Businesses are engaged in a continuous struggle to grasp the intricacies of risk management in an interconnected environment. The focus during the past few years has been on operational risk management — managing risk to business operations and processes. However, the standard definition used for operational risk management is flawed:
Operational Risk Management: “. . . the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.”
What is wrong with this definition? It completely ignores the impact of extended business relationships on operations. Properly revised, it would read “the risk of loss resulting from inadequate or failed internal processes, people, systems, and business relationships, or from external events.”
No organization is an island unto itself. Risk and compliance challenges do not stop at the traditional organizational boundaries. Organization area complex and diverse system of processes and business relationships that cross countries or span the globe. Organizations struggle to identify, manage, and control governance, risk management, and corporate compliance (GRC) across extended business relationships. Adding to this is the growth and focus on corporate social responsibility (CSR) initiatives that force organizations to determine if business partners hold the same values, practices, and ethics communicated to stakeholders, customers, and the world.
The bottom line: Organizations are complex entities that extend to hundreds or thousands of business relationships around the world. Even the smallest organization can have diverse global business relationships. The impact of the extended enterprise is significant for business. Organizations must actively manage and monitor risk and compliance across the lifecycle of a business relationship.
Any given organization stands in the shoes of its vendors and delegated partners/entities – their problems are your problems and their issues can directly impact your brand and reputation. The challenge before organizations is “Can you attest to an in-compliance status of your extended business relationships across the range of risk issues that can impact your business operations and brand?” . . .
This posting has been an excerpt of Corporate Integrity’s published research, Managing Risk & Compliance Across the Extended Enterprise.
Corporate Integrity is also delivering a full-day workshop on this topic:
Chicago, IL, USA – Managing Compliance Risk Across Extended Business Relationships
I would love to hear your thoughts on the topic of Managing Risk & Compliance Across Extended Business Relationships. Please feel free to comment in this forum, or send me an e-mail.