EY Recruitment Written Test - Kumari Nimisha

Download as pdf or txt
Download as pdf or txt
You are on page 1of 12

EY Recruitment Written Test

Read the following questions and provide your answers by giving adequate reasons.

Case 1: Alpha Pvt Ltd. is an IT Company that operates in Noida, Uttar Pradesh. You have been
appointed as a member of the HR – Legal Compliance Team. Provide basic labor and
employment compliances for Alpha Ltd. in your own language without any reference to
law/regulation.

(Hint: See the below example:

1. Employer is obligated to provide employees with different types of leave like sick leave,
maternity leave, paternity leave, annual leave etc.

2. Employer must ensure that it adopts sexual harassment policy and provide relevant
training to employees on it to prevent sexual harassment at workplace. )

Solution

1. The Employer must ensure that all employees have written contracts outlining their roles,
responsibilities, and terms of employment.
2. The Employer must pay employees at least the minimum wage set by the appropriate
authorities.
3. The Employer must monitor and ensure that employees work within the stipulated hours
to prevent any violations of labor laws.
4. The Employer must provide a safe and healthy work environment for all employees,
adhering to safety regulations.
5. The Employer must implement clear policies regarding annual leave, sick leave, and
other types of leave as required by law.
6. The Employer must uphold policies that promote a fair and non-discriminatory work
environment for all employees.
7. The Employer must safeguard employee data and ensure confidentiality in handling
sensitive information.
8. The Employer must provide necessary training to employees to ensure they are aware of
company policies and procedures.
9. The Employer must establish mechanisms for employees to raise grievances and ensure
timely resolution of complaints.
10. The Employer follow proper procedures and laws when terminating employees to avoid
any legal complications.
Case 2: Below is the extract of Schedule 1 of the Personal Information Protection and
Electronic Documents Act in Canada. Read the below section and draft 3 compliances that
companies need to follow to ensure compliance with the same.

“Schedule 1: Section 5

Principles Set Out in the National Standard of Canada Entitled Model Code for the Protection of
Personal Information, CAN/CSA-Q830-96

4.1 Principle 1 — Accountability

An organization is responsible for personal information under its control and shall designate an
individual or individuals who are accountable for the organization’s compliance with the
following principles.

4.1.1 Accountability for the organization’s compliance with the principles rests with the
designated individual(s), even though other individuals within the organization may be
responsible for the day-to-day collection and processing of personal information. In addition,
other individuals within the organization may be delegated to act on behalf of the designated
individual(s).

4.1.2 The identity of the individual(s) designated by the organization to oversee the
organization’s compliance with the principles shall be made known upon request.

4.1.3 An organization is responsible for personal information in its possession or custody,


including information that has been transferred to a third party for processing. The organization
shall use contractual or other means to provide a comparable level of protection while the
information is being processed by a third party.

4.1.4 Organizations shall implement policies and practices to give effect to the principles,
including
(a) implementing procedures to protect personal information;

(b) establishing procedures to receive and respond to complaints and inquiries;

(c) training staff and communicating to staff information about the organization’s policies
and practices; and

(d) developing information to explain the organization’s policies and procedures.”

Solution:

Under Schedule 1, Section 5 of PIPEDA, all organizations in Canada must adhere to several
principles concerning personal information. Three specific and detailed compliance requirements
that companies should adhere to include:

1. Accountability for Personal Information

Appoint a Privacy Officer: An organization should appoint an individual or team responsible for
seeing that an organization complies with PIPEDA. The role of this privacy officer will be to
ensure that the policies concerning data protection that the organization institutes meet legal
threshold standards. The liability of the privacy officer remains, even when employees at other
levels are delegated daily tasks.

Identity of the Privacy Officer: An organization may have an obligation to make known the
name or title of the individual or individuals responsible for ensuring compliance. This could be
to gain transparency to clients, customers, or employees upon request.

Third-Party Compliance: If any organization shares personal information with a third-party


service provider, such as cloud storage or data processing, the organization should ensure that the
third party provides equal protection. This may be through contracts, audits, and other binding
agreements, which will ensure the imposition of similar standards in protecting privacy.
2. Consent and Collection Limitation

Consent: The organization should get proper consent that is informed, in writing, about the
collection, use, and disclosure of personal information. The consent must be explicit, informed,
and understandable so that the individuals know precisely how their information will be used. In
the case of sensitive information, like medical or financial, consent may be required to be even
stricter.

