Professional Documents
Culture Documents
Audit Advisory Enterprise Risk Assessment
Audit Advisory Enterprise Risk Assessment
• Establish a well-defined process for communicating significant risks to Executives and the Board;
• Create the foundation for strategic planning and decision making through targeted risk responses; and
• Achieve legal compliance with the Swiss Code of Obligations whilst creating ongoing value for the organisation.
Compliance management
Organisational Mission
and Objectives 2. Risk Universe
Competition
Operational
Economic Capital planning
conditons/ planning
industry trends
Geo-political Scenario
Sustainability Mergers/Acquisitions/
planning Divestitures
Climate change
Outsourcing
Biodiversity External
Factors Planning Business
concentration
Corporate
Compliance
responsiblity & Strategy
Transparency and information
sustainability
Financial integrity management
Strategy and Planning
Board effectiveness Compliance
Corporate culture
Governance
Risk
Intelligence
Compliance Compliance
reporting 3. Risk
Interviews Ethical culture/
Tone at the top Ethics
Reporting Compliance with
accouting
standards
Register
Operations/
Communication Infrastructure Co Financial statement fraud
t rp
uc ent as ora
od se te
Pr lopm
ma mun
co
ts
Sa ting ions
ve
rke ica
les
ce
de
Information
Technology
, &
s
an
Reso an
Product Process
urce
Leg
Fin
Funding Regulatory
Hum
design/ management
t
al
Quality
Marketing Utilization
Liability
Accounting
Performance/ Contract
strategy Communications Succession
Information
Talent security mangement
Audit
management Communications Price volatility Reputation
Quality Privacy and Litigation
Training and data protection
Intellectual
development Change property Stakeholders Certification
management
Budget Technology
Planning Training
Attraction Economic
6. Action 4. Risk
planning Voting
5. Risk prioritisation
Enterprise Risk Assessment
No Risk Management program can get very far without
an in-depth understanding of the specific risks that an
organisation faces. That is why risk identification and
assessment are important – as a way for the organisation
to get a handle on the universe of significant risks it faces,
and to determine how important each risk is to the
achievement of its overall goals.
Jenni Kettunen
Direct: +41 (0)58 279 64 25
Email: jkettunen@deloitte.ch
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), a UK private company limited by guarantee, and its
network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/ch/about for a
detailed description of the legal structure of DTTL and its member firms.
Deloitte SA is a subsidiary of Deloitte LLP, the United Kingdom member firm of DTTL.
Deloitte SA is recognised as auditor by the Federal Audit Oversight Authority and the Swiss Financial Market Supervisory Authority.
This publication has been written in general terms and therefore cannot be relied on to cover specific situations; application of the
principles set out will depend upon the particular circumstances involved and we recommend that you obtain professional advice
before acting or refraining from acting on any of the contents of this publication. Deloitte SA would be pleased to advise readers
on how to apply the principles set out in this publication to their specific circumstances. Deloitte SA accepts no duty of care or
liability for any loss occasioned to any person acting or refraining from action as a result of any material in this publication.