Third-party governance and risk management: focusing on the climb ahead
Extended enterprise risk management global survey 2018
This report shows how extended enterprise risk management (EERM) has continued to benefit from greater executive awareness allowing organizations to tackle the topic with renewed focus and investment. This is even more important due to the threats of high profile business failure, illegal third-party actions, or regulatory action with punitive fines.
Extended enterprise risk management survey 2018
The survey findings reveal organizations are taking an earlier, more strategic view of risk drivers to create value and identify new opportunities. Despite this awareness, and some associated improvements in third-party governance and risk management, six key areas exist where further effort is required by most organizations.
Inherent risk and maturity
- Organizational self-assessment of overall EERM maturity continues to improve at a slower pace despite a perceived increase in the inherent risks in third-party dependence.
Business case and investment
- EERM is increasingly focused on exploiting the upside of risk and demonstrating tangible benefits—a significant shift from only managing the downside of risk.
- Organizations are centralizing many elements of EERM roles, structures, and technologies.
- Centers of Excellence (COEs) and Shared Service Centers (SSCs) represent the dominant operating model, along with an increased focus on market utility models.
- Technology decisions for EERM solutions are now being made centrally and a three-tiered technology architecture is emerging.
- Organizations are lacking appropriate visibility and monitoring of sub-contractors engaged by third-parties.
Organizational imperatives and accountability
- Ultimate ownership and accountability for EERM suggest it is established in the C-suite, with need for improvement in engagement.
- Challenges over internal coordination, talent and processes represent areas of highest (organizational) concern over EERM.
The survey results reflect a renewed focus in the last year on enhancing extended enterprise risk management maturity amid increasing perceptions of dependence on third-parties, although moving up the maturity curve has been slower than expected. This report also reflects an emerging shift to include more centralized oversight and management for extended enterprise risk management across the more decentralized or federated structures to enable increased risk-awareness and consistency.
For more information on Risk Management, please contact Rob de Leeuw or Olaf Helmond via their contact details below.