“Organisational Study on Deloitte Touche Tohmatsu India LLP”

A SUMMER INTERNSHIP REPORT

Submitted by

Student Name: K.SRIRAM

Register Number: RA1852001010025

In Partial Fulfillment of the Requirements

for the Degree of

MASTER OF BUSINESS ADMINISTRATION

SCHOOL OF MANAGEMENT

FACULTY OF MANAGEMENT

SRM INSTITUTE OF SCIENCE AND TECHNOLOGY

Kattankulathur-603203

August 2019
 DECLARATION

I, K.SRIRAM , hereby declare that the work which is being presented in the summer
internship entitled, “Organisational Study on Deloitte Touche Tohmastu LLP” , in partial
fulfilment of the requirements for the award of the degree of Master of Business Administration
is my own work carried out by me under the supervision of Dr./Mr./Ms. T.Velmurugan
( Supervisor) during the period 03/6/2019 to 12/7/2019 in the School of Management, Faculty
of Management , SRM Institute of Science and Technology, Kattankulathur.
The matter presented in this Summer Internship has not been submitted elsewhere for
the award of any other degree/ diploma. I declare that I have faithfully acknowledged, given
credit to and referred to the research works which have been cited in the text and the body of
the report. I further certify that I have not willfully lifted up some other’s work, para, text, data,
results, etc., reported in the journals, books, magazines, reports, dissertations etc., or available
at web-sites and have not included them in this Summer Internship report and cited
as my own work.

Place : Kattankulathur

Date : Name and Signature of the Candidate

Certificate from the Supervisor

This is to certify that the above statement made by the candidate is correct to the best
of my knowledge. Certified that a check for plagiarism has been made on the software.

Name and Signature of the Supervisor

 BONAFIDE CERTIFICATE

This is to certify that Mr. K.Sriram, (RA1852001010025) School of Management, Faculty of

Management of SRM Institute of Science and Technology, a bonafide student registered for
the MBA Degree under the supervision of Mr. T.Velmurugan, has satisfactorily completed
all the requirements for the submission of Summer Internship for the award of MBA degree as
per provisions of the MBA Regulations. He/ She has successfully completed the Summer
Internship and well-defended the presentation before the examiners.

Place: Kattankulathur

Date: 09-08-2019

Supervisor Dean

INTERNAL EXAMINER EXTERNAL EXAMINER

 ACKNOWLEDGEMENT
I express my heartfelt gratitude to the Honourable Dean Dr. V. M. Ponniah for
giving me an opportunity to gain practical knowledge through undergoing internship
training.

I am highly indebted to my Summer Internship Guide T.Velmurugan for his

continuous support, supervision, motivation, and guidance throughout the tenure of my
Summer Internship Guide inspite of his hectic schedule and helped me to successfully
complete the Summer Internship.

I would like to thank, and all the staff of Mr. S. Ravi Veeraraghavan, Partner, and
all the staffs of “Deloitte Touche Tohmatsu India LLP” for their support and guidance
during my internship. I am also grateful for Mr. Prashant Gupta who shared his experience
and expertise in his field of knowledge and continuously encouraged me to complete my
Summer Internship on time.

I am very grateful to my parents and my family for their support, dedication, and
their prayers to complete the course successfully.

K. Sriram
RA1852001010025
 Abstract
The Summer Internship Programme in Risk advisory department of Deloitte helped me to gain
knowledge in Risk related to IT controls of Companies and this report also includes the SWOT
Analysis of Deloitte. This study was helpful to develop and enhance my competency skills in
the finance field.
 LIST OF CONTENT

Chapters Title Page No.

Abstract
List of tables
List of Figures
Chapter-1 Introduction 1
1(a) Industry Profile 1
1(b) Company Profile 10
1(c) Product Profile 14

Chapter- 2 Functional Departments and Its Operations 16

Chapter- 3 Issue Identified 22

3(a) Learning Outcomes 23

Chapter- 4 SWOT Analysis 36

Chapter-5 Findings 39

Chapter-6 Suggestion 39

Chapter-7 Conclusion 40

References

List of Tables:
Table No Title Page No
1 Indian Financial Service Market 2
Segmentation by Share and Value
List of Figures
Figure No Title Page No
1 Investment In Financial 7
Services
2 Benefits of Financial Services 8
3 Financial Sector Growth Rate 9
4 Structure of Audit and 16
Assurance Department
5 Structure of Financial 17
Advisory Department
6 Structure of Tax Department 18
7 Structure of Risk Advisory 19
Department
8 Structure of Consulting 20
Department
9 SOC Classification 24

10 ITGC Control Process 28

11 Network VAPT Process 30

 Chapter-1: Introduction
1(a) Industry Profile:

Indian money related administrations industry has experienced the hardest of the occasions but
then remains steadfast and hearty among the world economies.

Having a profound effect of the sweeping changes in the Indian economy since
progression, the new substance of this industry is advancing in a solid, straightforward and
flexible framework. In the course of the most recent couple of years, budgetary markets have
seen a huge widening and developing of administration crates with the presentation of a few
new instruments and items in banking, protection and capital markets space.

The division was opened up to new private players including outside organizations who
grasped global prescribed procedures and present day innovation to offer an increasingly
refined scope of monetary administrations to corporate, retail and institutional clients. Finance
related part controllers also have been visionaries to guarantee that new guidelines and rules
are couple with worldwide standards. These advancements have given a vigorous lift to the
improvement and modernisation of the budgetary administrations segment in India.

The Sector which is available under the financial services industry are as follows:
 The Reserve Bank of India (RBI) is the apex bank of the country, controlling all
activities in the financial sector. Commercial banks include public sector and private
sector banks and are under the regulatory supervision of the RBI. Development finance
institutions include industrial and agriculture banks.

 Non-banking finance companies (NBFC) provide loans, purchase stocks and

debentures, and offer leasing, hire purchase, and insurance services.

