My weekend reading involved a book called ‘Clockspeed: Winning Industry Control in the Age of Temporary Advantage,’ in which Charles Fine draws on decades worth of research at MIT Sloan School of Management to establish the strategic impact of supply chain strategies on competitive advantage.
Taking a leaf from fruit flies (which he refers to as fast clock speed species) that evolve from eggs to adulthood to death in all of two weeks, he studies the industrial equivalents of these fruit flies to understand how companies can advance their evolutionary life-cycle or clock speeds, the rate at which it introduces new products, processes and organisational structures. For instance, one of the leading global tech giants abandoned its core strategy of making its primary products in-house; instead, it elected to outsource the principal components of the product, including the operating system and the CPU. This was a response to the urgency to deliver its new product—the PC—to the marketplace and this very decision redefined the future PC industry. Rather than becoming a vertically-integrated industry—in which each manufacturer would design and control its proprietary technology—the industry changed course by transitioning into a horizontal structure. Companies began forming partnerships and developing networks than controlling through forward and backward integration.
This is more relevant now, considering the speed at which businesses are moving, and involve a multi-tiered, interwoven set of systems involving subcontracted manufacturing, upstream and downstream trading partners, cloud-supported data systems, outsourced back offices and multiple routes to market. Taken together, this constellation of third-party firms and networks that we rely on is what we refer to as the extended enterprise. The premise on which extended enterprise works is collaboration and trust. But the flip side to this is that organisations don’t have direct control over all aspects of their operations. It is challenging to categorise the full range of exposure, because as the third-party chain grows, the risk grows exponentially.
The threats are real
This shift towards extended enterprise has come with its own challenges. Many organisations have faced disruptive incidents with third parties that are exposing them to new-age risks such as non-delivery by a contracted supplier, boycott of company’s products on social media or an abrupt exit by an outsourced vendor with no hand-holding or support. As the extended enterprise becomes more strategic to organisations, the risks associated also change their importance. This is no longer merely an operational issue as it can severely impact brand reputation and long-term shareholder value. As per Deloitte’s latest Extended Enterprise Risk Management (EERM) 2018 survey, 85% of Indian respondents who participated suggested threat of third parties and disruption to be a major contributing factor to the extended enterprise ecosystem.
Out of sight, out of mind
Risk management for this myriad set of inter-organisational relationships of the modern economy is commonly overlooked. An ‘out of sight, out of mind’ attitude often takes over once a company rewards a contract to a vendor, with the assumption that all parties will perform as expected, or that relationship management and risk-monitoring mechanisms are in place and functioning properly. The Deloitte EERM report suggests that 70% of Indian respondents stated that their stakeholder awareness and commitment to third-party risks needs improvement.
On the Boards’ agenda
Today, under US Foreign Corrupt Practices Act, UK Bribery Act and similar legislations, organisations are held responsible for behaviour and actions of their vendors and suppliers. Boards are looking much more closely at their extended enterprises than ever before. At a global level, 78% of the organisations suggest that either the CEO, CFO, chief procurement officer (CPO), chief risk officer (CRO) or a member of the Board is ultimately accountable for this topic. In India, this decision rests with the CPO or CRO. Boards in India are making relatively slow progress on this matter, whereby 57% of the respondents suggested that their Boards merely have a moderate level of understanding and engagement on this subject.
Looking at the upside
The business case for investment in EERM is shifting focus on exploiting the upside of risk, rather than managing just the downside. The drivers for third-party engagements are slowly but surely changing gears to also recognise the strategic opportunity that third parties create for organisations, in addition to compliance. The drivers for the focus on EERM continued to be regulatory requirements and addressing internal compliance standards (62% of respondents). But the need for positive cost reduction across the business was equally, if not more, powerful (25% of respondents) in organisations where they felt this could be achieved by bringing in efficiencies through the use of third parties or by preventing overpayments.
To conclude, as risk management is undergoing a paradigm shift by being a creator as well as protector of value, the extended enterprises provide opportunities to companies to balance both risk and opportunity. The future belongs to agile companies and the ones that can build a lithe, clever, risk-intelligent extended enterprise as a strategic enabler setting the right course for value creation.
The Author is Partner, Deloitte India