steering wheels


Effective third-party risk management and governance

Extended enterprise risk management survey 2020

Are organizations reevaluating how they position third-party risk management to better prepare for high-impact events like COVID-19? Explore key findings from Deloitte’s fifth annual extended enterprise risk management (EERM) survey to learn why it’s more important than ever to prioritize an effective third-party risk management framework.

Striking a balance: Effective third-party risk management

Participation in our global survey on Extended Enterprise Risk Management has grown over the past five years to a record high of 1,145 responses across 20 countries. Over the same period, we’ve seen our clients place greater emphasis on EERM programs and address the concerns reflected in response to our previous surveys.

Since the survey closed, the risk landscape changed significantly with COVID-19 affecting organizations globally and across industries. It’s now clearer than ever how important it is to prioritize effective third-party risk management. At the time of writing, one in two respondents had yet to recognize business continuity and resilience as a top risk for their critical commercial relationships. They had not allocated the EERM budget for this purpose. Early indications show those that made appropriate investments in EERM programs are faring better in their response to the crisis than those that didn’t.

We anticipate that many organizations will reevaluate how they position third-party risk management to cope better with high-impact events, such as COVID-19. As a result, we expect a rapid acceleration up the third-party risk management maturity curve in the next 12 months.

Explore the survey’s key findings

Some of this year’s key findings include:

  • Cost of failure: The financial impact of a failure by a third party or subcontractor has at least doubled over the past five years, according to almost half of respondents.
  • Balancing responsibility and cost: The desire to be a responsible business has become one of the top drivers of investment in EERM.
  • Increasing regulatory activity: A rise in regulatory activity encourages many organizations to progress towards a greater EERM maturity.
  • Vision for transformation: Many organizations are developing longer-term visions of EERM transformation for the coming two or three years.
  • Leveraging external assistance: A growing number of organizations use external support to improve and supplement their EERM programs.
  • Wider focus: Senior executives are extending their focus beyond risk to include a broader view of third-party management.

How we help clients

For many organizations, their third-party ecosystem, or "extended enterprise," is an important source of business value and strategic advantage. However, as the reliance on third-parties continues to grow, so do the associated risks, bringing potential reputational damage and regulatory action.

Deloitte member firms' experienced teams work with clients to develop governance frameworks that effectively identify and manage all forms of third-party risks, looking at both process and technology solutions to deliver value and meet contractual obligations.

If you would like to discuss third-party risk management, please get in touch with one of our specialists.

Did you find this useful?