Quality at the front
High quality is a prerequisite for our work as auditors and the basis for everything we do in BDO. This requires both knowledge and integrity.
As head of Quality and Risk Management (QRM), it is my duty to ensure that quality is the basis for all aspects of our business, and that we, as a firm, continuously work to fulfil our role as society’s trustee. The expectations to us as auditors are constantly changing – a high quality delivery yesterday will not necessarily be perceived as such tomorrow.
In the QRM department, we are engaged in a number of tasks contributing to high quality deliveries in our client work, such as coordinating our process for risk assessments and risk reducing measures together with monitoring/compliance controls. Our monitoring activities include reviews of completed audit engagements as well as a number of various controls of our procedures not directly related to the execution of audits. You can read more about our monitoring activities here.
Our overall work with ethics and independence, anti-money laundering and data protection is also organised in the QRM department, in addition to our in-house legal work.
International standard on quality management
On 15 December 2022, a new international standard on quality management in audit firms – ISQM 1 (International Standards on Quality Management) became effective. By integrating ISQM 1 in our quality management system, we lay the foundation for an even more effective and robust process for quality management. The implementation of ISQM 1 is enabling us to better identify strengths, address weaknesses and improve our internal policies and procedures. The incorporation of the standard in our practice also enhances our ability to meet future challenges and continue to deliver services of high quality to our clients. Your can read more about our quality management system here.
Competence and capacity in the QRM department
The tasks in the QRM department are divided into Risk Management, Ethics and independence, Compliance, AML/Anti-money laundering, GDPR/Data protection and in-house legal/Legal. In the course of several years, we have strengthened our competence and capacity by recruiting people with relevant experience from other regulated enterprises. In 2023, we continued this enhancement of both competence and capacity
within Compliance, Risk Management, Ethics and independence and legal competence. From 1 January 2024, we have also made changes in the organisation of our KYC (Know Your Client) team by bringing it closer to the QRM department. On 1 February, the KYC team was strengthened by more employees with experience from corresponding work in other enterprises subjected to the regulations in the Anti-Money Laundering Act.
As many others, we are engaged in finding out how we can utilise artificial intelligence (AI) in our business to ensure and improve the quality of our work. A thorough and responsible approach to AI is decisive for future success.
AI is important also for the QRM departure. We wish to be a relevant contributor to the organisation’s strategy and practice concerning AI. As is the case for most new and untried technological solutions, the use of AI will imply trial and error. It is important to us that the development takes place in an orderly manner, thereby securing professional confidentiality, data integrity and privacy. We must also be certain that AI really contributes to securing and improving quality in our work.
The introduction of GRC tools
As part of our work on strengthening our quality management, we have decided to introduce a GRC (Governance, Risk and Compliance) tool. The implementation of the system started in 2023, but will continue into the first quarter of 2024, enabling it to be effective before 1 April 2024. This tool contributes to collect the documentation of our efforts concerning quality management and support our continuous work on those risks that affect our business, and how we manage them on a day-to-day basis.
Sustainability reporting
In preparing the introduction of requirements to the assurance on sustainability reporting, we have started developing internal inspections of such assurance engagements. Inspections of sustainability assurance reports issued in 2023 have been carried out through document based reviews, and this will continue in the coming year. More comprehensive inspections of issued sustainability assurance reports concerning 2023 will be carried out as part of our internal inspections in the autumn of 2024.
5 TRANSPARENCY REPORT 2023
Partner/Service Leader QRM i BDO AS
Supervision
On 16 November 2023, we received a report from Finanstilsynet (the Financial Supervisory Authority of Norway) after the inspection they had with us in November 2022. The content of the report has essentially been known to us since the end of their visit in 2022, and we have implemented a number of measures in 2023 to improve and correct the issues mentioned by Finanstilsynet in the report. The report is discussed here.
