Relentless focus on risk management
Leading with vigilance and resiliency
A robust risk-intelligent culture helps enable member firms to deliver excellence to clients, fulfill the expectations of its key stakeholders, and ensure it is serving the public interest.
The global risk landscape is significantly more complex, dynamic, and rapidly evolving than ever before. Though beset with uncertainties and challenges, it also abounds with opportunities for the Deloitte network.
As part of Deloitte’s relentless focus on risk management, we have developed and implemented an enterprise risk framework (Framework) designed to identify, manage, monitor, and respond to risks which, if materialized, could impact our ability to achieve our strategies and objectives—including the protection of our reputation and brand, and member firms’ delivery of consistent, high-quality services. The Framework also includes processes to regularly monitor the environment for developments and changes that could impact our network’s risk profile, and identify (and respond to) new and/or emerging trends that could impact its resiliency to those risks.
Deloitte continuously assesses the adequacy of its risk management processes and programs to proactively address matters that may arise from the internal and external environment, and promotes a lessons-learned culture where professionals can learn from each other’s experiences. To this end, our network strives to ensure that its professionals—from senior leadership to staff—not only understand their collective and individual responsibilities for quality, integrity, and commitment to ethical principles, but also are held accountable for fulfilling these responsibilities and obligations.
Sustaining a risk-intelligent culture
Our strong risk-intelligent culture helps enable member firms to deliver excellence to clients and fulfill the expectations of key stakeholders. During FY2014, DTTL took a number of actions to sustain the Deloitte network’s commitment to quality and risk management, and enhance its ability to be "risk intelligent" and "risk resilient." They included:
- Continuing to enhance and support the Framework, both at the DTTL and member firm levels;
- Creating a member firm framework council to foster the framework community by sharing leading practices across our network;
- Establishing more formal protocols to sense the external environment so member firms may more proactively identify potential brand events and matters, as well as emerging risks and trends that have the potential to negatively impact our network;
- Establishing the role of a DTTL chief confidentiality officer (CCO) to provide strategic direction and a holistic approach to confidentiality across our network; and
- Continuing to foster and strengthen the Deloitte risk network through the dissemination of world-class risk workshops, tools, guidance, communication, and in-person meetings and networking activities.
Consistent, rigorous policies and processes
The DTTL Policies Manual (DPM) is the central repository for policies applicable to the Deloitte network. It provides the basis for member firms to establish and implement consistent and rigorous quality and risk management processes and procedures, and sets forth policies for which member firm compliance is mandatory. These policies are applicable for all areas in a member firm’s professional and practice management functions and are critical to providing consistent high-quality service to clients and protecting and enhancing the reputation of Deloitte member firms.
These policies are also designed to help member firms address unique considerations associated with the delivery of consistent, high-quality services, while also challenging professionals to do the right thing under any circumstance, even if that results in declining a prospective client, engagement, or terminating an existing client relationship.
The DPM includes a specific policy requirement for each member firm to appoint a senior and experienced “reputation and risk leader” (RRL) who is responsible for leading his or her member firm’s practice protection and risk management program, with full support from senior risk leaders in each of the member firm’s functions. The RRLs are members of member firm leadership and responsible for developing and implementing robust, comprehensive, and strategic risk management programs, including appropriate policies and procedures to address specific quality-control considerations. They also must implement consistent monitoring procedures to ascertain compliance with DPM policies and procedures, and promote and facilitate risk management learning. DPM policies can be supplemented by member firm policies that take into consideration local market practices, local laws, and regulations within their jurisdictions.
Practice reviews serve as an inspection and monitoring mechanism and are a critical component of the Deloitte network’s system of quality control and risk management. Each member firm is responsible for conducting its own practice reviews under the guidance and oversight of DTTL. Held at least once every three years, these reviews assess whether member firms comply, at a minimum, with DPM policies and are operating effectively in practice. Practice reviews also assess the quality of work performed and services delivered by the member firms.
Findings and recommendations arising from each practice review are presented in a report and management letter to DTTL and the member firm’s leadership. In response to the report, the member firm is required to establish a detailed and corrective action plan that addresses the findings and recommendations, together with a mechanism for monitoring the resolution of the findings. Implementation of the action plan is proactively monitored by the member firm and DTTL.
Practice review processes are continuously enhanced to raise the bar on quality and risk management, and to promote and achieve greater consistency in the delivery of high-quality services across the network.
In this report, the terms Deloitte, our, we, and us are used to refer to the Deloitte Touche Tohmatsu Limited (DTTL) network of member firms or to one or more DTTL member firms. See additional information.
[Caption]: Photo credit top banner, Manuela Caballero, Deloitte LATCO.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Source: Gartner, Magic Quadrant for Global Risk Management Consulting Services, 2014
Deloitte named a global leader in Business Consulting Services for Governance, Risk and Compliance by IDC
Source: IDC MarketScape: Worldwide Business Consulting Services for Governance, Risk, and Compliance 2013 Vendor Assessment by Cushing Anderson, Kerry Smith, Vivian Tero, August 2013, IDC #242352
Read more Leading with Integrity stories
- Quality and integrity: Leading governance
- Data privacy and security: Leading information protection practices
- Regulatory and public policy engagement: Collaborative leadership drives results
- Ethics: Leading with integrity
- Independence: Leading with objectivity
- Globally connected: Structured to lead
- Global security: Leading talent safety
- Reporting process: Keeping you informed and answering your questions
- Return to Global Report home page