Extended Enterprise Risk


Focusing on the climb ahead 

Extended enterprise risk management survey 2018 

This report shows how extended enterprise risk management (EERM) has continued to benefit from greater executive awareness allowing organisations to tackle the topic with renewed focus and investment. This is even more important due to the threats of high profile business failure, illegal third-party actions, or regulatory action with punitive fines.

The survey findings reveal organisations are taking an earlier, more strategic view of risk drivers to create value and identify new opportunities. Despite this awareness, and some associated improvements in third-party governance and risk management, six key areas exist where further effort is required by most organizations.

Inherent risk and maturity

  • Organisational self-assessment of overall EERM maturity continues to improve at a slower pace despite a perceived increase in the inherent risks in third-party dependence.

Business case and investment

  • EERM is increasingly focused on exploiting the upside of risk and demonstrating tangible benefits—a significant shift from only managing the downside of risk.

Centralised control

  • Organisations are centralising many elements of EERM roles, structures, and technologies.
  •  Centers of Excellence (COEs) and Shared Service Centers (SSCs) represent the dominant operating model, along with an increased focus on market utility models.

Technology platforms

  • Technology decisions for EERM solutions are now being made centrally and a three-tiered technology architecture is emerging.

Sub-contractor risk

  • Organisations are lacking appropriate visibility and monitoring of sub-contractors engaged by third-parties.

Organisational imperatives and accountability

  • Ultimate ownership and accountability for EERM suggest it is established in the C-suite, with need for improvement in engagement.
  • Challenges over internal coordination, talent and processes represent areas of highest (organisational) concern over EERM.

The survey results reflect a renewed focus in the last year on enhancing extended enterprise risk management maturity amid increasing perceptions of dependence on third-parties, although moving up the maturity curve has been slower than expected. This report also reflects an emerging shift to include more centralised oversight and management for extended enterprise risk.


Previous reports

For many organisations, their third-party ecosystem, or ‘extended enterprise,’ is an important source of business value and strategic advantage. However, as the reliance on third-parties continues to grow, so do the associated risks, bringing potential reputational damage and regulatory action.

Deloitte member firms experienced teams work with clients to develop governance frameworks which effectively identify and manage all forms of third-party risks, looking at both process and technology solutions to deliver value and meet contractual obligations.

2017 EERM survey report 
Overcoming the threats and uncertainty

2016 EERM survey report 
The threats are real

Did you find this useful?