You are on page 1of 16

Bring your own device Unlock value for your organization


To BYOD or not to BYOD? The BYOD management challenge Find nirvana BYOD, your way Embrace to succeed, reject to fail

1 2 4 11 12

Bring your own device

To BYOD or not to BYOD?

Theres an accelerating trend in the workplace raising new challenges for todays CIO: the bring your own device (BYOD) revolution. Already, two-thirds of the Canadian workforce use personal devices for worka number expected to reach three-quarters by 20151. According to IDC, 40% of devices used to access business applications are consumer-owned, up from 30% just a year ago2. As employees increasingly use unmanaged and unsecured devices to transfer data into and out of the corporate infrastructure, organizations face a variety of challenges, from compliance issues to data leaksand those challenges will only intensify as the number of mobile devices and operating systems proliferate. 71% of businesses believe mobile device use has already caused an increase in security incidents, with many citing concerns about the diminishing privacy of corporate email, customer data, network login credentials and other sensitive information3. And these statistics tell only part of the story, as IT groups typically underestimate the proportion of employees using their personal devices for work purposes by as much as 50%4. As the BYOD trend gains momentum, it is clear that IT organizations caught unprepared will face mounting network management and security issues. On the ip side, BYOD presents many opportunities for those prepared to face the challenge. According to 62% of CEOs, BYOD enhances creativity and boosts employee productivity5 and 54% of the workforce agrees6. While productivity can be difcult to measure, BYOD gives employees anytime, anywhere access to corporate data, enabling them to work while on the go. BYOD also improves hiring and retention and boosts employee morale. According to 63% of CEOs, permitting employee-owned devices at work positively inuences employees view of the company7. The benets dont stop there. By investing in the tools, solutions and practices required to support BYOD, organizations can mature their technology and infrastructure capabilities to deliver IT services more efciently and effectively. This positions them to: Improve end-user services, such as self-support models,

When Eaton Corp., a 100-year-old hydraulics maker, introduced BYOD to the sales force, their sales cycle fell from days and weeks to hours and minutes8.
on-time and on-demand technical support, etc. Adopt device-agnostic security policies and practices, including easier-to-manage centralized security capabilities Build agile IT processes that are more responsive to changing business needs (e.g. ability to add new users more efciently following a merger or acquisition) Develop an end-user productivity platform that enables true mobility and anytime, anywhere access Spurred on by the consumerization of IT, BYOD is here to stay, particularly as employees continue to favour the exibility and usability of their own devices. As a result, companies can no longer afford to ask whether or not they should BYOD. Instead, they must determine how to enable BYOD in a way that mitigates its risks and creates value for the entire enterprise.

Consumerization of IT refers to the rising inuence consumer-focused technology experiences have on technology expectations at work9.

BYOD is a widely-used phrase that refers to employees using their own computing devices such as smartphones, tablets and laptops for work purposes.

Bring your own device

The BYOD management challenge

Although BYOD is the new face of mobile consumerization, numerous challenges follow in its wake, ranging from human resource (HR) and legal issues to compliance and security risks. Given the lack of BYOD standardization, organizations can expect to face challenges in four main areas: Governance With BYOD raising signicant data, privacy and security concerns, organizations must put the right policies and processes into place to protect themselves and their employees from potential legal and liability risks. When creating BYOD governance processes, an organization needs to: Develop well-dened policies for BYOD, something that todays early adopters are moving forward without Create consumerization policies that maintain a balance between user exibility and security Consistently control and enforce policies, which is complicated by the current lack of standardized tools (e.g. mobile device management) and an environment of low vendor maturity Take legal issues into account in their implementation, as they strongly inuence policy making for BYOD Consider the impact of BYOD on existing policies, such as control rights for lost or stolen devices, appropriate usage, and support Service Level Agreements, to avoid potential contradictions and confusion Balance employee needs for exibility and accessibility with the enterprises needs for security Address the impact of BYOD on the organizations culture, including HR and overtime policies, managements requirements for working onsite and employee expectations regarding uniform access and privileges. For instance, will all your employees be able to select the platform of their choice? Or will this differ by class of employee? Put incentives in place to encourage employees to adopt BYOD Mobilize and sustain the BYOD program through appropriate training and communication

Misconceptions around cost savings can lead organizations to fools gold.

