2021 CBC Impact Report
Leaders lead by example.
That’s essential, especially when you’re in the business of auditing and advising other organizations. Credibility and trust are earned by practicing what we advocate; by consistently demonstrating Deloitte’s Purpose—to make an impact that matters for our people, Deloitte clients and communities; and by living our Shared Values.
Good governance and strategy are foundational to our ability to meet our obligations, deliver on our promises and serve the public interest.
All Deloitte stakeholders need us to run a sustainable and responsible enterprise that successfully manages risks and behaves ethically.
Deloitte clients count on us to maintain independence and confidentiality. They expect us to protect their information while leveraging innovative technologies to conduct high-quality audits or bring the best solutions possible.
Deloitte organization structure
Deloitte is made up of firms that are members of Deloitte Touche Tohmatsu Limited (“Deloitte Global”), a private company limited by guarantee, incorporated in England & Wales. These member firms and each of their related entities (each a “Deloitte firm”), along with Deloitte Global and its related entities, form the Deloitte organization.
This structure allows Deloitte to be an industry leader at all levels—locally, nationally and globally.
Individual Deloitte firms have access to the skills and knowledge of, and the ability to consult within, the Deloitte organization. They also enjoy the benefit of Deloitte’s market recognition and reputation. Deloitte Global itself does not provide services to clients, nor does it direct or control the decisions Deloitte firms make with respect to the clients they serve.
Deloitte firms are not subsidiaries or branch offices of a global parent, but instead comprise separate and distinct legal entities. The Deloitte organization is not a partnership, single firm or multinational corporation.
This structure confers significant strengths, including a deep understanding of local markets and a sense of responsibility among Deloitte firm professionals, who have direct stakes in the integrity and growth of their local practices.
The Deloitte organization achieves economies of scale with centers of excellence, global delivery centers and other network approaches that are designed to deliver a consistent level of excellence around the world.
Global approach
As part of the Deloitte organization, Deloitte firms benefit from shared values, investments and resources that enhance their individual abilities to provide core services to key local and global clients and development opportunities for their people. They also are able to leverage Deloitte’s brand, eminence and intellectual property.
Ethics
Deloitte’s reputation is one of our most cherished assets. It distinguishes Deloitte in the marketplace, differentiating us from the competition and enabling us to attract the world-class talent that is our hallmark. That’s why Deloitte’s Ethics teams work diligently to proactively strengthen the culture of integrity across the organization. Deloitte is committed to conducting business with transparency, honesty and the utmost professionalism.
Our Global Principles of Business Conduct (“Global Code”) outlines Deloitte’s ethical commitments and expectations for more than 345,000 Deloitte people globally, giving the organization a strong foundation built upon indelible principles. At Deloitte, we have placed ethical culture and values at the heart
of our agenda, and we understand the critical responsibility Deloitte has to serve the public interest. Driving a proactive approach to ethics and building and sustaining a culture of integrity helps Deloitte professionals make the best professional decisions every day.
