Extended-enterprise systems' impact on enterprise risk management

Purpose - This article aims to focus on raising awareness of the limitations of traditional "enterprise-centric" views of enterprise risk management that ignore the risks that are inherited from key business and supply chain partners. In essence, enterprise systems implementations have allowed organizations to couple their operations more tightly with other business partners, particularly in the area of supply chain management, and in the process enterprise systems applications are redefining the boundaries of the entity in terms of risk management concerns and the scope of financial audits. Design/methodology/approach - The prior literature that has begun to explore aspects of assessing key risk components in these relationships is reviewed with an eye to highlighting the limitations of what is understood about risk in interorganizational relationships. This analysis of the prior research establishes the basis for the logical formation of a framework for future enterprise risk management research in the area of e-commerce relationships. Findings - Conclusions focus on the overall framework of risks that should be considered when interorganizational relationships are critical to an enterprise's operations and advocate an "extended-enterprise" view of enterprise risk management. Research limitations/implications - The framework introduced in this paper provides guidance for future research in the area of interorganizational systems control and risk assessment. Practical implications - The framework further highlights areas of risk that auditors and corporate risk managers should consider in assessing the risk inherited through interorganizational relationships. Originality/value - The paper highlights the need to shift from an enterprise-centric view of risk management to an extended-enterprise risk management view.