What is Extended Enterprise Risk Management?
Enterprise Risk Management (ERM) usually refers to the internal and external factors that can affect an organisation’s growth, profitability and performance. There are various external risks to consider, including third-party risks, supply chain, strategic, regulatory and legal requirements.
These additional external risks have prompted organisations to express a keen interest in extended enterprise risk management (EERM) solutions that focus on third-party risks and these contractors’ extended networks, also referred to as “extended enterprise.”
A recent survey by Deloitte has shown that most organisations are concerned about extended ERM, and are including this issue in this year’s top priorities. Companies prefer to manage these risk areas from a centralised location where they can oversee, plan, analyse and prevent these additional risks to their inherent ones.
Below are some key findings of the risk management research and survey focused on extended ERM and its role in improving governance, data management, privacy and security, as well as interactions with third parties:
Enterprise Risk Management (ERM), part of the XGRC Software product range, enables the methods and processes used to manage enterprise risks and seize opportunities to achieve your strategic objectives.
- 70% of respondents indicated a moderate to high level of dependency on external entities that could include third, fourth or fifth parties.
- 62% of CEOs fail to hold their extended enterprise to the same risk standards as their organisation’s internal risks
- 47% of respondents had experienced some risk incident involving the use of external entities in the last three years
- 38% of those polled specified their intent to focus on cyber risks in the extended enterprise for the next year
- 31% of organisations included the study were likely to invest in cloud computing and subsequent emerging technologies during the next 12 months, increasing cyber risk
- 24% of poll respondents indicated it was the board risk committee’s responsibility to oversee risk governance in the extended enterprise
- 17% pointed to the importance of an audit committee in dealing with the extended risks in their organisations
Outsourced business processes and services to information technology providers – cloud computing, cloud services, and robotics automation – represent the greatest threats in the third-party ecosystem that extends to other subcontractors and sub-parties.
Common risks include data corruption and mishandling, and further concerns about cyber threats and security, considering the stringent data protection regulations (GDPR as a valid example). Reputational damage and consumer mistrust remain significant risks.
According to Deloitte, EERM governance is invaluable to the overall success of the organisation to mitigate key risks, safeguard compliance and drive real value in all lines of defence and business ecosystems.
The XGRC Software range of integrated system solutions is designed to meet all the requirements of your organisation’s Governance, Risk Management and Compliance (GRC) strategy, from planning to monitoring and reporting.