Description
CFO Insights
Compliance risks:
What you don’t contain can hurt you
As global regulations proliferate and stakeholder
expectations increase, organizations are exposed to
a greater degree of compliance risk than ever before.
Specifically, compliance risk is the threat posed to a
company’s financial, organizational, or reputational
standing resulting from violations of laws, regulations,
codes of conduct, or standards of practice.
To understand their risk exposure, many organizations
may need to improve their risk assessment process to
fully incorporate compliance risk exposure. The case for
conducting robust compliance risk assessments can be
made given today’s business complexity, but it is also
deeply rooted in the U.S. Federal Sentencing Guidelines
for Organizations, which establish the potential for credit
or reduced fines and penalties should an organization
be found guilty of a compliance failure. Nevertheless,
according to a survey conducted jointly by Deloitte &
Touche LLP and Compliance Week, 40% of companies do
not perform an annual compliance risk assessment.1
In this issue of CFO Insights, we’ll discuss how CFOs can
work with their Chief Compliance Officers to understand
the full spectrum of compliance risks lurking in each part
of the organization.
In addition, we will discuss ways to assess which risks have the greatest potential for legal, financial, operational, or reputational damage, and considerations for allocating limited resources to mitigate those risks. How do compliance risk assessments differ? Organizations conduct assessments to identify different types of organizational risk. For example, they may conduct enterprise risk assessments (typically owned by the CFO or Chief Risk Officer) to identify the strategic, operational, financial, and compliance risks to which the organization is exposed. In most cases, the enterprise risk assessment process is focused on the identification of “bet the company” risks—those that could impact the organization’s ability to achieve its strategic objectives. Many organizations also conduct internal audit risk assessments that likely consider financial statement risks and other operational and compliance risks. While both of these kinds of risk assessments are typically intended to identify significant compliancerelated risks, neither is designed to specifically identify legal or regulatory compliance risks (see comparison, Table 1).
Therefore, while compliance risk assessments should certainly be linked with the enterprise or internal audit risk processes, they generally require a more focused approach. That is not to say that they cannot be completed concurrently, or that they ought to be siloed efforts—most organizations may be able to combine the activities that support various risk assessments, perhaps following an initial compliance risk identification and assessment process. 1 . Table 1. The interrelationship among enterprise risk management (ERM), internal audit, and compliance risk assessments ERM Objective Scope Typical owner Identify, prioritize, and assign accountability for managing strategic, operational, financial, and reputational risks Any risk significantly impacting the organization’s ability to achieve its strategic objectives Chief Risk Officer/Chief Financial Officer Internal audit Compliance Determine and prioritize risks to aid in developing the internal audit plan, helping to provide the board and the executive team with assurances related to risk management efforts and other compliance activities Identify, prioritize, and assign accountability for managing existing or potential threats related to legal or policy noncompliance—or ethical misconduct—that could lead to fines or penalties, reputational damage, or the inability to operate in key markets Financial statement and internal control risks, as well as some operational and compliance risks that are likely to materially impact the performance of the enterprise or financial statements Laws and regulations with which the organization is required to comply in all jurisdictions where it conducts business, as well as critical organizational policies— whether or not those policies are based on legal requirements Chief Audit Executive Chief Compliance Officer Figure 1. Enterprise ethics and compliance program and risk exposure program: An illustrative example Understanding top compliance risks The compliance risk assessment will help the organization understand the full range of its risk exposure, including the likelihood that a risk event may occur, the reasons it may occur, and the potential severity of its impact. An effectively designed compliance risk assessment also helps organizations prioritize risks, map them to the applicable risk owners, and effectively allocate resources to risk mitigation. Building a framework and methodology Because the array of potential compliance risks facing an organization is typically very complex, any robust assessment should employ both a framework and methodology.
The framework lays out the organization’s compliance risk landscape and organizes it into risk domains, while the methodology contemplates both objective and subjective ways to assess those risks. The framework needs to be comprehensive, dynamic, and customizable, allowing the organization to identify and assess the categories of compliance risk to which it may be exposed (see Figure 1). Some compliance risks are specific to an industry or organization—for example, worker safety regulations for manufacturers or rules governing the behavior of sales representatives in the pharmaceutical industry. Other compliance risks transcend industries or geographies, such as conflicts of interest, harassment, privacy, and document retention. An effective framework may also outline and organize the elements of an effective risk mitigation strategy that can be applied to each compliance risk domain. 2 .
