GRI/UNGC

Risk management

Group workshop during the Global New Partners seminar at Deloitte University.

Committed to maintaining a standard of excellence

Risk is everywhere and touches every person in the Deloitte network. Literally thousands of national and international regulations must be followed to the letter. Client information must be protected. Conflicts of interest must be avoided. Any misstep could lead to sanctions, lost client trust, and a damaged reputation.

We work extremely hard to avoid mistakes and maintain our high standards. Deloitte Touche Tohmatsu Limited (DTTL) and the member firms use a multitude of controls and procedures encompassing professional, regulatory, business, economic, social, and environmental conditions to reduce risk exposure and ensure we are serving the public interest.

During FY2013, we took a number of actions to sustain our commitment to quality and risk management. They include:

  • Enabling local enterprise risk management assessments by the member firms to supplement and inform those at the global level. This encourages more-thorough evaluations and creates greater accountability within the member firms;
  • Implementing new policies to enhance security and confidentiality processes and prevent data breaches;
  • Increasing our focus on quality and risk in emerging markets, which present special risk-management challenges; and
  • Growing cooperation among DTTL Risk, functional risk leaders in the member firms, and subject-matter experts throughout DTTL—in ethics, independence, security, privacy, regulatory, and other areas—to enhance practice reviews, increase their consistency, and monitor higher-risk activities.

Consistent, rigorous processes

The DTTL Policies Manual (DPM) comprises a set of global policies that provide the basis for functions (Audit, Tax, Financial Advisory, Consulting) and member firms to establish consistent and rigorous quality and risk management processes and procedures. The DPM is designed to help member firms address unique considerations associated with the delivery of high-quality services while challenging member firm professionals to do the right thing under any circumstance, even if that means declining a prospective client or engagement or terminating a client relationship.

The policies of the DPM require all member firms to assign a "reputation and risk leader" who leads his or her member firm's risk program, with support from risk leaders in each of the member firm's functions. These senior member firm leaders are responsible for developing and implementing policies and procedures that address specific quality control considerations for their functions and for the member firm overall, monitoring and determining compliance with these policies and procedures, and facilitating risk management learning.

Certain DPM policies specify processes to help ensure that member firms evaluate the acceptability of every client and engagement and the related engagement risk. These processes include identifying and addressing matters related to independence and potential conflicts of interest and classifying the risk associated with the engagement. DPM policies can be supplemented by member firm policies that take into consideration local market practices, local laws, and regulations within their jurisdictions.

Practice reviews

Each member firm is responsible for conducting practice reviews under the guidance and oversight of DTTL. Held at least once every three years, these reviews consider whether member firms' own policies and processes comply, at a minimum, with DPM policies and are operating effectively in practice. The practice review process also assesses the quality of work performed and services delivered by the member firm.

Findings and recommendations from a member firm's practice review are presented in a report and management letter to the member firm's leadership. In response to the report, the member firm establishes a detailed action plan to address findings and recommendations together with a mechanism for monitoring the resolution of the findings.

Enterprise risk framework

The ongoing success of DTTL and the member firms depends, in part, on maintaining a current understanding of how changes to internal and external conditions may impact the services member firms provide and how they make strategic and operational decisions. DTTL's enterprise risk framework is a core process that allows DTTL to monitor business, economic, social, and environmental risks and provides leadership with the information and insights needed to effectively manage and mitigate such exposures. The risks encompassed by the enterprise risk framework are reviewed semiannually. Risk intelligence is a key success factor for organizations. Deloitte member firms offer enterprise risk management services to clients.