The briefing outlines increased interests from the boardroom in the risks arising from the extended value chain i.e. end-to-end from the raw material supplies to the delivery of the product / service to customer and its aftercare.

Unsurprisingly, reputational risk has now come to the fore of many organisations' risk agenda. My impression of speaking to the in-house audit and risk professionals as well as the finance function has been that reputation risk can lead to creation of all other risks. With a reputational damage, albeit insured and hedged, is more than likely to play on customers' mind, impacting the company's bottom line.

As we saw from the BP Deepwater disaster in 2010, even if the fault was not with the company itself i.e. BP, by not providing robust governance and control over the 3rd party contractor (or a business partner in another situation for example), will still lead to your organisation's reputational damage. To the customers, it does not matter so much whether the root cause was with the 3rd party contractor, the 'face' of the disaster, if you like, is still BP.

This all means that, as the briefing points out, hundreds of, or potentially thousands of the external organisations that we do business with need to have as robust risk management processes and controls as we do. It is crucial therefore to ensure that the organisation is sufficiently informed of and agree with the risk management processes and controls of these external organisations and be on top of their outcomes e.g. the organisation needs to be made aware of and be happy with any substantial change in management structure.