BDO Global
BDO in Norway is among the ten largest member firms in BDO Global, implying that our global organisation is more concerned with how we in Norway manage audit quality than what is the case for the smaller member firms. This also implies that BDO Norway is subject to tighter and more frequent ongoing inspection activities than other member firms in the global BDO network. In this transparency report you can read more about how we work with our global organisation to secure quality.
Consequences of quality deficiencies
Even though we spend much effort in quality assurance and preventing errors, engagement deliveries will, in some instances, not be of the desired quality. We have various ways to follow up and sanction uncovered misconducts and deficiencies, depending on the underlying causes. Sanctions carried out in 2023 include follow-up inspections and instructions to prepare action plans after the internal quality inspection, replacements of the auditor in charge of individual engagements and considerable financial deductions in partner compensation. In some instances, several different sanctions have been applied to the same case.
6 TRANSPARENCY REPORT 2023
Key figures
7 TRANSPARENCY REPORT 2023
2,8 BILL. NOK IN TOTAL TURNOVER 3,2 BILL. NOK IN TOTAL TURNOVER TURNOVER IN BDO NORGE OUR EMPLOYEES Audit 57 % Legal 6 % Consulting 8 % Business Services 29 % 2022 2023 130 NEWLY QUALIFIED 60 WITH EXPERIENCE 1 050 EMPLOYEES IN AUDIT 2 200 EMPLOYED IN TOTAL 47 % AUDIT 53 % PERMANENTLY EMPLOYED IN AUDIT IN 2023: GENDER DISTRIBUTION IN BDO AS AT 31.12.23 POSITION WOMEN MEN Egenkapitalparter 17 % 83 % Lønnspartner 22 % 78 % Direktør 34 % 66 % Senior Manager 49 % 51 % Manager 56 % 44 % Supervisor 64 % 36 % Senior Associate 64 % 36 % Associate 52 % 48 % Grand Total 54 % 46 % MISCELLANEOUS
About BDO
The BDO network is an international network of independent firms in 166 countries with more than 115 000 employees within audit, tax, business services and consulting. The firms are members of BDO International Limited, providing professional services under the brand name BDO.
Legal and organisational structure of the network
Each BDO member firm is a member of BDO International Limited, a UK limited liability company, either as a voting member (one firm per country) or non-voting member. BDO International Limited is the umbrella company in the BDO network and sets the terms for membership in its articles of association.
The BDO network is governed by the BDO International Limited Council, the Global Board and the Global Leadership Team.
The BDO International Limited Council (the Council) consists of one representative for each voting member and represents the
member firms of BDO International Limited in company meetings. The Council approves the network’s central budget, appoints the members of the Global Board and determines any amendments to BDO International Limited’s articles of association.
The Global Board, which is the board of directors for BDO International Limited, consists of one representative for the BDO network’s seven largest member firms, each appointed for a three-year term and approved by the Council. The Global Board sets priorities for the BDO network and supervises the work performed by the Global Leadership Team. The Global Board convenes at least four times a year.
The Global Leadership Team is responsible for coordinating the activities of the BDO network. The team is led by the Global CEO and includes the Global Chief Strategy & Operations Officer, the Global Head of Audit & Assurance, the Global Head of Tax, the Global Head of People & Culture, the Global Head of Advisory, the Global Head of Technology, the Global Head of Risk & Compliance and the Global General Counsel.
The Global Leadership Team is supported by the Global Office through Brussels Worldwide Services BVBA. Brussels Worldwide Services BVBA, a Belgian limited company, provides services in connection with the coordination of the BDO’s network.
BDO International Limited and Brussels Worldwide Services BVBA do not provide any professional services to clients. Only the member firms, including BDO AS, provide such services.
BDO International Limited, Brussels Worldwide Services BVBA and the member firms of BDO are all separate legal entities and have no liability for other entities’ acts or omissions. Nothing in the arrangements or rules of BDO shall constitute or imply an agency relationship or a partnership between BDO International Limited, Brussels Worldwide Services BVBA and /or BDO’s member firms.