The Deloitte Global Ethics team and Deloitte firms’ Ethics officers continue to work closely with senior Deloitte leaders to build and enhance the organization’s ethics program, which is composed of the following elements:
- The Global Code and Deloitte firms’ codes of conduct, which provide additional local guidance, detailed expectations, consultation channels, links to policies and guidelines, and further support for professionals;
- A global ethics policy that sets out the requirements for Deloitte firms’ ethics programs, and an Ethics Officer Playbook to set clear expectations and reinforce the strategic role and responsibilities of Deloitte firms’ Ethics officers;
- Ethical due diligence processes for Deloitte firm CEOs and board chairs, and enhanced expectations for firms’ boards of directors in governing ethical culture, ethical risks and ethics program agendas;
- A global anti-discrimination and anti-harassment (including discrimination on the grounds of sex, gender identity, or sexual orientation, and sexual harassment) policy that sets out the requirements for Deloitte firms’ own individual policies, subject to local laws. The global policy requires anti-discrimination and anti-harassment training for all Deloitte professionals upon joining and every two years thereafter;
- Deloitte ethics training programs—including online courses, classroom and virtual programs and facilitator-led interactive case discussions — and communications campaigns. Ethics training is required for all new hires upon joining Deloitte, upon promotion to manager (specific to their roles) and for all Deloitte professionals every two years. Additional ethics training is also delivered to members of the Deloitte Global Board of Directors and Deloitte firm boards on a periodic basis. This training emphasizes how boards can influence organizational ethics and the importance of setting a strong tone from the top;
- Channels for consultation and reporting ethics concerns that emphasize confidentiality and nonretaliation—directly to Ethics or Talent teams; via managers, team leaders or partners; or using the third-party ethics helpline Deloitte Speak Up and similar, third-party local services—that are supported by training and communications;
- A global nonretaliation policy that articulates Deloitte’s commitment to a nonretaliatory workplace, with retaliation-monitoring procedures to support this;
- Support activities—including communications, webinars and continuing education—to facilitate the sharing of best practices among Deloitte firm ethics teams;
- An annual ethics survey, guidance on conduct risk assessment, and other tools (such as guidance for running focus group sessions) to measure the effectiveness of ethics programs across Deloitte;
- An annual confirmation by all Deloitte professionals that they have read, understood and are in compliance with the Global Code; and
- Detailed review programs to measure and monitor compliance with the global ethics policy and drive improvement in Deloitte firm ethics programs over time.
External commitments
Further to our internal commitments, programs and approaches — and in support of the principles of Deloitte’s Global Code — Our Commitment to Responsible Business Practices and Supplier Code of Conduct codify Deloitte’s long-held beliefs and principles around these key areas.
Deloitte’s commitment to responsible business is rooted in our Purpose—more than 175 years of making an impact that matters for our people, society and Deloitte clients. It outlines the responsible business principles we believe in and the commitments we have made. These are embedded in our policies and inform our decision-making.
Deloitte’s Supplier Code of Conduct (“Supplier Code”) outlines our expectations of suppliers — that they support our commitment to doing not only what is good for business, but also what is good for the communities in which we operate. The Supplier Code focuses on human rights by requiring suppliers to treat workers with dignity and respect and not subject them to demeaning conditions. This includes prohibiting child and forced labor.
Anti-corruption commitment
Deloitte actively supports multiple efforts to eradicate corruption throughout the world. Deloitte Global was an early signatory to the United Nations Global Compact (UNGC) and to the World Economic Forum’s Partnering Against Corruption Initiative (PACI).
Deloitte Global’s anti-corruption policy includes requirements for Deloitte firms’ own anti-corruption programs and addresses matters such as bribery, facilitation payments, political and charitable contributions, and gifts and entertainment.
The Deloitte Global Anti-Corruption team and Deloitte firm anti-corruption leaders work closely with senior Deloitte leaders to build and enhance a globally consistent, internal anti-corruption program across the Deloitte organization, which includes the following elements:
- Annual Deloitte firm anti-corruption self-assessments, guidance and tools (such as guidance on anti-corruption testing and monitoring) to measure the effectiveness of anti-corruption programs across Deloitte;
- A globally consistent process to perform anti-corruption due diligence on nonclient third parties including subcontractors, marketplace alliances, vendors and suppliers;
- A globally consistent methodology and process for Deloitte firms to perform corruption risk assessments;
- Support activities — including communications, workshops and webinars — to facilitate the sharing of best practices; and
- An annual confirmation from each member firm to Deloitte Global that all of its people have read, understood, and agree to comply with the local anti-corruption policy and are not in violation of this policy, and understand their obligation for reporting actions that do not comply with this policy.
