Ethics training
All of our partners, staff and contractors undertake regular mandatory training to help them understand our ethical requirements, and we take a zero tolerance approach to non-completion of this training. We make it clear that we expect our people to embrace both the spirit and the letter of these requirements. Given the importance of ethics to our continued success, we measure and report our people’s perception of how ingrained ethical behaviour and culture is in the business through our ‘youmatter’ people survey. In 2019, 76% of our people agreed or strongly agreed with the statement that “At PwC I feel comfortable discussing or reporting ethical issues and concerns without fear of negative consequences.” For transparency, we also report on the number of dismissals for misconduct. In 2019, there were 16 such dismissals.
Independence
We have policies, procedures and practices in place to make sure we maintain the necessary personal and firm independence from our audit clients, and which cover non-audit services, fee arrangements and business relationships. These form part of the mandatory training provided to all partners and staff. Deviations from policies and procedures, where they breach external rules, are reported to the Management Board and the regulator and can result in disciplinary action. We also provide information on breaches of external independence regulations that were reported to the regulator in our sustainability scorecard. In 2019, this figure was 0.27%, as a percentage of full time employees.
Data security
Confidentiality is vital to our business. Misusing or losing confidential client information or personal data could expose our clients to risk or us to legal proceedings. It could also harm our reputation. All partners and staff receive regular training on their confidentiality obligations.
We operate an Information Security Management System that complies with the requirements of ISO/IEC 27001:2013 for all client data that comes under our control or ownership by virtue of a contract for services between PricewaterhouseCoopers LLP and a client.
Our information security policies and procedures aim to make sure that:
- information is protected from internal and external threats
- confidentiality, availability and integrity of information is maintained
- statutory, regulatory and contractual obligations are met
- access to information is granted only for justified business needs
Our ISO 27001 certification is subject to ongoing external assessments at all of our UK sites. As an indicator of our commitment to continual improvement in this area, we report the number of major and minor ‘nonconformities’ to the standard that our external assessorsidentify. There have been no nonconformities in recent years.
For more information on the UK and international standards to which our management systems are certified see our standards page.
Client and engagement acceptance
We have rigorous procedures for not only accepting new clients but also continuing to work with existing clients as well as approving specific engagements. They help us to understand whether risks related to an existing or potential client are manageable, and whether we should do business with particular businesses or people.
Anti-bribery
Our Code of Conduct makes it clear that it's unacceptable for our people to solicit, accept, offer, promise or pay bribes. Policies, training and procedures designed to prevent bribery are in place.
Whistle-blowing
Our whistle-blowing helpline (+44 (0) 20 721 25233) is called Speak Up, and is available to any partner or employee who comes across bad business conduct or unethical behaviour that can't be resolved locally or for which the normal consultation process isn't suitable. Anyone raising a genuine concern which is in the public interest will be protected from victimisation. Third parties (including clients) can also telephone the Speak Up helpline.
For more information on our ethical requirements, including our Code of Conduct and independence procedures, take a look at our Transparency Report.