1
115
150
OFFICES
166 COUNTRIES
60 OFFICES
2200 EMPLOYEES AND PARTNERS
3,2
187 PARTNERS
8 TRANSPARENCY REPORT 2023
776
000 EMPLOYEES WORLDWIDE
BILL. NOK IN TOTAL TURNOVER
BILL. NOK IN TOTAL TURNOVER
THE BDO NETWORK BDO IN NORWAY
Participants in the BDO network in the EU/EAA
Total turnover for audit services performed by BDO in the EU/EAA: €1 630,045,046.71.
ALBANIA Albania BDO Albania Sh.P.K.
AUSTRIA Austria BDO Salzburg GmbH Wirtschaftsprüfungs - und Steuerberatungsgesellschaft
BDO Steiermark GmbH Wirtschaftsprüfungs- und Steuerberatungsgesellschaft
BDO Oberösterreich GmbH Wirtschaftsprüfungs - und Steuerberatungsgesellschaft
BDO Assurance GmbH Wirtschaftsprüfungs- und Steuerberatungsgesellschaft
BELGIUM Belgium BDO Bedrijfsrevisoren BV / Réviseurs d’Entreprises SRL
BULGARIA Bulgaria
CROATIA Croatia
Sarajevo
BDO AFA OOD
BDO Croatia D.O.O.
BDO BH d.o.o. Sarajevo
CYPRUS Cyprus BDO Limited
CZECH REPUBLIC Czech Republic
DENMARK Denmark
BDO Audit s.r.o
BDO Group s.r.o.
BDO Czech Republic s.r.o.
BDO Statsautoriseret revisionsaktieselskab
BDO Holding VI, Statsautoriseret Revisionsaktieselskab
ESTONIA Estonia Aktsiaselts BDO Eesti
FINLAND Finland BDO Oy
BDO Audiator Oy
FRANCE France BDO France
BDO Paris Entreprises
BDO Paris Audit Pme
BDO Atlantique
BDO Rennes
BDO Lyon Audit
BDO Idf
BDO Les Herbiers
BDO Fontenay Le Comte
BDO Nantes
BDO Les Ulis
BDO Paris Audit & Advisory
BDO Méditerranée
GERMANY Germany
BDO AG Wirtschaftsprüfungsgesellschaft
BDO Oldenburg GmbH & Co KG Wirtschaftsprüfungsgesellschaft
BDO DPI AG
BDO Dr. Daiber Audit GmbH (until 24 April 2023)
BDO Concunia GmbH Wirtschaftsprüfungsgesellschaft
Country Area Names of the BDO companies in the area
GIBRALTAR Gibraltar
GREECE Greece
HUNGARY Hungary
BDO Limited
BDO Certified Public Accountants S.A.
BDO Services SA
BDO Hungary Audit Ltd
ICELAND Iceland BDO ehf.
IRELAND Ireland BDO
ITALY Italy
LATVIA Latvia
BDO Italy S.p.A.
BDO Assurance, LLC
LIECHTENSTEIN Liechtenstein BDO (Liechtenstein) AG
LITHUANIA Lithuania
LUXEMBOURG Luxembourg
MALTA Malta
NETHERLANDS Netherlands
NORWAY Norway
POLAND Poland
PORTUGAL Portugal
ROMANIA Romania
SLOVAK REPUBLIC Slovak Republic
SLOVENIA Slovenia
SPAIN Spain
SWEDEN Sweden
BDO Auditas ir Apskaita, UAB
BDO Audit
BDO Malta CPAs
BDO Audit & Assurance B.V.
BDO AS
BDO Spółka z ograniczoną odpowiedzialnością Sp. K.
BDO & Associados, SROC, Lda
BDO Audit SRL
BDO Auditors & Accountants SRL
BDO Auditors and Business Advisors SRL
BDO Audit, spol. s r.o.
BDO Revizija d.o.o.
BDO Auditores, S.L.P.
BDO Audiberia Abogados y Asesores Tributarios, S.L.P.
