Skip to article navigation Skip to content

How we manage risk

A page refresh occures when a subject is selected.

Skip article navigation.

We use an Enterprise Risk Management (ERM) framework to identify risks. Where possible, we take measures to prevent or mitigate these risks. Ultimately, risk management is the responsibility of our Board of Management. As part of our approach, we regularly assess the effectiveness of our internal controls and mitigation measures. See also our quality controls and framework.

Risk philosophy

Our business is based on trust – we realise that any erosion of this trust could adversely affect our market position. Some risks are inherent to our business; we operate in a complex, highly-regulated and competitive environment. Through risk management, our goal is to ensure the long-term security of our business – we engage in activities only where we are able to make a positive impact for both our clients and professionals. In doing so, however, we will not compromise our quality or ethical standards. We believe that, ultimately, our services should benefit society as a whole.

Risk appetite

We will accept some net risk[1], but we will do so only if this risk is:

  • In line with our strategic objectives – and contributes responsibly to achieving them

  • And does not violate our core values or quality standards.

As a matter of principle, we will not take on any net risk that promotes growth at the expense of sustainability. We have a relatively low risk appetite when it comes to decisions that may affect public trust, given the importance of trust to our business. Our appetite for net risks arising from growth is moderately higher than those potentially affecting trust.

Financial and strategic risks

In the course of our business, we face both financial and strategic risks. Generally, financial risks fall under four main categories: credit risk, liquidity risk, market risk and risk associated with financial instruments. Strategic risks may vary from non-compliance with rules and regulations to a loss of public trust or a failure in innovation or talent management. We carry out an annual assessment of our strategic risks (updated after six months); this assessment is based on detailed discussions with the Board of Management and other business leaders. For the first time this year, as part of our analysis, we grouped risks into ‘clusters’ – this allowed us to identify better connections between specific risks.

Read the section 'Risk mitigation and controls' for further details on our financial and strategic risks.

  • 1 Net risk is the risk remaining after mitigation measures have been taken.