Managing risk across the extended enterprise | Operational Risk | Deloitte


Managing risk across the extended enterprise

Resetting the front line of defense

Today’s broad business ecosystems create undeniable value — but they also generate risks. How can organizations better manage extended enterprise risk to limit exposures arising from external parties in their network?

A discipline ripe for innovation

A large global organization may have tens of thousands of suppliers, accounting for up to 80 percent of organizational costs.1 It may also have a number of partnerships, alliances, and other business relationships with external parties, all of which have suppliers, partnerships, and alliances of their own. Indeed, in today’s digitally interconnected world, business ecosystems are growing bigger and more complex than ever before — and while this drives a great deal of value, it also inevitably gives rise to extended enterprise risks arising from external parties’ actions.

Virtually every aspect of an organization—shareholder value, brand and reputation, profit and loss, employee engagement, operations — is vulnerable to extended enterprise risk, and as organizations continue to evolve toward more complex ecosystems, these risks will likely only grow. Yet, while this is widely acknowledged, our experience suggests that extended enterprise risk management (EERM) practices have remained relatively immature. At too many organizations, EERM processes fail to adequately consider extended enterprise risks — which not only exposes an organization to harm, but, worse, may even blind them to the possibility that harm could arise.

Why this failure? Partly, it’s because of the sheer difficulty of monitoring and managing the myriad of value-creating activities that take place outside one’s own legal control. However, the whole explanation, in our view, isn’t simply that EERM is difficult. It’s also that many management teams and boards have yet to reset their concept of the “front line of defense” to include suppliers, customers, and others in the organization’s broader system of stakeholders. Granted, this shift in mindset entails accepting and addressing the challenges of managing risk across a dizzying array of external parties —but the results can be dramatic. At organizations where leaders have embraced this necessity, we have seen EERM efforts transform from peripheral, siloed activities2 with an almost exclusive inward focus into enterprise-spanning programs that help protect organizations by collaborating with business partners across their industries.

Three important areas of innovation

The good news is that the pragmatic difficulties of managing and mitigating extended enterprise risk are lessening, thanks to new technological and organizational approaches that can bring the necessary investments down to a manageable level and establish clear accountability for managing and executing EERM activities. In the attached document, we describe three important areas of innovation that we have seen leading companies pursue to “reset the front line of defense”:

  • Emerging technologies that help mitigate risks, enhance trust, establish a single version of the truth, and facilitate monitoring and coordination
  • Cooperative relationships that give organizations access to economies of scale and specialized EERM capabilities
  • Organization and governance models that clearly guide execution and assign responsibility, authority, and accountability for EERM

This is an article from Deloitte Insights

Managing risk across the extended enterprise

More information?

For more information on Extended Enterprise Risk, please contact Wim Eysink or Olaf Helmond via their contact details below.

Vond u dit nuttig?