BDO AB
BDO Göteborg AB
BDO Göteborg Intressenter AB
BDO Göteborg KB
BDO Mälardalen AB
BDO Mälardalen Intressenter AB
BDO Norr AB
BDO Norr Intressenter AB
BDO Stockholm AB
BDO Sweden AB
BDO Syd AB
BDO Syd Intressenter AB
Please note that BDO firms have different year-end dates and the total amount stated is a combination of statutory audit turnover of EU/EAA member firms for their last accounting year. For each firm using another currency than EUR, an average rate is applied for the period they reported.
* The list of participants in the BDO network in the EU/EAA is updated as of 20 October 2023.
9 TRANSPARENCY REPORT 2023
Country Area Names of the BDO companies in the area
BDO in Norway
BDO is organised as an internal partnership, externally represented as a limited company, and is an audit firm authorised pursuant to the Norwegian Audit and Auditors Act. BDO is also an external accounting firm authorised under the Norwegian Authorisation of Accountants Act. BDO’s business in Norway is carried out by the companies BDO AS (org. no. 993 606 650) and BDO Advokater AS (org. no. 996 798 577). These two companies have no ownership in each other, but all equity partners in BDO Advokater AS are also equity partners in BDO AS. The profit sharing is performed on the basis of the total results from BDO AS and BDO Advokater AS.
BDO AS is the principal in BDO Internal partnership, in which all the shareholders in BDO AS participate as individual silent partners. The company model has been established for practical reasons. BDO AS cannot conduct any business other than what is conducted for BDO Internal partnership.
BDO AS is the only member of the company meeting, but all the partners are entitled to attend. Prior to each company meeting, a partner meeting is held which, with binding effect for the principal, makes decisions on issues to be discussed by the company meeting.
BDO’s operations in Norway are wholly owned by equity partners. As at 31 December 2023, there were 142 owners of BDO AS. All partners in BDO AS have an equal ownership share; they are listed in the last part of this report. All partners are individual silent partners in BDO Internal partnership, with the addition of 11 partners without project responsibilities (ambassadors).
Legal entities operating for BDO Norway or in which BDO has ownership shares:
BDO’s business in Norway is operated by:
• BDO AS (org.nr. 993 606 650)
• BDO Advokater AS (org.no. 996 798 577)
As at 31.12.2023, BDO has the following wholly-owned subsidiaries:
• Evolver by BDO AS (org.nr. 923 134 875)
• Godt Sagt AS (org.nr. 931 917 056)
• Noraudit AS (org.nr. 968 008 358)
• Inter Revisjon Norge AS (org.nr. 915 915 167)
BDO AS also has ownership shares in the following companies:
• Ørje Næringspark AS (org.nr. 989 686 984)
• Økonomiklyngen AS (org.nr. 917 592 950)
All across Norway, thousands of businesses and organisations work hard to create value and BDO is there to help them. We are an international consultancy and audit firm deeply rooted in Norwegian society and business community. We are familiar with the challenges, see the opportunities and make strong commitments to help our clients reach their goals.
We have 2200 employees and 60 offices in Norway.
Our clients range from large, worldwide companies to small and medium-sized enterprises. We have clients from most industries in both private and public sectors. When necessary, we collaborate with large parts of the BDO network on international as well as Norwegian clients.
Our values reflect our internal firm culture. OPEN. CLOSE. BRAVE. Transparency shall contribute to improvement. Our clients shall perceive us as open and attentive. We shall work closely with each other and with our clients with the appropriate expertise. Our integrity as auditors and consultants shall be high – also in other areas than our profession requires. This implies that we must have the courage to challenge the clients, the market as well as ourselves.
10 TRANSPARENCY REPORT 2023
Corporate structure
General meeting
BDO AS is governed by decisions in the general meeting, the supreme body in BDO AS. The general meeting of BDO AS is executed in accordance with the Norwegian Limited Liability Companies Act, the company’s articles of association and shareholder agreement, and it elects the board of directors of BDO AS. The board of directors of BDO AS Internal partnership comprises the same members as those at any time elected as chair and members of the board of directors of BDO AS. The company board is responsible for BDO’s operations.
