Extended enterprise risk management: New perspectives on a growing imperative The Dbriefs Governance, Risk, & Compliance series

Similar documents
Third Party Governance and Risk Management

Outsourcing Transparency Evolution: Creating Value Across the Third-Party Extended Enterprise

CFO meets M&A: Value creation in the digital age The Dbriefs Driving Enterprise Value series

Reimagining IT: Leading technology organizations into the future The Dbriefs Technology Executives series

Quarterly accounting roundup: An update on important developments The Dbriefs Financial Reporting series Robert Uhl, Partner, Deloitte & Touche LLP

ERP systems and operational transfer pricing: Relief is on the way Dbriefs Tax Operations series

Mid-market technology trends: Leveraging disruption to drive value The Dbriefs Private Companies series Anthony Stephan, Principal, Deloitte

People analytics: Actionable insights are the new mandate The Dbriefs HR Executives series

Extended Enterprise Risk Management

Securing Capabilities in the Cloud: Security and Privacy in the Evolution of Cloud Computing

Extended Enterprise Risk Management

Why Is Third Party Risk Management Important?

Webcast title in Verdana Regular

Advanced forecasting in FP&A: Automation is here and expanding The Dbriefs Driving Enterprise Value series Miles Ewing, Principal, Deloitte

The future of procurement in the age of digital supply networks The DBriefs Driving Enterprise Value series

Data Standards in Oil & Gas

The CFO as a strategist-catalyst partner to the CEO The Dbriefs Driving Enterprise Value series

Bottom-line Savings through Contract Compliance and Cost Recovery

KPMG s financial management practice

Third Party Risk Management ( TPRM ) Transformation

Oracle Cloud ERP - Oil and Gas Industry Enabler for Digital Finance Transformation

Beyond EDI Unlocking new value with transactions enabled by SAP Ariba and the Ariba Network

Software asset management: Where is the market headed?

Back to School for Business Services how to get it right?

Data, Analytics and Your Audit

MDM offers healthcare organizations an agile, affordable solution To deliver high quality patient care and better outcomes

Managing Tax. Balancing current challenge with future promise Session 5. The Grand Hyatt, Singapore 16 February 2017

Shine a light on media accountability

Digital HR: Driving organizations to be digital, not just do digital

BENEFITS OF AN EFFECTIVE OUTSOURCING STRATEGY. March 1, 2017

Risk Advisory Services Developing your organisation s governance for competitive advantage

Electronic accounts payable: increasing compliance, control and security

Airline customer experience: Time to chart a new course? The Dbriefs Travel, Hospitality & Leisure series Guy Langford, Advisory Partner, Deloitte &

Four faces of the CFO

Are Containers the New Golden Hammer? Tracy Bannon Lori Olson

Deloitte Dbriefs Article: 13 November Indirect Tax Technology: Time for an Upgrade?

Software Asset Management Reducing costs, mitigating risk, gaining control. Ninety years in the Middle East

Procure to Pay (P2P) Risk Analytics. Risk Advisory

Telecom Expense Management

Cement Industry Risk Analytics For Private circulation only June Risk Advisory

VENDOR RISK MANAGEMENT FCC SERVICES

Modernizing compliance: Moving from value protection to value creation

Streamline and Simplify Rebate, Royalty, and Incentive Compensation Programs

Enterprise Risk Management in Health Care

Outsourcing banking processes: The question is no longer if, but how to effectively manage extended enterprises

Source-to-pay: Delivering value beyond savings

Modernizing Compliance: Evolving From a Foundational Program to a Value-Creating Strategic Partner

Genpact Intelligent Operations SM

Advanced e5 for Higher Education

2017 Deloitte Renewable Energy Seminar Innovating for tomorrow November 13-15, 2017

The journey to procurement excellence

Continuous Auditing/Monitoring Using Data Analytics Institute Of Internal Auditors/ISACA Conference, 27/28 August 2015 Presented by: Tricha Simon

Internal audit insights High impact areas of focus

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

Finance disrupted. Future of finance in healthcare: As the industry adjusts to continuous disruption, the finance function has an opportunity to lead

SEC hot topics: Year-end update The Dbriefs Financial Reporting series

Legacy System Modernization. Imperatives. Challenges. Approach. Case Studies. PA TechCon. May 4, Considerations

Key findings: Almost 60% of respondents found the biggest challenge was getting answers to technical questions.

