Risk management

Because the risk landscape remains volatile, uncertain and complex—with increasing demands from clients and greater scrutiny from regulators, legislators and other governmental authorities—Deloitte continues to focus relentlessly on quality and risk management (QRM), actively monitoring, strengthening and improving its risk procedures, and promoting a culture where professionals learn from others’ experiences. 

Many risks, if they materialized, could impact our ability to achieve our business strategies—including the protection of our reputation and brand, and global delivery of consistent, high-quality services. That’s why Deloitte Global’s vigilant enterprise risk framework (ERF) is designed to proactively identify, manage, monitor and respond to risks. The ERF includes processes to analyze the internal and external environment for developments that could impact Deloitte’s risk exposure, and identify and respond to emerging trends that could affect the Deloitte network’s resiliency to those risks.

Globally consistent and scalable policies and processes

The Deloitte Global Policies Manual (DPM) is the central repository for policies applicable to Deloitte. It provides the basis for Deloitte member firms to establish and implement globally consistent and rigorous QRM processes, and sets forth policies for which compliance is mandatory. Deloitte member firms are required to develop, implement and document a framework that is integrated into their key decision-making processes.

The DPM also includes a specific policy requirement for each member firm to appoint a senior and experienced “reputation and risk leader” (RRL) who is responsible for leading his or her member firm’s QRM program and structure, with full support from senior risk leaders in each of the member firm’s businesses. The RRLs are part of the member firms’ executive leadership.

Practice reviews

Practice reviews serve as an inspection and monitoring mechanism and are a critical component of the Deloitte member firms’ system of quality control and risk management. Each member firm is responsible for conducting its own practice reviews under the guidance and oversight of Deloitte Global. Held at least once every three years, these reviews assess whether member firms comply, at a minimum, with DPM policies; if DPM policies are operating effectively in practice; and the quality of work performed and services delivered by member firms. 

Promoting trust, confidence and value

During FY2018, Deloitte Global delivered a number of strategic actions to further enhance our risk intelligent culture and drive continuous improvements in QRM. They included:

• Conducting an annual ERF refresh assessment of the top strategic risks (priority business risks) facing Deloitte (Deloitte’s risk profile) and launching new activities to continue maturing the framework, including developing and aligning Global Business ERFs with Deloitte Global’s ERF;
• Assessing compliance with enhanced, globally consistent standards for QRM; and
• Codifying the crisis management framework into existing DPM policies.