Risk Intelligence Map Risk Intelligence

Start Here

Businesses thrive by taking risks but falter when risk is managed

ineffectively. A Risk Intelligent Enterprise™ recognizes this dual nature of
risk and devotes sufficient resources both to risk taking for reward and to
Strategy and Operations/
the protection of existing assets. Governance Compliance Reporting
Planning Infrastructure
The Risk Intelligence Map™ provides a unique view on the pervasive,
evolving, and interconnected nature of risk that executives and managers
may find useful in identifying risks that apply to their organizations.
The Risk Intelligence Map is intended to serve as a guide on the journey
toward Risk Intelligence by helping personnel in all functions of an Corporate
Corporate Human Information Sales, Marketing
Ethics Responsibility & External Factors Planning Strategy Corporate Assets Finance Legal Product Development Supply Chain Compliance Reporting
organization broaden their perspective on risk and improve their ability to Governance
Sustainability (CR&S)
Resources Technology and Communications
execute their risk-related responsibilities.

This may be accomplished by using the Risk Intelligence Map to: Board
Business Continuity Innovation,
Compliance
Effectiveness/ Addressing Business Facilities and Health and Welfare Asset Discontinuance Branding and Communication with Accounting
spur discussions about risk management topics, including risk Knowledge Allegations
Biodiversity Climate Change Competition Management Alliances
Concentration Equipment
Accounting Audit Quality Corporate Culture
Benefits
Architecture
Management
Bankruptcy Competition
and Divestiture
Research, and
Reputation
Communication Planning
and Training Standards and
(BCM) Development
identification, prioritization, measurement, and mitigation Management Policies