Five Minutes on Empowering Modern Procurement. Why Transforming Procurement Is a Top Priority for the Modern Business

Introduction. Table of Contents

The National Multistate Tax Symposium West Move forward with confidence State implications of tax reform. April 30-May 2, 2018

Trusted by more than 150 CSPs worldwide.

Risk Management For and By the BOT. Secured BOT Series

Outsourcing transparency evolution

9/12/2013. CAPITALIZE ON YOUR PURCHASING CARD PROGRAM September 20, Agenda. With a card payment you can:

Global Trade Radar How to leverage what tax authorities and forward-looking companies are doing in customs and global trade. Global Trade Radar

Removing Supply Chain Costs. Elemica Road Show May 13, 2009

Best of Breed Automation September 2014

Revenew s Cost Recovery and Cost Containment services return dollars to your budgets. We recover over $100 million for our clients annually.

Internal audit insights High-impact areas of focus

The rise of the empowered health care consumer

Top 10 Best Practices in Procurement Outsourcing (PO)

Adapting Risk Management to Evolving Technologies

Who Does What, When, and How for a Divestiture?

Microsoft Solomon Integrated Innovation with Microsoft Office

Multisource Management in the Cloud Age Keys to MSI and SIAM success in Hybrid IT environments

Canadian business perspectives on the governance of enterprise IT (GEIT)

ALIGNING YOUR ORGANIZATION STARTS WITH ACCOUNTS PAYABLE

Third Party Vendor Management and FDR Compliance

A Data Driven Company How Deloitte transformed itself. QlikView Business Discovery World Tour Eindhoven, 9 October 2013

How Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits?

RA Survey Appendix 1. All questions and answers and Additional insights. TM Forum Revenue Assurance Team TM Forum 1 V2015.4

Building your omni-channel journey

Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale

Value-added governance and controls: The need and application of strategic risk Paul Campbell, Katie Pavlovsky and Jeff Suchadoll

EMEA TMC client conference Enterprise data management. The Crystal, London 9-10 June 2015

Volatility: the new reality Synchronize your supply chain planning to capture value in a volatile world

AI in government: Could smart technology revolutionize the public sector? The Dbriefs Federal & State Government series

1. Understanding Big Data. Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview

Transfer Pricing Issues in Business Restructurings

Accenture Profit Recovery and Analytics

Business Process Services: A Value-Based Approach to Process Improvement and Delivery

Building a gross-to-net strategy in a fast changing market How evolved is your approach?

Deloitte. M&A Institute

Turning Accounts Payable and Procurement into a Competitive Advantage What you need to know about the latest advances in technology

Implementing Analytics in Internal Audit. Jordan Lloyd Senior Manager Ravindra Singh Manager

Implementation considerations for private companies Staying on track with the new lease accounting standard, ASC 842

An Overview of the AWS Cloud Adoption Framework

Transforming HR to Meet New Business Priorities

Delivering Real Value Through Strategic Sourcing

Transcription:

Extended enterprise risk management: New perspectives on a growing imperative The Dbriefs Governance, Risk, & Compliance series Dan Kinsella, Partner, Deloitte & Touche LLP Kristian Park, Partner, Deloitte UK Sanjoy Sen, Deloitte UK May 25, 2017

Agenda 2017 EERM Survey results Cost and revenue recovery Question and answer Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 2

2017 EERM Survey results Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 3

The extended enterprise Overview An organization does not operate in isolation because its success is dependent upon a complex network of third-party relationships Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 4

