Overcoming the threats and uncertainty
Extended enterprise risk management global survey report 2017
In many organisations, third-party governance and risk management (TPGRM) has continued to benefit from greater executive awareness. However, significant changes in the external environment have slowed down progress in implementing holistic, integrated frameworks and risk management mechanisms over the last 12 months.
Deloitte’s second annual extended enterprise risk management global survey report assessed the views of 536 executives responsible for governance and risk management of the extended enterprise in their organisations. With a reduced focus on cost and an increased focus on value, the drivers for third-party engagements have shifted to recognising the strategic opportunity that third-parties create for organisations.
This report looks at how global organisations are addressing the challenges they face in managing third-party risk in uncertain external environments while remaining agile and competitive in the marketplace. It highlights five key areas where most organisations need improvement:
• Dependency and vulnerability- Despite high dependency on third-parties, organisations are still not fully equipped to manage the risks in a holistic and coordinated manner, including those arising from external uncertainties.
• Relationship management- Understanding of third-parties is increasing but comprehensive, data-driven risk management and capability to predict emerging risks is still developing.
• Governance and risk management processes- Despite executive sponsorship there is still a long way to go to get processes and technology working effectively.
• Technology platforms- An integrated TPGRM technology platform that addresses the needs of every organisation has not emerged.
• Emerging delivery models- New delivery models are emerging to bring consistency and sought-after skills to enable collaboration and address decentralisation challenges in the wider organisation.
Key findings include:
• 74% of survey respondents have faced at least one third-party related incident in the last three years
• Over 50% of respondents reported “some” or a “significant” increase in their level of dependence on third-parties in the last year
• Only 20% of respondents have integrated or optimised their extended enterprise risk management mechanisms
• Just 11% of respondents are “fully prepared” to deal with the increased uncertainty in the external environment
For many organisations, their third-party ecosystem, or ‘extended enterprise,’ is an important source of business value and strategic advantage. However, as the reliance on third-parties continues to grow, so do the associated risks, bringing potential reputational damage and regulatory action.
Our experienced teams work with clients to develop governance frameworks which effectively identify and manage all forms of third-party risks, looking at both process and technology solutions to deliver value and meet contractual obligations.