Inherent Risk & Maturity
A renewed set of drivers, directly aligned with long-term value creation and cost savings, have begun to motivate organizations to increase their dependence on third-parties, thus forming the extended enterprise. Forty-one percent of respondents reported “some” increase in their dependence on third-parties in the previous year and eleven percent reported a “significant” increase. In turn, this has forced companies to consider investing in holistic and integrated programs to manage extended enterprise risks, brought about from increased third-party involvement.
Business Case & Investment
Prior surveys have confirmed that the majority of global companies were equally or more decentralized than they were centralized across operating units/entities. However, the aforementioned dominance of third-parties forming the extended enterprise in these decentralized operating units/entities presents potential concerns. A critical, organization-wide matter should not be left to the discretion of external personnel, so decentralization has been scaled back. Mainly, companies introduced centralized ownership and management of the various elements in their extended ERM framework to combat these concerns.
Emerging Technologies for ERM
Ultimate ownership and accountability for EERM suggests it is well and truly established in the C-suite roles with need for improvement in engagement. Seventy-eight percent of organizations suggest that the CEO, CFO, CPO, CRO or Board member is ultimately accountable for EERM. Also, executives who are under direct Board/CEO supervision have seemed to face significant accountability.
The majority of organizations believe there is substantial room for improvement in the level of engagement on the EERM agenda by Board members and risk owners. This is a common trend among new ERM phenomena and is only made more difficult with third-party involvement. Only twenty percent of Board members engage at a high level, suggesting that eighty percent of Board members only moderately interact with EERM agendas and initiatives, for which they are usually held accountable.