Skip to main content

Risk and opportunity management

Deloitte has a robust process for identifying, assessing, managing and monitoring risks and opportunities, both at the Deloitte Global level and at the member firm level through their respective Enterprise Risk Frameworks (ERFs).


2022 Global Impact Report

Building better futures

The Deloitte Global ERF sets out the Deloitte Global Executive’s assessment of the priority risks and emerging risks facing Deloitte—specifically, those that could impact the ability of Deloitte to achieve its strategic priorities, meet its public interest obligations, and protect its reputation and people. The member firm ERFs are managed in coordination with the Deloitte Global ERF.

There is ongoing and frequent dialogue between the Deloitte Global ERF team, which facilitates the operation of the ERF, the risk owners, and other Deloitte Global teams to help ensure early identification and escalation of any matters requiring consideration by the risk owner or the Deloitte Global Chief Risk Officer (CRO). This is complemented by a regular cadence of meetings between the Deloitte Global CRO, the Deloitte Global ERF team, and each risk owner, during which the exposure to each risk is assessed. Emerging risks are also discussed, and any necessary mitigation actions are agreed and executed upon.

The Deloitte Global CRO reports on Deloitte’s priority risks on a regular cadence to the Deloitte Global Executive, enabling discussion of risk exposures and mitigation actions. Priority risks are also regularly reviewed by the Risk and Ethics Committee of the Deloitte Global Board of Directors.

Priority risks and opportunities

The enterprise risks and opportunities listed are those that, as of August 2022, are considered to have the most potential for significant impact on Deloitte’s ability to achieve its strategic priorities, meet its public interest obligations and protect its reputation and people, should the risk materialize. These risks and opportunities have been considered based on the potential primary impact, including where the impact is a loss of opportunity. The risks and opportunities have been categorized into the following impact dimensions:

  • Risks impacting our brand, reputation and/or public interest obligations;
  • Risks impacting our strategic success or market differentiation; and
  • Risks impacting our people, Purpose and Shared Values.

It is recognized that risks do not operate in discrete categories and they may have more than one impact. However, for the purposes of the categorization, the focus is on the potential primary impact. Each of Deloitte’s enterprise risks and opportunities have been linked to one or more ESG categories included in Deloitte’s materiality matrix.

Risks impacting our brand, reputation and/or public interest obligations

Name:  Audit quality and risk management

Description: Loss of public trust due to significant failure to execute high-quality audits across the organization

Trend: Stable


Name: Conduct

Description: Unethical behavior not aligned with professional standards, regulations and/or Deloitte policies/Global Principles of Business Conduct

Trend: Stable


Name: Cybersecurity

Description: Inability to protect and defend Deloitte technology assets and the data they hold from cyber threats

Trend: Stable


Name: Data confidentiality and privacy

Description: Unauthorized access to or loss of client, personal, and/or Deloitte data

Trend: Stable


Name: Regulatory

Description: Inability to anticipate and rapidly adapt to regulatory and public policy developments and to proactively engage with the relevant stakeholders in order to meet Deloitte professional obligations and evolving public interest expectations

Trend: Increasing

Risks critical to our strategic success or market differentiation

Name:Advisory quality and risk management

Description: Inability to sustain the delivery of high-quality advisory services, including new services, assets and client delivery models

Trend: Increasing


Name: Climate change

Description: Inability to proactively respond to impacts of climate change that affect Deloitte people, facilities, or clients and the inability to meet the demand for climate-related professional services

Trend: Increasing


Name: Economic uncertainty

Description: Shifts in the macroeconomic conditions, such as inflationary pressures and ongoing supply chain disruptions, impacting Deloitte’s business environment

Trend: Increasing


Name: Geopolitical uncertainty

Description: Political and economic decoupling that undermines globalization and impairs Deloitte’s ability to execute its global strategy

Trend: Increasing


Name: Innovation

Description: Insufficient investment in and deployment of software-enabled solutions to adequately address shifting market trends

Trend: Stable


Name: Multidisciplinary model

Description: Limitations on Deloitte’s ability to source specialists that support audit quality, attract and retain top talent, optimize investment, and be the scale and growth leader in all Deloitte businesses

Trend: Increasing


Risks critical to our people, Purpose, and Shared Values

Name: Talent

Description: Inability to attract, develop and retain high-performing, diverse professionals and leaders

Trend: Increasing


Name: Purpose

Description: Inability to live up to Deloitte’s Purpose and Shared Values, meet societal expectations and responsible business decision-making choices, or be perceived not to be doing so by its stakeholders

Trend: Increasing

The way forward

On Deloitte’s journey of continuous improvement, we are considering ways in which we can enhance transparency in reporting going forward, including through providing additional disclosures regarding our response to key risks and opportunities.

Through the challenges and uncertainties of the past year, Deloitte has strengthened credibility and trust with stakeholders by consistently living our purpose.