Extended enterprise risk management survey 2018

Extended enterprise risk management (EERM) continues to benefit from greater executive awareness allowing organizations to tackle the topic with renewed focus and investment. This is even more important due to the threats of high profile business failure, illegal third-party actions, or regulatory action with punitive fines.

The survey findings reveal organizations are taking an earlier, more strategic view of risk drivers to create value and identify new opportunities. Despite this awareness, and some associated improvements in third-party governance and risk management, six key areas exist where further effort is required by most organizations.

The key areas where further effort is required by most organizations:

• Inherent risk and maturity. Organizational self-assessment of overall EERM maturity continues to improve at a slower pace despite a perceived increase in the inherent risks in third-party dependence.
• Business case and investment. EERM is increasingly focused on exploiting the upside of risk and demonstrating tangible benefits—a significant shift from only managing the downside of risk.
• Centralized control. Organizations are centralizing many elements of EERM roles, structures, and technologies. Centers of Excellence (COEs) and Shared Service Centers (SSCs) represent the dominant operating model, along with an increased focus on market utility models.
• Technology platforms. Technology decisions for EERM solutions are now being made centrally and a three-tiered technology architecture is emerging.
• Sub-contractor risk. Organizations are lacking appropriate visibility and monitoring of sub-contractors engaged by third-parties.
• Organizational imperatives and accountability. Ultimate ownership and accountability for EERM suggest it is established in the C-suite, with need for improvement in engagement. Challenges over internal coordination, talent and processes represent areas of highest (organizational) concern over EERM.