Applying the methodology and conducting the risk assessment Using an objective methodology to evaluate the likelihood and potential impact of each risk can help the organization understand its inherent risk exposure. “Inherent risk” is the risk that exists in the absence of any controls or mitigation strategies. At the outset, gaining a preliminary understanding of inherent risk helps the organization develop an early view on its strategy for risk mitigation. And when organizations identify inherent risk, they should consider key risk drivers that can be organized into the following four broad categories: • Legal impact: Regulatory or legal action brought against the organization or its employees that could result in fines, penalties, imprisonment, product seizures, or debarment. • Financial impact: Negative impacts with regard to the organization’s bottom line, share price, potential future earnings, or loss of investor confidence. • Business impact: Adverse events, such as embargos or plant shutdowns, that could significantly disrupt the organization’s ability to operate. • Reputational impact: Damage to the organization’s reputation or brand—for example, bad press or socialmedia discussion, loss of customer trust, or decreased employee morale. It is important to provide both quantitative and qualitative measures for each category. However, as with all risk assessments, precise measurement may be elusive.
In the case of risks with direct financial impact, an actual monetary value may be measurable with respect to the risk. Another way to evaluate risk is using a criticality scale that indicates the extent of impact should noncompliance occur. Extent of impact can be described in qualitative terms.
For example, for reputational impact, low impact might be minimal to no press coverage, while high impact might be extensive negative press in the national media (see Figure 2). Figure 2. An illustrative criticality scale 3 . Assessing your exposure to compliance risks There are several critical questions organizations should ask related to compliance risks and ways to mitigate those risks: • What kinds of compliance failures would create significant brand risk or reputational damage? Could the failures arise internally, in the supply chain, or with regard to third parties operating on the organization’s behalf? What is the likely impact of that damage on the organization’s market value, sales, profit, customer loyalty, or ability to operate? • What kinds of compliance missteps could cause the organization to lose its ability to sell or deliver products/services for a period of time? • How should the compliance program’s design, technology, processes, and resource requirements change in light of growth plans, acquisitions, or product/category/service expansions? • Is the organization doing enough to inform customers, investors, third parties, and other stakeholders about its vision and values? Is it making the most of ethics, compliance, and risk management investments as potential competitive differentiators? • What are the total compliance costs—beyond salaries and benefits at the centralized level—and how are costs aligned with the most significant compliance risks that could impact the brand or result in significant fines, penalties, and/or litigation? • How well positioned is the compliance function? Does it have a seat “at the table” in assessing and influencing strategic decisions? • What are the personal and professional exposures of executive management and the board of directors with respect to compliance? 4 Determining residual risk While it is impossible to eliminate all of an organization’s risk exposure, the risk framework and methodology help the organization prioritize which risks it wants to more actively manage. Developing a framework and methodology can help organizations determine the extent to which the organization’s existing riskmitigation activities (for example, testing and monitoring or employee training programs) are able to reduce risk.2 Effective risk mitigation activities may reduce the likelihood of the risk event occurring, as well as the potential severity of impact to the organization. When an organization evaluates inherent risk in light of its existing control environment and activities, the degree of risk that results is known as the “residual risk.” If existing risk mitigation strategies are insufficient at reducing residual risk to an acceptable level, this is an indication that additional measures are in order. Elements of a leading compliance risk assessment While every compliance risk assessment is different, the most effective have a number of things in common. CFOs should consider the following leading practices when working with their Chief Compliance Officers to evaluate the assessment: • Gather input from a cross-functional team. A compliance risk assessment requires the participation of deep subject matter specialists from the compliance department and across the enterprise.
It is the people living and breathing the business—those in specific functions, business units, and geographies—who truly understand the risks to which the organization is exposed, and will help ensure all key risks are identified and assessed. In addition, if the methodology is designed in a vacuum without consulting the risk owners, the output of the process may lack credibility when it comes to implementing mitigation programs. . • Build on what has already been done. Rather than starting from scratch, look for ways to leverage existing material, such as enterprise risk assessments, internal audit reports, and quality reviews, and integrate compliance risk content where appropriate. Be sure to communicate the differences between the compliance risk assessments and other assessments to groups you seek to engage. Clearly, the output of each risk assessment process should inform and connect with each of the others. • Use plain language.