Provide Opt-in/Opt-out Options: An organization should always provide the facility to the user
for revoking consent at any time making the users the owner of their information. Any
organization should avoid situations where withdrawal might have adverse consequences for the
individual.

Principle of Collection Limitation: Personal information must be collected in a limited manner


to meet the stated purpose for which collection is made. Therefore, data collection, storage, or
use not required for a particular purpose should not be collected. That way, the data's scope
would be proportional to the intended use.

3. Implementation of Strong Safeguards

Physical, Organizational, and Technological Measures: Organizations should implement


appropriate security safeguards considering the sensitivity of the information within their care.
This may include physical controls, such as lockable filing cabinets or restricted access to offices
- organizational measures, including confidentiality agreements and employee training - and
technological measures, such as encryption, multi-factor authentication, and firewalls.

Monitoring and Updates: Safeguards are put in place, but they need constant monitoring and
updating to deal with evolving threats. This calls for periodic security testing and auditing of data
protection measures, ensuring that swift responses are issued in case any breach is considered
probable.

Breach Notification: When a breach occurs involving involving personal information in a way
that creates a real risk of significant harm, such breaches should be brought to the attention of the
affected individuals and the relevant authorities. Explicit procedures must be implemented to
identify violations, assess their impact, and take speedy action to control and limit the potential
harm.

These detailed compliance requirements assure organizations that personal information will be
protected responsibly, that relations with individuals will be transparent, and that all of those
measures will be implemented to guarantee that sensitive data is safely kept from unauthorized
access or misapplication.

Case 3 – CTS Pvt. Ltd. is an IT/ITES company having operations in Maharashtra, Tamil Nadu
and Bihar. You have been asked by the company to identify the laws that will apply to its India
operations. Specify the process you will follow in undertaking this activity and list down the
applicable laws that you identify in the process for CTS. Among other things, you need to
mention the sources you will refer, the key aspects you will check in the legislations to justify its
applicability, how you will verify that you are looking at an updated version of the law.

Hint: You can refer to Labour Department of Bihar for the labour laws of that State.

CTS Pvt. Ltd. Compliance Report.

Compliances- The paramount objective is to ascertain and undertake adherence to the applicable
laws and regulations pertinent to the business of CTS Pvt. Ltd which is in the IT/ITES sector in
the states of Maharashtra, Tamil Nadu and Bihar.

Process to Identify the Applicable Laws

● Understanding the Business Activities:Examine what the Company does in each of the
states, what are the operational geographies, what is the business model (IT/ITES), how
many employees are there, what technology or services are provided. Seek to understand
what activities are going on in the company in each state and determine if it is providing
IT Services or BPO or Data Management or Software Development or any other ITES.
● Identify Categories of Laws: Laws applicable in the country of CTS Pvt. Ltd. can be
broadly categorized into the following. Central/Union laws: These laws apply in every
part of the country. State-specific laws: As the name indicates, laws are determined by the
state where the business is taking place (Maharashtra, Tamil Nadu, Bihar).
Industry-specific laws: Legal provisions for regulating a particular sector such as the
IT/ITES specifics.

● Sources of Law Research:

Official websites: Websites of government departments like Ministry of Labour and


Employment, Ministry of Corporate Affairs, Ministry of Electronics and Information Technology
(MeitY) besides others

State government web portals: Legal portals relating to this cleat industry of policy from
Maharashtra, Tamil Nadu, and Bihar state government online content.

Legal consultancy publications: Research, Reports and White Paper of legal firms, Government
policy notifications, Associations of IT/ITES Industry such as NASSCOM.

Legal resources: Manupatra, SCC Online, Indian Kanoon for searching the Legislation, Case
laws and amendments etc.

Government bulletin: For valid and recent changes in laws of the land.

Paid legal notice: Recent changes notifications and newsletters from legal compliance tools like
vaciltrash, cleartax, lexusnexus to keep nos. of legal amendments.

Applicable Laws Identified for CTS Pvt. Ltd.

Central/Union Laws:

The Companies Act, 2013:

Such an act regulates formation, functioning and regulation of companies in India.

Constitute a requirement with respect to filing of annual returns, financial statements and board
meetings.
Information Technology Act, 2000 (Amendments 2008):

It deals with the administration of e-contracts, e-signatures, cyber security, cyber crimes and
e-commerce.