Financial Although some organizations approach BYOD as a cost saving opportunity, the numbers dont add up. Hardware device costs, which are often seen as the major savings opportunity, only account for 20% of the total cost of device ownership10 and these savings are more than offset by the costs associated with: Improving the organizations information security posture Training staff to support multi-device platforms

Organizations struggle to balance flexibility and security.

Organizational In addition to representing an economic and technological shift, BYOD is also driving a change in corporate culture and employees are leading the charge. To address these workforce realities, organizations must do more than listen to what employees want. They must also determine the repercussions that may arise if employees do not embrace their new BYOD strategy. As a result of these organizational implications, companies will need to:

Changing expense policies as costs traditionally allocated to the capital budget now need to be accounted for differently on nancial statements. Stipends, for example, cannot be capitalized Increasing data costs (e.g. broadband / 3G / wireless costs) associated with the growth of unmonitored data usage Engaging in lengthy projects to effect policy and procedural changes Changing platforms to virtualize applications, open corporate networks and implement new management tools

Bring your own device

Common BYOD costs and savings Costs Hardware Software Infrastructure and application upgrade Stipends for devices, warranty costs, etc. Operating system, antivirus licensing costs Security tools, mobile device management, upgrade to cloudbased / browser-based / platformindependent apps Changes to processes to support multiple devices and platforms, support staff training Broadband / 3G / wireless costs, changes to enterprise expense management processes, potential tax liabilities, loss of volume discounts on devices, software licenses and wireless / data usage Savings Hardware device purchase Pre-dened allowances / stipends for wireless / data usage Reduction in device support costs through leveraging more selfsupport compared to traditional agent-assisted service desk support Decreasing hardware refresh program costs as more and more employees adopt BYOD

IT support


Technology Todays $500 handheld device packs more computing power than a $10,000 server did a decade ago. Whats more, the ubiquitous availability of free or cheap applications creates unprecedented threats to information security. Organizations taking a casual approach to these trends are bound to suffer, as even the most novice employee can wreak havoc for IT. As a result, BYOD is compelling corporate IT units to manage this complexity and risk while still enabling the business to exploit its benets. This puts corporate IT teams under pressure to: Manage multiple end-user device platforms and integrate with the IT infrastructure

which complement business goals and enhance the capability to support BYOD Determine how to enable access to corporate resources, such as corporate/enterprise applications and data, through virtualization, mobile apps, etc. Dene enterprise mobility programs that cover not just the technology issues but also the business issues to help secure continued investment for BYOD programs
Manage the personal device
Security Data Device management

Provision, activate and support a multi-device environment Secure data networks by investing in the right tools, including the re-engineering of existing network architecture if required Strategically invest in applications and infrastructure, such as virtualization networks and cloud applications,
Applications Personal device Support

Network (public /private) Versioning (OS & apps)


Bring your own device

Find nirvana

Approach to BYOD management

Elements to effective management
Dene BYOD objectives Why are you doing BYOD? E.g. to reduce costs, mobilize workforce, reduce risks BYOD programs should be rooted in specic business objectives, aligned with overall enterprise strategy Evaluate risks What key business and technology risks must be accounted for? Critical enterprise risks should be considered when dening your BYOD program Dene policy Dene BYOD program elements that address risks and exploit benets Ensure collaboration between technology, business, nance, HR and legal Operationalize and implement Evaluate and implement supporting solutions around security, data loss, device management, etc. as per your dened policies
Dene policy Dene objectives

Key BYOD considerations

Dene BYOD objectives Align BYOD objectives with your overall strategy Decide on a position: cost reduction vs. increased productivity vs. risk mitigation Evaluate risks Identify internal and external risks that will impact the success of your BYOD program What is the degree of current personal device penetration within your organization? What regulatory risks exist? What are the implications to your organization? Dene policy Effective BYOD programs require enterprisewide collaboration (ie. nance, HR and legal) Key policy considerations include: eligibility,support, reimbursement, policy violations, etc Operationalize and implement Identify and evaluate vendor solutions based on alignment with your objectives and policies Streamlined device certication is key to provide timely access

