We measure and report on our progress in these areas, not only to hold ourselves accountable but also to transparently demonstrate the connection between responsible governance and operational success.  

Deloitte’s Global Principles of Business Conduct outline our ethical commitments and expectations for all Deloitte people across the globe. These principles reflect our core belief that ethics and integrity are fundamental and non-negotiable. The principles articulate our firm stand against bribery, corruption and fraud, our support for efforts to eradicate corruption and financial crime, as well as our commitment to respecting human rights. Furthermore, we communicate clearly about our employees’ rights, their human rights, their ethical obligations as employees, and how Deloitte manages human rights risks and protects these rights through our culture and our daily activities. Deloitte strives to be an ethical company that meets or exceeds the demands and expectations of society and clients. 

Our ethical commitments - living our values

Our culture must be open and honest, we must treat each other equally and respectfully, and we must never bring our professional and individual integrity into question through corrupt and unethical behaviour. That is why we take any incident seriously. It is important for us that our people know that no one is above the rules - no matter their rank or professional value to the organisation. Therefore, we have had to let go of skilled people who have failed to live up to our values and exhibited inappropriate behaviour.  

We have different channels for consultation and reporting of ethics concerns that emphasise confidentiality and non-retaliation. Either directly to team leaders or partners or by using the third-party ‘Speak Up’ whistle-blower system, which allows our people to safely share concerns and report any unethical behaviour - including potential breaches of human rights or examples of corrupt behaviour. In these and other ways, we strive to minimise human rights risks.  

Human rights and the supply chain
The professional services industry has a lower risk of child, forced, or compulsory labour in their direct operations relative to other industries, given the type of work performed and its delivery methods. Deloitte’s commitment to protect these human rights is expressed in Deloitte’s Global Principles of Business Conduct. Deloitte is not aware of any instances of child, forced, or compulsory labour in our operations. 

Deloitte’s supply chain crosses multiple industries and all regions of the world. The Deloitte Supplier Code of Conduct includes prohibitions on forced or involuntary labour. It also requires that work be conducted based on freely agreed terms; that documents relating to workers’ identities or immigration status may not be withheld or destroyed, concealed, confiscated, or otherwise made inaccessible by the supplier; and that there be no exploitation of child labour. Suppliers are expected to apply standards comparable to those outlined in the Supplier Code of Conduct throughout their own supply chains. 

Last year, Deloitte conducted a human rights assessment regarding the risk of child, forced, and compulsory labour in our supply chains. We established that our highest risks exist in the areas of office construction, IT hardware, facility management, and hospitality services. Risks are more likely to occur deeper in our supply chains, beyond those suppliers from whom we procure directly. Increased transparency from direct suppliers will be helpful in continuing to understand and address human rights issues, and we plan to look further into improving this in the coming year. 

Ethics training - sustaining a culture of integrity
We work closely with our senior leadership to build and enhance Deloitte’s ethics programme through ongoing ethics training and campaigns that confront employees with ethical dilemmas through role playing and storytelling. By exemplifying ethical scenarios, we guide our employees to recognise unethical behaviour and take the right action. Ethics training is required for all Deloitte professionals every two years and for all new hires. 

During the past year, we have launched a new policy on familial and personal relationships to ensure that no working relationship can create or appear to create conflicts of interest that impact objectivity, independence, confidentiality, morale, or our inclusive culture. In our annual Ethics Survey, we asked our people to share how they experience our culture, including our focus on human rights, professional conduct, and conflicts of interest. According to the FY22 survey, 99 per cent of respondents agreed or strongly agreed that Deloitte is an ethical place to work, and 97 per cent believed that action would be taken if unethical conduct was reported.  

We are happy to see that the survey results show that our continuous training and communication have proven effective in fostering an ethical culture in Deloitte. However, we acknowledge that this is an ongoing effort and an area with room for improvement. Therefore, we continue to focus on the value of diversity in many forms and how to foster a truly diverse and inclusive work culture - read more about these initiatives under Social. Our CEO also communicates strongly and frequently about our zero-tolerance policy on these issues through internal communications channels, such as intranet, newsletters, and webinars. 

In addition to this year’s Ethics Survey, our employees completed a mandatory ethics refresher e-learning that was designed to make our people pause and reflect on the behaviours that are expected of them, practise how to handle different ethical dilemmas, and gain insight into what happens after a concern has been raised. We will continue these and other efforts in FY23 to ensure that our culture and conduct always reflect our purpose and Shared Values. 

Information and cyber security 
Information security controls are a core element of our workplace culture. We continually reinforce and communicate our information security policy to ensure that all our people maintain a clear understanding of what is expected of them and how we protect their rights to privacy and confidentiality. During the past year, we have maintained a very high focus on cyber security. This focus has become only more pertinent as we have seen a significant increase in cyber attacks against Western targets since the war broke out in Ukraine.  

For the second year, we have run our extensive cyber culture programme. Within the programme, we have had campaigns and mandatory e-learning that covered a broad array of security areas, including data security and how to spot phishing e-mails, phone calls and texts. We also held Cyber Security Awareness weeks where we focused on different ways of staying cyber secure, focusing particularly on the risks involved in working remotely.  

In FY22, we ran several phishing drills followed by articles on how to spot phishing to ensure that all employees are aware of cyber risks. Each year, all employees complete mandatory e-learning courses on cyber security. The courses raise awareness of the risks relating to confidentiality, privacy, and security, of reducing the risk of security breaches, and ensuring compliance with the General Data Protection Regulation (GDPR) and other requirements.

We have also updated and reinforced our risk control systems and – after passing both internal and external audits – we had our Nordic ISO27001 certification renewed. The certification demonstrates our commitment to running a responsible business while keeping our data and clients’ data safe. Being ISO 27001-certified allows us to guarantee our clients and people that we will always treat their data in a secure, responsible, and appropriate manner. This certification allows us to protect our brand, image, and business. 

The above-mentioned activities are all part of our extensive risk control system at Deloitte, which we continue to advance. If and when breaches come to light, we take swift action ranging from warnings to termination of employment.  

$(document.head).append(''); $(document.head).append('