Skip to main content

Risk and opportunity management

Deloitte has a robust process for identifying, assessing, managing, and monitoring risks and opportunities, both at the Deloitte Global level and at the member firm level through their respective Enterprise Risk Frameworks (ERFs).


2023 Global Impact Report

Building better futures

The Deloitte Global ERF sets out the Deloitte Global Executive Committee's assessment of the priority risks and emerging risks facing Deloitte—specifically, those that could impact the ability of Deloitte to achieve its strategic priorities, meet its public interest obligations, and protect its reputation and people. The member firm ERFs are managed in coordination with the Deloitte Global ERF.

There is ongoing and frequent dialogue between the Deloitte Global ERF team, which facilitates the preparation of the Deloitte Global ERF, the Deloitte Global Risk owners, and other Deloitte Global teams to help ensure early identification and escalation of any matters requiring consideration by the risk owner or the Deloitte Global Chief Risk Officer (CRO).

The Deloitte Global CRO reports on Deloitte’s priority risks on a regular cadence to the Deloitte Global Executive Committee, enabling discussion of risk exposures and mitigation actions. Priority risks are also regularly reviewed by the Risk and Ethics Committee of the Deloitte Global Board of Directors.

Priority risks and opportunities

The enterprise risks and opportunities listed are those that, as of May 2023, are considered to have the most potential for significant impact on Deloitte’s ability to achieve its strategic priorities, meet its public interest obligations, and protect its reputation and people, should the risk materialize.

These risks and opportunities have been considered based on the potential primary impact, including where the impact is a loss of opportunity. The risks and opportunities have been categorized into the following impact dimensions:

  • Risks impacting our brand, reputation, and/or public interest obligations;
  • Risks impacting our strategic success or market differentiation; and
  • Risks impacting our people, Purpose, and Shared Values.

It is recognized that risks do not operate in discrete categories and they may have more than one impact. However, for the purposes of the categorization, the focus is on the potential primary impact. Each of Deloitte’s enterprise risks and opportunities have been linked to one or more ESG categories included in Deloitte’s materiality matrix.

Name:  Audit quality and risk management

Description: Loss of public trust due to significant failure to execute high-quality audits across the organization

Trend: Stable


Name: Conduct

Description: Unethical behavior not aligned with professional standards, regulations, and/or Deloitte policies/Global Principles of Business Conduct

Trend: Stable


Name: Cybersecurity

Description: Inability to protect and defend Deloitte technology assets and the data they hold from cyber threats

Trend: Stable


Name: Data confidentiality and privacy

Description: Unauthorized access to or loss of client, personal, and/or Deloitte data

Trend: Stable


Name: Regulatory

Description: Inability to anticipate and rapidly adapt to regulatory and public policy developments and to proactively engage with the relevant stakeholders in order to meet Deloitte professional obligations and evolving public interest expectations

Trend: Increasing

Name: Advisory quality and risk management

Description: Inability to sustain the delivery of high-quality advisory services, including new services, assets, and client delivery models

Trend: Stable


Name: Climate change

Description: Inability to proactively respond to impacts of climate change that affect Deloitte people, facilities, or clients

Trend: Stable


Name: Economic uncertainty

Description: Shifts in the macroeconomic conditions, such as inflationary pressures and ongoing supply chain disruptions, impacting Deloitte’s business environment

Trend: Stable


Name: Geopolitical uncertainty

Description: Political and economic decoupling that undermines globalization and impairs Deloitte’s ability to execute its global strategy

Trend: Increasing


Name: Innovation (including artificial intelligence)

Description: Insufficient investment in and deployment of software-enabled solutions to adequately address shifting market trends

Trend: Increasing


Name: Multidisciplinary model

Description: Limitations on Deloitte’s ability to source specialists that support audit quality, attract and retain top talent, optimize investment, and be the scale and growth leader in all Deloitte businesses

Trend: Stable


Name: Talent

Description: Inability to attract, develop, and retain high-performing, diverse professionals and leaders

Trend: Stable


Name: Purpose

Description: Inability to live up to Deloitte’s Purpose and Shared Values, meet societal expectations and responsible business decision-making choices, or be perceived as not doing so by its stakeholders

Trend: Increasing

The way forward

On Deloitte’s journey of continuous improvement, we are considering ways in which we can enhance transparency in reporting going forward, including through providing additional disclosures regarding our response to key risks and opportunities.


Bob Graham
Deloitte Global Chief Risk Officer

Strong and effective governance helps enable Deloitte to deliver on our clients’ trust, operate our business ethically, balance the interests of our stakeholders, and serve the public interest.