Evaluate risks

Operationalize and implement

As organizations ride the BYOD tsunami and launch initiatives to tame it, structured approaches are few and far between. As a result, most responses to this unsettling trend have been reactionary. This needs to stop. If organizations hope to reach both their short- and long-term objectives, it is time to adopt a multi-tiered approach that addresses key BYOD challenges. Step 1: Dene BYOD objectives Before embarking on a BYOD journey, organizations must begin by answering one fundamental question: why are they implementing BYOD? Frequently, organizations try to accomplish too much with their BYOD initiatives and nd themselves pursuing three often-conicting goals: cost reduction, risk mitigation and productivity enablement. While all three objectives are valid, successfully implementing a BYOD program requires a tradeoff. For instance, it is not possible to simultaneously install detailed security precautions and provide users with extensive

exibility and options. Doing this will only heighten risk due to looser security controls. Similarly, a strict security stance will likely interfere with an organizations ability to realize productivity gains. Organizations that attempt to meet all three goals will invariably set themselves up for downstream challenges, as the lack of clear and consistent objectives impede their efforts to appropriately dene and implement new policies. To determine BYOD objectives, organizations need to begin by soliciting input about business strategies, goals and planning. For instance, a business strategy focused on increasing the size of your mobile workforce would be a key BYOD driver and one that may inuence an organization to place a higher priority on productivity enablement when determining tradeoff decisions.

Bring your own device

Make tradeoff decisions

Cost reduction

Dening your BYOD objectives requires you to make tradeoff decisions between inherently conicting goals cost reduction, productivity enablement and risk mitigation BYOD programs that are founded on all three goals are not setup for success, as down stream activities regarding policy denition, governance and process enhancements will be impeded by the lack of a clearly dened decision criteria

Productivity enablement

Risk mitigation

Current state considerations Consideration People Employee interest in BYOD Description What percentage of employees are interested in adopting BYOD? What percentage of employees are using personal devices for work purposes today? What are your employees expectations around BYOD? (e.g., selection of specic devices/platforms, level of reimbursement, etc.) Who is currently entitled to corporate-owned devices today? Why? Are there opportunities to scale back corporate-owned devices? What are the costs (hardware, software, service, etc.)? What processes are in place for managing devices? (e.g., backup/ recovery, app management, software management) How are lost/stolen devices managed today? (e.g., remote lock, remote wipe, etc.) What are the current security policies and practices in place today? (e.g., any local data must be centrally managed, encrypted and backed up) To what extent will existing security practices constrain BYOD opportunities? What tools/solutions are used today for device management? What are the costs? (hardware, software, service, support)?

Employee expectations Current entitlements


Device management




Bring your own device

These decisions will similarly be inuenced by the current state of people, processes and technology. An organization needs to dene its business and technology objectives, work to uncover information about the level of Common BYOD implementation risks Risk type Internal Risk Employees can be dissatised by the limited selection of supported devices. Organizations may be exposed to liability concerns arising from device usage or implications posed by reimbursements you provide to employees. Supporting too many devices and inefcient support processes can result in incremental costs.

interest in BYOD among its employees, the current level of entitlements for corporate-provisioned devices and evaluate existing security policies and practices.

Description Employees favor exibility and minimal restrictions on device use. Where and when devices are used could shift liability ownership to your organization. For example, employees working onsite, who lose their phone or have them damaged, may be entitled to full device replacement paid for by the employer. Devices are consumer-focused, have limited out of the box security, and come in a variety of different platforms and makes, which inhibits ITs ability to manage and control devices.

Undisciplined use of devices by The consumerization of devices and resulting advancement of employees can expose your organization applications, app stores, data portability (e.g., on the cloud), to additional security threats. etc. promote user behavior that can be incongruent with whats ultimately best for your organization. External Competitors may possess productivity advantages if your BYOD program is not appropriately dened and executed. Your organization may be exposed to regulatory risks that result from data breaches, information loss, etc. Mishandling of personal information can quickly become public knowledge and severely tarnish your brand and reputation. A BYOD program that contains high degree of control on device usage, platforms, and applications can impede potential productivity gains and ultimately result in competitive risks to your business. Poor management of end point data and sensitive information can lead to regulatory exposures that could be debilitating to your business. Privacy issues are top of mind in todays business world, as organizations are increasingly accumulating and exploiting personal information. Compromising an employees personal information can lead to severe consequences for your organization.