The Indian Contract Act, 1872:

Regulates possession and contracts, agreements, including service level agreements with clients,
vendors and employees.

The Income Tax Act, 1961:

Reporting of tax deduction at source (TDS) and filing of corporate return of income and payment
of required taxes in advance.

The Payment of Wages Act, 1936 and The Minimum Wages Act, 1948:

Guarantees regular wages are paid and appropriate provisions for state specific minimum wage
legislation for employees is adhered to.

The Employees' Provident Fund and Miscellaneous Provisions Act, 1952:

CTS is bound to provide Employees Provident Fund benefits to those who are entitled.

The Employees' State Insurance Act, 1948:

The act provides compulsory registration and payment to health insurance for employees in
factories or establishments with more than 10 workers.

Industrial Disputes Act, 1947:

Governs terms of employment, grievance redressal, retrenchment, and layoffs.

Sexual Harassment of Women at Workplace (Prevention, Prohibition, and Redressal) Act,


2013:

Formulates Internal Complaints Committees (ICCs), protection of women in the workplace

Goods and Services Tax (GST) Act, 2017:

The company shall therefore be required to be registered under GST, file returns, and be
compliant with state-wise and central GST regulations with respect to all the services rendered.
State- Specific Laws

Following are the other state specific regulations, which CTS Pvt. Ltd. has to abide by in short:

a) Maharashtra:

Maharashtra Shops and Establishments Act, 2017: Employment and hours of work, holidays etc.
are dealt with.

Maharashtra Pollution Control Board: Environmental criteria for IT/ITES units if there is any
need for it.

Profession Tax Act: This is for the employees to pay professional tax.

b). Tamil Nadu: Tamil Nadu Shops and Establishments Act, 1947: this law deals with the
condition of physical space at the workplace, working hours and facilities provided to workers.

Tamil Nadu Labour Welfare Fund Act:Further emparts the requirements of employees welfare
fund contribution.

c). Bihar:

Bihar Shops and Establishments Act: Working thorough conditions of IT/ITES units.

Bihar State Employment Promotion Policy: Observance with various employment laws and local
employment laws.

Key Aspects to Check in Legislations

Applicability: Does that law extend to IT/ITES companies and does it have clauses for operation
in the states of Maharashtra, Tamil Nadu and Bihar?

Compliance Requirements: Identify the activities that CTS Pvt. Ltd. Comply with and maintain
compliance. These may include registration or filing obligations, employee benefits, operational
and other licenses.

Penalties for Non- Compliance: What are the fining systems, penalties or legal risks for not
adhering to the law?

Data Security and Confidentiality: Try to determine whether or not the law imposes any
restrictions regarding data control issues which are so much relevant to IT/ITES companies.
Employment Terms: Investigate any potential statutes related to employee welfare, employee
salary and compensation and working conditions.

Tax Compliance: Tax obligation, assesable income tax, GST tax and such other taxes such as
Local Professional Business Tax, are to be computed as required for the company.

Pollution Control: For IT companies with offices, check any law for environmental audits for
pollutions and gases released.

Verify Latest Updates

To ensure that you are working on a rule or other legal provision in its latest version, take the
actions described in the following steps.

Government and Ministry Websites: The Government is the primary source for information on
the law in the form of new laws and amendments. Such relevant sites include the following:

● Ministry of Electronics & Information Technology (MeitY)


● Ministry of Labour & Employment
● Ministry of Corporate Affairs (MCA21 portal)
● State-level legal portals (like Maharashtra/Tamil Nadu/Bihar government sites)

Legal Databases: The sites and places are called databases where legal researchers can also look
up up-to-date case laws, revisions of general laws and amendments on a subscription basis
(Manupatra, SCC Online, LexisNexis, Indian Kanoon and others.)

Official Gazette Notifications: Laws, rules, and amendments, etc. are published in the Official
Gazette. If any notification of the relevant type has come on a new one owing to a fresh
notification, then by sight one is looking at the most current ones.

Legal Advisories and Newsletters: They consider laws on respective subjects and/or business
activities and/or industries and/or politics, and may subscribe for compliance/yellow/legal
making firm advices, such as EY-PwC, etc, possessing alerts regarding changes of relevant laws.

