We set ourselves high standards, not just because it is the right thing to do, but because it is crucial in our role as guardians of public trust.
Deloitte’s reputation is one of our most cherished assets. That is why we work diligently and proactively to continually advance the culture
of integrity across the organisation. Deloitte is committed to conducting business with transparency, honesty, and the utmost professionalism. And we hold ourselves accountable by showing the connection between responsible governance and operational success.
Deloitte’s Global Principles of Business Conduct outline our ethical commitments and expectations for all Deloitte people across the globe. These principles reflect our core belief that ethics and integrity are fundamental and non-negotiable. The principles articulate how our
firm stands strong against bribery, fraud and corruption, and against discrimination and harassment. It also outlines policies on family relationships to ensure objectivity in decisions as well as being a non-retaliatory workplace. The code also outlines our commitment to respecting human rights and ensuring we communicate clearly about rights to everyone. Deloitte continuously strives to be an ethical company that meets or exceeds the demands and expectations of society and clients.
Our culture is open and honest, we treat each other equally and respectfully, and we never bring our professional and individual integrity into question through corrupt and unethical behaviour – inside or outside our firm. That is why we take any incident seriously.
It is important for us that our people know that no one is above the rules – no matter their rank or professional value to the organisation. Therefore, we have had to let go of skilled people who have failed to live up to our values and exhibited inappropriate behaviour.
We provide mandatory training on ethical behaviour, and we have different channels for consultation and reporting on ethics concerns that emphasise confidentiality and non-retaliation. Either directly to team leaders or partners or by using the third-party ‘Speak Up’ whistle-blower system, which allows our people to safely share concerns and report any unethical behaviour – including potential breaches of human rights or examples of corrupt or inappropriate behaviour.
This past year, following media and social media attention regarding respect and inclusion, it became clear that a number of employees have felt unfair treatment in different ways. We took this critique very seriously as inappropriate behaviour in any way is not acceptable. We listened carefully to our people and reassessed our whistle-blower process, which has now been revised by a new and more diverse ethics committee, which serves independently from the leadership team and is supported by an external lawyer. This is to ensure independence and fairness are central to any investigation of ethics incidents. We have also communicated strongly about our commitment to ensuring that respect and inclusion is at the heart of Deloitte through townhalls and other CEO communication and will continue to do so.
Generative AI and ethical data use
With the proliferation of generative AI both as a business opportunity and a working tool, how we approach and apply GenAI in our work is important. As we have introduced global generative AI tools across the firm, in Denmark and across Europe, we have implemented PairD – our very own generative AI tool. Alongside the efficiencies and innovation we can draw from generative AI, we are committed to ensuring ethical generative AI behaviour – in client work and in all the ways we use the tool. To reinforce this, we had the opportunity to attend the very first global generative AI learning month with sessions on harnessing the benefits whilst ensuring ethical use. These sessions were available to all our professionals.
Ethical technology guiding principles
We recognise technology provides tremendous opportu-nities to help us live our Purpose. It enables us to serve clients with distinction, provide our people with a leading talent experience, and contribute to communities through our WorldImpact programs. But, with opportunity comes responsibility.
Deloitte has developed a set of ethical technology guiding principles to help guide our people’s choices and prompt them to consider both the ethical implications of their tech-related activities and how their actions could affect end users and society. These principles reflect our collective commitment to responsible business practices and are rooted in our shared values.
The guiding principles constitute Deloitte's data ethics policy according to section 99d in the Danish Financial Statements Act. You can find the guiding principles here: Commitment to responsible business practices.
Human rights and the supply chain
The professional services industry has a lower risk of child, forced, or compulsory labour in their direct operations relative to other industries, given the type of work performed and its delivery methods. Deloitte’s commitment to protect these human rights is expressed in Deloitte’s Global Principles of Business Conduct. Deloitte is not aware of any instances of child, forced, or compulsory labour in our operations.
Deloitte’s supply chain crosses multiple industries and all regions of the world. The Deloitte Supplier Code of Conduct includes prohibitions on forced or involuntary labour. It also requires that work be conducted based on freely agreed terms; that documents relating to workers’ identities or immigration status may not be withheld or destroyed, concealed, confiscated, or otherwise made inaccessible by the supplier; and that there be no exploitation of child labour. Suppliers are expected to apply standards comparable to those outlined in the Supplier Code of Conduct throughout their own supply chains.