Organizational progress in EERM since last year appears modest although increasing awareness of risks is expected to prime 2017 and 2018 as years for accelerated maturity Report based on 536 responses, a significant increase from 170 last year Covers 11 countries across the Americas, Europe Middle East and Africa (EMEA) and Asia/Pacific across all key industry segments Respondents typically include those responsible for EERM: Chief Finance Officers, Heads of Procurement/Vendor Management, Chief Risk Officers, Heads of Internal Audit, and Compliance and Information Technology (IT) Risk Heads Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 5

Despite increasing executive awareness of risks and some associated improvements in EERM, five key areas exist where further effort is required by most organizations Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 6

Dependency and vulnerability Despite high dependency on third parties, organizations are still not fully equipped to manage the risks in a holistic and coordinated manner, including those arising from external uncertainties 53.3 percent of respondent organizations have a high or critical level of dependence on third parties. However, only 20.1 percent have integrated or optimized their EERM mechanisms with others aspiring to do so within the next 1-3 years. 40.5 percent of respondents reported some increase in dependence on third parties in the last one year with a further 10.1 percent experiencing significant increase. Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 7

Dependency and vulnerability Despite high dependency on third parties, organizations are still not fully equipped to manage the risks in a holistic and coordinated manner, including those arising from external uncertainties Just 11.6 percent of respondents are fully prepared to deal with the increased uncertainty in the external environment while a significant majority of 72.3 percent of respondents are only somewhat prepared. 74.1 percent of respondents have faced at least one thirdparty related incident in the last three years. As many as one in five respondents have faced a complete third-party failure or an incident with major consequences in the last three years. 26.3 percent of respondents have faced noncompliance with regulatory requirements (compared to 23.0 percent in 2016), while 16.7 percent have suffered reputation damage (26.2 percent last year). Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 8

Polling question #1 Do you think your organization s level of maturity in risk management of third parties so far has been proportionate to its level of dependency and vulnerability? a) Yes, we have a high level of maturity in EERM to address our increasing level of dependency on third parties and the related vulnerability b) We are currently enhancing our level of maturity in EERM to match our increasing dependence on third parties c) There is a recognized need to enhance our maturity in EERM to match our increased dependence on third parties d) We don t know whether our maturity in EERM is proportionate to our dependency on third parties and the related vulnerability Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 9

Relationship management Understanding of third parties is increasing; but comprehensive, data-driven risk management and capability to predict emerging risks is still developing Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 10

Polling question #2 Which option most closely describes your organization s third-party risk management capabilities? a) Largely dependent on real-time controls (including risk-sensing) that have been implemented b) Intention to evolve risk management capability based on real-time controls, but do not yet have them fully developed c) Largely dependent on traditional detective controls (operating with varying time-lag) d) Don t know/not sure Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 11

Governance and risk management processes Despite executive sponsorship, there is still a long way to go to get processes and technology working effectively The proportion of respondents skeptical about EERM technology in their organizations has only slightly reduced from 94.3 percent since our last survey to 90.6 percent of respondents. Ultimate responsibility for thirdparty risk management rests with the Board, CEO, CFO, CPO or other members of the C-suite in 74.6 percent of responses. A similar lack of confidence relating to the quality of EERM processes is also only marginally down from 88.6 percent to 82.5 percent, indicating the need for continued focus in this area. Third-party risk features consistently or periodically on the Board agenda in 53.2 percent of respondent organizations. Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 12

Polling question #3 Which statement most accurately describes the current state of your organization s thirdparty governance and management processes? a) There is an opportunity for enhancement in the level of understanding of the Board with regard to EERM b) The Board understands the risks associated with the extended enterprise but there hasn t been a clear mandate yet to make significant investment in EERM c) There is a mandate from the Board to enhance the existing EERM framework, but an execution gap in the ability to achieve intended results d) Current EERM framework and processes are integrated and optimized e) Don t know/not applicable Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 13

Technology platforms An integrated EERM technology platform that addresses the needs of every organization has not emerged Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 14

Emerging delivery models New delivery models are emerging to bring consistency and sought-after skills, enable collaboration, and address decentralization challenges in the wider organization Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 15

