“Be responsible and effective. Strike a balance.”
Deloitte Extended Enterprise Risk Management Report Part V – Vision for transformation
Deloitte has been conducting the annual global survey on extended enterprise risk management (EERM) for five years now. The latest edition includes the views and observations of 1,145 respondents from 20 countries all over the world. Based on the survey results, Deloitte has released a report focusing on the prevailing trends and EERM challenges faced by organizations. This year’s report is unique as in addition to surveys completed between November 2019 and January 2020 it also includes information obtained subsequently on the response of enterprises and the third parties in their ecosystems to the rapid developments driven by the pandemic of COVID-19.
The report is entitled “Be responsible and effective. Strike a balance.” This article is the fifth in a series of eight publications aimed to discuss the key themes emerging from the survey. It discusses the structure of currently used extended enterprise risk management systems, the most frequent challenges related to EERM technologies as well as the ways to address them by means of a centralized repository of intelligence built on cutting edge technology.
EERM solutions structure
Over the last few years we’ve seen the emergence of a three-tiered technology structure for EERM comprising the following elements which are expected to operate seamlessly:
- Tier 1: ERP, P2P or other backbone systems, for example procurement platforms, acting as the foundation for EERM activities. Our survey has shown that an increasing number of organizations want a strong foundation as the master source of third-party relationships. This explains the rapid adoption of Tier 1 in the last year, up to 89% from 59% last year.
- Tier 2: Risk management platforms supporting Tier 1. Typically, these include generic platforms supporting decision-making and addressing diverse risk management and compliance requirements, or specific EERM risk management packages tailored to the extended enterprise’s needs, which are also growing in popularity.
According to the report, 66% of respondents use Tier 2 to complement their Tier 1 solutions. The most popular platforms are Thomson Reuters, RSA Archer and ServiceNow.
- Tier 3: Other niche packages for specific EERM processes or risks. They provide access to domain-specific risk solutions or feeder systems and their popularity continues to grow, especially in risk domains such as financial solvency and cyber threat prevention. To monitor the impact of COVID-19, some organizations also incorporated information published by the WHO and local governments on the spread of the pandemic and lockdowns into their TPRM tools. As the survey reveals, 73% of organizations use Tier 3, with Dun & Bradstreet, Thomson Reuters / Refinitiv and Experian solutions used most frequently.
Why are organizations not satisfied with their EERM technology?
The survey has shown that as many as 72% of organizations are not fully satisfied with their EERM technology solutions. Some challenges with EERM technology have been further highlighted during the response to COVID-19. Respondents’ biggest technology concerns are that:
- EERM systems do not seamlessly integrate with each other (according to 61%).
- The system does not produce the data required to make key decisions (34%).
- The data’s integrity is questionable (32%).
- Inter-related data is not interfaced through in real time (31%).
- Solutions cannot adapt to changing risk management requirements (30%).
- Technical infrastructure needs review (23%).
In order to be able to confront these challenges successfully, a number of organizations rely on the support of experts in the development of their long-term EERM vision.
A centralized repository of intelligence built on cutting edge technology
Organizations are developing longer-term visions of EERM transformation enabled by a “single source of the truth”: a centralized repository of intelligence built on cutting edge technology. It should be capable of addressing the majority of issues by fulfilling a wide spectrum of functions: enabling real-time monitoring and decision-making, in addition to appropriate, practical processes and robust governance.
Respondents are aligned in their view that there is no single technology solution available that meets all the requirements, so the vast majority have taken to stitching different products and technologies together. This creates the risk of problems with their integration – let’s not forget that as many as 61% of organizations are concerned that their EERM systems do not seamlessly integrate with each other. It’s not surprising then that ‘ease of integration’ and ‘flexibility of reporting’ are regularly cited as the most important requirements when selecting technology to underpin EERM.
Deloitte point of view
Accelerated by the need for a rapid response to the global pandemic, we expect continued investment in tech-enabled transformation initiatives in pursuit of the twin objectives of efficiency and effectiveness. We believe this will increasingly be driven by the need for holistic, rather than piecemeal, management of third parties, enabled by a “single source of the truth”.
In line with survey respondents, we do not see a ‘stand-out’ technology solution that has differentiated itself as the ‘go-to’ solution for TPRM. We expect that this, in turn, will continue to prompt the major ERP, P2P and risk management platform vendors to upgrade the functionality of their solutions. This improved functionality will not only rely on cutting-edge technology but addresses the broadening focus of EERM.
Given the pandemic, there is, no doubt, an urgent need for the boardroom and top executives to obtain actionable intelligence to manage the extended enterprise on a real-time basis. We anticipate that COVID-19 will drive many organizations to a period of reflection whereby they fully evaluate their TPRM frameworks, building lessons learned into their vision for realization and embedding over the years that follow.