Industry Associations: Some organizations like NASSCOM (National Association of Software


and Service Companies) issue current amending or updating forms for attainment on the legal
requirements in force within the IT/ITES sector.
Case 4 – Consider the following situation:
XYZ Ltd. operates from New South Wales. You have been appointed as member of the
Environment, Health and Safety team. You are required to advise them on the compliances
required under “Work Health and Safety Act, 2011”.
Please read the legislation [Link
https://legislation.nsw.gov.au/view/whole/html/inforce/current/act-2011-010] and summarise any
2 compliances for XYZ Ltd. in your own language without changing the meaning of the
provisions.
Solution

Compliance overview for XYZ Ltd., under the Work Health and Safety Act, 2011

Introduction
The Work Health and Safety Act, 2011 ("WHS Act") of New South Wales establishes a legal
framework to protect the health, safety, and welfare of all workers and other individuals who
stand to be affected by the activities in the employment space. The primary aim of this Act is to
foster a consistent and cooperative approach to risk management to eliminate or minimise harm
arising from workplace operations.
XYZ Ltd., as a company operating in New South Wales, is legally obligated to comply with the
provisions set out in the WHS Act to ensure the protection of its workforce and others who may
be affected by its operations as a way of avoiding risks that are inherent to its operations and as a
way of creating a legally compliant work environment.

Objective of Compliance
The key objective of compliance with the Work Health and Safety Act of 2011 is to promote
workers' welfare, health, and safety by minimizing or eradicating hazards in the workplace by
implementing principles and procedures of effective operations, standards on work methods, and
installing precautionary measures concerning plants, substances, and structures. Find processes
that can assign legal responsibility and obligations to all the duty holders, including company
directors, employees, and contractors, to promote workplace compliance, safety, and
cooperation.
Reduce legal risks that threaten the company's operations by ensuring compliance with statutory
requirements, and thus avoid huge penalties, court cases and loss of reputation if the company
fails to meet the legal requirements as mandated by the law. Ongoing work health and safety
policy review, evaluation and improvement to help the company update its safety programs as
frequently as possible over the legal minimal standards and instructions.
Ensure timely and efficient reporting and investigation of incidents and notification
responsibilities in compliance with the law, as well as documentation and regulatory reporting to
SafeWork NSW to reduce any legal exposure and avoid any compromises in the occurrence of
any workplace mishap.

Compliance overview for XYZ Ltd., under the Work Health and Safety Act, 2011
1. Section 19 - Principal Duty of Care
XZY Ltd. owes the duty under Section 19 of the Work Health and Safety Act of 2011 as a Person
Conducting a Business or Undertaking to ensure that there is provision for the health and safety
of workers, with protection, so far as is reasonably practicable to attain it, against any potential
hazard in the workplace. Protection shall include:
· Workplace Safety:XYZ Ltd. will ensure a safe workplace is provided and maintained,
including secure systems of work, equipment, substances, and structures.
· Welfare Amenities: Enough welfare amenities in the form of availability of sanitary
latrines, drinking water, and rest sheds are to be provided.
· Information and Training: Suitable information, instruction, training, and supervision are
to be provided to all workers necessary for safeguarding them while carrying out their work.
· Health and safety conditions: Monitoring to avoid injury or illness is necessary for both
work premises and workers.
· Accommodation: Where XYZ Ltd. provides accommodation for employees, it will be
responsible for ensuring such accommodation is not provided in a way that puts workers at risk
of health and safety hazards.

2. Sections 35 to 39 - Notifiable Incidents


· Death of a person at the workplace.
· Serious injury or illness, which includes amputations, serious head injuries, burns, loss of
bodily functions, or any condition requiring hospitalization.
· Dangerous incidents, such as uncontrolled explosions, fires, gas leaks, or structures or
equipment collapsing, pose serious health and safety risks.
· Preservation of Incident Site: Following a notifiable incident, XYZ Ltd. must ensure that
the site is preserved and undisturbed until an inspector arrives, except where necessary, to assist
injured persons or eliminate further risks. Failure to report incidents or maintain the site can
result in significant penalties, including fines for individuals and corporations.

By adhering to the obligations under the Work Health and Safety Act, 2011, XYZ Ltd. can ensure
a safe, compliant, and risk-managed workplace while avoiding the legal and financial
consequences of non-compliance.

You might also like