Effective third-party risk management and governance has been saved
Analysis
Effective third-party risk management and governance
Extended enterprise risk management survey 2020
Are organizations reevaluating how they position third-party risk management to better prepare for high-impact events like COVID-19? Explore key findings from Deloitte’s fifth annual extended enterprise risk management (EERM) survey to learn why it’s more important than ever to prioritize an effective third-party risk management framework.
Striking a balance: Effective third-party risk management
Participation in our global survey on Extended Enterprise Risk Management has grown over the past five years to a record high of 1,145 responses across 20 countries. Over the same period, we’ve seen our clients place greater emphasis on EERM programs and address the concerns reflected in response to our previous surveys.
Since the survey closed, the risk landscape changed significantly with COVID-19 affecting organizations globally and across industries. It’s now clearer than ever how important it is to prioritize effective third-party risk management. At the time of writing, one in two respondents had yet to recognize business continuity and resilience as a top risk for their critical commercial relationships. They had not allocated the EERM budget for this purpose. Early indications show those that made appropriate investments in EERM programs are faring better in their response to the crisis than those that didn’t.
We anticipate that many organizations will reevaluate how they position third-party risk management to cope better with high-impact events, such as COVID-19. As a result, we expect a rapid acceleration up the third-party risk management maturity curve in the next 12 months.
Explore the survey’s key findings
Some of this year’s key findings include:
- Cost of failure: The financial impact of a failure by a third party or subcontractor has at least doubled over the past five years, according to almost half of respondents.
- Balancing responsibility and cost: The desire to be a responsible business has become one of the top drivers of investment in EERM.
- Increasing regulatory activity: A rise in regulatory activity encourages many organizations to progress towards a greater EERM maturity.
- Vision for transformation: Many organizations are developing longer-term visions of EERM transformation for the coming two or three years.
- Leveraging external assistance: A growing number of organizations use external support to improve and supplement their EERM programs.
- Wider focus: Senior executives are extending their focus beyond risk to include a broader view of third-party management.
Discover insights from previous reports
Third-party governance and risk management – 2019
All together now
Third-party governance & risk management – 2018
Focusing on the climb ahead
Third-party governance & risk management – 2017
Overcoming the threats and uncertainty
Third-party governance & risk management – 2016
The threats are real
How we help clients
For many organizations, their third-party ecosystem, or "extended enterprise," is an important source of business value and strategic advantage. However, as the reliance on third-parties continues to grow, so do the associated risks, bringing potential reputational damage and regulatory action.
Deloitte member firms' experienced teams work with clients to develop governance frameworks that effectively identify and manage all forms of third-party risks, looking at both process and technology solutions to deliver value and meet contractual obligations.
If you would like to discuss third-party risk management, please get in touch with one of our specialists.
Get in touch