facilitate the connection of risk management silos Failure to understand Lack of defined Failure to Inadequate Discrepancy between Failure to assess the Poorly executed Inadequate employee Architecture is Failure to define and Lack of understanding Failure to select Inappropriate Inadequate ongoing Inability to monitor
Inability to control and Inadequate business Inability to identify Supplier Inappropriate Inability to obtain Inaccurate demand/
identify redundant efforts in place to manage risk and exercise
fiduciary duties
protocols to address
allegations
minimize invasive
transportation of
reduce emissions
competitive
analysis
impact analysis alliance opportunities over-dependency
physical and financial
information
accounting policies
effectiveness of
internal controls
change management
process
benefits and
healthcare plans
not aligned with
corporate strategy
customer projections
identify duties at the
level of governance
of the industry and
market the organization
Product nonviability commercially viable
ideas
corporate branding
strategy
Unclear communication
supply forecast
compliance
communications
and implement
standards
improve efficiency in compliance and risk management efforts species to new
ecosystems
operates in
Ineffective/insufficient Failure to document Inappropriate Inability to build alternate Inadequate analysis of Failure to implement Use of unsupported Communication of Failure to have an Inability to implement
Customer Inappropriate Insufficient control Ineffective audit Insensitivity to Noncompliance with Failure to recognize Inadequate product Inadequate market Unprotected brand Inadequate capacity
develop risk event scenarios that require integrated responses. independent inquiries and allegations, monitoring of Antitrust actions infrastructure/capabilities business partner
over-dependency insurance coverage over journal entries planning employee morale accounting standards
a technology aligned software and hardware
the course of
Failure to comply with
recall research image
messages to
planning
organization-wide International Financial
committees including outcomes Failure to establish greenhouse gas to handle emergencies relationships with the organization’s inventory applicable antitrust/ inappropriate audience compliance training Reporting Standards
and regulations bankruptcy
and/or actions taken protective areas emissions strategy pricing regulations program (IFRS)
The Risk Intelligence Map should be used as part of an overall risk for biodiversity Ineffective BCM Dependency on facilities Failure to utilize Misaligned corporate Mismanagement of Inadequate Ineffective new Ineffective treatment Internal communications
management program that is based on the fundamental principles of the Poor communication conservation Failure to identify the Lack of integrity of Management override Inaccurate costing
Noncompliance with Disintermediation communication, training, not owned by the equipment that culture to corporate Ineffective/inefficient Inability to develop software and hardware Failure to understand discontinuance product development of negative events not aligned with corporate Failure to identify and
from management Lack of a defined scope of alliance financial information of controls Failure to secure considerations Inappropriate accounting
Risk Intelligent Enterprise. These principles define and integrate risk- procedure during crisis applicable laws and and/or testing strategy organization uses renewable or strategy employee benefits a business driven inventory
debtor rights
and pursue benefits notifications process and crisis management messages/strategy train specific businesses
policies
Failure to improve regulations on alternative energy plan administration architecture of antitrust laws and affected by new laws,
related responsibilities at every level of the organization, and address greenhouse gas sources regulations regulations, and policies
Inadequate natural resource Lack of knowledge of Inadequate Inability to monitor Lack of responsibility Inability to determine and
issues around governance, infrastructure, management, and ownership. emissions/pollution Poor monitoring and Over-reliance on Inadequate Failure to follow
knowledge of Loss of sensitive management in accounting principles communication Noncompliance with performance and for the post-sale life maintain optimum safety
control relationship management work of others Systems to not meet prototyping brand guidelines Lack of knowledge of
board responsibilities information through the production Failure to decommission and practices from top plans as documented availability of resources of products, including stock Failure to track and
Credit Rating Capital Planning business requirements accounting policies
inappropriate handling landscape facilities and remediate management and local, state, and their safe breakup evidence completion
By implementing these principles, a company can transform itself into a sites using the best country regulations Contract Corporate and disposal of required training
Inadequate Failure to adopt and Poor dispute
Risk Intelligent organization where: environmental solutions Insufficient anti-fraud Ineffective tax audit Stock Keeping Unit (SKU)
understanding of upgrade pollution resolution process Ineffective Management Investigations Erosion of brand
programs and controls management proliferation
the organization’s
leaders adopt a broad outlook on risk and integrate risk considerations business
control technologies
Inability to access Inability to
with business
partners
software acquisition
methodology Financial
into strategic decision-making Communication capital access capital Inappropriate/ Human Resource
Failure to use Implications of Failure to comply Corporate criminality Compliance Disclosures
Inability to generate inadequate Policies and Launch Liability
