More organizations turning to transformational EERM strategies
At a time when third parties are moving closer to the core of businesses, the extended enterprise risk management programs that manage those third parties are just now shifting from a manual and transactional approach to a coordinated, consistent, and transformational approach focusing on risk, financial and performance aspects.
That’s the key finding of a new report from consulting firm Deloitte, which found that more than one third of the 2,390 business and IT professionals the firm polled in February 2018 define their organizations’ processes to measure and monitor risks in the extended enterprise as “ad hoc” or “reactive.”
Nearly one-quarter of respondents define their organizations’ process to measure and monitor risk in the extended enterprise as “managed”. That means there is minimal effort to address risk, with limited access to third-party data and the use of reactive problem-solving with responsibilities built into existing roles, the report said.
Only 4 percent of respondents define it as “optimized," with integrated strategy and decision making, executive champions, continuous improvement and investment, and highly customized decision support tools with external data. And 12 percent define their process as “initial,” with no formal governance and little management input.
In response to a question related to EERM oversight, 42 percent of the respondents think risk committees are the best entity to oversee risk governance in their organizations’ extended enterprise. Only 11 percent said boards are the best entity.