Additionally, Deloitte Global has a written policy requiring member firms to escalate corruption incidents meeting established criteria to the appropriate Deloitte Global executive. In FY2021, no incidents of corruption were reported to Deloitte Global under this policy. All Deloitte people are required to complete anti-corruption training — after being hired and every other year thereafter — that includes applicable policies, corruption red flags and case scenarios. Our CBC Risk and compliance function performs annual assessments of our policies in conjunction with Deloitte Global.
Independence
Independence and quality are essential to Deloitte’s objectivity, integrity, impartiality, responsibility to the investing public, and ability to attract and retain clients. Standards for independence are shaped by legislation, regulations, professional requirements and public expectations. Maintaining independence in fact and appearance is a professional obligation to which all Deloitte professionals must adhere.
Protecting the public interest
The Deloitte Global Board of Directors has adopted robust independence policies and procedures (including around global systems and tools) to help Deloitte and its people safeguard their objectivity.
All Deloitte people are required to follow the independence policies and procedures, which address professional and regulatory requirements related to the provision of services, business relationships, employment relationships and financial relationships.
These independence policies and procedures are designed to help Deloitte professionals understand and meet independence standards and regulatory requirements to achieve excellence in service delivery. These policies and procedures are based, for the most part, on the International Code of Ethics for Professional Accountants (including International Independence Standards) issued by the International Ethics Standards Board for Accountants (IESBA) and on the independence standards of the US Securities and Exchange Commission (SEC) and the Public Company Accounting Oversight Board (PCAOB). When applicable national or regional requirements are more restrictive than the requirements in Deloitte Global’s policies, Deloitte firms and their professionals and practitioners must meet those jurisdictions’ requirements as well.
Maintaining independence
Deloitte frequently serves the same clients in multiple jurisdictions. Each Deloitte firm, considering whether to accept a new client or a new engagement at an existing client, must consider the independence requirements in all applicable jurisdictions. For existing audit clients, a Deloitte firm must evaluate the independence implications of other Deloitte firms’ relationships with that client, including the provision of non-audit services.
Each Deloitte firm has a director of independence who is responsible for overseeing independence matters, including the design, implementation, operation and monitoring of independence quality controls. On an annual basis, all Deloitte firms report to Deloitte Global that they have conducted procedures for determining that their firm and professionals are in compliance with Deloitte Global’s independence policies. Deloitte Global performs ongoing monitoring activities of Deloitte firms, enabling continuous enhancements to global policies, quality controls, tools and practice-support activities.
Elevating the focus
Deloitte faces dynamic regulatory environments in which national rulemaking often has broad-reaching global implications. Deloitte Global Independence leaders continually engage with external professional bodies and regulators to advance the development of independence requirements around the world. Internally, Deloitte Global provides Deloitte professionals worldwide with information and guidance on independence issues, as well as enabling technologies to raise awareness and help them comply with rapidly changing and increasingly complex requirements.
Deloitte leadership reinforces the importance of compliance with independence and related quality control standards, thereby setting the appropriate tone at the top and instilling its importance into the professional values and culture of Deloitte.
Confidentiality, privacy and cybersecurity
Safeguarding confidential and personal information is core to the services Deloitte firms provide. Deloitte is committed to protecting confidential and personal information, including that of Deloitte clients and third parties, and to continually monitor regulatory and legal requirements to support compliance.
Confidentiality and privacy
The Deloitte Global Confidentiality and Privacy Office helps foster a culture across Deloitte that emphasizes the importance of protecting confidential and personal information. This office sets guidelines, develops procedures, provides consultation and training, and assesses the effectiveness of controls relating to confidentiality and privacy. The Deloitte Global Confidentiality and Privacy Office works with Deloitte Global Technology Services, including the Deloitte Global Cybersecurity organization, and the Deloitte Global Office of General Counsel, to understand, prepare for and respond to known and reasonably anticipated risks and threats facing our environment.