Some operational challenges I need a turnkey, cloud-based technology solutions to automate EERM such that I don t have to invest precious resources in configuring and maintaining the solution. Chief Information Officer I need to keep up the changing regulatory and industry requirements. Chief Compliance Officer I need to cut costs with managing my third-party relationships. Chief Procurement Officer I need a simple way to keep a pulse on my third parties, so I can react quickly to any disruptions impacting my operations. I need a centralized dashboard of emerging issues Supply Chain Officer I would like to see who our top 20 critical third parties are the risk they present to the organization Board I need the right talent to enable my EERM center of excellence. Chief Risk Officer I need to make managing my thirdparty relationships a lean and efficient process and reduce the burden on third parties. Chief Operations Officer Why does it take so long to on-board a third party and why do I have to complete all this paperwork? Relationship owner Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 16

Managed services as a delivery model The needs of an operating model that enables appropriate level of upstream and downstream visibility and accountability for better performance and risk management of third parties. Turnkey and scalability An established infrastructure, process and team to hit the ground running or scale up Informed decisionmaking Formal integration and cohesion among various functions, including Procurement, Risk functions, Compliance, IT, and others, to drive decision making supported by data and data linkages Managed services operating model Continuous Monitoring Ongoing monitoring while easing the burden on organization talent resources Comprehensive view of risks and performance A broad and enterprise-wide current view of your third-party landscape, trends, executive dashboards Standardized process Consistent application of third-party risk scoring, sensing, and monitoring by various business units across geographical location and third-party types Efficiency Creates an enterprise-wide process, identifying risks faster and in a consistent manner, clarifying the required steps for up-front due diligence and reducing time to on-board Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 17

Polling question #4 What is the extent of your management s appetite to explore alternative delivery models for EERM while retaining overall accountability for risk management in-house? a) Appetite to explore managed services (outsourced) models on an end-to-end basis for third parties, consortiums and market utilities b) Appetite to explore managed services models for certain aspects of EERM such as due diligence and risk assessments but not consortiums or market utilities c) Appetite to explore consortiums and market utilities only but not outsourced managed services models d) No appetite to explore any of the above e) Don t know/undecided Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 18

Cost and revenue recovery Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 19

Cost and revenue recovery Overview The recent dramatic rise in data analytics capabilities, predictive learning, and optical document scanning has increased the ability for companies to monitor and identify significant financial recovery and cost saving opportunities Third parties Transaction types Application tools Vendors Licensees Customers Channel partners Landlords Distributors Advertisers Cost sharing agreements Purchase agreements Invoicing and related surcharges Lease agreements Software License Agreements Contract automation tools Data analytics and algorithms Royalty agreement and cost sharing agreement compliance tools Software deployment inventorying tools Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 20

Example risks and opportunities Illustrative examples of compliance risks underlying various types of third-parties and the opportunities it presents for cost and revenue recovery Direct suppliers Contract manufacturers Suppliers of raw materials Equipment suppliers Dealers Over-reported/ non-contractual passthrough costs charged Reputational impact of inadequate quality control procedures IP security and infringement concerns Lack of clarity over pricing of key chemical inputs Incorrect benchmarking of raw material costs Non-contractual exchange rates applied Non-adherence to contractual pricing structure Mis-calculation of individual and volume discounts Under-reporting or non-payment of volume rebates Under reported revenue Compliance with regulatory requirements Special pricing promotion incentives Pass-through regulatory costs Indirect suppliers IT suppliers Marketing services Travel agents Outsourced business functions Over-reported charges for hardware and software products Incorrect charging of rates and hours for consultants, overtime and expenses Lack of understanding over software licensing terms and conditions Acting in an unethical manner, leading to reputational damage for client Breach of regulations in relation to provision of gifts or hospitality Over-reporting of costs or mis-allocation of costs Use of non-contractual rates Under-reporting or nonpayment of airline rebates Incorrect charging of point of sales fees Uplifted hotel rates charged Non-compliance with local laws and regulations Incorrect timesheets provided to client or used for cost reporting Duties not performed to required service levels Over-reporting of costs or mis-allocation of costs Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 21

