Overcoming the threats and uncertainty
Extended enterprise risk management global survey report 2017
In many organizations, third-party governance and risk management (TPGRM) has continued to benefit from greater executive awareness. However, significant changes in the external environment have slowed down progress in implementing holistic, integrated frameworks and risk management mechanisms over the last 12 months.
Deloitte’s second annual extended enterprise risk management global survey report assessed the views of 536 executives responsible for governance and risk management of the extended enterprise in their organizations. With a reduced focus on cost and an increased focus on value, the drivers for third-party engagements have shifted to recognizing the strategic opportunity that third-parties create for organizations.
This report looks at how global organizations are addressing the challenges they face in managing third-party risk in uncertain external environments while remaining agile and competitive in the marketplace. It highlights five key areas where most organizations need improvement:
• Dependency and vulnerability- Despite high dependency on third-parties, organizations are still not fully equipped to manage the risks in a holistic and coordinated manner, including those arising from external uncertainties.
• Relationship management- Understanding of third-parties is increasing but comprehensive, data-driven risk management and capability to predict emerging risks is still developing.
• Governance and risk management processes- Despite executive sponsorship there is still a long way to go to get processes and technology working effectively.
• Technology platforms- An integrated TPGRM technology platform that addresses the needs of every organization has not emerged.
• Emerging delivery models- New delivery models are emerging to bring consistency and sought-after skills to enable collaboration and address decentralization challenges in the wider organization.
Key findings include:
• 74% of survey respondents have faced at least one third-party related incident in the last three years
• Over 50% of respondents reported “some” or a “significant” increase in their level of dependence on third-parties in the last year
• Only 20% of respondents have integrated or optimized their extended enterprise risk management mechanisms
• Just 11% of respondents are “fully prepared” to deal with the increased uncertainty in the external environment