The latest enterprise risk management news from around the world

Extended enterprise risk management responsibility moves to the boardroom

According to a Deloitte extended enterprise risk management (EERM) survey, as better management of third party risk has been viewed as a transformation opportunity, boards and senior leadership have grown to have ultimate responsibility for EERM in more than three-quarters of respondent organizations. However, just over half (53 percent) of respondents to Deloitte's survey want a more coordinated and consistent approach to EERM across organizational functions.

Other key findings from the survey included:

  • Developments in extended enterprise risk management maturity have not kept pace with increasingly critical levels of dependence on third parties since first surveyed in 2015, as such the majority (83 percent) of organizations experienced a third-party incident in the past three years.
  • The economic environment continues to drive cost reduction and talent investment in EERM. The desire to reduce costs has become the biggest driver for investing in EERM maturity (62 percent of respondents indicated).
  • According to the survey, federated structures are becoming a dominant operating model for third-party risk management as boards and executive management continue to take a deep interest in third-party risk management and want to provide more coordinated and responsive input. More than two-thirds (69 percent) of respondent organizations say they have adopted a federated model that allows for this sharing of responsibility.
  • A mere 1 percent of organizations considered themselves optimized to address all important EERM issues presented. Chronic underinvestment is making it hard for organizations to achieve their desired EERM maturity levels, and more fundamentally, hindered many responding organizations from doing basic core tasks well.

Leadership wants better engagement, better coordination and smarter use of data

Third party risk management was viewed as an operational rather than a board or top leadership issue for decades. As better management of EERM has been viewed as a transformation opportunity, boards and senior leadership have grown to have ultimate responsibility for EERM in more than three-quarters of respondent organizations. This starts with better engagement and coordination within the business, encompassing organizational units, geographies, risk domains and subject matter experts.
As the survey revealed, boards and executive leadership now retain ultimate responsibility for EERM in most organizations.

Who ultimately has responsibility for third-party risk management?

  • 24 percent: Chief Risk Officer
  • 19 percent: Other board members
  • 17 percent: CEO.

More details.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.