COVID-19 and the extended enterprise

Responding to COVID-19 today to build an improved extended enterprise

The COVID-19 pandemic has had an unprecedented impact on organizations, and business operations in the investment management sector have had to adapt to changes in the workforce, the use of new tools and technologies, and new ways of interacting with their extended enterprise.

Investment management organizations are dependent on a variety of critical service providers to operate successfully. And while the need for understanding and managing the risks of outsourcing critical services isn’t new, operating in the COVID-19 environment has amplified these risks, presenting new challenges in achieving resiliency.

More specifically, COVID-19 has heightened existing or, in some cases, introduced new emerging risks across domains, which can lead to increased exposures within the extended enterprise. For instance, many firms have rapidly adapted their operations and business continuity plans to cope with a new way of working and, in certain situations, an overwhelming volume of issues.

This evolution in the third-party ecosystem requires a refreshed approach to oversight techniques in order to effectively and efficiently manage risk, enhance performance, and reduce costs.

Prioritizing high-risk areas

Organizations should focus on evolving risks within the extended enterprise (such as third-party service provider risks) that have been amplified as a result of the COVID-19 pandemic and the dynamic fluidity of the current environment.

• Resiliency: Depleted resources adjusting to a more distributed working environment, potentially leading to greater difficulty in maintaining operational resiliency and opportunities for control compromises and undetected fraud.
• Financial health: Market volatility, difficulty collecting payments, and cash flow challenges may affect operational stability.
• Technology: Hastily implemented technologies and increased use of new or unmanaged tools may lack sufficient security controls to protect data.
• Regulatory: Shifts in operating models to address the changing environment may affect the ability to meet service obligations and related regulatory compliance requirements.
• Fourth-party or subcontractor: Service providers’ increased dependency on their own third parties elevates vulnerability due to lack of transparency.

In order to identify the most important risks to the organization, start by understanding the top issues associated with each of their critical third-party service providers. Then, utilize a detailed action plan targeted at addressing these specific challenges in the extended enterprise in order to move from responding to recovering to ultimately thriving in this disruptive environment.

Get in touch