Cost and revenue recovery Getting started Effective monitoring and data analytics of business partner relationships can often lead to significant cost reduction and revenue recoveries Below are some initial steps that can help identify potential opportunities: 1 Take inventory of significant external revenue streams, key contracts, and areas of potential leakage 2 Identify repeatable use cases where revenue enhancement or cost reduction steps can be undertaken across common sets of third parties 3 Evaluate vendor, agent, and alliance partner areas for recovery opportunities 4 Identify highvalue business cases to pilot and establish a granular project plan and roadmap for broad/global implementation Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 22

Estimated savings by recovery area Listed below are third-party cost recovery areas and average savings we have seen based on our experience Recovery area Savings levers Average savings %* Accounts Payable Review Contract Compliance Joint Venture Review Tax Recovery Construction Cost Audit Software Asset Management Other-Telecom, Advertising, Most Favored Customer Reviews Cost recovery driven from payables spend Typical levers are duplicate payments, missed volume discounts, etc. Cost recovery based on post contracting audits on large spends. Cost savings areas might include: duplicate incorrect rate billings, nonreimbursable items, payroll variances, etc. Cost savings/recovery driven from claims against operator of a JV Typical claims include; incorrect allocation rates and expenses, unsupported overhead charges, etc. Cost recovery drivers from various indirect taxes: Sales/use, VAT, Excise and Severance. Cost recovery driven from review of project spend Typical levers are unsubstantiated change orders, incorrect labor charges, and allowances Cost savings driven from reduction in software expenses and minimized service risk which can be directed toward value-added IT projects. Cost savings/recovery driven from other high risk areas Typical claims include; telecom billing errors, media credit errors, not receiving MFC rates 2 10% of AP spend 1% 5% of contract spend 10% 15% on expenses side 15% 20% of indirect tax paid 1% 5% of contract spend 15% 20% of software spend 1% 5% of telecom and advertising spend 5% 10% of MFC spend * Actual savings will vary based on size of company, third-party spend, industry etc. Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 23

Some benefits Cost and revenue recovery strategies can lead to larger benefits across the universe of the third-party risk management program and could include 1 Leakage prevention 2 Better contract negotiation 3 Stronger third-party relationships 4 Robust governance and controls over third-parties 5 Self-funding of EERM program Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 24

Polling question #5 Our current EERM program optimizes cost and reduces revenue leakage with our third-party relationships: a) Hardly any focus on cost optimization or revenue leakage in our current EERM program b) Limited focus on cost optimization and reduction of revenue leakages (e.g., due to reliance on upfront controls on initiation of a contract only) c) Some focus on cost optimization and reduction of revenue leakages (e.g., contract renegotiations resulting from periodic rate benchmarking and assessments of third parties) d) Significant ongoing focus through regular cost and revenue recovery assessments of third parties e) Don t know/not applicable Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 25

Question and answer Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 26

Join us June 29 at 2 p.m. ET as our Governance, Risk, & Compliance series presents: Reputation matters: Developing resilience ahead of a crisis Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 27

Eligible viewers may now download CPE certificates. Click the CPE icon in the dock at the bottom of your screen. CPE Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 28

Contact information Donna Epps Partner Deloitte LLP depps@deloitte.com Dan Kinsella Partner Deloitte & Touche LLP dkinsella@deloitte.com Connect with me on LinkedIn Connect with me on LinkedIn Kristian Park Partner Deloitte UK krpark@deloitte.co.uk Sanjoy Sen Partner Deloitte UK sanjsen@deloitte.co.uk Connect with me on LinkedIn Connect with me on LinkedIn Copyright 2017 Deloitte Development LLC. All rights reserved. Extended enterprise risk management: New perspectives on a growing imperative 29

About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the Deloitte name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms. Copyright 2017 Deloitte Development LLC. All rights reserved. 36 USC 220506

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback