A large global organization may have tens of thousands of suppliers, accounting for up to 80% of organizational cost. It may also have a number of partnerships, alliances, and other business relationships with external parties, all of which have suppliers, partnerships, and alliances of their own. Indeed, in today’s digitally interconnected world, business ecosystems are growing bigger and more complex than ever before – and while this drives a great deal of value, it also inevitably gives rise to extended enterprise risks stemming from external parties’ actions.

Virtually every aspect of an organization is vulnerable to extended enterprise risk, and as organizations continue to evolve toward more complex ecosystems, these risks will likely only grow. Yet, while this is widely acknowledged, extended enterprise risk management (EERM) practices have remained relatively immature. At too many organizations, EERM processes fail to adequately consider extended enterprise risks – which not only exposes an organization to harm, but, worse, may even blind them to the possibility that harm could arise.

Why this failure? Partly, it’s because of the sheer difficulty of monitoring and managing the myriad of value-creating activities that take place outside one’s own legal control. However, the whole explanation isn’t simply that EERM is difficult. It’s also because many management teams and boards have yet to reset their concept of the “front line of defense” to include suppliers, customers, and others in the organization’s broader system of stakeholders.

The good news is that the pragmatic difficulties of managing extended enterprise risk are lessening, thanks to new technological and organizational approaches that can reduce the necessary investments and establish clear accountability for executing EERM activities.

Review the publication on our US firm's website.