Currently, the desire to reduce costs is the biggest driver for investing in EERM maturity (62% of respondents indicated), over and above a reduction in third-party incidents (cited by 50% of participants).
Leadership taking responsibility
As better management of third-party risk has been viewed as a transformation opportunity, boards and senior leadership have grown to have ultimate responsibility for EERM in more than three-quarters of respondent organisations.
Leaders are turning to technology to improve EERM process efficiency and ensure their organisations are capturing and managing all third-party risks.
New risk intelligence tools are assimilating, aggregating, and examining real-time automated information on all risks across an entire organisation. The tools provide alerts, trend analysis, enable scenario analysis, and use emerging technologies such as the cloud, robotics process automation, and artificial intelligence.
However, the tools are only as effective as overall business engagement in EERM. With more than a third (35%) of respondents stating that the level of engagement and coordination is low, insignificant, or unknown – and just 16% saying it’s high – it’s clear there’s work to be done here.
For that reason, two out of three organisations have made better in-house engagement and coordination a priority, with 37% make it their top priority.
Fourth-party risk not being addressed
Deloitte’s report ends by assessing organisations’ oversight of the risks posed by third parties’ subcontractors and affiliates – referred to as fourth- and fifth-party risk.
It found that just 2% of respondents identify and monitor all subcontractors engaged by their third parties. A further 8% do so for their most critical relationships. The remaining 90% lack the required ongoing focus.
This expansion of subcontracting chains has led to a rise in disruptive incidents caused by organisations that appear, at first sight, to have little to do with the primary organisation at the other end of the chain. Regulators are increasingly holding firms responsible for lack of oversight of their supply chain relationship, the report notes.
Seeking specialist EERM advice
Now EERM has become a board-level issue, is it time your senior managers reviewed their exposures in this area?