This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our privacy policy to learn more.


Ethics, risk and governance through the extended value chain Logo cgma

  Gillian Lees & Tanya Barman |   Free |   CIMA |   May 2014 |

This CGMA briefing highlights the ethical, legal governance, regulatory and social responsibility aspects of the extended value chain. Risk implications compromise the ever-evolving governance of organisations and it is important to create resilience, to deal with both the expected and unexpected. This is not only via building strong defence mechanisms but also identifying opportunities and maximising partnerships and alliances. This briefing gives guidance on the practical steps CGMAs can take to help build a resilient value chain.

Topics covered:
  • Management accounting: Technical: Risk management & internal control: Risk management policies & procedures, Foundational

1 Comments/Reflections

Jae yeon Oh

Jae yeon Oh Sep 2016

The briefing outlines increased interests from the boardroom in the risks arising from the extended value chain i.e. end-to-end from the raw material supplies to the delivery of the product / service to customer and its aftercare.

Unsurprisingly, reputational risk has now come to the fore of many organisations' risk agenda. My impression of speaking to the in-house audit and risk professionals as well as the finance function has been that reputation risk can lead to creation of all other risks. With a reputational damage, albeit insured and hedged, is more than likely to play on customers' mind, impacting the company's bottom line.

As we saw from the BP Deepwater disaster in 2010, even if the fault was not with the company itself i.e. BP, by not providing robust governance and control over the 3rd party contractor (or a business partner in another situation for example), will still lead to your organisation's reputational damage. To the customers, it does not matter so much whether the root cause was with the 3rd party contractor, the 'face' of the disaster, if you like, is still BP.

This all means that, as the briefing points out, hundreds of, or potentially thousands of the external organisations that we do business with need to have as robust risk management processes and controls as we do. It is crucial therefore to ensure that the organisation is sufficiently informed of and agree with the risk management processes and controls of these external organisations and be on top of their outcomes e.g. the organisation needs to be made aware of and be happy with any substantial change in management structure.