The assessment needs to be clear, easy to understand, and actionable. Avoid absolutes and complex legal analysis. • Establish clear risk ownership of specific risks and drive toward better transparency. A comprehensive compliance risk assessment can help identify those individuals responsible for managing each type of risk, and make it easier for executives to get a handle on risk mitigation activities, remediation efforts, and emerging risk exposures. • Leverage data.
By incorporating and analyzing key data (e.g., hotline statistics, transactional records, audit findings, compliance exception reports), organizations can gain a deeper understanding of where existing or emerging risks may reside within the business. Many organizations are considering investments in technology, such as analytical and brand monitoring tools, to help leverage and analyze data to strengthen their risk-sensing capabilities. Additionally, organizations are considering investments in data, including traditional media negative-mention monitoring, socialmedia data, surveying, and other data sources. • Make the assessment actionable. The assessment both prioritizes risks and indicates how they should be mitigated or remediated.
Remediation actions should be universally understood and viable across borders. Be sure the output of the risk assessment can be used in operational planning to allocate resources and that it can also serve as the starting point for testing and monitoring programs. • Solicit external input when appropriate. By definition, a risk assessment relies on knowledge of emerging risks and regulatory behavior, which are not always well known within the organization. Tapping outside expertise can inform the assessment and ensure that it incorporates a detailed understanding of emerging compliance issues. • Treat the assessment as a living, breathing document.
Once you allocate resources to mitigate or remediate compliance risks, the potential severity of those risks will change. The same goes for events in the business environment. All of this should drive changes to the assessment itself. • Periodically repeat the risk assessment.
Effective compliance risk assessments strive to ensure a consistent approach that continues to be implemented over time (e.g., every one or two years). At the same time, risk intelligence requires ongoing analysis and environment scanning to identify emerging risks or early warning signs. The constantly changing regulatory environment increases the vulnerability of most organizations to compliance risk. The complexity of the risk landscape and the penalties for non-compliance make it essential to conduct thorough assessments of compliance risk exposure.
A good ethics and compliance risk assessment includes both a comprehensive framework and a methodology for evaluating and prioritizing risk. With this information in hand, organizations may be better able to develop effective mitigation strategies and reduce the likelihood of a major noncompliance event or ethics failure, setting themselves apart in the marketplace from their competitors. Endnote 1 In focus: 2014 Compliance Trends Survey. http://www2.deloitte.com/us/en/ pages/risk/articles/compliance-trends-survey-2014.html. For additional information on the components of a world-class ethics and compliance program, http://www2.deloitte.com/us/en/pages/risk/articles/ building-world-class-ethics-and-compliance-programs-making-a-good-programgreat.html 2 5 .
l, Global Research Director, CFO Program, Deloitte LLP; P Contacts Nicole Sandford Partner, National Practice Leader, Enterprise Compliance Services Deloitte & Touche LLP +1 203 708 4845 nsandford@deloitte.com Deloitte CFO Insights are developed with the guidance of Dr. Ajit Kambil, Global Research Director, CFO Program, Deloitte LLP; and Lori Calabro, Senior Manager, CFO Education & Events, Deloitte LLP. About Deloitte’s CFO Program The CFO Program brings together a multidisciplinary team of Deloitte leaders and subject matter Keith Darcy specialists to help CFOs stay ahead in the face of Independent Senior Advisor to growing challenges and demands. The Program Deloitte & Touche LLP harnesses our organization’s broad capabilities to +1 203 905 2856 deliver forward thinking and fresh insights for every kdarcy@deloitte.com stage of harnesses career – helping CFOs manage the aders and subject matter specialists to help CFOs stay ahead in the face of growing challenges and demands. The Programa CFO’s our nsights for every stage of a CFO’s career – helping CFOs manage the complexities of their roles, tackle their company’s most compelling complexities of their roles, tackle their company’s Maureen Mohlenkamp most compelling challenges, and adapt to strategic t: Principal shifts in the market. Deloitte & Touche LLP +1 212 436 2199 y means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional adviceinformation about Deloitte’s CFO Program, visit For more or services.
