity stall is that organisations are taking a piecemeal approach to investment – they are mostly making tactical improvements, rather than investing in strategic long-term solutions. These tactical improvements have typically focused on the largest regulatory issues of the year, for instance data privacy, cyber risk and information security in 2018 and 2019.

This piecemeal approach has led to certain areas – such as exit planning, geopolitical and concentration risk – being neglected, and some organisations not doing core basic tasks well, such as understanding the nature of third-party relationships and related contractual terms. Failure to do these core basic tasks well means any investments in more cutting-edge initiatives and solutions are undermined. 

Download the full report for further insight, including industry and geography highlights.

Did you find this useful?