the board executes fiduciary responsibilities to ensure that appropriate Limited exposure to
management outside
tradable carbon credits
Inappropriate reliance on Inadequate capital
Intangible Assets manipulation of
accelerated tax
dispute resolution
Procedures
Significant Events with the terms
and conditions of
and questionable
practices
Culture
estimates and reserves Business Continuity Customer Sourcing
risk management controls and procedures are in place of the CEO and CFO Failure to establish credit ratings for business structure and debt/ techniques Change agreements Failure to disclose
Business Model Customers Management Relations/Customer Distribution
ongoing ethics decisions equity funding Inadequate Management information required
capable processes, systems, and trained people exist to act on both risks and compliance
Ineffective carbon
employment
Labor walkouts/ (BCM)
Inappropriate level
Failure to implement Inadequate Design or Support Failure to create a
sound culture where by regulatory standards
Lack of board reduction programs Copyright/trademark unionization/strikes anti-fraud controls marketing campaigns manufacturing defect
and opportunities in a timely and coordinated manner cohesiveness
communications Inappropriate
infringement
standards of authority to Inability to procure goods/ compliance-related
enter contracts matters and issues are
a consistent approach is used across the organization to manage all Failure to provide a
management of
credit ratings
Capital allocation risk
Inappropriate business
Inability to attract
Capital
Management
Credit
Violation of
Inability to recover Ineffective change
Inadequate execution
Inadequate
infrastructure
Inappropriate contracts
with distribution
raw materials cost
effectively and constrain treated with rigor Inadequate management
and retain customers Ineffective change data control processes discussion and analysis
classes of risk in an effective and efficient manner. means for employees model assumptions employment Agreements are of independent Inadequate training Breach of warranty to support customers channel partners volatile material costs and objectivity
Energy management
to raise ethics and Community Lack of labor contracts practices inconsistent with internal investigations
Management and
Board Structure compliance issues Investment Investment risk Unexpected adverse Lack of effective Unauthorized changes business goals Poorly defined Failure to provide
For more information on the nine principles of Risk Intelligence, see and Leadership
Alternative Sourcing Inadequate
changes in customer
Improper capital
credit management Compliance with Insufficient due
Critical resources
into the production customer support
Distribution channel Inadequate supplier
personnel with the
“Putting Risk in the Comfort Zone: Nine Principles for Building the Risk Failure to provide
Customer Demands environmental scan
demand/preferences
budgeting
process fair employment diligence in Human
are not available
environment Terms and conditions
Lack of regulatory Inadequate customer Improper labeling or
frameworks,
conflicts selection process
tools and resources
Financial
awareness support product usage Information
Intelligent Enterprise,” at www.deloitte.com/RiskIntelligence. an anonymous Theft of trade secrets practice is not Resources are not in compliance workflows, and needed to attain
Poor community Inadequate energy Poor internal Availability
reporting line Failure to maintain monitored Inappropriate planning Insufficient with laws and performance metrics Inappropriate ongoing compliance
Lack of appropriate welfare initiatives conservation organization and Inappropriate Inadequate monitoring of Default in repaying Inadequate quality to
credit information Organizational for critical infrastructure testing prior to regulations Lack of coordination distribution
tone set by leadership Changing customer process chain product/pricing mix customer usage debt obligation goods/raw materials
The Risk Intelligence Map is not a definitive or comprehensive Failure to engage of customers Lack of uncertainty causes disruptions implementation between legal and Poor customer network design Misaligned compliance Unavailability of
preferences Underutilization of
representation of risks that may be encountered by an organization. employees and keep Lack of internal communication recruitment and Failure to monitor other appropriate Product Relationship culture to corporate financial information
Inability to utilize alternate Failure to align the intangibles Production
Weak structure/ ethics and compliance support for community Failure to evaluate and training retention challenges business partner’s departments Design/Quality management strategy to make decisions
Consider customizing the Risk Intelligence Map based on risks that impact composition of top of mind development initiatives
sources of energy
Inappropriate
business strategy with Inappropriate
optimal sources and
Poor credit rating
around employment
Inability to recover from Inability to recover
compliance with
Poor inventory Over-reliance on sole
capital planning segmentation techniques a business interruption processing management source vendors
your organization. Areas could include regulatory, geographic, industry, the board inventory cost of finance standards Unclear agreements Inadequate Failure to enforce Noncompliance with
and company-specific issues. Ineffective reporting Noncompliance with segmentation communication and Non-integrated attention to compliance programs applicable laws and
Personal Safety Inadequate quality
Ineffective communication of community applicable laws and Ineffective Inadequate change management product development customer Inability to monitor and apply disciplinary regulations
Legal capital Nonperformance of a standards Lack of sustainable