Risks related to human rights are more likely to exist in the areas of office construction, IT hardware, facility management, and hospitality services and are more likely to occur deeper in our supply chains, beyond those suppliers from whom we procure directly. Increased transparency from direct suppliers will be helpful in continuing to understand and address human rights issues, and we plan to look further into improving this in the coming year.
Ethics training - sustaining a culture of integrity
We work closely with our senior leadership to build and enhance Deloitte’s ethics programme through ongoing ethics training and campaigns that confront employees with ethical dilemmas through role playing and storytelling. By exemplifying ethical scenarios, we guide our employees to recognise unethical behaviour and take the right action. Ethics training is required for all Deloitte professionals every two years and for all new hires.
Each year, we conduct an Ethics Survey, where we ask our people to share how they experience our culture, including our focus on human rights, professional conduct, and conflicts of interest.
We are happy to see that the survey results show that our continuous training and communication have proven effective in fostering an ethical culture in Deloitte. However, we acknowledge that this is an ongoing effort and an area with room for improvement. Therefore, we continue to focus on the value of diversity in many forms and how to foster a truly diverse and inclusive work culture - read more about these initiatives under Social NEW LINK. Our CEO also communicates strongly and frequently about our zero-tolerance policy on these issues through internal communications channels, such as intranet, newsletters, and webinars.
In addition to this year’s Ethics Survey, our employees completed a mandatory ethics refresher e-learning that was designed to make our people pause and reflect on the behaviours that are expected of them, practise how to handle different ethical dilemmas, and gain insight into what happens after a concern has been raised. We will continue these and other efforts in FY25 to ensure that our culture and conduct always reflect our purpose and Shared Values.
Business Continuity, Information and cyber security
Information security and business continuity controls are core elements of our workplace culture. We continually reinforce and communicate our security policies to ensure that all our people maintain a clear understanding of what is expected of them and how we protect their rights to privacy and confidentiality. During the past year, we have maintained a very high focus on cyber security. This only becomes more pertinent with increases in cyberattacks across the world following ongoing geopolitical tensions and uncertainty.
Again this year, we have implemented our comprehensive cyber culture programme. This initiative included campaigns, a cyber escape room game and mandatory e-learning modules that provided updates on various security aspects such as data security, identifying phishing attempts across emails, phone calls and text messages and reporting incidents. We also held our annual Cyber Security Awareness Week, with specific emphasis on best practices to help our people identify and mitigate real-world cyber threats.
At Deloitte, we also conduct quarterly phishing drills to assess our practitioners, followed by informative communications on identifying phishing attempts. This proactive approach ensures that all employees remain vigilant against cyber risks. Additionally, our mandatory annual e-learning courses on cyber security enhance awareness of confidentiality, privacy, and security risks, aiming to mitigate security breaches and uphold compliance with the General Data Protection Regulation (GDPR) and other relevant standards.
We have also updated and reinforced our risk control systems and – after passing both internal and external audits – we had our Nordic ISO27001 and ISO22301 certification renewed.
The ISO27001 certification demonstrates our commitment to running a responsible business while keeping our data and clients’ data safe. Being ISO 27001-certified allows us to guarantee our clients and people that we will always treat their data in a secure, responsible, and appropriate manner. This certification allows us to protect our brand, image, and business.
The ISO22301 certification demonstrates our commitment to identifying potential threats and implementing effective plans to respond to and recover from disruptive incidents. It also showcases our dedication to ensuring the continuity of critical business functions, providing assurance to stakeholders and clients alike.
In times of uncertainty, resilience is highly valued by clients making the certificate an important asset when it comes to choosing their advisor. Through this certification, we demonstrate when disruptions occur, no matter how small, that it is important we protect our colleagues, clients and our business. Our Business Continuity Management System is designed to do just that. It is of vital importance that everyone knows their role in case of a disruption and sees it as an integral part of their responsibilities.
The above-mentioned activities are all part of our extensive risk control system at Deloitte, which we continue to advance.