This or should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may mmohlenkamp@deloitte.com our website at: www.deloitte.com/us/thecfoprogram. . Deloitte shall not be responsible for any loss sustained by any person who relies on this publication. Nolan Haskovec Senior Manager Deloitte & Touche LLP +1 212 436 2973 nhaskovec@deloitte.com Follow us @deloittecfo This publication contains general information only and is based on the experiences and research of Deloitte practitioners.
Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.
Deloitte shall not be responsible for any loss sustained by any person who relies on this publication. About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about for a detailed description of DTTL and its member firms.
Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. Copyright© 2015 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited. 6 .
In addition, we will discuss ways to assess which risks have the greatest potential for legal, financial, operational, or reputational damage, and considerations for allocating limited resources to mitigate those risks. How do compliance risk assessments differ? Organizations conduct assessments to identify different types of organizational risk. For example, they may conduct enterprise risk assessments (typically owned by the CFO or Chief Risk Officer) to identify the strategic, operational, financial, and compliance risks to which the organization is exposed. In most cases, the enterprise risk assessment process is focused on the identification of “bet the company” risks—those that could impact the organization’s ability to achieve its strategic objectives. Many organizations also conduct internal audit risk assessments that likely consider financial statement risks and other operational and compliance risks. While both of these kinds of risk assessments are typically intended to identify significant compliancerelated risks, neither is designed to specifically identify legal or regulatory compliance risks (see comparison, Table 1).
Therefore, while compliance risk assessments should certainly be linked with the enterprise or internal audit risk processes, they generally require a more focused approach. That is not to say that they cannot be completed concurrently, or that they ought to be siloed efforts—most organizations may be able to combine the activities that support various risk assessments, perhaps following an initial compliance risk identification and assessment process. 1 . Table 1. The interrelationship among enterprise risk management (ERM), internal audit, and compliance risk assessments ERM Objective Scope Typical owner Identify, prioritize, and assign accountability for managing strategic, operational, financial, and reputational risks Any risk significantly impacting the organization’s ability to achieve its strategic objectives Chief Risk Officer/Chief Financial Officer Internal audit Compliance Determine and prioritize risks to aid in developing the internal audit plan, helping to provide the board and the executive team with assurances related to risk management efforts and other compliance activities Identify, prioritize, and assign accountability for managing existing or potential threats related to legal or policy noncompliance—or ethical misconduct—that could lead to fines or penalties, reputational damage, or the inability to operate in key markets Financial statement and internal control risks, as well as some operational and compliance risks that are likely to materially impact the performance of the enterprise or financial statements Laws and regulations with which the organization is required to comply in all jurisdictions where it conducts business, as well as critical organizational policies— whether or not those policies are based on legal requirements Chief Audit Executive Chief Compliance Officer Figure 1. Enterprise ethics and compliance program and risk exposure program: An illustrative example Understanding top compliance risks The compliance risk assessment will help the organization understand the full range of its risk exposure, including the likelihood that a risk event may occur, the reasons it may occur, and the potential severity of its impact. An effectively designed compliance risk assessment also helps organizations prioritize risks, map them to the applicable risk owners, and effectively allocate resources to risk mitigation. Building a framework and methodology Because the array of potential compliance risks facing an organization is typically very complex, any robust assessment should employ both a framework and methodology.
The framework lays out the organization’s compliance risk landscape and organizes it into risk domains, while the methodology contemplates both objective and subjective ways to assess those risks. The framework needs to be comprehensive, dynamic, and customizable, allowing the organization to identify and assess the categories of compliance risk to which it may be exposed (see Figure 1). Some compliance risks are specific to an industry or organization—for example, worker safety regulations for manufacturers or rules governing the behavior of sales representatives in the pharmaceutical industry. Other compliance risks transcend industries or geographies, such as conflicts of interest, harassment, privacy, and document retention. An effective framework may also outline and organize the elements of an effective risk mitigation strategy that can be applied to each compliance risk domain. 2 .