BYOD policies may infringe on employee Employees that are participating in BYOD, and are contacted rights, such as requirements for outside of normal working hour for work purposes, may be overtime pay. entitled to overtime pay. Increasing level of device diversity and complexity may stress your abilities to manage these devices. Proliferation of multiple devices and platforms (as the result of consumerization) minimizes the feasibility of a simple and single solution to device management. Your organization, facing signicant hurdles in effectively managing devices, may incur unforeseen costs and be exposed to security concerns.

Bring your own device

Step 2: Evaluate risks BYOD programs bring a new focus to many risks that an organization already faces, such as those associated with the potential loss of sensitive data residing on unmanaged devices. However, BYOD also comes with new risks, including the potential for employee dissatisfaction, liability concerns, competitive pressures and privacy issues. By evaluating your organizations risks in advance, you can both identify areas of concern and dene appropriate mitigation strategies. Make it count Effective risk evaluation requires participation from both business and technology stakeholders. Risks should be assessed for probability and impact, with corresponding response strategies developed in line with business and technology interests. The dened BYOD objectives combined with current state analysis are key inputs when an organization is engaging in risk evaluation discussions.

Control risks, reap rewards By dening response strategies early in the BYOD journey, risk evaluation leads to a no surprises experience. When combined with dened objectives, risk evaluation also helps set parameters for future BYOD discussions. For example, effective governance requires robust policy making, aligned with enterprise-wide interests. Risk evaluation ensures those interests are dened in advance with appropriate business and technology input, which can strengthen both policy making and enforcement activities.

By evaluating your organizations risks in advance, you can both identify areas of concern and define appropriate mitigation strategies.

Bring your own device

Step 3: Dene policy Once objectives are clearly understood and risks are measured, an organization can begin to dene the policies that will govern a BYOD program. Common policy elements include device management, such as remote management, lock/wipe and restore; reimbursement, such as responsibility for hardware costs and stipend levels; and policy violations. Collaboration is key Given the number of levels it touches, effective policy formulation requires collaboration organization wide, including; business, technology, HR, nance and legal functions. This is especially important as an organization

begins to assess the implications of its policy decisions on its risk prole. This may lead to potentially revisiting previously-dened risk response strategies. Coordination between various technology groups is also critical, as a lack of collaboration between security, operations and application management teams can result in confusing and inconsistent policies and practicesleading to user frustration and unacceptable user behaviour. A comprehensive policy discussion requires a collection of unique perspectives that can only come from across an organization.

Typical BYOD policy decisions Element Activation Device management Key considerations What is the process for enabling a new employee with a device? How will devices be remotely managed? What level of centralized control will exist? What level of management will be done at the end-point (e.g., containerization)? How will devices be locked, wiped and restored? What happens when a device is lost, stolen or damaged? What process should the employee follow for reporting the event, and obtaining support? Will the device be remotely wiped? What kind of support, and how much support, can a user expect from your organization? What kinds of devices, platforms, applications, services and accessories are allowed under the BYOD program? Who pays for the initial device? What level of stipend is available? Is it consistent across all eligible users? Is it available recurrently (e.g., stipend refreshes every 2 years)? What will be reimbursed (hardware, service, etc.)? How will employee privacy be protected? Will your support group have access to personal information? How will policy violators be dealt with? Will BYOD policies contradict or conict with other policies (e.g., HR policies for employee responsibilities, overtime, etc.)? Who is eligible for the BYOD program? What roles, levels, etc. are eligible and in what way (e.g., tiered eligibility)?

Lost/stolen device Support Acceptable use Reimbursement

Privacy Policy violations Eligibility

Bring your own device

Reinforce over time As most corporate managers know, enacting a new policy is rarely sufcient to gain buy-in. Policies also need to be enforced by adopting formal governance mechanisms across the enterprise. To facilitate this level of governance,

it is important to continuously report on the level of employee participation in any BYOD program, by tracking data such as device usage, application usage, incidents, etc.

