Your vendor’s keeper–managing compliance risks in the extended enterprise

Low-angle view of hospital sign

Extended enterprise risk, or third-party risk, is a significant concern at most large organizations. One compliance executive recently said that according to his organization’s regular internal surveys, third parties pose at least double the risk of any other risks they measure. Yet this is a variety of risk over which organizations tend to have less control. What practices can help manage it?

That conversation was part of the recent Cross-Industry Compliance Leadership Summit that Deloitte hosted at Deloitte University. At the event, which gathered risk and compliance leaders from industries like health care, entertainment, financial services, consumer products, and retail, I moderated a discussion about the challenge of managing third-party risk. Because companies in different industries use and relate to vendors in different ways, there were a variety of stories. But a few common leading practices stood out.

Continue reading “Your vendor’s keeper–managing compliance risks in the extended enterprise”

The next frontier in managing risks


Disruptive innovations can arrive at any time, from any direction. They have the potential to unravel the assumptions that make your business viable. But for the companies that keep an eye on the horizon, disruptions also carry the seeds of opportunity.

Instead of fearing the next disruption, what if you were poised to exploit it? The telephone, the computer, overnight delivery – in each case, someone was first to embrace the implications. What is the “next next” thing, and how will you respond?

In a new column for Best’s Review, Deloitte LLP Global Insurance Regulatory Leader Howard Mills defines a new evolution in the race against risk.
Continue reading “The next frontier in managing risks”

Highlights from the 2014 Compliance Week Conference

Highlights from the 2014 Compliance Week ConferencePosted by Nicole Sandford, Partner, Deloitte & Touche LLP

Deloitte recently presented at the 2014 Compliance Week Conference in Washington, D.C., which drew top executives and compliance professionals from leading companies across a wide range of industries. Hot topics included the rising importance of reputation risk and third-party risk, as well as the need for a more integrated and efficient approach to managing different types of compliance risk.

Managing risk and compliance in today’s fast-paced global business environment is more challenging than ever. To avoid trouble, many companies are conducting a number of risk assessments for different purposes, including those executed by internal audit, enterprise risk and compliance. All of these are important. However, many compliance professionals and executives at this year’s conference expressed concern that these efforts have not been well coordinated, resulting in “assessment fatigue” in the businesses.

Continue reading “Highlights from the 2014 Compliance Week Conference”