Applying the methodology and conducting the risk assessment Using an objective methodology to evaluate the likelihood and potential impact of each risk can help the organization understand its inherent risk exposure. “Inherent risk” is the risk that exists in the absence of any controls or mitigation strategies. At the outset, gaining a preliminary understanding of inherent risk helps the organization develop an early view on its strategy for risk mitigation. And when organizations identify inherent risk, they should consider key risk drivers that can be organized into the following four broad categories: • Legal impact: Regulatory or legal action brought against the organization or its employees that could result in fines, penalties, imprisonment, product seizures, or debarment. • Financial impact: Negative impacts with regard to the organization’s bottom line, share price, potential future earnings, or loss of investor confidence. • Business impact: Adverse events, such as embargos or plant shutdowns, that could significantly disrupt the organization’s ability to operate. • Reputational impact: Damage to the organization’s reputation or brand—for example, bad press or socialmedia discussion, loss of customer trust, or decreased employee morale. It is important to provide both quantitative and qualitative measures for each category. However, as with all risk assessments, precise measurement may be elusive.
In the case of risks with direct financial impact, an actual monetary value may be measurable with respect to the risk. Another way to evaluate risk is using a criticality scale that indicates the extent of impact should noncompliance occur. Extent of impact can be described in qualitative terms.
For example, for reputational impact, low impact might be minimal to no press coverage, while high impact might be extensive negative press in the national media (see Figure 2). Figure 2. An illustrative criticality scale 3 . Assessing your exposure to compliance risks There are several critical questions organizations should ask related to compliance risks and ways to mitigate those risks: • What kinds of compliance failures would create significant brand risk or reputational damage? Could the failures arise internally, in the supply chain, or with regard to third parties operating on the organization’s behalf? What is the likely impact of that damage on the organization’s market value, sales, profit, customer loyalty, or ability to operate? • What kinds of compliance missteps could cause the organization to lose its ability to sell or deliver products/services for a period of time? • How should the compliance program’s design, technology, processes, and resource requirements change in light of growth plans, acquisitions, or product/category/service expansions? • Is the organization doing enough to inform customers, investors, third parties, and other stakeholders about its vision and values? Is it making the most of ethics, compliance, and risk management investments as potential competitive differentiators? • What are the total compliance costs—beyond salaries and benefits at the centralized level—and how are costs aligned with the most significant compliance risks that could impact the brand or result in significant fines, penalties, and/or litigation? • How well positioned is the compliance function? Does it have a seat “at the table” in assessing and influencing strategic decisions? • What are the personal and professional exposures of executive management and the board of directors with respect to compliance? 4 Determining residual risk While it is impossible to eliminate all of an organization’s risk exposure, the risk framework and methodology help the organization prioritize which risks it wants to more actively manage. Developing a framework and methodology can help organizations determine the extent to which the organization’s existing riskmitigation activities (for example, testing and monitoring or employee training programs) are able to reduce risk.2 Effective risk mitigation activities may reduce the likelihood of the risk event occurring, as well as the potential severity of impact to the organization. When an organization evaluates inherent risk in light of its existing control environment and activities, the degree of risk that results is known as the “residual risk.” If existing risk mitigation strategies are insufficient at reducing residual risk to an acceptable level, this is an indication that additional measures are in order. Elements of a leading compliance risk assessment While every compliance risk assessment is different, the most effective have a number of things in common. CFOs should consider the following leading practices when working with their Chief Compliance Officers to evaluate the assessment: • Gather input from a cross-functional team. A compliance risk assessment requires the participation of deep subject matter specialists from the compliance department and across the enterprise.
It is the people living and breathing the business—those in specific functions, business units, and geographies—who truly understand the risks to which the organization is exposed, and will help ensure all key risks are identified and assessed. In addition, if the methodology is designed in a vacuum without consulting the risk owners, the output of the process may lack credibility when it comes to implementing mitigation programs. . • Build on what has already been done. Rather than starting from scratch, look for ways to leverage existing material, such as enterprise risk assessments, internal audit reports, and quality reviews, and integrate compliance risk content where appropriate. Be sure to communicate the differences between the compliance risk assessments and other assessments to groups you seek to engage. Clearly, the output of each risk assessment process should inform and connect with each of the others. • Use plain language.
The assessment needs to be clear, easy to understand, and actionable. Avoid absolutes and complex legal analysis. • Establish clear risk ownership of specific risks and drive toward better transparency. A comprehensive compliance risk assessment can help identify those individuals responsible for managing each type of risk, and make it easier for executives to get a handle on risk mitigation activities, remediation efforts, and emerging risk exposures. • Leverage data.