 Insurance companies function in both public and private sectors and are controlled by
the Insurance Regulatory and Development Authority (IRDA).

Recent Development in Financial Service Industry:

 Investments by Foreign Portfolio Investors (FPIs) in Indian capital markets have

reached Rs 5,400 crore (US$ 748.44 million) up to December 30, 2018.

1
  As of October 2018, the Financial Inclusion Lab has selected 11 fintech innovators with
an investment of US$ 9.5 million promoted by the IIM-Ahmedabad's Bharat Inclusion
Initiative (BII) along with JP Morgan, Michael and Susan Dell Foundation, and the Bill
and Melinda Gates Foundation.

Market Size of Financial Service Industry:

The Mutual Fund (MF) industry in India has seen rapid growth in Assets Under
Management (AUM). Total AUM of the industry stood at Rs 23.16 trillion (US$ 321.00 billion)
as of February 2019. At the same time the number of Mutual fund (MF) equity portfolios
reached a high of 74.6 million as of June 2018.
Another crucial component of India’s financial industry is the insurance industry. The
insurance industry has been expanding at a fast pace. The total first year premium of life
insurance companies reached Rs 159,004 crore (US$ 22.04 billion) as of Jan 2019.
Along with the secondary market, the market for Initial Public Offers (IPOs) has also witnessed
rapid expansion. The total amount of Initial Public Offerings (IPO) stood at Rs 14,032 crore
(US$ 1.94 billion) as of Feb 2019.
Furthermore, India’s leading bourse Bombay Stock Exchange (BSE) will set up a joint
venture with Ebix Inc to build a robust insurance distribution network in the country through a
new distribution exchange platform.

Indian Financial Service Market Segmentation by Share and Value (in 2019)
Table 1
Classification Market Share Market Value
Mutual Funds 65% Rs 220719 Crores
Insurance 25% Rs 159004 Crores
IPO 10% Rs 140320 Crores

2
Growth of Financial Service Industry:

a. Banking :

The banking system in India is the most extensive. The total asset value of the
entire banking sector in India is nearly US$ 270 billion. The total deposits is nearly
US$ 220 billion. Banking sector in India has been transformed completely. Presently
the latest inclusions such as Internet banking and Core banking have made banking
operations more user friendly and easy.

b. Insurance :

The insurance market is topped off with new players which has prompted the
presentation of a few imaginative insurance based items, esteem additional items, and
administrations. Numerous outside organizations have additionally entered the field, for
example, Tokio Marine, Aviva, Allianz, Lombard General, AMP, New York Life, Standard
Life, AIG, and Sun Life.

The challenge among the organizations has prompted forceful advertising, and
appropriation strategies.

c. Venture Capital:
 The venture capital segment in India is one of the most dynamic in the financial
area inspite of the blocks by the outside set up.
 By and by in India there are around 34 national and 2 worldwide SEBI enrolled
venture capital assets.

Regulating Authority of Indian Financial Service Industry:

The Regulating Authority accessible in Indian Financial industry are as per the following:

a. Reserve Bank of India:

It is the issuer of the Indian Rupee and manages the banking and financial arrangement
of the nation by issuing wide rules and guidelines.

3
 Role of RBI:

i. Control cash supply

ii. Monitor key pointers like GDP and expansion

b. Securities Exchange Board of India :

Securities Exchange Board of India (SEBI) was built up in 1988 however got lawful
status in 1992 to direct the elements of protections market to keep a beware of
misbehaviors and ensure the financial specialists. Headquartered in Mumbai.

Role of Sebi:

i. Protect the premiums of financial specialists through appropriate training and

direction.

ii. Direct and control the business on stock trades and other security markets.

c. Insurance Regulatory and Development Authority of India (IRDAI)

IRDAI is a self-sufficient pinnacle statutory body for directing and building up the
insurance business in India. It was set up in 1999 through a demonstration gone by the
Indian Parliament. Headquartered in Hyderabad, Telangana, IRDA controls and
advances insurance business in India.

d. Forward Market Commission of India (FMC)

Forward Market Commission of India (FMC) Headquartered in Mumbai, FMC

is a regulatory authority represented by the Ministry of Finance, Govt. of India.

It is a statutory body, set up in 1953 under the Forward Contracts (Regulation)

Act, 1952. The commission permits ware exchanging 22 trades in India. The FMC is
presently converged with SEBI.

4
 e. Pension Fund Regulatory and Development Authority (PFRDA)
Established in October 2003 by the Government of India, PFRDA creates and controls
the annuity part in India. The National Pension System (NPS) was propelled in January
2004 with an expect to give retirement pay to every one of the natives.

Challenges faced by Financial Services Industry:

The Challenges faced by financial industry in the present are as follows:

1) Cybercrime In Finance:

Data breaches involving financial service firms increased by 480% from 2017
to 2018. With each assault costing budgetary organizations millions, creative
arrangements are required on the off chance that we are to dodge a rehash of the
untamed days of the Wild West.

As an ever increasing number of establishments embrace distributed ledger

technology (DLT), blockchain will turn into the true answer for keeping money related
information secure while very still.

2) Reputational Risk:

Hundreds of thousands of false records made for clients, selling individuals

superfluous vehicle protection without any end in sight. Doubters and pundits
pondered whether administrators at Wells Fargo ought not just lose their positions
and their rewards but rather additionally be sent to imprison. Banking has an awful
instance of the reputational-risk influenza and proceeded with outsized pay rates and
rewards for bank officials, combined with small loan fees being advertised.

3) Big Data Use In Finance:

Big data provides both opportunities and obstacles for financial service
providers. Taking advantage of online networking, purchaser databases, and even news
channels can help banks better serve their clients, while better securing their very own
advantages. But sorting through torrents of unstructured data for useful information is

5
 no small undertaking. It requires powerful data analytics technology if institutions are
to reap a benefit. Fortunately, data analytics solutions are emerging with the potential
to transform asset management, trading, risk management, and other financial
services.