For more information on customizing the Risk Intelligence Map to meet the between and amongst the Corrective Action investment initiatives regulations on energy marketing allowance for credit strategies Inadequate due-diligence process satisfaction contract compliance and measures
Shifting terms and requirements post-validation check supply chain logistics
board and management and Discipline utilization/conservation Knowledge message losses on prospective sustain sourcing savings
needs of your organization, please contact your Deloitte practitioner. Ineffective decisions
conditions
Management contracting parties/ Ineffective product
Lack of data quality
Inadequate personal Improper production and integrity
Board conflicts of and programs to send Inadequate capital business partners design and
safety planning Compliance
interest or lack of Failure to discipline functions overseas to structure and Labor Organization development
Information
independence employees for cheaper markets Failure to understand Extended debt/equity Relations Structure Contracting and Information verification E-Commerce/
Economic Growth Investor Relations Production Management
noncompliance benefits of structured Enterprise Lack of adequate financing Outsourcing Security Poor engineering Internet Strategy
Conditions/Industry
Inappropriate decision- Failure to maintain knowledge management processes for periodic Failure to perform design and Financial
Trends Environmental,
making and delegation Inconsistent treatment of services along rural review, communication Finance and post-launch feedback standardization Failure to establish Statement Fraud
Failure to optimize Unclear lines of Health and Safety
of authorities employees for and underserved routes Failure to use appropriate Legal complexities in Ineffective strategy and enforcement of Poor labor conditions Improper bidding and Accounting assessment Lack of Internet effective means to
capital structure authority Ineffective/inefficient (EH&S) Dissemination of poor Inefficient production
noncompliance tools, technologies, and dealing with various development and health and safety selection, contracting, exposure of products manage compliance
Changes to industry policies access controls Inadequate quality information planning process
Poor cooperation Lack of accessibility methods for knowledge entities communication and ongoing or services information
Failure to communicate structure Failure to protect controls Inadequate Corporate
and organizational for elderly and management Significant adverse due diligence Failure to comply
consequences of Failure to design intellectual property Governance
alignment disable persons Inability to maintain Noncompliance with conditions in collective Misuse of authority with disclosure Nonexistent Ineffective financial Failure to establish
unethical behavior and Lack of growth in new Vulnerability to environmental Inadequate quality control
consistency in providing applicable laws and Financial Asset Insurance and bargaining agreements Poor security and requirements Inappropriate technical e-commerce strategy processes to deliver effective executive
noncompliance Macroeconomic or emerging markets malicious attacks safety procedures measures
Inadequate attention quality products and regulations Investment Hedging privacy controls Failure to assessment for new and tools to expand communications in dashboard views
changes Ineffective anti-fraud
to strategy and Failure to implement Operational services Inappropriate of outsourced data minimize risks to products business a timely manner of compliance issues
Poor labor dispute Inadequate financial programs
execution changes to correct Fair Trade Natural Resource Planning delegation of Lack of policies and the environment
Failure to identify resolution process Ineffective antivirus controls Inability to control
systemic program issues Certification and Utilization Excessive dependency on Inappropriate Inappropriate authority Contractual inability procedures to comply and customers in Insufficient Failure to protect Lack of data integrity
growth opportunities strategy Inadequate media variations in products
Business cyclicality one or few partners/ information for insurance/hedging to review security with EH&S standards product design collaboration with e-commerce/ of the information Inability to implement
Physical Security training
Compensation/ Inadequate vendors investment decisions coverage Inappropriate distribution and privacy practices third parties Internet trade relied upon for ongoing a compliance and
Lack of integrity in compliance management
Performance Failure to adopt fair departmental of decision-making Inability to manage third ethics program
Commodity risk and Untimely application Lack of awareness financial reports
Incentives/ Ethical Culture/ trade business representation in Failure to balance Lack of evaluation for authority Inability to use Inability to adhere party manufacturers
natural resource security of security patches of EH&S regulations
Alignment Tone at the Top practices Demographic changes plan development portfolio of insurance/hedging e-commerce to to regulatory
Failure to implement Lack of effective
investments coverage Lack of an Technology improve customer requirements
Innovation Markets security controls Excessive Substitution internal controls
Inadequate disclosure Inability to get Inability to mitigate independent Obsolescence relationships Lack of operational Compliance
Established plans are divisional focus Lack of physical/
of compensation products certified natural resource Failure to align Audit committee uniformity across Organization
Failure to foster unachievable Failure to monitor logical security
process and philosophies with the “Fair dependency Inflation/deflation Inadequate processes investments with production facilities
an ethical culture timely reporting Failure to implement
