Skip to main content

Risk and opportunity management

Deloitte has a robust process for identifying, assessing, managing, and monitoring risks and opportunities, both at the Deloitte Global level and at the member firm level through their respective Enterprise Risk Frameworks (ERFs).

The Deloitte Global ERF sets out the Deloitte Global Executive Committee's assessment of the priority risks and emerging risks facing the Deloitte network —specifically, those that could impact the ability of Deloitte to achieve its strategic priorities, meet its stakeholder obligations, and protect its reputation. The member firm ERFs are managed in coordination with the Deloitte Global ERF.

There is ongoing and frequent dialogue between the Deloitte Global ERF team, which facilitates the preparation of the Deloitte Global ERF, the Deloitte Global risk owners, and other Deloitte Global teams to help ensure early identification and escalation of any matters requiring consideration by the relevant risk owner(s) and executive leadership.

The Deloitte Global Chief Risk Officer (CRO) reports on Deloitte’s priority risks on a regular cadence to the Deloitte Global Executive Committee, enabling discussion of risk exposures and mitigation actions. Priority risks are also regularly reviewed by the Risk and Ethics Committee of the Deloitte Global Board of Directors.Priority risks and opportunities

The enterprise risks listed are those that, as of June 2025, are considered to have the most potential for significant impact on Deloitte’s ability to achieve its strategic priorities, meet its stakeholder obligations, and protect its reputation, should the risk materialize.

These risks have been considered based on the potential impact. The risks have been categorized into the following impact dimensions:

  • Risks impacting our brand, reputation, and/or stakeholder obligations;
  • Risks impacting our strategic success or market differentiation; and
  • Risks impacting our people, Purpose, and Shared Values.

The assessment of risk includes an evaluation of primary impact, connection between categories of risk, and risk trending over time.  

Definitions of priority risks

Name:  Audit quality and risk management

Description: Ongoing ability to provide high quality audit engagements and meet audit regulatory requirements

 

Name: Conduct and ethical culture

Description: Ongoing ability to sustain Deloitte peoples’ behaviors aligned with professional standards, regulations, and/or Deloitte policies/Global Principles of Business Conduct

 

Name: Cybersecurity, data confidentiality and privacy

Description: Ongoing ability to protect and defend assets, Deloitte technology and personal and confidential data processed by Deloitte against loss, misuse, unauthorized access or cyberthreat. Ongoing ability to meet applicable confidentiality and privacy laws and regulations.

 

Name: Regulatory

Description: Ongoing ability to anticipate and rapidly adapt to regulatory and public policy developments and to proactively engage with the relevant stakeholders in order to meet Deloitte professional obligations and evolving stakeholder expectations.

Name: Delivery quality and transformation

Description: Ongoing ability to sustain high levels of quality in changing service methodologies, platforms, assets, delivery models, and tools 

 

Name: Environmental impact 

Description: Ongoing ability to mitigate risks to Deloitte people, facilities, third parties, or clients arising from environmental shifts; ongoing focus on supporting relevant sustainability data needs of key Deloitte stakeholders.

 

Name: Economic uncertainty

Description: Adapting timely to shifts in the macroeconomic conditions impacting Deloitte’s business environment

 

Name: Geopolitical uncertainty

Description: Ability to anticipate and adapt to geopolitical trends, conflict, public policy, sanctions, and global trade concerns which could impact our ability to execute against Deloitte’s strategy

 

Name: AI and technology driven transformation

Description: Ability to advance market differentiation and competitiveness through service and technology innovation to address shifting client demand and market trends

 

Name: Multidisciplinary model

Description: Ability to navigate regulatory developments or other changes in stakeholder expectations that could create disruption in the business model for Deloitte businesses

Name: Talent

Description: Ongoing ability to attract, develop, and retain high-performing professionals and leaders; navigate shifts in necessary skills; and remain competitive in the market for top talent

 

Name: Purpose

Description: Ongoing ability to live up to Deloitte’s Purpose and Shared Values, sustain responsible business practices, and meet dynamic expectations of stakeholders

The way forward

Going forward, Deloitte will continue to invest in leadership, risk program capabilities and enabling technologies to improve our risk identification, response, and reporting mechanisms to further strengthen the resilience and sustainability of the Deloitte network.

Contacts

Trina Huelsman
Deloitte Global Chief Risk Officer
thuelsman@deloitte.com

Related content