In This Issue

• EY — Toxic Culture at EY Oceania: One Death, Multiple Warnings, and Still No Real Change

• Deloitte — Federal Court Greenlights Trade Secrets Case Against Deloitte for CDC Vaccine Tech

• KPMG - Lunchgate: Whistleblower Claims about KPMG’s Dexus Laptop Leak

Toxic Culture at EY Oceania: One Death, Multiple Warnings, and Still No Real Change

On 27 August 2022, around midnight, 27-year-old Aishwarya Venkatachalam took her own life, jumping from a terrace on the 11th floor of EY’s Sydney office building. The senior auditor had moved from India to Australia less than a year earlier, for what she had described as her “dream job” with the firm.

Aishwarya had spent the evening with colleagues at an EY social event at The Ivy nightclub in Sydney’s Central Business District — but three women came across her crying in a nearby car park late that evening. When they approached to offer help, she told them that “everyone was so mean to her in her office” and that the people working there were “mean and racist.”

These statements echoed what she had told her best friend, Neeti Bisht, about the work environment at EY, four months prior to her death.

Initial Response and Backlash

EY’s Sydney employees were initially stunned by the tragedy. However, their shock quickly gave way to widespread frustration over the firm’s handling of the situation.

Much of this anger centred on CEO David LaRocca’s town hall address to roughly 9,000 staff across Oceania. In the nearly hour-long speech, he devoted just four minutes to her death, referring to Aishwarya Venkatachalam only as “one of our Sydney assurance team members,” without mentioning her by name.

The hashtag #SayHerName quickly gained traction on LinkedIn and other platforms.

Larocca later justified the omission by stating the firm was “working to maintain space and privacy for Ms Venkatachalam’s family.”

In the aftermath, current and former employees took to LinkedIn, Reddit, and the press to publicly share experiences of bullying, racism, and overwork at EY, with many directly linking the firm’s toxic culture to the tragedy. One former staffer told Daily Mail Australia:

“Those days with EY Sydney were just so miserable. One day, I literally broke down cause of the unfairness and burnt out and cried so much at home. Luckily I have my family and friends to support me . … The partners in that team tend to treat Asian workers like a dog as they expect those workers can always work hard and can deliver more.”

Independent Review

In response to the backlash, EY Oceania commissioned an independent review led by Elizabeth Broderick, former Australian Sex Discrimination Commissioner. The review, which gathered input from over 4,000 current and former employees, was released in July 2023.

While a majority of employees reported that they found their workplace to be a respectful environment, with leadership promoting good behavior (88%), it emerged that there were several systemic issues disproportionately harming vulnerable groups: juniors, women, and CALD (Culturally and Linguistically Diverse) staff.

The following are some of the worrying findings highlighted by the report:

Bullying: Around 15% of employees had experienced bullying at EY Oceania in the previous five years, with women (17%) more likely to have experienced bullying than men (13%).

“The Partners protect bullies. Often they are bullies and aggressive themselves.”

(p. 31)

Sexual harassment: 10% of staff reported experiencing sexual harassment, with women at 15% and men at 6%.

“There are some partners I wouldn’t be in a room alone with.”

(p. 31)

“There was a Partner who tapped a colleague on the bum after a presentation saying ‘good job’. Other women complained but nothing was done. He is known to have problematic behaviours but nothing is done because he brings in a lot of money.”

(p. 72)

Racism: Some 8% of staff had experienced racism, with a concentration amongst employees who identified as ethnically Indian (16%), Chinese (15%) or Māori (21%).

“I’ve witnessed racist slurs. I have seen a Partner ask one of my Chinese-origin colleagues in front of a whole meeting whether he eats dogs. [My Chinese-origin colleague] said he then was left out and not invited to a social event hosted by that Partner after. The worst part is that he and others felt unsafe to say anything.”

(p. 62)

Widespread overwork affecting nearly half the workforce’s mental and physical health.