Trade Certified Mark” Inability to sustain and/or and policies to secure business strategies Failure to upgrade Ineffective/delayed Click-through fraud
Complex Improper integration segregation of duties
Misalignment of Inadequate systems Inappropriate improve market share due Financial markets risk physical assets quality and development, testing, Inefficient warehousing/ Failure to designate a
organizational design Lack of segregation of rules and regulations
performance metrics Inappropriate Inability to and processes for deployment of to lack of innovation performance of and deployment of inventory management specific executive(s)
Monetary and fiscal of duties
with long-term strategy performance generate business utilization and resources Ineffective physical existing products new technology processes in charge
policies
incentives and reputation reporting of natural Inadequate security risk mitigation
resources Failure to generate new Liquidity Pensions Failure to establish
Executive compensation through fair trade consideration of plans Insufficient Marketing Lack of manufacturing Management
products or services Performance/Talent a compliance plan Inappropriate technology Market Research Inadequate dedication
inconsistent with Failure to monitor and external factors diversification Programs flexibility to react to Reporting
Payroll Management and alliances of appropriate resources
stakeholder expectations control unauthorized Performance Physical and of product range disruptions
Compensation Operations
activities Management Failure to embed Theft of assets Lack of an Environmental
External Fraud Inadequate funding
innovation across the efficient investment Poor product Inadequate information
Undue emphasis on Philanthropy Project Financing and liquidity Intellectual Failure to replace Analysis of Lack of authority and Insufficient sharing
organization management team Unreasonable Government lifecycle to support marketing
short-term results Failure to protect Inaccurate payroll Property obsolete technology insignificant data independence of information
performance Failure to ensure the Inadequate physical Investigations management programs
whistleblowers Inability to measure processing (IP) Delivery
Inability to fund expectations scheduling and timely security around data
performance
Insufficient Financing projects Customer fraud Process Inadequate cash flow pensions within the completion of processes centers Failure to monitor Failure to adopt
Misalignment of Mergers/ Inability to report
organizational with harmful Management due dates Incentives not Lack of guidance marketing programs appropriate techniques
incentives and rewards Acquisitions/ Outsourcing Inefficient payroll Failure to register on key metrics
philanthropic environmental impacts Lack of key linked to Inefficient data Inability to manage regarding matters with business partners and methods for market Unreliable third party Compliance
Divestitures processing IP rights Testing Timing
activities performance Adverse changes in performance retention processes environmental or of government research logistics (3PL) service Reporting
Ethics Reporting Vendor or business Inappropriate actuarial
Failure to screen indicators Inability to track volume of debt and tools climate changes investigations Lack of cohesion/ providers Ineffective
partner fraud estimates
Corporate Failure to encourage general financing Inability to identify assets and related securities issued Ineffective oversight/ Failure to protect cooperation between Analysis and research presentation
Loss of core Inadequate
Responsibility and employees to projects Inadequate a clear end-state information governance of Failure to archive Failure to properly Failure to identify sensitive information Inadequate Delay in development marketing and sales results in the formation Failure to optimize lead Failure to identify of information
competencies segregation of duties
Sustainability Failure to identify undertake communication vision for the Failure to meet executive compensation critical data at off-site conduct routine areas of concern pertaining to IP pre-release and launch of new organizations of incorrect conclusions time for supplies/ and report key
(CR&S) philanthropy Ineffective integration/divestiture Insufficient control process
and report key Financing projects in of performance pension fund locations capacity planning that could trigger testing products distribution compliance-related
anti-fraud programs Inadequate logistic over distributions
ethics-related trends countries with human expectations Sole source obligations governmental Failure to analyze trends
(external fraud) processes Payroll Infringement of IP Failure to identify
Failure to meet Ineffective reporting rights violations Insufficient accounting, dependence on investigations Noncompliance current market Regulatory
outsourcing risk Failure to secure rights owned by others Poor anticipation of target audience Inappropriate network
social responsibility of organization’s Lack of acceptance tax, regulatory, and outsourced core Potential for with regulatory conditions Inadequate resources Reporting
Inadequate resources to Inadequate analysis transportable media market requirements design
obligations philanthropic of key/standard operational target functions fraudulent Improper internal requirements to report compliance
report ethics violations Ineffective/inefficient of market depth
initiatives metrics screening behavior investigation and issues effectively
business processes Failure to protect the Failure to properly
Lack of involvement Failure of outsourcing Tax compliance risk Inability to capture inefficient communication Failure to time Inefficient order
Geopolitical use of IP Inadequate market track results Inappropriate external
