Quality & risk
Systematic frameworks mitigate enterprise risk
Deloitte maintains a steadfast commitment to quality and risk management, which supports the member firms' abilities to serve the public interest and deliver services that consistently meet high standards. DTTL made a number of enhancements to its quality and risk management policies, processes, and methods in FY2012.
Continuing its current practice, DTTL identified and analyzed the top 15-20 risks to the Deloitte organizations in its enterprise risk framework periodically during FY2012 and shared these updates with the DTTL Board of Directors, which oversees the organization's approach to risk management. DTTL also initiated an extensive collaboration with the member firms on creating enterprise risk frameworks of their own.
DTTL revised existing policies on potential conflicts of interest, for reissuance during FY2013, and its policies on compliance with the Foreign Corrupt Practices Act. Additional plans are under way to revise and reissue other policies, including portfolio review and external communications. DTTL also launched an online learning course about prevention of insider trading.
Deloitte strives to be consistently recognized by its stakeholders for world-class quality and risk management, which serve the organization's commitment to the public interest and bring Deloitte closer to becoming the standard of excellence.
The DTTL Policies Manual ("DPM") comprises a set of global policies that provide the basis for member firms to establish consistent and rigorous quality and risk management processes and procedures. The global quality and risk management policies, processes, and methodologies (collectively referred to as "Policies") apply to all of the Deloitte member firms and their functional areas. The Policies are designed to help member firms address unique considerations associated with the delivery of high-quality services while challenging member firm professionals to do the right thing under any circumstance, even if that means declining a prospective client or engagement or terminating a client relationship. The Policies encompass business, economic, social, and environmental risks.
The Policies of the DPM require all member firms to assign a "reputation and risk leader" who leads his or her member firm's risk program, with support from risk leaders in each of the member firm's functions. These senior member firm leaders are responsible for developing and implementing policies and procedures that address specific quality control considerations for their functions and for the member firm overall.
Certain DPM Policies specify processes to help ensure that member firms evaluate the acceptability of every client and engagement and the related engagement risk. These processes include identifying and addressing matters related to independence and potential conflicts of interest and classifying the risk associated with the engagement. DPM Policies can be supplemented by member firm policies that take into consideration local market practices, local laws, and regulations within their jurisdiction.
Each member firm is responsible for conducting practice reviews under the guidance and oversight of DTTL. Held at least once every three years, these reviews consider whether member firms' own policies and processes comply, at a minimum, with DPM Policies and are operating effectively in practice. Practice reviews cover all functions and service lines within each member firm. The practice review process also assesses the quality of work performed and services delivered by the member firm. These reviews involve detailed reviews of individual engagements.
Findings and recommendations from a member firm's practice review are presented in a report and management letter to the member firm's leadership. In response to the report, the member firm establishes a detailed action plan to address findings and recommendations together with a mechanism for monitoring the resolution of the findings.
Enterprise risk framework
The ongoing success of DTTL and the member firms depends in part on maintaining a current understanding of how changes to internal and external conditions may pose risks to the services member firms provide and how they make strategic and operational decisions. DTTL's enterprise risk framework is a core process that allows DTTL to monitor business, economic, social, and environmental risks and provides leadership with the information and insights needed to effectively manage and mitigate such risks. The risks encompassed by the enterprise risk framework are reviewed semiannually.