By incorporating and analyzing key data (e.g., hotline statistics, transactional records, audit findings, compliance exception reports), organizations can gain a deeper understanding of where existing or emerging risks may reside within the business. Many organizations are considering investments in technology, such as analytical and brand monitoring tools, to help leverage and analyze data to strengthen their risk-sensing capabilities. Additionally, organizations are considering investments in data, including traditional media negative-mention monitoring, socialmedia data, surveying, and other data sources. • Make the assessment actionable. The assessment both prioritizes risks and indicates how they should be mitigated or remediated.
Remediation actions should be universally understood and viable across borders. Be sure the output of the risk assessment can be used in operational planning to allocate resources and that it can also serve as the starting point for testing and monitoring programs. • Solicit external input when appropriate. By definition, a risk assessment relies on knowledge of emerging risks and regulatory behavior, which are not always well known within the organization. Tapping outside expertise can inform the assessment and ensure that it incorporates a detailed understanding of emerging compliance issues. • Treat the assessment as a living, breathing document.
Once you allocate resources to mitigate or remediate compliance risks, the potential severity of those risks will change. The same goes for events in the business environment. All of this should drive changes to the assessment itself. • Periodically repeat the risk assessment.
Effective compliance risk assessments strive to ensure a consistent approach that continues to be implemented over time (e.g., every one or two years). At the same time, risk intelligence requires ongoing analysis and environment scanning to identify emerging risks or early warning signs. The constantly changing regulatory environment increases the vulnerability of most organizations to compliance risk. The complexity of the risk landscape and the penalties for non-compliance make it essential to conduct thorough assessments of compliance risk exposure.
A good ethics and compliance risk assessment includes both a comprehensive framework and a methodology for evaluating and prioritizing risk. With this information in hand, organizations may be better able to develop effective mitigation strategies and reduce the likelihood of a major noncompliance event or ethics failure, setting themselves apart in the marketplace from their competitors. Endnote 1 In focus: 2014 Compliance Trends Survey. http://www2.deloitte.com/us/en/ pages/risk/articles/compliance-trends-survey-2014.html. For additional information on the components of a world-class ethics and compliance program, http://www2.deloitte.com/us/en/pages/risk/articles/ building-world-class-ethics-and-compliance-programs-making-a-good-programgreat.html 2 5 .
l, Global Research Director, CFO Program, Deloitte LLP; P Contacts Nicole Sandford Partner, National Practice Leader, Enterprise Compliance Services Deloitte & Touche LLP +1 203 708 4845 nsandford@deloitte.com Deloitte CFO Insights are developed with the guidance of Dr. Ajit Kambil, Global Research Director, CFO Program, Deloitte LLP; and Lori Calabro, Senior Manager, CFO Education & Events, Deloitte LLP. About Deloitte’s CFO Program The CFO Program brings together a multidisciplinary team of Deloitte leaders and subject matter Keith Darcy specialists to help CFOs stay ahead in the face of Independent Senior Advisor to growing challenges and demands. The Program Deloitte & Touche LLP harnesses our organization’s broad capabilities to +1 203 905 2856 deliver forward thinking and fresh insights for every kdarcy@deloitte.com stage of harnesses career – helping CFOs manage the aders and subject matter specialists to help CFOs stay ahead in the face of growing challenges and demands. The Programa CFO’s our nsights for every stage of a CFO’s career – helping CFOs manage the complexities of their roles, tackle their company’s most compelling complexities of their roles, tackle their company’s Maureen Mohlenkamp most compelling challenges, and adapt to strategic t: Principal shifts in the market. Deloitte & Touche LLP +1 212 436 2199 y means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional adviceinformation about Deloitte’s CFO Program, visit For more or services.
This or should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may mmohlenkamp@deloitte.com our website at: www.deloitte.com/us/thecfoprogram. . Deloitte shall not be responsible for any loss sustained by any person who relies on this publication. Nolan Haskovec Senior Manager Deloitte & Touche LLP +1 212 436 2973 nhaskovec@deloitte.com Follow us @deloittecfo This publication contains general information only and is based on the experiences and research of Deloitte practitioners.
Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.
Deloitte shall not be responsible for any loss sustained by any person who relies on this publication. About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about for a detailed description of DTTL and its member firms.
Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. Copyright© 2015 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited. 6 .