Sample policy responsibilities11 BYOD program discussion Activation Discussion areas Risk Device segmentation Authentication requirements Business HR Legal IT IT ops App dev Security

Device management Contractors and partners Limited system access (e.g. web portals) Code of conduct agreements All devices Min/max device levels (hardware, rmware and operating system) PIN length, retry and timeout App encryption and cleanup Lost/stolen device High-risk usage scenarios Email/data loss prevention Limit system access (via VPN) Wipe/rebuild after exposure to high risk geographies Support/help desk Limited supported devices/models Lock, wipe and restoration Exceptions (e.g. for executives) Administrative Expense rules and controls for company-paid access plans Personal devices Filter sensitive data Employee acceptance of lock/wipe decisions Use of encrypted containers Compliance Policy monitoring Consequences of intentional violation Liability Employee signs code of conduct External media access and encryption

Support Acceptable use



Policy violations


Bring your own device

Step 4: Operationalize and implement Once an organization begins to implement its new policies by developing core processes and capabilities, the BYOD program starts to come to life. Beyond leveraging existing IT processes, like service activation and provisioning, this step also generally involves the introduction of new technology capabilities, such as device backup and recovery, remote lock and wipe, and app support and management. Whether there are existing processes in place or new ones are required, an IT organization will be front and centre in translating BYOD decisions into dened programs. To succeed at this task, the IT organization must keep several things in mind.

Control the data, not the device In managing employee devices, most companies pay particular attention to information stored locally on the device12 . To control this data, companies use device- and le-level encryption as well as containerizationa process that isolates personal data on a device and prevents it from contaminating corporate applications and data. Using technologies such as VPN and virtual desktop environments on mobile platforms, containerization products can be cost effective to implement and operate. They also allow organizations to focus only on supporting the containers, rather than the entire personal device. This can signicantly reduce support costs, while limiting an organizations level of liability. Consider mobile device management Of course, mobile device management (MDM) solutions extend beyond containerization by enabling organizations to control all personal devices across the enterprise. These solutions allow administrators to remotely locate and wipe devices, install anti-virus and anti-malware software and enforce corporate policies relating to passwords and other security measures. Essentially, MDM lets organizations control these employee-owned devices in the same way they control legacy systems, such as PCs and laptops.

Base technology decisions on your objectives, risk response strategies and policies.
One size does not t all While mobile technologies are still reaching maturity, there are a variety of solutions available to address the growing needs of todays businesses. This includes highlycustomized solutions that address specic business needs, as well as enterprise-wide product suites that provide end-to-end mobile device management. To navigate the array of choices and select the appropriate solutions, IT organizations should turn to their BYOD objectives, risk mitigation strategies and policy denitions for guidance. Open up the network Network access controls (NAC) have become a popular and effective way to manage the risk of employee-owned devices. NAC allows organizations to control which devices can access each level of the organizations internal network. For example, with NAC, enterprises can enable employees to connect their devices to the network with only basic user authentication protocols, while requiring more extensive authentication procedures for users who try to perform congurations or health checks, for instance. Other NAC features include encrypted email sessions, mobile VPN and encrypted trafc for specic apps.

Containerization allows organizations to limit their responsibilitiesand exposurefor controlling personal devices.


Bring your own device

BYOD, your way

By leveraging a process that fosters collaboration, proactive decision making and effective risk evaluation, you can begin to build a BYOD program in a structured and measured way. Approached effectively, an organization will: Align with business strategies By engaging business stakeholders and reviewing business goals and strategies, an organization can build a BYOD program that aligns with its overall strategic direction. This allows an organization to dene a BYOD program that promotes corporate objectiveswhether this includes developing a more mobile workforce or extending an existing enterprise mobility strategy. Balance enterprise needs By engaging business and technology stakeholders to help dene BYOD objectives, and ensuring participation from key functional groups (e.g., HR, legal, nance) during policy development, an enterprise is better positioned to openly discuss and address its needs. This enables the creation of a BYOD program that addresses compliance requirements, is consistent with HR policies and reects nancial considerations.

Realize goal-driven results By rooting the development of a BYOD program in well-dened goals, an organization can build a solid foundation to pursue BYOD. This allows it to leverage relevant data and insights, such as industry peer comparisons, leading practices and trends, to evaluate the opportunities and threats posed by BYOD and make appropriate decisions for the BYOD strategy. Proactively manage relevant risks Through an emphasis on risk evaluation and involvement of key stakeholders from across the enterprise, risk decisions are made at the right time, and by the right people, as part of the journey towards building a BYOD program. The result is a no surprises experience and a BYOD program that reects pre-dened risk mitigation decisions determined by key members of an organization.

