Circle motif theflipside, eerm


Crisis and the extended enterprise

Withstanding crises that occur outside your four walls

Reliance on third-party service providers, along with their suppliers and partners, has become increasingly pervasive, complex, and interconnected. The decisions and actions of these providers, by default, affect your organization’s business operations and reputation. So what happens when a crisis occurs in this complex and far-reaching ecosystem? How prepared are you to respond and recover from critical events that originate outside the “walls” of your organization? Learn how an extended enterprise approach to crisis management can help you not only reduce revenue loss but also improve operational efficiencies and increase reputational resiliency during turbulent times.

Why should you act now?

Consider the impact to organizations from crisis-related events: Over the past several years, extended enterprise crises have cost organizations more than a billion dollars in fines, restitution, and lost revenue.1

What you do when a crisis strikes your organization and how you manage and work with your extended enterprise can help reduce your exposure points as well as financial losses. It can also help you preserve your brand and reputation. But only if you’ve prepared.


1 Deloitte research of publicly traded, crisis-impacted companies for 2012-2013, Deloitte Development, 2016.​

Back to top

pool hand rail

What are the key challenges?

Quite frankly, without a clear understanding of your own crisis plans, you’re at a disadvantage. Developing clear strategies and performing exercises and periodic testing of those plans and strategies under different scenarios will help you recognize where your challenges may lie before a crisis occurs. Equally as important is the need to have a comprehensive extended enterprise risk management (EERM) program. Without it, you’re exposed to risks that may be further amplified in times of crisis.

The potential for operational risks is also higher without a focused and pre-determined approach. Does your service level agreement (SLA) require your third party to provide pertinent key performance indicators (KPIs) so your organization can properly monitor the performance of the provider’s services? If not, quality issues might create a problem for your product or service, which could result in financial loss or heightened reputational damage to your organization.

In the event that an incident occurs, if there’s a lack of alignment on the crisis plan with your third and fourth parties, it’s unlikely that your real-time response will be effective when the crisis hits.

Back to top

man walking on ice

How can you prepare?

Preparation is rooted in understanding your environment and having a risk strategy that’s ready to be implemented. Key aspects of preparing for a crisis are:

  1. Understanding your organization’s practices and the third parties with whom you engage
  2. Working with leadership to determine the scope and governance of your existing Crisis Management Program is expansive and mature
  3. Clearly defined roles and responsibilities before, during, and after a crisis
  4. Incorporating your third parties in your extended enterprise into your Crisis Management Program, including the performance of ongoing due diligence and monitoring

Forging relationships and an overall understanding with your organization’s third parties can help your preparation efforts. Since you don’t want to be exchanging business cards for the first time during the crisis, you should incorporate crisis plans in your discussions with third parties and stakeholders.

Watch this video to learn more:

woman tying shoes

How can you respond and recover?

To reduce your exposure points and financial losses and better preserve your brand and reputation, consider implementing these components into your third-party crisis management program:

  • Lead decisively
  • Continually frame the crisis
  • Actively communicate and own the story
  • Be ready for the unexpected
  • Drive toward actionable intelligence
  • Do the post-mortem and learn from past experiences

Watch this video to learn more about these six critical components:

microphone in auditorium

What can your organization gain by taking an extended enterprise approach to crisis management?

Implementing a third-party crisis management program can help your organization realize:

  • Consistent and repeatable procedures across your third-party portfolio
  • Greater focus on the higher risk areas and better detection of incidents
  • Better control over how a crisis will be addressed
  • Clarity in the links between your organization and the third and fourth parties
  • Increased confidence in your crisis preparedness
  • Reduced analyst, regulator, and other stakeholder scrutiny

With roles defined and potential exposures isolated, you can gain deeper insight into the interaction points between your organization, your third parties, and their suppliers and partners. As a result, you’ll have a higher degree of confidence that your organization can withstand a crisis in its extended enterprise.​

Back to top

workers standing around a table

More from The flip side series

Let's talk

Rhoda H. Woo
Managing Director | Deloitte Risk and Financial Advisory
Crisis Management Solutions
Deloitte & Touche LLP
+1 212 436 3388

Kristina (Krissy) Davis
Partner | Deloitte Risk and Financial Advisory
Finance & Operations Leader
Deloitte & Touche LLP
+1 617 437 2648

Brian Liebman
Senior Manager | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP
+1 212 436 3235

Tushar Sainani
Senior Manager | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP
+1 212 436 3146

Back to top

Did you find this useful?