Low trust in reporting mechanisms, with many fearing career repercussions for speaking up. Only 36% of those who were bullied, 17% of employees who had experienced sexual harassment and 7% of staff who faced racism, lodged a report about what had happened to them.

No accountability, especially for senior leaders.

In the aftermath of the report’s publication, EY leaders apologized to employees and committed to implementing each of the 27 recommendations made by Broderick.

Later Allegations and Lawsuit

Allegations have now emerged, however, that while Elizabeth Broderick and her team were conducting staff interviews, and senior EY partners were publicly assuring employees of their commitment to meaningful change, the firm was covering up a serious case of sexual harassment.

Intern Ofir Larsen alleges that in January 2023, during a work event at the K1 Karaoke Lounge in Sydney’s Haymarket, her manager Harry Young grabbed her right breast, slapped and gripped her left thigh, and made other unwanted physical contact.

After she raised the complaint internally, colleagues allegedly told her to “move on,” while she was shunned by the team and sidelined from several projects.

Larsen further claims she was prevented from participating in Broderick’s culture review survey.

EY has admitted certain aspects of her account — including her exclusion from the survey — but strongly denies any retaliation or victimisation. Larsen is now pursuing legal action against the firm in the Federal Court, seeking damages and greater accountability.

A Parting Shot from Cameron Bird

The firm’s commitment to change was further cast into doubt in January 2026 when veteran EY Oceania partner Cameron Bird — with 19 years at the firm, including a decade as a partner in the infrastructure advisory team — resigned and delivered a scathing farewell email to staff.

Instead of the usual polite goodbyes, Bird excoriated the leadership as “autocratic” and criticised a “rigid, top-down” hierarchical culture dominated by executives obsessed with “career progression and personal gain” and with little genuine regard for staff wellbeing. He declared he could “no longer tolerate the direction the firm is taking,” accusing senior leaders of being “fixated on how things looked rather than how people were treated.”

Not exactly a vote of confidence.

The Challenges of Stamping Out Toxicity

EY Oceania has reported progress on Broderick’s recommendations, including a new “people and culture index,” training programs, and reconciliation initiatives.

Yet here we are, three years later, and we are presented with a former intern suing the firm on one of the more serious issues EY had pledged to fix, alongside a senior partner publicly calling out the performative nature of the leadership.

Reviews and recommendations are easy. Real cultural change is hard — especially in a professional services model built on leverage, billable hours, and protecting rainmakers. When high-revenue partners face no real consequences for toxic behaviour, the message to everyone else is clear: speak up at your own risk.

Aishwarya Venkatachalam’s death should have been a turning point. Instead, it risks becoming another uncomfortable chapter in EY’s ongoing struggle with its own culture. Until the firm demonstrates genuine accountability — not just reports and apologies — these problems will continue to surface, with a devastating human cost.

Federal Court Greenlights Trade Secrets Case Against Deloitte for CDC Vaccine Tech

On April 28, 2026, U.S. District Judge P. Kevin Castel of the Southern District of New York denied Deloitte’s motion to dismiss trade secret misappropriation claims brought against it by the Multi-State Partnership for Prevention (MSPP). The judge ruled that MSPP had adequately substantiated its claim about the existence of protectable trade secrets, reasonable protective efforts, and misappropriation.

The plaintiff will now be able to proceed with its case, based on allegations that Deloitte had misappropriated confidential information about its vaccination management platform, PrepMod.

Pandemic Urgency, Demos, and a No-Bid Contract

The dispute originated in the early chaotic months of the COVID-19 vaccine rollout in 2020. The CDC needed technology for appointment scheduling, distribution tracking, inventory management, and real-time reporting, so it invited companies which had relevant off-the-shelf solutions to present their platforms.

In April 2020, Tiffany Tate, executive director of MSPP, an organization experienced in immunization programs for underserved communities, presented PrepMod to the government agency. The software was designed specifically for large-scale vaccination scenarios, featuring advanced real-time tracking, bi-directional data flows with state registries, workflow efficiencies, and operational architectures tailored for national deployment. Deloitte employees were present for the demo — they were introduced to Tate as consultants assisting the CDC in the selection process.