from appropriate Inadequate reporting of agency to meet Ineffective equity required tax and programs in times new product management and Inadequate reporting
Incomplete Inadequate working testing reporting
levels of management material ethics violations requirements and deferred legal data of crisis pre-announcement verification process of material compliance
due-diligence capital management
to appropriate external Sustainability compensation process Failure to support issues to appropriate
Resource Scarcity Scenario Planning Unethical marketing
stakeholders Strategy international Failure to monitor Inefficient inventory and external stakeholders Material misstatements
Inadequate oversight Suspension of country Failure to monitor Taxation programs
Failure to achieve patent rights activities of business channel deployment in the financial
over CR&S activities concessions business partners
synergies from post Privacy and Data Problem partners process statements
Lack of focus on merger integration Planning/
Failure to consider Retirement Talent Pipeline/ Protection Management
research and Failure to demonstrate Budgeting/ Taxation
Lack of adequate scenario planning in Absence of specific Programs Recruitment Controls and Inability to report on
Investigation development of corporate responsibility Expropriation by Excessive tax Forecasting Labor and
disclosure of CR&S long-term planning supplier criteria in Legal Entity Monitoring the effectiveness of
renewable energy governments valuations of property Employment Marketing Strategy Public Relations
activities process the area of social Unauthorized Untimely detection Planning internal controls
sources Issues Returns
CR&S priorities not performance Lack of succession access to personally and escalation of
Inappropriate Noncompliance with Ineffective design of
Lack of defined adequately engrained Failure to consider Failure to minimize tax planning/loss of identifiable problems Inadequate
Scarcity of water Political instability business assumptions transfer pricing terms retirement programs
protocols to conduct within overall business key variables in Failure to perform legal costs of acquiring and key personnel information (PII) Failure to incorporate Failure to assess Marketing programs establishment of Improper valuations
Reputation/ (potable and (local, state, country) Ineffective treatment
investigations strategy scenario analysis review of outsourcing locating physical assets Inadequate and employment laws regulatory and not aligned with Poorly defined and preventative and
Stakeholder industrial) of public relations
contract and facilities Unreliable information Unclear ownership untimely post-mortem into Human compliance risks while the organization’s unenforceable return and detective controls
Relations Inadequate or Poor employee
Failure to identify and Lack of cooperation used in planning and Regulatory risks and classification actions to resolve Resources policies forming a new entity objectives credit policies Lack of integration of
Excessive trade Inadequate responses overly aggressive retention policies
assess ethics and with industry-wide budgeting process of data problems Failure to establish internal controls over
embargoes to scenarios Suboptimal tax planning Inconsistent
Inability to understand compliance-related risks initiatives Failure to monitor Complexities in revising Corporate messages monitoring and financial reporting
depreciation policy messaging Inefficient return handling
and meet shareholder compliance with contracts with customers/ not aligned with testing programs processes with other
Policy Pricing Failure to monitor Inaccurate and costly Failure to attract and Inability to solve processes
expectations Failure to identify Poor sustainability Corruption risks Lack of data integrity employment laws vendors for merged corporate strategy operational and/or
plans and budgets Inability to meet tax administration process retain employees problems compliance processes
processes and activities considerations in (including foreign entities
requirements Inability to sustain
Failure to understand impacted by ethics and operational processes corrupt practices Lacks of awareness
Incorrect assessment Poor forecasting/trend control improvements
trends related to the compliance related risks violations) Inadequate Violation of cross-border of employment laws Inability to identify
Failure to comply with Utilization Inability to fund Poor workforce Inadequate assessment of market size analysis of returns
organization’s workforce, communication Improper tax planning privacy laws and among personnel and remediate material
pricing regulations Inadequate tax risk retirement programs diversity of the entity structure
creditors, customers, and Failure to regularly of policies regulations weaknesses and
Waste Reduction management
other stakeholders assess the organization’s Sustainable Water Cultural disconnect significant deficiencies
and Closed Loop Inadequate planning for
preparedness Quality Ineffective Policies and
Production Inappropriate pricing Ineffective recruiting Withdrawal of local tax reverse logistics
Real or perceived enforcement of Asset misappropriation Procedures
of products/services Unexpected cash process incentives Sales Strategy
influence of majority policies Project Records
taxes
shareholders Discharges and Management Management Reporting
Failure to reduce Inefficient recall
Monitoring and runoff affecting Hazards/ Failure to undertake Failure to develop Quality
waste Policies conflict with Lack of flexibility in Poor workforce Employee payouts due to management processes
Failure to adequately Auditing availability of Catastrophic Loss timely maintenance of Failure to optimize tax appropriate policies
business operations pricing mechanism planning entity closure
consider and/or respond water resources plant and machinery savings from business Failure to monitor, Improper and procedures
