At a time when third parties are moving closer to the core of businesses, the extended enterprise risk management programs that manage those third parties are just now shifting from a manual and transactional approach to a coordinated, consistent, and transformational approach focusing on risk, financial and performance aspects.

That’s the key finding of a new report from consulting firm Deloitte, which found that more than one third of the 2,390 business and IT professionals the firm polled in February 2018 define their organizations’ processes to measure and monitor risks in the extended enterprise as “ad hoc” or “reactive.”

Nearly one-quarter of respondents define their organizations’ process to measure and monitor risk in the extended enterprise as “managed”. That means there is minimal effort to address risk, with limited access to third-party data and the use of reactive problem-solving with responsibilities built into existing roles, the report said.

Only 4 percent of respondents define it as “optimized," with integrated strategy and decision making, executive champions, continuous improvement and investment, and highly customized decision support tools with external data. And 12 percent define their process as “initial,” with no formal governance and little management input.

In response to a question related to EERM oversight, 42 percent of the respondents think risk committees are the best entity to oversee risk governance in their organizations’ extended enterprise. Only 11 percent said boards are the best entity.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access