Tate alleges the presentations included detailed, confidential slide decks marked “CONFIDENTIAL & PROPRIETARY,” live demonstrations of the software’s core functionalities, and technical discussions. She further alleges that confidentiality agreements were in place, which both the CDC and Deloitte had committed to.

One month later the CDC decided not to proceed with an off-the-shelf solution. Instead it awarded a sole-source (no-bid) contract to Deloitte to custom-build the Vaccine Administration Management System (VAMS), citing urgency and Deloitte’s existing GovConnect/Salesforce platform. The initial contract value was approximately $16 million, which then increased to $44–48 million with extensions — but according to court filings project costs ultimately exceeded $80 million.

MSPP sent a cease-and-desist letter in August 2020, alleging that VAMS specifications closely mirrored core PrepMod features that Tate had shown them during the demos.

Deloitte has denied the allegations, maintaining that VAMS was developed independently based on CDC requirements.

An Unsuccessful Deployment

Despite its high cost, VAMS proved largely unsuccessful in practice. It was offered for free to states and jurisdictions, but was only adopted by about nine states at the peak of the rollout.

Clinic staff in adopting states reported having to fall back on paper records after encountering persistent technical problems — website crashes, random appointment cancellations, unreliable registration processes, and difficulties integrating with existing state immunization registries.

Virginia switched from Deloitte’s VAMS to PrepMod in late January 2021 due to these glitches and other usability issues. Connecticut also sought alternatives. By early 2021, VAMS had facilitated only around 4% of total U.S. vaccinations, despite the substantial taxpayer investment.

PrepMod, on the other hand, was deployed in approximately 27 states, making it one of the more widely adopted third-party vaccine management systems during the pandemic. While it too faced scaling issues, sometimes crashing when under extreme load, it was generally praised for being customizable and user-friendly.

What Comes Next

The case now enters the discovery phase. MSPP has the opportunity to request internal Deloitte and CDC documents, emails, code repositories, design specifications, and communications from the critical April–May 2020 period. This could include depositions of key personnel involved in the presentations and contract award.

Deloitte has consistently denied the allegations and is expected to mount a vigorous defense as the case progresses.

Trade secrets litigation is notoriously sensitive, and often very expensive, so there is a good chance that MSPP and Deloitte will pursue some form of settlement. That said, if the case proceeds, it will involve expert testimony on software similarities and reach a jury trial potentially in late 2026 or 2027.

Lunchgate: Whistleblower Claims about KPMG’s Dexus Laptop Leak

“On 6 November 2023, a meeting was held at KPMG’s Barangaroo office. During that meeting, and despite acknowledged independence sensitivities, an arrangement was proposed where [an internal audit partner] would leave his laptop open with Dexus internal audit documents visible while he went for lunch, allowing external audit personnel to view them.”

Senator Deborah O’Neill read these claims into the Senate record on 24 March 2026 under parliamentary privilege, on behalf of a former senior KPMG executive.

“On 30 May 2024, I provided information to an eligible recipient within KPMG Australia for the purpose of invoking the statutory whistleblower provisions under the Corporations Act. The information disclosed concerned matters that I had reasonable grounds to suspect constituted misconduct or an improper state of affairs or circumstances in relation to a regulated entity. The concerns I intended to raise related to audit independence, misuse of confidential information, tender integrity failures, misleading of Parliament, examination misconduct and governance failures at the senior leadership level.”

The whistleblower had gone through all the channels available before going to the senator. They started by reporting the unethical behaviour to relevant executives. When that did not work, they escalated to KPMG’s independent directors, then the internal chair, and even the global council.

It was only when it became clear that KPMG leadership had no intention of taking action that the whistleblower took the matter outside the firm. First to the corporate regulator, the Australian Securities and Investments Commission (ASIC), and finally Senator O’Neill.

