Risk management

Because the risk landscape continues to be volatile, uncertain and complex—with increasing demands from clients and greater scrutiny from regulators, legislators and other governmental authorities—Deloitte continues to focus relentlessly on quality and risk management (QRM), actively monitoring, strengthening and improving its risk management processes and procedures, and promoting a consistent risk-intelligent culture where Deloitte professionals learn from others’ experiences.

Many risks, if they materialized, could impact Deloitte’s ability to achieve its business strategies—including the protection and preservation of Deloitte’s reputation and brand, and global delivery of consistent, high-quality services across the organization. That’s why Deloitte Global’s vigilant enterprise risk framework (ERF) is designed to proactively identify, manage, monitor and respond to risks. The ERF includes processes to analyze both the internal and external environments for developments that could impact Deloitte’s risk exposure and identify and respond to new and emerging trends that could affect the Deloitte network’s resiliency to those risks.

Globally consistent and scalable policies and processes

The Deloitte Global Policies Manual (DPM) is the central repository for policies applicable to Deloitte. It provides the basis for Deloitte member firms to establish and implement globally consistent and rigorous QRM processes and sets forth policies for which compliance is mandatory. Deloitte member firms are required to develop, implement and document a framework that is integrated into their key decision-making processes.

The DPM also includes a specific policy requirement for each member firm to appoint a senior and experienced “reputation and risk leader” (RRL) who is responsible for leading his or her member firm’s QRM program and structure, with full support from senior risk leaders in each of the member firm’s businesses. The RRLs are part of the member firms’ executive leadership teams.

Practice reviews

Practice reviews serve as a critical inspection and monitoring mechanism and are a critical component of Deloitte’s system of quality control and risk management. Each member firm is responsible for conducting its own practice reviews under the guidance and oversight of Deloitte Global. Held at least once every three years, these reviews assess whether member firms comply, at a minimum, with DPM policies; if DPM policies are operating effectively in practice; and the quality of work performed and services delivered by member firms.

Promoting trust, confidence and value

During FY2019, Deloitte Global delivered a number of strategic actions to further enhance its risk-intelligent culture and drive continuous improvements in QRM. They included:

  • Conducting an annual ERF refresh assessment of the top strategic risks (priority business risks) facing Deloitte Global (Deloitte Global’s risk profile) and launching new activities to continue to mature the framework, including developing and aligning Deloitte Global businesses’ ERFs and member firms’ ERFs with Deloitte Global’s ERF;
  • Enhancing member firms’ risk management structures and processes to develop robust member firm risk management capabilities;
  • Issuing a revised Claims and Events Management Policy (PM30) and commenced planning to test classification, notification and PM30 implementation for a cyber event; and
  • Piloting and deploying the Insider Threat Program to select member firms.


Patricia Reda
Associate Director, Deloitte Global Risk

Erika Schmidt
Senior Managing Director, Deloitte Global Risk

click on the image learn more
Did you find this useful?