Risk management

Because the risk landscape continues to be volatile, uncertain and complex—with increasing demands from clients and greater scrutiny from regulators, legislators and other governmental authorities—Deloitte continues to focus relentlessly on quality and risk management (QRM), actively monitoring, strengthening and improving its risk management processes and procedures, and promoting a consistent risk-intelligent culture where Deloitte professionals learn from others’ experiences.

Many risks, if they materialised, could impact Deloitte’s ability to achieve its business strategies—including the protection and preservation of Deloitte’s reputation and brand, and delivery of consistent, high-quality services across the organisation. That’s why Deloitte Global’s vigilant enterprise risk framework (ERF) is designed to proactively identify, manage, monitor and respond to risks. The ERF includes processes to analyse both the internal and external environments for developments that could impact Deloitte’s risk exposure and identify and respond to new and emerging trends that could affect the Deloitte organisation’s resiliency to those risks.

Globally consistent and scalable policies and processes

The Deloitte Policies Manual (DPM) is the central repository for policies applicable to Deloitte firms. It provides the basis for Deloitte member firms to establish and implement globally consistent and rigorous QRM processes and sets forth policies for which compliance is mandatory.

The DPM also includes a specific policy requirement for each member firm to appoint a senior and experienced “reputation and risk leader” (RRL) who is responsible for leading their member firm’s QRM program and structure, with full support from senior risk leaders in each of the member firm’s businesses. The RRLs are part of the member firms’ executive leadership teams.

Practice reviews

Practice reviews serve as a critical inspection and monitoring mechanism and are a critical component of Deloitte’s system of quality control and risk management. Each Deloitte firm is responsible for conducting its own practice reviews under the guidance and oversight of Deloitte Global. Held at least once every three years, these reviews assess whether Deloitte firms comply, at a minimum, with DPM policies; if DPM policies are operating effectively in practice; and the quality of work performed and services delivered by Deloitte firms.

Promoting trust, confidence and value

During FY2020, Deloitte Global implemented a number of strategic actions to further enhance its risk-intelligent culture and drive continuous improvements in QRM. They included:

• Working closely with Deloitte firms to identify, assess and mitigate the risk impact of COVID-19 on Deloitte clients, people and operations, and overall, how these risks impact Deloitte Global’s risk profile;
  
• Conducting an annual ERF refresh assessment of the top strategic risks facing Deloitte Global and launching new activities to continue to mature the ERF, including emerging-risk scanning; the development of proactive risk dashboards; and improving the alignment of Deloitte businesses’ and member firms’ ERFs with Deloitte Global’s ERF;
  

• Further enhancing member firms’ QRM structures to enable proactive risk identification, mitigation and reporting;
  

• Developing and issuing to the Deloitte organisation a number of new policies covering various key topics, including anti-discrimination and anti-harassment, COVID-19—serious communicable diseases; and revising privacy, anti-corruption and ethics policies to align to recent changes in regulation and requirements and evolving risks; and
  

• Continuing to mature member firm crisis management capabilities via reinforcement of Claims and Events Management Policy (PM30) requirements, implementation protocols/guidance for Deloitte Global and member firms, and conducting war gaming exercises.