Consistent with industry leading practices for protecting confidential information, Deloitte has taken steps to remain secure, vigilant and resilient, including:
- Understanding the risk environment;
- Implementing policies, procedures and controls designed to protect confidential and personal information;
- Responding to potential confidentiality and privacy incidents in a timely manner; and
- Actively monitoring the effectiveness of confidentiality and privacy requirements across the Deloitte organization.
Deloitte is dedicated to complying with applicable privacy laws and regulations around the globe, including the European Union (EU) General Data Protection Regulation (GDPR). Deloitte regularly monitors for changes in privacy laws and regulations, and adjusts policies and procedures when appropriate. Additionally, Deloitte has instituted an annual review process to verify compliance with our privacy policy and procedures.
Cybersecurity
The Deloitte Global Cybersecurity organization works with the Deloitte Global Confidentiality and Privacy Office, as well as Deloitte confidentiality, privacy and cybersecurity professionals around the world to execute a strategy designed to:
- Create a cohesive, worldwide cyber program with consistent, high-quality security services;
- Extend security tools worldwide for advanced protection of highly distributed data;
- Implement and sustain technology safeguards to protect confidential and personal information;
- Prepare and implement plans to promptly recover from and restore any systems that may be adversely impacted by a cyber incident; and
- Reduce the risk of unauthorized exposure of confidential or personal information.
Global security
Threats come in many sizes and forms, including geopolitical instability, crime, natural disasters and, most recently, global pandemics. The Deloitte Global Security Office (GSO) works with Deloitte firms worldwide to help keep Deloitte professionals safe, particularly during times of emergency or when Deloitte firms are called upon by clients to work in higher-risk areas.
The COVID-19 pandemic highlighted the importance of effective business continuity planning. The GSO’s primary focus throughout FY2021 continued to be on our COVID-19 response, providing guidance to Deloitte firms in supporting their professionals, and implementing appropriate travel guidance and return-to-work strategies. In turn, Deloitte firms were able to demonstrate these capabilities to their clients.
The GSO team supported Deloitte Global leadership through daily monitoring of COVID-19 cases — both in general and among Deloitte people — and the pandemic’s impact on our professionals around the world. Regular calls were held with the Global Security Council, made up of Deloitte firm security officers, to review virus developments and travel guidance, and share best practices to support consistent response approaches across the organization. These calls featured one of Deloitte’s medical experts, who would review the latest public health recommendations.
Deloitte was awarded the 2021 Business Continuity Institute (BCI) America’s Award in the “Collaboration in Resilience” category for its global efforts in responding to the COVID-19 pandemic. The award recognized the coordinated response between Deloitte Global and Deloitte firms.
Keeping Deloitte safe
The GSO team tracks world events for potential impacts on Deloitte professionals and offices. Whenever a crisis occurs, the GSO responds swiftly to help Deloitte firms account for the safety of their people, provide necessary relief and resume normal business operations as soon as possible.
Throughout the COVID-19 pandemic, the GSO team responded to multiple other crisis events including natural disasters—such as earthquakes and hurricanes/typhoons—and incidents of geopolitical instability potentially impacting Deloitte professionals around the world. Health emergencies can also affect Deloitte professionals who are traveling or assigned overseas. Deloitte maintains 24-hour resources, delivered by a leading emergency medical and security provider, to respond in such situations. Although travel was significantly reduced during the year, the GSO team responded to more than 200 requests for medical assistance, including emergency evacuations, when required.
Additional highlights for FY2021:
- As part of our continuous improvement process, the GSO coordinated with Deloitte firms to review lessons learned during the COVID-19 response.
- The GSO completed eight virtual webinars and training programs for Deloitte internal security and resilience professionals to raise the awareness and understanding of business continuity planning.
- The GSO and Deloitte firms implemented additional capabilities of the Deloitte Global Emergency Communications system, which is used to quickly locate and account for the safety of Deloitte professionals during times of emergency. During FY2021, the system was used during five major events to reach nearly 16,500 professionals in potentially impacted areas.