4) Regulatory Compliance in Finance:

The consistently changing regulatory condition represents a steady test for

financial institutions of various types. Regtech is an emerging industry that can help
facilitate the weight of compliance. By using the most recent Fin-Tech technologies to
address regulatory compliance, RegTech new businesses are bridging the hole among
controllers and the financial service industry.

5) Customer Retention in the Financial Service Industry:

While brand steadfastness may not be dead, it is definitely in a coma. What

makes a difference to most clients in 2019 is more prominent personalization,
progressively robotized services, and simpler access to services. Institutions that can
convey each of the three will catch a lot of the market. Key to not losing the fight is
recognizing that clients are less worried about brand commonality than getting the
services they need. Competition for financial service customers has never been fiercer.

6) Employee Retention in the Financial Service Industry:

Todays financial service organizations find it hard to draw in clients, yet they
are likewise finding it hard to pull in workers. An absence of qualified ability to fill
new IT jobs, and a millennial workforce that avoids long haul business, are leading
variables in finding great assistance.

Institutions that need to draw in and retain a certified workforce must change their way
of thinking.

6
 Figure 1 Investment in Financial Services

Government Iniatives:

 In December, 2018, Securities and Exchange Board of India (SEBI) proposed direct
overseas listing of Indian companies and other regulatory changes. It has given
organizations a more extensive investor base, better valuation, expanded mindfulness,
expert inclusion and perceivability.
 Bombay Stock Exchange (BSE) presented week by week prospects and choices
contracts on Sensex 50 file from October 26, 2018.
 In September 2018, SEBI requested suggestions to fortify principles which will
upgrade the general administration benchmarks for backers, go-betweens or framework
suppliers in the money related market.
 The Government of India propelled India Post Payments Bank (IPPB), to furnish each
region with one branch which will help increment rustic entrance. As of August 2018,
two branches out of 650 branches are as of now operational.

7
 Figure 2 Benefits of Financial Services

Volatility in the financial markets has resulted in financial institutions struggling to

maintain their growth and profitability. Alongside, the global economic slowdown has taken a
toll on the Indian economy, pressurising margins as well as the very sustainability of financial
service companies. These dynamics call for the need to establish robust business models and
ensure quality management.

The sector is now at a point of inflection undergoing multiple regulatory and reporting
changes. One of the biggest challenges is the move to Basel III, which includes strengthening
bank capital requirements and adopting new regulatory requirements on liquidity and leverage.

8
 Basel III, together with the broader regulatory change agenda, is set to redraw the
banking landscape. It will have a profound impact on profitability and force banks to transform
their business models. Another key transformation in the financial services industry is the
transition to IFRS. The landscape of financial reporting will be transformed with the adoption
of IFRS, ultimately leading to an impact on business decisions.

Figure 3 Financial Sector Growth rate

9
1(b): Company Profile

Deloitte is the brand under which a huge number of devoted experts in autonomous
firms all through the world team up to give review, counseling, money related warning, chance
warning, expense and related administrations to choose customers.

These organizations are individuals from Deloitte Touche Tohmatsu Limited, a UK

privately owned business restricted by certification (DTTL). Each DTTL part firm gives
benefits specifically geographic zones and is liable to the laws and expert guidelines of the
specific nation or nations in which it works. Each DTTL part firm is organized as per national
laws, guidelines, standard practice, and different factors, and may verify the arrangement of
expert administrations in its domain through backups, subsidiaries, and other related
substances.

DTTL firm gives all administrations, and certain administrations may not be accessible
to confirm customers under the principles and guidelines of open bookkeeping. DTTL and each
DTTL part firm are lawfully discrete and free substances, which can't commit one another.
DTTL and each DTTL part firm are at risk just for their own demonstrations and exclusions,
and not those of one another. DTTL (likewise alluded to as Deloitte Global) does not give
administrations to customers. Deloitte stands out form its competitors is by providing clients

10
with a more personalized contract which takes into mind their short and long term goals as well
as other factors. By have well trained consultants and project staff the firm is able to initiate
strong conversation and detailed research. They are able to collaborate better and are more
responsive to their needs.

At the season of the US-drove mergers to frame Deloitte and Touche, the name of the
global firm was an issue, on the grounds that there was no overall restrictive access to the
names "Deloitte" or "Touche Ross" key part firms, for example, Deloitte in the UK and Touche
Ross in Australia had not joined the merger.

The name DRT International was along these lines picked, alluding to Deloitte, Ross
and Tohmatsu. In 1993, the worldwide firm was renamed Deloitte Touche Tohmatsu. In 2016,
Deloitte gained promoting office Heat of San Francisco, best known for its work Madden NFL
from EA Sports and the Hotwire travel site. Warmth was the eleventh computerized promoting
office acquired by Deloitte Digital since its establishing in 2012. Starting at 2016, Deloitte
Digital had 7,000 workers. It charged $2.1 billion out of 2015, making it one of world's biggest
computerized organizations. In September 2016,Apple Inc.announced an organization with
Deloitte went for boosting offers of its telephones and other cell phones to organizations.

As a feature of the organization, the two organizations will dispatch an administration

called Enterprise Next, in which more than 5,000 Deloitte experts will prompt customers on
the best way to utilize Apple items and administrations. In October 2016, Deloitte reported that
they were making Deloitte North West Europe. The Belgian, Danish, Dutch, Finnish, Icelandic,
Norwegian, and Swedish part firms will consolidate with the UK and Swiss part firms to make
Deloitte North West Europe.

Deloitte, throughout the following three years, will contribute 200m to upgrade its
administrations to its worldwide, national and private market customers and to make the best
advancement openings. The firm will happen on 1 June 2017 and it is evaluated to have 28,000
accomplices and individuals producing over 5bn in yearly income. Deloitte North West Europe
will represent roughly 20% of all income inside their Global Network. Deloitte has benefits in
five services :.