Ineffective sales force
to shareholder proposals Improper waste relationships communicate, and management Failure to provide
Inadequate chargeback
Failure to conduct treatment/reuse/ report on project of records Excessive and accurate and complete
Excessive usage of Health epidemics Failure to comply with Improper production reconciliation processes
routine compliance disposal practices progress inconsistent policies information
Poor corporate brand water (SARS, influenza, etc.) preferred pricing planning Legal and
audits Training and Litigation and Poorly designed and procedures
perception Failure to maintain Regulatory
Inability to adopt Development Failure to obtain proper Dispute Resolution alternative sales
security Compliance Failure to provide
Inappropriate Failure to comply a sustainable approvals and strategies Failure to establish
Ineffective international Inadequate capacity timely information
allocation of resources with applicable manufacturing Natural disasters stakeholder buy-in accountability and
pricing strategy planning
for monitoring and regulations on process Ineffective/inadequate Failure to comply Lack of guidance Ineffective Imprecise metrics to measurement
auditing water training and development Failure to identify, with legal and tax regarding appropriate litigation risk monitor sales strategy Utilization of
Risk Oversight
Noncompliance with Inappropriate location programs prioritize, report, and requirements legal practices assessment success outdated information
Man-made
Failure to continuously applicable waste and/or inefficient manage project goals and reporting tools
hazards/terrorism
monitor the ethics and management laws Vision, Mission, operation of assets Lack of adequate Lack of data Improper Residual claims Inaccurately
Technology Risk Assessment
Inadequate board compliance programs and regulations and Values programs for retention policies communication of from disposed or forecasting key
oversight of risk continued and procedures mandatory legal acquired entities trends in the market
management activities employability of requirements
employees Statutory Reporting
Laws and Failure to articulate a Inability to identify
Inability to plan Inability to
Inadequate structure to Policies and Regulations vision statement that significant compliance
for obsolescence Failure to comply defend lawsuits
allow for an enterprise Procedures inspires the organization Training and Technology risks
with the regulations
risk management process development program Licensing Failure to identify
Failure to define not aligned with Lack of pre-emptive Failure to establish statutory reporting
Inappropriate Inability to implement business plans
Inadequate or the mission of the Lack of oversight legal risk management controls to mitigate requirements
Inadequate ethics and lobbying technology
inappropriate risk organization Failure to import/export authority for process identified risks
compliance policies
appetite and tolerances Outsourcing of the technology, software, implementation Failure to ensure
Adverse legal/ Ineffective/delayed Failure to articulate training and data, and/or hardware Pass-through Inability to data accuracy in
regulatory changes development, testing, values for conducting development Failure to implement liability from communicate risks statutory reporting
Lack of risk intelligent Inadequate ethics and function
(multi-jurisdictional) and deployment of business and maintain an business partners across lines of business
decision-making compliance procedures Failure to comply with
new technology effective corporate Inappropriate or
legal requirements
Noncompliance compliance program incorrect form of
with country and presentation
Inadequate risk-related Failure to prepare
jurisdiction-specific Failure to constantly
public disclosures job-specific procedures Supervision
laws and regulations review the applicable
legistlations Records and
Privacy and Security
Information
Inadequate utilization of Laws Sustainability
Management
an appropriate risk Use of unlicensed Reporting
Program Lack of accountability
framework and inappropriate
Assessment and Markets and measurement
software Failure to establish Failure to establish
Evaluation
formal privacy a recordkeeping Failure to disclose
Failure to establish policies policy Failure to establish noncompliance
Transparency and Failure to collect the business partner and maintain with applicable
Financial Integrity relevant data and Financial market risk escrow agreements supervisory controls environmental laws
Failure to implement Inability to produce and regulations
information to evaluate
privacy programs records
the program Inability to
Cursory reviews of link compliance Failure to position
financial statements and Failure to identify Commodity price risk Failure to comply Lack of adherence performance to sustainability as an
related disclosures areas of concern and with applicable with recordkeeping performance investable concept
prioritize them privacy legislations laws and obligations management
Failure to challenge
Inability to address
management Failure to take efforts Interest rate risk Lack of knowledge Compensation is not
shareholder concerns
assumptions to continuously to preserve legal linked to personal
improve the program evidence performance
Inadequate oversight of
Foreign exchange
internal and external
rate risk Lack of a document
auditors
retention policy Tax Reporting
Structure and
Inadequate or Oversight
unqualified finance Lack of an ongoing
organization Third party/
responsibility to Inadequate tax
Joint Venture
supervise mandatory sensitization of
Inappropriate Requirements
retention of financial data
Lack of financial expertise oversight policies
documents
on the Audit committee
Noncompliance with
Project funding
Inadequate oversight filing requirements
structure

