Acting ahead of change

In today’s business world, risk is everywhere.

Is our technology safe? How will regulatory changes impact us? Can Deloitte professionals deliver what they promise? Could clients’ actions reflect negatively on Deloitte’s reputation? Will geopolitical conflicts threaten our ability to operate? Which upstarts and innovative products, services, and delivery models could disrupt our businesses?

In a world dominated by rapidly evolving technology, converging industries, and a shifting regulatory landscape, we must be smart, agile, resilient, and forward-thinking to confidently confront risk, pursue opportunities, and gain competitive advantage. During the past year, Deloitte developed a new networkwide quality and risk management strategy that reinforces our quality and risk-intelligent culture, one of relentless commitment to our own core and ethical values and to the public interest.

The bigger picture

Deloitte operates in a fast-moving and ever-evolving external environment that is increasingly more volatile, uncertain, complex, and ambiguous to navigate. Myriad factors drive this change—rapidly evolving technologies; shifts in the economic, regulatory, professional, geo-political, and competitive landscapes; increasing demands and expectations from clients; intense scrutiny by regulators and legislators; and the 24/7 social media environment in which we live. The pace of these changes almost certainly will continue to accelerate and create uncertainty and risks—and also many opportunities—for our clients and for the Deloitte network.

Deloitte has developed and implemented an enterprise risk framework (Framework) designed to identify, manage, monitor, and respond to risks which, if materialized, could impact our ability to achieve our strategies and objectives—including the protection of our reputation and brand, and member firms’ delivery of consistent, high-quality services. The Framework also includes processes to regularly monitor the environment for developments and changes that could impact the network’s risk profile, and identify (and respond to) new and/or emerging trends that could impact its resiliency to those risks.

Deloitte continuously assesses the adequacy of its risk management processes and programs to proactively address matters that may arise from the internal and external environment, and promotes a lessons-learned culture where professionals can learn from each other’s experiences. To this end, during FY2015, we developed a new network quality and risk management (Q&R) strategy that aims to take Q&R to a new level. This strategy will continue to reinforce our quality and risk-intelligent culture, one of relentless commitment to Deloitte’s own core and ethical values and the public interest.

Promoting trust, confidence, and value

During FY2015, in addition to introducing the new network Q&R strategy, DTTL took a number of actions to sustain the Deloitte network’s commitment to quality and risk management, and enhance its ability to be "risk intelligent" and "risk resilient." They included:

• Continuing to enhance and support the Framework, both at the DTTL and member firm levels; developing and issuing a member firm Framework policy and related guidance;
• Continuing to refine and enhance the process and protocols used to sense the external environment and reporting of potential issues, allowing member firms to more proactively identify potential brand events and matters, as well as emerging risks and trends that have the potential to negatively impact our network;
• Continuing to raise awareness and ownership about confidentiality across the Deloitte network, working in close collaboration with risk, security, ethics, privacy, and other key stakeholders. This included rolling out 30 uniform member firm action items designed to enhance confidentiality programs across the network; and
• Continuing to foster and strengthen the Deloitte risk network through the dissemination of leading-edge risk workshops, tools, guidance, communication, and in-person meetings and networking activities.

Globally consistent and scalable policies and processes

The DTTL Policies Manual (DPM) is the central repository for policies applicable to the Deloitte network. It provides the basis for member firms to establish and implement consistent and rigorous quality and risk management processes and procedures, and sets forth policies for which member firm compliance is mandatory. These policies are applicable for all areas in a member firm’s professional and practice management functions and are critical to providing consistent high-quality service to clients and protecting and enhancing the reputation of Deloitte member firms. Among the many policies included in the DPM, there is a Framework policy whereby member firms are required to develop, implement, and document a Framework that is integrated into key member firm decision-making processes.

These policies are also designed to help member firms address unique considerations associated with the delivery of consistent, high-quality services, while also challenging professionals to do the right thing under any circumstance, even if that results in declining a prospective client, engagement, or terminating an existing client relationship.

The DPM includes a specific policy requirement for each member firm to appoint a senior and experienced “reputation and risk leader” (RRL) who is responsible for leading his or her member firm’s practice protection and risk management program, with full support from senior risk leaders in each of the member firm’s businesses. The RRLs are part of member firm leadership and responsible for developing and implementing robust, comprehensive, and strategic risk management programs, including appropriate policies and procedures to address specific quality-control considerations. They also must implement consistent monitoring procedures to ascertain compliance with DPM policies and procedures, and promote and facilitate risk management learning. DPM policies can be supplemented by member firm policies that take into consideration local market practices, local laws, and regulations within their jurisdictions.

Practice reviews

Practice reviews serve as an inspection and monitoring mechanism and are a critical component of the Deloitte network’s system of quality control and risk management. Each member firm is responsible for conducting its own practice reviews under the guidance and oversight of DTTL. Held at least once every three years, these reviews assess whether member firms comply, at a minimum, with DPM policies and are operating effectively in practice. Practice reviews also assess the quality of work performed and services delivered by the member firms.

Findings and recommendations arising from the practice reviews are presented in a report and management letter to DTTL and the member firm’s leadership. In response to the report, the member firm is required, if needed, to establish a detailed and corrective action plan that addresses the findings and recommendations, together with a mechanism for monitoring the resolution of the findings. Implementation of the action plan is proactively monitored by the member firm and DTTL.

Practice review processes are continuously enhanced to raise the bar on quality and risk management, and to promote and achieve greater consistency in the delivery of high-quality services across the network.

“Deloitte”, “we”, “us”, and “our” refer to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. See additional information.