Deloitte has services in five service areas. The firm integrates process capabilities and
service lines into each service area. Deloitte consultants work with eight industry groups in
three geographic regions. When new people are hired into one of the regional offices they

11
generally work in a particular geographic region. When starting your career with Deloitte, as
you become more familiar with the processes ways of doing things you’ll gradually specialize
in a service line and industry group. However as with any small or large organization you will
initially work within different areas and on different project types.

Vision:

We aspire to be the Standard of Excellence, the first choice of the most sought-after clients and
talent.

Mission:

We assume a basic job in helping both the capital markets and our part firm customers work
all the more adequately. We consider this job a benefit, and we realize it requires consistent
cautiousness and tenacious duty.

Values:

1. Integrity

We believe that nothing is more important than our reputation, and behaving with
the highest levels of integrity is fundamental to who we are. We demonstrate a strong
commitment to sustainable, responsible business practices.

2. Outstanding value to markets & clients

We play a critical role in helping both the capital markets and our member firm
clients operate more effectively. We consider this role a privilege, and we know it requires
constant vigilance and unrelenting commitment.

3. Commitment to each other

We believe that our culture of borderless collegiality is a competitive advantage for
us, and we go to great lengths to nurture it and preserve it. We go to extraordinary lengths
to support our people.

12
4. Strength from cultural diversity
Our member firm clients’ business challenges are complex and benefit from
multidimensional thinking. We accept that working with individuals of various foundations,
societies, and thinking styles enables our kin to develop into better professionals and
pioneers.

The four key business areas the company operates in include:

a) Audit and Assurance

b) Financial advisory,
c) Risk advisory
d) Consulting
e) Tax

Deloitte has offices in different states of India which are as follows:

a) Ahmedabad

b) Chennai

c) Bangalore

d) Mumbai

e) Hyderabad

f) Gurugram

g) Delhi

Awards and Recognition:

a) In 2019, Fortune magazine ranked Deloitte as one of the 100 Best Companies to Work
For and Bloomberg Business has consistently named Deloitte as the best place to launch
a career.

b) Deloitte, along with KPMG, PwC and PA Consulting Group were recognized among
the UK's best companies to work for in 2017.

c) Deloitte was named the no.1 accounting firm for the tenth year in a row by Inside Public

13
 Accounting in August 2018.

d) In 2017, Deloitte was ranked as one of the ten best places to work for paternity leave
by Fatherly, an online resource for parenting news.

1(c) Product Profile:

The services offered by Deloitte Touche Tohmastu India LLP are as follows:

a) Consulting:
 Consulting department provide services in the areas of enterprise applications,
technology integration, strategy and operations, Human Capital.
 The Consulting services of deloitte grew by 15.7% in the year 2018.
 The Firm implemented the SAP HR system for the Los Angeles Unified School
districts

b) Financial advisory:
 Financial advisory department provide corporate finance services to clients,
including dispute, commercial bankruptcy, forensic, e-discovery and valuation
services.
 Financial advisory service grew by 8% in 2018.

c) Risk advisory:
 Risk advisory department provides services in the areas of enterprise risk
management and information security, project risk and cyber risk and etc.
 Risk assurance team provides audit support and SOC services to its clients who
request for testing their efficiency of IT controls.

d) Tax and Legal Service:

 Tax and Legal department help the clients to increase their net values, undertake
the transfer pricing and international activities of multinational activities, etc.
 Deloitte provide direct tax and indirect tax services to its Indian clients.

14
 e) Risk Advisory Services:

 The Risk Advisory department of Deloitte helps the clients in finding the
following risk:

a) Strategic and Reputation risk:

Deloitte enables associations to settle on risk-educated key decisions and react

to interruptions to develop their business and ensure their notoriety. C-suite and sheets
need the correct bits of knowledge, top tier corporate administration, and a risk culture
went for driving worth.

b) Regulatory Risk:

Deloitte enables associations to envision and adjust to changes in the regulatory

condition, and fabricate better projects and controls to address the wide assortment of
guidelines and regulatory risks. We work with customers and controllers on powerful
remediation because of consistence occasions.

c) Financial Risk:

Deloitte helps associations over the full lifecycle of financial exchanges. From
administration and procedures to innovation and detailing, our administrations can
improve straightforwardness, proficiency, consistence, and financial respectability.

d) Cyber Risk:

Deloitte enables associations to avoid cyber-assaults and secure significant

resources. We have faith in being secure, cautious, and strong—not just by seeing how
to anticipate and react to assaults, however at how to oversee cyber risk in a manner
that enables you to release new chances. Install cyber risk toward the beginning of
technique advancement for increasingly powerful administration of data and innovation
risks.

15
Chapter 2: Functional Departments and Its Operations

a. Audit and Assurance Department:

Partner

Director

Senior Manager

Deputy Manager

Consultant

Figure 4 Structure of Audit and Assurance Department

An audit is a "systematic, independent and documented process for obtaining audit

evidence [records, statements of fact or other information which are relevant and verifiable]
and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.

They main function of this department is to examine and evaluate the financial
statements of its clients company to make sure that records are fair and accurate representation
of the transactions they claim to represent.

The Audit and assurance department service is classified into

i) External Auditing:

Audit team performs an audit, in accordance with specific laws or rules, of the financial
statements of a company, government entity, and other legal entity.

SA200 of the Institute of Charted Accountants of India specifies the rules governing the
independent examination of financial information.

16
ii) Internal Auditing:

In case of internal audit, Audit department checks the effectiveness of the day to day
operations of its clients and also to review what the company is doing in order to identify
potential threats to the organisations health and profitability , and to make suggestion for
mitigating the risk associated with those threats in order to minimize cost.

b) Financial Advisory:

Partner

Director

Manager

Senior
Manager

Deputy
Manager
Senior
Consultant
Analyst

Figure 5 Structure of Financial Advisory Department

Financial Advisory services department provides financial advices guidance to customer for
compensation. This department is designed to help the business take a realistic look at their
financial objectives.