Inability to audit Inability to produce tax

Inappropriate third parties basis balance sheets
delegation of duties
and monitoring of
activities
Inadequate global tax
Contract risk
provision evaluation

Training Poor labor and human

rights considerations

Inadequate ethics and

compliance training
program

Failure to train specific

business units on the
ethics and compliance
Usage policies and procedures
This document may be used by your organization for its internal business purposes only.

Disclaimer Failure to track

This document contains general information only, and none of Deloitte Touche Tohmatsu, its member firms, or completion of training
its and their affiliates are, by means of this document, rendering accounting, business, financial, investment,
legal, tax, or other professional advice or services. This document is not a substitute for such professional
advice or services, nor should it be used as a basis for any decision or action that may affect your finances or
your business. Before making any decision or taking any action that may affect your finances or your
business, you should consult a qualified professional adviser.

None of Deloitte Touche Tohmatsu, its member firms, or its and their respective affiliates shall be responsible
for any loss whatsoever sustained by any person who relies on this document.

About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein (DTT), and its network of member
firms. Each member firm provides services in a particular geographic area and is subject to the laws and
professional regulations of the particular country or countries in which it operates. DTT helps coordinate the
activities of the member firms but does not itself provide services to clients.

DTT and the member firms are separate and distinct legal entities, which cannot obligate the other entities.
DTT and each DTT member firm are only liable for their own acts or omissions, and not those of each other.
Each DTT member firm is structured differently in accordance with national laws, regulations, customary
practice, and other factors, and may secure the provision of professional services in their territories through
subsidiaries, affiliates and/or other entities. Please see www.deloitte.com/about for a more detailed
description of Deloitte Touche Tohmatsu and its member firms.

© Deloitte Touche Tohmatsu

Version 2.1
Item #7355