NO company can function as an island and as our eco-system broadens, it typically deals with many entities like customers, partners, affiliates, and others. When organised together, these entities form what we term as the ‘extended enterprise‘ which is closer to the core of business than ever before. Organisations that step up to the challenge of developing programs to better manage this risk can elevate their position in the market by unleashing with confidence the reach, expertise, and relationships that third parties can bring.
Third-party risk management has to become a top-of-mind priority for organisations. In this respect, our recent (third) annual EERM (Extended Enterprise Risk Management) survey, based on 975 responses from a variety of organisations across 15 countries of Asia Pacific, Americas, Europe, Middle East and Africa region, has highlighted some interesting findings. 70 per cent of organisations in India recognise an increase in risk but remain ill-equipped to deal with it because of inadequate or absolutely no knowledge of sub-contractors engaged by their third parties. In fact, 14 per cent of the respondents in the survey stated that third party-outsourced relationships are not identified, monitored or reviewed at all.
Companies today have to rely on relationships that are multiple and third-party in nature, and typically outsourced. These are like outliers on the risk periphery – even for organisations that place a strong focus on risk. Our survey report highlights the below key areas where organisations could benefit from the further effort:
*Controlling heightened risk: Dependence on third parties continues to grow, with over 70 percent of Indian respondents stating that their dependence on extended enterprise has grown owing to business and macroeconomic conditions. Impact of external events (42 percent) and an increasing threat of their party-related incidents and disruptions were the two most dominant factors contributing to the perception of heightened risk in the extended enterprise.
*Enhanced board engagement: Board oversight and engagement with EERM programs continues to lag. At a global level, 78 percent of organisations suggest that the Chief Executive Officer (CEO), CFO, Chief Procurement Officer (CPO), CRO, or a member of the Board is ultimately accountable for this topic. In India, this decision rests with the Chief procurement or the Risk Officer. Boards in India are making relatively slow progress on this matter whereby 57 percent of the respondents suggested that their boards merely have a moderate level of understanding and engagement on this subject.
*Technology platforms: In keeping with the trend of increased centralised oversight of EERM activities, technology decisions are now being taken more centrally and standard tiered technology architecture is emerging. Less than ten percent of our global respondents in our survey are currently using bespoke systems for EERM, a sharp drop from just over 20 percent last year.
*Sub-contractor risk: Organisations lack appropriate visibility of sub-contractors engaged by their third-parties as well as the discipline and rigor to frequently monitor such fourth/fifth parties. 57 percent of survey respondents feel they do not have adequate knowledge and appropriate visibility of sub-contractors engaged by their third-parties and a further 21 percent are unsure of their oversight practices.