The classification of services provided by Financial advisory department are as follows:

 Corporate Finance Advisory team

 Merger and Acquisitions Transaction services

 Forensic

 Valuation Services

17
c) Tax:

Partner

Director

Manager

Senior
Manager

Deputy
Manager

Senior
Consultant
Analyst

Figure 6 Structure of Tax Department

Tax department of Deloitte India deals with the filling of Income Tax and GST on
behalf of its clients based on the laws stated in Income Tax Act, 1969 and GST ACT, 2017.
The Tax Department also provide services such as:

a) International tax administrations: Deloitte help and give guidance in viably exploring the
myriad of tax, bookkeeping, lawful, administrative, social, and work issues in cross-fringe
exchanges to help oversee consistence dangers and conceivably upgrade returns.

ii) Transfer Pricing: Deloitte all around oversaw transfer pricing group enables organizations
to lessen hazard by adjusting reasonable transfer pricing arrangements with in general
worldwide business activities and targets, help with key documentation to help transfer pricing
practices and resolve questions.

18
 d) Risk Advisory

S. Ravi Veeraraghavan
Partner (Risk Advisory)

Arjun Prathap Arthi Saikrishna Raja Selvaraj Puja Vaid

Director Director Director Director(Quality Auditor)

Karthik Ramachandran
Senior Manager

Kalyanaraman Sathish Sridharan Janani Rajan Girish Jain Prashant Gupta

Deputy Manager Deputy Manager Deputy Manager Deputy Manager Deputy Manager

George Afroz
Assistant Manager Assistant Manager

Consultant

Senior Analyst

Analyst
Figure 7 Structure of Risk advisory Department

19
Risk advisory Department helps to identifies the Risk prevailing in the IT Controls of its clients
based on the policies and procedure submitted by them.
The Risk Advisory Department includes:
a) Risk on Reputation
b) Risk Assurance
c) Cyber Risk
The Risk assurance team provides Support to Statutory Audit team and also Provides Service
Organisation Control (SOC) Report to its Clients.

f) Consulting:
Partner

Director

Manager

Senior
Manager

Deputy
Manager

Senior
Consultant
Analyst

Figure 8 Structure of Consulting Department

Consulting Department of Deloitte helps Develop a strategic business plan for its clients
and also provides financial advices to them for a certain amount.
The Services provided by Deloitte are as follows:
i) Human Capital:
The HR consultants perform needed assessment or audit and make
recommendations or proposal, co-ordinates the creation and implementation of an
action or corrective plan and co-ordinates cross-functional Human Resources.
ii) Strategy and Operations:
The Consulting Department provides strategy and operation services advices to its
clients to help them identify the effectiveness of their work process.

20
iii) Enterprise Applications:
This services are typically designed to interface or integrate with other enterprise
applications used within the organisation and to be deployed across a variety of networks
(Intranet, Internet), while meeting strict requirements for security and administration
management.
It is also classified into:
a) ERP Advisory Services
b) ERP Implementation Services

iv) Technology Integration:

The focus of this team is to identify how the clients in Public and Private Sector, Can
leverage technologies to solve business transformation by offering services in Technology
Strategy, Information Management, Business Integration and Optimisation and system
integration.

The Functional departments of Deloitte Touche Tohmastu India LLP and its operations are
listed above.

21
Chapter 3: Issues Identified

The Issues identified by me in the Deloitte Touche Tohmastu LLP during the summer
internship programme are as follows:
a) Working hours violated:
Even though the working hours are fixed from 9am to 6pm as same as other companies,
but the employees are made to work overtime on someday without any additional pay for it.

b) Less Exposure:
The employees in deloitte are restricted to only to their department and doesn’t have
exposure of the other departments in the same company. This may affect them if they apply for
a different line of job in other companies.

c) Long Hierarchical Structure:

Company like deloitte has long reporting structure which leads to more time consuming
decision making and the employees find it difficult to approach the partner of respective
functional department.

22
3(a): Learning Outcomes

As the Title “Organisational study on Deloitte Touche Tohmastu LLP” it was a

great experience in knowing about the different services offered by them to their clients
in the financial services sector. I obtained good knowledge especially on the services
provided by the Risk advisory Department and got to know about the Managerial
practices followed by Mr S. Ravi Veeraghavan the partner.

On my First 3 weeks of my Summer internship programme out of 6 week

programme, I was given a brief about the policies prevailing in the organisation and the
manager gave me a brief view about the various types of clients which they deal and
also about the services provided exclusively provided by risk advisory department such
as Audit Support and SOC report.

On the final 3 weeks of my summer internship programme out of 6 week

programme, I was given the opportunity to work in a team which dealt with SOC report.
The objective of the team was to test the IT controls of the clients with the help of their
polices, procedure and other IT access provided by them in order to determine the
efficiency and reliability of their IT control and a SOC Report is prepared and sent to
the client. I was given with the work of Mapping the IT controls i.e. The Activities
provided by the client is matched with the COSO Framework established for internal
Controls and also was provided with work of analysing work paper.

The Services provided by the Risk advisory Department are explained below in details:
I) Service Organisation Control:
It is a report prepared by Deloitte to help the service organisations that provide
services to other entities, build trust and confidence in the services performed and
controls related to the services through a report. SOC Report is based on the rules
specified by SEC and PCAOB Standards.

23
SOC Report is classified into:

SOC

SOC 1 SOC 2 SOC 3

Figure 9 SOC Classification

a) SOC 1:
SOC 1 report provides user entities of the payroll processing company
reasonable assurance that the internal controls of the payroll processing company are
suitably designed (Type I report) or suitably designed and operating effectively (Type
II report) to provide the payroll services.

