2017 extended enterprise risk management global survey report

Third party risk management frameworks

To help executives rethink how they should leverage their extended enterprise, this report highlights opportunities and challenges reported by more than 500 global organizations as they manage their third-party providers.

Managing third-party risk

Deloitte’s second annual extended enterprise risk management (EERM) global survey report assessed the views of 536 executives responsible for governance and risk management of the extended enterprise in their organizations. With a reduced focus on cost and an increased focus on value, the drivers for third-party engagements have shifted to recognizing the strategic opportunity that third parties create for organizations.

This report looks at how global organizations are addressing the challenges they face in managing third-party risk in uncertain external environments while remaining agile and competitive in the marketplace. It highlights five key areas where most organizations need improvement:

  • Dependency and vulnerability: Despite high dependency on third parties, organizations are still not fully equipped to manage the risks in a holistic and coordinated manner, including those arising from external uncertainties.
  • Relationship management: Understanding of third parties is increasing, but comprehensive, data-driven risk management and capabilities to predict emerging risks are still developing.
  • Governance and risk management processes: Despite executive sponsorship, there is still a long way to go to get processes and technology working effectively.
  • Technology platforms: An integrated EERM technology platform that addresses the needs of every organization has not yet emerged.
  • Emerging delivery models: New delivery models are emerging to bring consistency and sought-after skills to enable collaboration and address decentralization challenges in the wider organization.

Key findings also include:

  • 74 percent of survey respondents have faced at least one third-party related incident in the last three years
  • Over 50 percent of respondents reported “some” or a “significant” increase in their level of dependence on third parties in the last year
  • Only 20 percent of respondents have integrated or optimized their extended enterprise risk management mechanisms
  • Just 11 percent of respondents are “fully prepared” to deal with the increased uncertainty in the external environment 

Download the full report to learn more about creating untapped value through your extended enterprise.

Back to top



Access the 2016 EERM survey report

For many organizations, their extended enterprise is an important source of business value and strategic advantage. However, as the reliance on third-parties continues to grow, so do the associated risks, bringing potential reputational damage and regulatory action.

Our experienced teams work with clients to develop governance frameworks which effectively identify and manage all forms of third-party risks, looking at both process and technology solutions to deliver value and meet contractual obligations.

Back to top

2016 extended enterprise risk management global survey report

Explore more research and findings from additional risk management surveys and learn how you can lead, navigate, and disrupt in your industry.

Did you find this useful?