Out For Lunch

In 2023, KPMG was acting as Dexus’s internal auditor while simultaneously preparing a bid for the company’s external audit engagement, which was valued at approximately AU$2.5 million. This dual role created a clear independence conflict under professional standards, prompting Dexus executives to insist on strict separation between the internal audit team and the external bid team.

According to the whistleblower, KPMG partners reassured the client that there would be strict Chinese walls put in place between the two teams – but they then proceeded to enact a “wink, wink” charade.

The main allegation is that during a strategy meeting in a “war room” at KPMG’s Barangaroo office, an internal audit partner announced that he was off for lunch, making a show of leaving his laptop open with restricted Dexus internal audit documents visible on screen. The team preparing the bid took a peek at the sensitive material, gaining insights that enabled them to improve their pitch.

KPMG ultimately won the external audit engagement from incumbent PwC. According to the whistleblower, the information allegedly accessed during the November 2023 meeting contributed to the successful bid.

KPMG’s Defence: “Inappropriate Remark” but No Wrongdoing Found

KPMG has strongly rejected the characterisation of the incident as a deliberate breach. In statements following the Senate disclosure, the firm described the partner’s comment about going for lunch as an “inappropriate remark” that should not have been made.

However, KPMG has not provided any comment as to whether the laptop was in fact left unlocked and unattended with restricted Dexus internal audit documents visible on screen, nor has it clarified whether any members of the external audit bid team viewed the material.

The firm has also remained silent on the appropriateness of convening a joint “war room” strategy meeting between its internal audit team and external audit bid team while the independence conflict was active — an arrangement that appears to directly contradict the strict Chinese walls and separation commitments it had reportedly made to Dexus.

KPMG maintains that it commissioned two separate external law firms to investigate the whistleblower’s claims — one to review the firm’s own internal probe and another to conduct an independent assessment.

According to KPMG Chair Martin Sheppard and CEO Andrew Yates, these reviews were “unable to substantiate any claims of wrongdoing” on the basis of the information provided. The firm also noted that it repeatedly invited the whistleblower to supply additional evidence, reportedly on more than 20 occasions — although it has now emerged that when they did so they insisted on the employee signing a non-disclosure agreement and refused to guarantee any legal protection.

While some related conduct matters were identified and resulted in internal sanctions, KPMG maintains there was no compromise of Dexus’s confidential information or breach of auditor independence that affected the outcome of the external audit tender.

However, as discussed in last week’s issue of Big Four News, the firm has already had to claw back previous claims of innocence in relation to other claims made by this very same whistleblower.

The firm admitted that contrary to its previous denials, it was in fact true that Eileen Hoggett (KPMG Australia’s Chief Operating Officer) and Paul Rogers (Senior Partner) had taken confidential Lendlease documents and shown them to members of the Westpac pitch team.

Pattern of Misconduct: Telstra, Macquarie and Other Claims

It is important to note that the Dexus and Lendlease cases are not the only claims made by this whistleblower. These included the improper disclosure and use of restricted Telstra documents — such as materials related to AI governance and internal practices — accessed via a Telstra-issued laptop during a live external audit tender.

The claims also highlighted broader issues, including systemic tender integrity failures, the inappropriate use of networks of former KPMG partners at client organisations to gain competitive advantages (including at Macquarie Group), potential misleading of Parliament, examination misconduct, governance failures at senior levels, and inadequate handling of whistleblower protections.

Ongoing Parliamentary Inquiry: What Happens Next

The Parliamentary Joint Committee on Corporations and Financial Services is conducting private hearings with the whistleblower to assess the evidence, and has the power to call KPMG partners for public testimony. KPMG has stated it is fully cooperating with the committee, ASIC, Chartered Accountants Australia and New Zealand (CA ANZ), and the Tax Practitioners Board.

After making protected disclosures in May 2024, the whistleblower was progressively sidelined and ultimately left KPMG. Senator Deborah O’Neill has characterised the sequence as retaliatory action — a pattern she says is all too common for whistleblowers in large professional services firms. As of May 2026, the whistleblower continues to cooperate with the ongoing Parliamentary Joint Committee inquiry.