SOC 1 Report consist of the following:

i) Type 1 Reports:
Type 1 reports cover a particular date that include a description of a service
organization’s system as well as tests to help determine whether a service
organization’s controls are designed appropriately. Type 1 reports test the design of a
service organization’s controls, but not the operating effectiveness.
ii) Type 2 Reports:
Type 2 reports cover a period of time, include a description of the service
organization’s system, and test the design and operating effectiveness of key internal
controls over a period of time.

24
 SOC 1 Reports are generally restricted used report as they contain sensitive
information about the service organisations and they can be used only by the
management of the organisation.

The Contents of SOC 1 Report Structure are as follows:

1. Scope of Report
2. Service Organisation Responsibilities
3. Service Auditor Responsibilities
4. Inherit Limitation
5. Basis of Qualification
6. Opinion
7. Description of Test of Control
8. Restriction of use

b) SOC 2 Report:
SOC 2 Report provides the auditors opinions on how that organisation’s control fits
the requirements. It includes the five trust services principles which are as follows:
i) Security
ii) Availability
iii) Processing Integrity
iv) Confidentiality
v) Privacy
SOC 2 Report structure consist of:
i) The Opinion Letter
ii) Management Assertion
iii) Description of the System
iv) Description of Test of Controls and Results of Testing

c) SOC 3 Report:

SOC 3 Report: A Service Organization Control 3 (Soc3) report plots

information identified with an administration organizations inner controls for security,
availability, processing integrity, confidentiality or privacy. These five territories are
the focal points of the AICPA Trust Services Principles and Criteria.

25
 SOC 3 Report on a similar information as a SOC 2 Report yet the distinction between
the two is that SOC 3 Report is expected for general Audiences. SOC 3 reports can be shared
transparently and posted on an organization's site with a seal showing their consistence.

Deloitte uses Audit System 2(AS/2) tool to manage its work paper and achieve its client’s
files. The AS/2 tool is explained below:
 AS/2 is a DTTL Proprietary software that member firms use to create and manage audit
files for audit engagement.
 AS/2 Promotes effectiveness and efficiency in audits.
 AS/2 enables in sharing of Information electronically and ensure consistency in our
approach and methodology and also provides the capability to export and transmit all
relevant documents to other member firms if required.

Risk assurance team maps the activities provided by the clients with COSO Framework
in order to further Test the control with the help of SAP. COSO framework is explained below:
COSO stands for Committee of Sponsoring Organisation of the Treadway Commission.
It is a process effected by an entity’s board of director, management and other professional are
designed to provide reasonable assurance of the achievement of the objective.
Components of COSO Framework are as follows:
a) Control Environment:
 Integrity and Ethical Values
 Organisation Structure
 Board of Director and Audit Committee

b) Risk Assessment:
 Company-wide Objective
 Process-Level Objective
 Managing Change
c) Control Activities:
 Policies and Procedures
 Security
 Outsourcing

26
d) Information and Communication:
 Quality of Information
 Effectiveness of Communication

e) Monitoring:
 Ongoing Monitoring
 Separate Evaluation
 Reporting Deficiencies

II) Audit Support:

The Risk assurance team provides Support to Statutory audit team in testing the IT
controls of their clients to know about the effectiveness of their IT Database and Software’s.
This Risk assurance teams send the Scripts to the clients and ask them to fill in the required
data and send it back. These scripts are then Run by a software known as ACTT which runs
the testing process and provides the results based on the process specified by deloitte. The
Client is then intimated about the Risk and queries about it are cleared by the consultant.

The Risk advisory team uses EML (Engagement Management Letter) tool for archival
process of this year’s client report for future process.
These Report are Signed by the Partner and Director of the Department before sending it to the
clients.
ACTT is further explained below:

Testing of controls can be computerized to acquire more efficiencies. This incorporates

execution of computerized contents for execution of the controls testing, usage of RPA
arrangements, utilizing investigation and so forth. The majority of the associations use contents
based controls testing approaches where a content is kept running on the generation condition
of a framework to download certain tables and structures and calculations are composed to
peruse these information dumps and give the clients an intelligible record to dissect.

A client intercession is for the most part required in this situation to examine the
information and characterize the control to be powerful or inadequate. Mechanical procedure
mechanization (RPA) can likewise be sent for the equivalent. RPA is the use of innovation to
perform principle based errands and interface with existing applications so as to finish relegated

27
assignments. Testing of a portion of the controls can be mechanized from begin to end. There
are various devices for RPA in the market, for example, UIpath, Automation Anywhere and
Blueprism.
The Script obtained from the ACTT with the help of UNIX used contains the following topics:

a) UNIX .05: User Authentication

b) UNIX .06 : Privileged Access

c) UNIX .09 : Configuration

d) UNIX. 10 : Change Management

e) UNIX .15: Job Scheduling Process

f) UNIX.16: Job Monitoring

II) Information technology and general Controls:

ITGC is the basic control that can be applied to IT system such as application, Operating
system and databases and supporting IT Infrastructure. The objective of ITGC are to ensure
the integrity of data and process that the system support.

