pliers arranged in a pattern


Focusing on the climb ahead

Extended enterprise risk management survey 2018

As companies continue to adopt, enhance, and grow their business ecosystems, EERM is increasingly becoming an astute management enabler and value driver rather than a compliance requirement.

Revealing untapped opportunities in extending your enterprise

This report shows how extended enterprise risk management (EERM) has continued to benefit from greater executive awareness allowing organizations to tackle the topic with renewed focus and investment. This is even more important due to the threats of high profile business failure, illegal third-party actions, or regulatory action with punitive fines.

The survey findings reveal organizations are taking an earlier, more strategic view of risk drivers to create value and identify new opportunities. Despite this awareness and some associated improvements in third-party governance and risk management, six key areas exist where further effort is required by most organizations.

Inherent risk and maturity

  • Organizational self-assessment of overall EERM maturity continues to improve at a slower pace despite a perceived increase in the inherent risks in third-party dependence.

Business case and investment

  • EERM is increasingly focused on exploiting the upside of risk and demonstrating tangible benefits—a significant shift from only managing the downside of risk.

Centralized control

  • Organizations are centralizing many elements of EERM roles, structures, and technologies.
  • Centers of Excellence (COEs) and Shared Service Centers (SSCs) represent the dominant operating model, along with an increased focus on market utility models.

Technology platforms

  • Technology decisions for EERM solutions are now being made centrally and a three-tiered technology architecture is emerging.

Sub-contractor risk

  • Organizations are lacking appropriate visibility and monitoring of sub-contractors engaged by third-parties.

Organizational imperatives and accountability

  • Ultimate ownership and accountability for EERM suggest it is established in the C-suite, with the need for improvement in engagement.
  • Challenges over internal coordination, talent and processes represent areas of highest (organizational) concern over EERM.

The survey results reflect a renewed focus in the last year on enhancing extended enterprise risk management maturity amid increasing perceptions of dependence on third-parties, although moving up the maturity curve has been slower than expected. This report also reflects an emerging shift to include more centralized oversight and management for extended enterprise risk management across the more decentralized or federated structures to enable increased risk-awareness and consistency.

Back to top

Third-party governance and risk management–US results

Previous reports

For many organizations, their third-party ecosystem, or ‘extended enterprise,’ is an important source of business value and strategic advantage. However, as the reliance on third-parties continues to grow, so do the associated risks, bringing potential reputational damage and regulatory action.

Deloitte member firms experienced teams work with clients to develop governance frameworks which effectively identify and manage all forms of third-party risks, looking at both process and technology solutions to deliver value and meet contractual obligations.

2017 EERM survey report 
Overcoming the threats and uncertainty

2016 EERM survey report 
The threats are real

Back to top

graph representation by a person
Did you find this useful?