Deloitte’s Global Principles of Business Conduct outline our ethical commitments and expectations for all Deloitte people across the globe. These principles reflect our core belief that ethics and integrity are fundamental and non-negotiable. The principles articulate our firm stand against bribery, corruption and fraud, our support for efforts to eradicate corruption and financial crime, and our commitment to respecting human rights. Furthermore, we communicate clearly about our employees’ rights, their human rights, their ethical obligations as employees, and how Deloitte manages human rights risks and protects these rights through our culture and our daily activities.
Our culture must be open and honest, we must treat each other equally and respectfully, and we must never bring our professional and individual integrity into question through corrupt and unethical behaviour. That is why we take any incident seriously. It is important for us that our people know that no one is above the rules - no matter their rank or professional value to the organisation. Therefore, we have had to let go of skilled people who have failed to live up to our values and exhibited inappropriate behaviour.
We have different channels for consultation and reporting of ethics concerns that emphasise confidentiality and non-retaliation. Either directly to team leaders or partners or by using the third-party ‘Speak Up’ whistle-blower system, which allows our people to safely share concerns and report any unethical behaviour - including potential breaches of human rights or examples of corrupt behaviour. In these and other ways, we strive to minimise human rights risks.
Ethical technology guiding principles
We recognise technology provides tremendous opportu-nities to help us live our Purpose. It enables us to serve clients with distinction, provide our people with a leading talent experience, and contribute to communities through our WorldImpact programs. But, with opportunity comes responsibility.
Deloitte has developed a set of ethical technology guiding principles to help guide our people’s choices and prompt them to consider both the ethical implications of their tech-related activities and how their actions could affect end users and society. These principles reflect our collective commitment to responsible business practices and are rooted in our shared values.
The guiding principles constitute Deloitte's data ethics policy according to section 99d in the Danish Financial Statements Act. You can find the guiding principles here: Commitment to responsible business practices.
Human rights and the supply chain
The professional services industry has a lower risk of child, forced, or compulsory labour in their direct operations relative to other industries, given the type of work performed and its delivery methods. Deloitte’s commitment to protect these human rights is expressed in Deloitte’s Global Principles of Business Conduct. Deloitte is not aware of any instances of child, forced, or compulsory labour in our operations.
Deloitte’s supply chain crosses multiple industries and all regions of the world. The Deloitte Supplier Code of Conduct includes prohibitions on forced or involuntary labour. It also requires that work be conducted based on freely agreed terms; that documents relating to workers’ identities or immigration status may not be withheld or destroyed, concealed, confiscated, or otherwise made inaccessible by the supplier; and that there be no exploitation of child labour. Suppliers are expected to apply standards comparable to those outlined in the Supplier Code of Conduct throughout their own supply chains.
Last year, Deloitte conducted a human rights assessment regarding the risk of child, forced, and compulsory labour in our supply chains. We established that our highest risks exist in the areas of office construction, IT hardware, facility management, and hospitality services.
Risks are more likely to occur deeper in our supply chains, beyond those suppliers from whom we procure directly. Increased transparency from direct suppliers will be helpful in continuing to understand and address human rights issues, and we plan to look further into improving this in the coming year.
Ethics training - sustaining a culture of integrity
We work closely with our senior leadership to build and enhance Deloitte’s ethics programme through ongoing ethics training and campaigns that confront employees with ethical dilemmas through role playing and storytelling. By exemplifying ethical scenarios, we guide our employees to recognise unethical behaviour and take the right action. Ethics training is required for all Deloitte professionals every two years and for all new hires.
During the past year, we have launched a new policy on familial and personal relationships to ensure that no working relationship can create or appear to create conflicts of interest that impact objectivity, independence, confidentiality, morale, or our inclusive culture. In our annual Ethics Survey, we asked our people to share how they experience our culture, including our focus on human rights, professional conduct, and conflicts of interest. According to the FY23 survey, 99 per cent of respondents agreed or strongly agreed that Deloitte is an ethical place to work, and 97 per cent believed that action would be taken if unethical conduct was reported.
We are happy to see that the survey results show that our continuous training and communication have proven effective in fostering an ethical culture in Deloitte. However, we acknowledge that this is an ongoing effort and an area with room for improvement. Therefore, we continue to focus on the value of diversity in many forms and on how to foster a truly diverse and inclusive work culture - read more about these initiatives under Social. Our CEO also communicates strongly and frequently about our zero-tolerance policy on these issues through internal communications channels, such as our intranet, newsletters, and webinars.
In addition to this year’s Ethics Survey, our employees completed a mandatory ethics refresher e-learning that was designed to make our people pause and reflect on the behaviours that are expected of them, practise how to handle different ethical dilemmas, and gain insight into what happens after a concern has been raised. We will continue these and other efforts in FY24 to ensure that our culture and conduct always reflect our purpose and Shared Values.
Business continuity, information and cyber security
Information security controls are a core element of our workplace culture. We continually reinforce and communicate our information security policy to ensure that all our people maintain a clear understanding of what is expected of them and how we protect their rights to privacy and confidentiality. During the past year, we have maintained a very high focus on cyber security. This focus has become only more pertinent as we have seen a significant increase in cyberattacks against Western targets since the war broke out in Ukraine.
For the third year, we have run our extensive cyber culture programme. Within the programme, we have had campaigns and mandatory e-learning that covered a broad array of security areas, including data security and how to spot phishing emails, phone calls and texts. We also held Cyber Security Awareness weeks where we focused on different ways of staying cyber secure, focusing particularly on the risks involved in working remotely.
Phishing is the ultimate social engineering attack, giving a hacker the scale and ability to go after hundreds or even thousands of users all at once. In Deloitte we continuously test our partners and practitioners by quarterly phishing drills followed up by articles on how to spot phishing to ensure that all employees are aware of cyber risks. Each year, all employees complete mandatory e-learning courses on cyber security. The courses raise awareness of the risks relating to confidentiality, privacy, and security, of reducing the risk of security breaches, and ensuring compliance with the General Data Protection Regulation (GDPR) and other requirements.
We have also updated and reinforced our risk control systems and – after passing both internal and external audits – we had our Nordic ISO27001 certification renewed. The certification demonstrates our commitment to running a responsible business while keeping our data
and clients’ data safe. Being ISO 27001-certified allows us to guarantee our clients and people that we will always treat their data in a secure, responsible, and appropriate manner. This certification allows us to protect our brand, image, and business.
In FY23 we achieved certification for ISO22301 - the international standard for business continuity that is a widely accepted testament to a firm's operational resilience and business continuity. In times of uncertainty, resilience is highly valued by clients making the certificate an important asset when it comes to choosing their advisor. Through this certification we demonstrate when disruptions occur, no matter how small, it is important we protect our colleagues, clients and our business. Our Business Continuity Management System is designed to do just that. It is of vital importance that everyone knows their role in case of a disruptions and sees it as an integral part of their responsibilities.
The above-mentioned activities are all part of our extensive risk control system at Deloitte, which we continue to advance. If and when breaches come to light, we take swift action ranging from warnings to termination of employment.