Operating
Application Database Network
System

Figure 10 ITGC Control Process

Internal Control and Testing Process:

i) Internal Control:
Internal controls are just procedures, arrangements and methods, affected by
individuals that guarantee our interior procedures, intended to adjust chance, work the manner
in which we need them to with the goal that we accomplish what we need. Instances of inward

28
controls incorporate division of obligations, expert appointments, arrangements, system
manuals, work rehearses, passwords, account compromises, arithmetical exactness checks,
confined physical access, stock tallies, resource tallies, spending plans, plans and so on.
The types of internal controls are as follows:

a) Preventive Controls:
Preventive controls are those control which are designed to stop, discourage or pre-empt
inappropriate transactions, errors or irregularity before they occur. Preventive Controls are also
pro-active in nature.

b) Detective Controls:
Detective controls are those controls which are designed to search for and identify errors on
a timely basis after they have occurred. Detective Controls are post fact controls which is used
to measure the effectiveness of preventive controls.

c) Corrective Controls:
Corrective Controls are those controls which are designed to correct errors or risks and
prevent the recurrence of further errors. This control exist until the management can solve the
problem or defect.

ii) Testing Process:

The Risk assurance team of deloitte uses the following method to test the IT Controls
of its clients:
a) Inquiry
b) Observation
c) Examination or inspection of evidence
d) Re-Performance

The Most common ITGC Areas follows:

a) Logical access control over infrastructure, applications and data
b) System development life cycle controls
c) Program change management controls
d) Data center physical security controls
e) System and data backup and recovery controls

29
f) Computer Operation Controls

The Framework for Testing used by deloitte are:

SMART- Specific Measurable Attainable Realistic Tangible
FRASA- Frequency Responsible Party Activity Source Action Taken

Deloitte provides vulnerability assessment and penetration testing for its client
companies. Vulnerability assessment means a tool which discover the vulnerabilities present
in Database but does not differentiate between the flaws that can be exploited and those cannot
be exploited.
Penetration testing means the company hires an ethical hacker and test a virus on its security
system in order to find out whether their security system are secured or not.

Figure 11 Network VAPT Process

Veracode’s service allows companies to meet their compliance requirements faster and
more effectively. The Veracode stage discovers blemishes that could harm or imperil
applications so as to ensure inner frameworks, touchy client information and friends notoriety.
Having a framework set up to test applications during improvement implies that security is
being incorporated with the code as opposed to retroactively accomplished through patches

30
Active Directory Domain Service (ADDS):
ADDS provides the method for storing the directory data and make this data available to
network users and admin.
ADDS is includes the following:
a) Domain Services:
It stores centralised data and manages communication between the users and domains. It
also includes login authentication and search functionality.

b) Certificate Services:
It generates, manages and shares certificate. A certificate is used an encryption to enable a
user to exchange information over the internet securely.

c) Directory Federation Services:

It Provides Single-sign on feature to authenticate a user in multiple web application in a
single session.

d) Rights Management:
It controls Information rights and management and encrypts contents on a server limit
access.

Implementation of the use of GRC Tools are explained below:

Numerous associations today have executed or during the time spent assessment of Governance
Risk and Controls arrangements. GRC arrangements can get consistency and help to support
Internal Controls structure from IT viewpoint. A portion of the models on utilizing of GRC
apparatuses from IT Controls structure include:

• Risk Assessments: GRC apparatuses can help in performing Risk evaluations dependent on
classification of hazard for an application. Further the GRC instruments have inbuilt controls
library that can be utilized/redid for execution of controls dependent on dangers.

• Integrated controls structure: GRC apparatuses help in actualizing a coordinated controls

system. The different controls prerequisites, (for example, SOX, PCI DSS, ISO 27001) can be
joined and justified into a solitary structure

31
• Documentation: GRC apparatus will go about as a vault for all the documentation identified
with interior controls.

• Issue following: All the controls related disappointment can be checked through the GRC
devices. Checking of the issues and following of remediation will be done halfway through the
device. GRC devices can be incorporated to CCM arrangement, testing results can be put away
in one spot. GRC device will go about as empowering influence to acquire proficiency in the
Controls Automation venture.

Deloitte uses SAP for its Audit support function for quick finishing of work. Explanation about
SAP ERP is given below:

SAP ERP is a venture the executives stage that has every one of the capacities of store
network the board, item lifecycle the board, human capital administration, budgetary
administration and client relationship the board arrangements. It very well may be conveyed as
a SaaS administration, on-premise or as a half breed model. What's great about the arrangement
is that you can modify it the manner in which you need as the seller has a system of accomplices
that offers customization and combination administrations.

SAP ERP brags a client base 172,000 organizations around the world. With the
arrangement, you get the opportunity to approach imperative applications, investigative
apparatuses and information that can incredibly enable you to streamline your procedures and
help associations become increasingly focused. Beside these, you likewise get the opportunity
to appreciate full web-empowered help from the merchant. The product can help you in dealing
with your entire association making assignments, for example, item arranging and general
record detailing far simpler. This one-size-fits-all stage can take into account any business type
and size and is adaptable to such an extent that you will never need to search for another
arrangement again.
Functional areas of SAP ERP are as follows:
1. Financial Accounting: It deals with financial transaction and data.

2. Human Resource: It deals with the information related to employees of an organisation

3. Customer Relationship Management: Deals with capturing and managing customer’s

relationship, facilitating the use of customer experience to evaluate the knowledge base.

32
Finance and controlling (FICO):

SAP FICO is a blend of two ERP modules, i.e., Finance Accounting (FI) and Controlling (CO).
Under Finance in SAP and at an endeavor level, the accompanying modules participate −

FI − Finance

CO − Controlling

IM − Investment Management

TR − Treasury

EC − Enterprise Controlling

SAP FI (Financial Accounting) is responsible for following the progression of money related
information over the association in a controlled way and incorporating all the data for viable
vital basic leadership.

Usage of SAP in Deloitte are as follows:

 It helps in analysing the general ledger accounting (creation of charts of accounts,
Accounts groups, defining data transfer rules, creation of general ledger accounts)
 Tax Configuration and creation of accounts.
 Checking of Accounts Payable
 Checking of Accounts reliable
 Integration of Segregation of duties and Material Management

Explanation about segregation of duties and Material Management are as follows:

Segregation of duties:

Segregation of Duties (SoD) are an essential inner control proposed to anticipate or diminish
the danger of blunders or inconsistencies, distinguish issues, and guarantee remedial move is
made.