Bring your own device


Embrace to succeed, reject to fail

Current BYOD management practices are fraught with a variety of different challenges and pitfalls. Organizations are revisiting IT policy decisions made several years ago, in the midst of an ever-changing landscape of devices and platforms. Traditional mindsets (e.g. this is a technology problem) and a tendency to fall back to age-old processes have led organizations to policies that poorly serve the enterprise and expose the organization to increased security threats and risks. Misconceptions regarding potential cost savings and employee adoption hinder executive leadership from steering the organization down the right path. The lack of standardized and commonlyaccepted BYOD solutions only magnies these challenges, often requiring organizations to react to pressures imposed by BYOD with little structure and forward thinking. Building an effective BYOD strategy and management capability has become a critical exercise. Before any organization can succeed at this, it is important to clarify misconceptions and understand key business drivers. Although BYOD has yet to deliver signicant cost savings, it does contribute to improved productivity and employee morale. More signicantly, its true value may lie in the future, as organizations adopt new BYOD policies, technologies and processes that help them mature their infrastructures and extend their capabilities. There are several steps involved in building an effective BYOD program. Technology must work hand-in-hand with its business counterparts; relevant functional groups must be engaged throughout the process; and efforts must be rooted in the answer to a basic yet fundamental question: why are you doing BYOD? The result is a BYOD program that is aligned with core business strategies, balances the needs of your enterprise, and is rooted in its core objectives and reects risk mitigation decisions proactively made with appropriate representation from relevant stakeholders. BYOD is inevitable. Your employees are driving the trend. Your peers are managing its opportunities and threats. The choice to address BYOD is not a matter of if, but when. An approach that starts with dening your BYOD objectives and assessing your risks can help you navigate the multitude of BYOD management pitfalls. To get started, engage your business and technology stakeholders to understand your rationale for BYOD. Unlocking these objectives will set you on the right path.


Bring your own device

Arish Kathawala 416-601-6506 Ashwin Kumar 416-643-8292 David Noseworthy 416-874-3288 Erick Vandeweghe 416-775-7405 Fawad Baig 416-867-8146 Ian Y. Cheng 416-775-4756 Jaspal Dhillon 416-775-7187 Urooj Khan 416-775-8606


Rockel, Nick. (February 2012). Bring your own device to work is more than a trend. Globe and Mail. Bradford Networks. (2011). Bring Your Own Device (BYOD) Unleashed in the Age of IT Consumerization. Retrieved from http://resources. Lessard, Tyler. (April 2012). BYOD: Powerful Enabler or Impending Catastrophe? Retrieved from features/guestopinions/blog/byod-powerful-enabler-or-impending-catastrophe/?cs=50155 Bradford Networks. (2011). Bring Your Own Device (BYOD) Unleashed in the Age of IT Consumerization. Retrieved from http://resources. Trend Micro. (February 2012). Trend Micro Releases New Consumerization and BYOD Research: IT Executives and CEO Survey Final Report. Barcelona: Mobile World Congress 2012. Marsh, Chris. (September 2010). Latest Enterprise Mobility Survey: Sometimes Less Control Means More Productivity. Yankee Group Research Inc. Trend Micro. (February 2012). Trend Micro Releases New Consumerization and BYOD Research: IT Executives and CEO Survey Final Report. Barcelona: Mobile World Congress 2012. Kaneshige, Tom. (April 23 2012). Are BYOD Workers More Productive?. CIO Magazine. Foley, Mary Jo. (January 2010). The consumerization of ITand of Microsoft. Retrieved from the-consumerization-of-it-and-of-microsoft/5019 Wallin, Leif-Olof. (October 2011). Gartners View on Bring Your Own in Client Computing. Gartner Girard, John. (October 2011). Seven Steps to Planning and Developing a Superior Mobile Device Policy. Gartner Maiwald, E. (2012), Gartner: Mobility and Security. Gartner




Bring your own device

Deloitte, one of Canadas leading professional services rms, provides audit, tax, consulting, and nancial advisory services through more than 8,000 people in 56 ofces. Deloitte operates in Qubec as Samson Blair/ Deloitte & Touche s.e.n.c.r.l. Deloitte& Touche LLP, an Ontario Limited Liability Partnership, is the Canadian member rm of Deloitte Touche Tohmatsu Limited. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member rms, each of which is a legally separate and independent entity. Please see for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member rms. Deloitte & Touche LLP and afliated entities. 12-2814