33
This is accomplished by guaranteeing no single individual has authority over all periods of a
business exchange. There are four general classes of duties:

a) Authorization
b) Custody
c) Record keeping
d) Reconciliation

In a perfect framework, various representatives play out every one of these four
noteworthy capacities. At the end of the day, nobody worker has control of at least two of these
obligations. The more debatable the advantage, the more prominent the requirement for
legitimate segregation of duties, most essentially when managing money, debatable checks,
and inventories.

In certain business territories, SoDs are exceedingly significant. This is the situation,
for example, in organizations where money is taken care of, since money, by its tendency, does
not leave an immediate trail. Any office that acknowledges reserves, approaches bookkeeping
records, or has authority over an advantage must be worried about actualizing SoDs. Instances
of inconsistent duties incorporate the accompanying: Authorizing an exchange; getting and
keeping up care of the advantage that came about because of the exchange Receiving checks
for installment on record; affirming benefits Depositing money; accommodating bank
proclamations Approving time cards; having care of checks.

Employees are trying to begin in a little task, as it isn't constantly conceivable to

apportion enough staff to appropriately isolate duties. In these cases, management may need to
play a progressively dynamic job to begin detachment of duties by checking the work done by
others, or by utilizing other alleviating controls to limit dangers.

34
Material Management:
Material Management: SAP MM is a piece of administrative capacity which aides in
dealing with the obtainment exercises of an association.
The Features of SAP MM are as per the following:
a) SAP MM manages dealing wth the materials and asset of the association with the
point of quickening efficiency and to diminish cost.
b) SAP MM manages the acquisition procedure, Master Data, Account Determination
and valuation of material, Inventory the board, Invoice confirmation and Material
requirement Planning.

35
 Chapter-4: Strength Weakness Opportunity and Threat Analysis (SWOT)

The SWOT Analysis of Deloitte has been listed below:

Strength Weakness

a) High Reputation a) Limited Affordability

b) Providing Quality Services b) Talent Retention
c) Employee Satisfaction
d) Skilled Workforce
e) Well Defined Process

Opportunity Threat

a) Exploring New Markets a) Tough Competition

b) Increasing Technology b) Different country different
c) Acquiring Small and Medium regulations
Firms

Strength:
a) High Reputation:
Deloitte has a high reputation among different industries in different countries
because of their market share and services provided. It also makes it different from its
competitors such as Ernest and Young, KPMG and etc.

b) Providing Quality Services:

Deloitte provides quality services to its clients based on their request, such as
Consultancy Services, Risk Advisory, Audit Services and Etc. Deloitte uses skilled
workforce to provide this services to its clients compared to its competitor.

36
c) Employee Satisfaction:
Deloitte management takes necessary steps to motivate the employees by way
of work recognition and performance appraisal which makes the employees satisfied
and leads to them to produce high results compared to its competitor companies.

d) Skilled Workforce :
Deloitte recruits individuals who are experienced and skilled along with
different educational background which helps them to deal with different clients and
also provides services with no deficiency. It also helps them to have a competitive
advantage over its clients.

e) Well-Defined Process:
Deloitte management follows a well- defined process to meet its client’s
requirements and pre plan its process in order to provide the services quickly i.e. Risk
advisory departments first prepares its work plan based on the clients requirement and
then start its testing process.

Weakness
a) Limited Affordability:
Deloitte charges huge amount from its clients for the services provided to them
which makes it difficult for small and medium companies to afford for it and this results
in low customer base.

b) Talent Retention:
Deloitte includes more no of employees it’s difficult for them to retain each and
every talented employees, which leads to high level of employee shifting to its
competitor companies. Lack of motivation and High work pressure are one of the
factors which makes deloitte weak.

37
Opportunities:
a) Increasing Technology:
Technology upgradation provides deloitte with the opportunity to improve its clients as
more clients who are exposed to cyber risk would require risk advisory services to prevent
it beforehand basis.

b) Acquiring of Small and Medium Firms:

Acquiring of Small and Medium Firms would help deloitte to attract medium
companies and expand its market share along with providing services in an efficient and
quick manner.
c) Exploring New markets:
The number of industry has increased substantially now a days therefore it provides
deloitte an opportunity to expand its business by extending its services to the new start-up
companies.

Threat:
a) Tough Competition:
Deloitte faces tough competition from Similar Firms such as EY and KPMG as they
provide same services to the clients globally at the same price which makes it difficult
for deloitte with an innovation in its service to sustain in the market.

b) Different country different Regulations:

Since Deloitte has branches globally, it is difficult for them to follow different
government’s regulation. So if they violate rules and regulation in one country it will
have its effects in other countries also.

38
 Chapter 5: Findings

Based on the issue identified and SWOT Analysis, the findings are as follows:
1. The Decision making process is time consuming due to long reporting Structure.
2. The Employee productivity may get affected if they work overtime and may feel
dissatisfied with their work.
3. The company faces talent retention, limited affordability and tough competition which
leads them to lose out with their competitors.

Chapter 6: Suggestions
The Suggestions for the above findings are as follows:
a) The employees can be paid overtime wages for the extra number of hours they work and
this should be taken into account at the time of their performance appraisal.

b) The Employees can be rotated to different departments as they would exposed to various
services and also increases faster production of results.

c) The simple and short reporting structure would help the employees to reach the management
for queries related to work and for faster decision making.

39
 Chapter-5: Conclusion

Based on analysis done on the Topic” Organisational study on Deloitte Touche Tohmastu India
LLP” I would like to conclude with the following points below:
 The companies superior- subordinate relationship and decision making process would
improve if the organisational structure is simplified.

 Deloitte has to concentrate more on in its HR Policy in order to retain its talented
employees and to solve the overtime problem.

 Deloitte top management has established a separate department for each services to
meet the client needs and requirement.

 Deloitte can reduce its Price of service a little in order to attract Medium companies
and expand its customer base.

Deloitte even though a big company has its own problem and it has to take necessary
steps to rectify it and to sustain in the competitive market.

40
References:
Website:
www.deloitte.com
www.ibef.org

41