Nomination committee
The nomination committee is elected by the general meeting of BDO AS and shall propose members for the board of directors. The nomination committee has three members and one deputy member. The composition of the nomination committee shall reflect the varying sizes of the departments. No region may have more than one member in the nomination committee.
Board of directors
The representation on the board of directors shall reflect the individual department’s size as well as geographical location. The board of directors must at all times represent a combined expertise that serves the participants. Employees are entitled to representation on the board pursuant to section 6-4 of the Norwegian Limited Liability Companies Act.
The board of directors shall comprise 5 to 8 members as decided by the general meeting, with the addition of employee representatives. The board consists of 11 members of which 4 represent the employees. The board members are elected for a period of up to 2 years.
The chair is elected by the general meeting, and the board appoints the deputy chair. According to BDO AS’ articles of association, the board must have a composition that meets the prevailing requirements of the Norwegian Audit and Auditors Act. This implies that the majority of both the members and the deputy members of the board must be state authorised public accountants.
As of 14.3.2024, the board has the following members:
• Chair Ingjer Ofstad, Partner
• Deputy chair Henrik Dagestad, Partner
Board members:
• Anne Merete Vorpenes, Partner
• Yngve Gjethammer, Partner
• Cathrine Sæther Karlsen, Partner
• Knut Haugen, Partner
• Vidar Såheim, Partner
Employee representatives:
• Eirik Tveit, Senior Manager
• Håvard Tysdal, Senior Manager
• Elise Aune Wallum, Manager
• Helene Johannessen, Manager
Eirik
Helene
Håvard Tysdal Employee repr. Sign.
Organisation of the business BDO AS shall have a managing partner appointed by the board of BDO AS. The managing partner in BDO AS shall also be the managing partner of BDO Internal partnership.
BDO has 60 offices in Norway headed by an office manager. Each office is part of a region. As at 31.12.2023, BDO had 7 regions. At 1.1.2024, BDO has 5 regions. Each region is a separate economic entity distributing its profit among the equity partners of the entity.
Managing partner and management group
The managing partner’s role and responsibilities are determined by the board of directors’ instructions to the managing partner.
The managing partner reports directly to the board and presents a summary of the business developments and the most important goals in the time to come. The managing partner keeps the employees continuously informed through weekly vlogs, monthly information meetings, office visits and presentations at internal events, thereby providing knowledge about BDO’s focus and operations. This also gives individuals an opportunity to raise issues directly with the managing partner.
Together with the national management group, the managing partner prepares BDO’s business strategy and ensures that it is implemented when adopted by BDO’s board. The national management group has monthly meetings.
Members of the national management group:
• Martin Aasen, Managing Partner
• Roger Telle-Hansen, Partner/Head of Region Stor-Oslo
• Stig Are Lauvnes, Partner/Head of Region SørVest
• Knut Evensen, Partner/Head of Region Østfold
• Tom Aleksandersen, Partner/Head of Region MidtNord
• Eirik Meling Veien, Finance Director
• Jørgen Brodtkorb, IT Director
• Kristina Bors, HR Director
• Synne Ekrem, Market & Communications Director
• Steinar Andersen, Partner/ Head of QRM
• Hanne Fritzsønn, Partner/ Head of service area Tax & Legal
• Erik H. Lie, Partner/ Head of service area Audit & Assurance
• Andreas Ystgaard Tjemsland, Partner/ Head of service area Business Services
• Morten Thuve, Partner/ Head of service area Consulting
11 TRANSPARENCY REPORT 2023
Ingjer Ofstad Chair of the board Sign.
Yngve Gjethammer Board member Sign.
Vidar Såheim Board member Sign.
Elise Aune Wallum Employee repr. Sign.
Henrik Dagestad Deputy chair Sign.
Cathrine Sæther Karlsen Board member Sign.
Tveit Employee repr. Sign.
Johannessen Employee repr. Sign.
Anne Merete Vorpenes Board member Sign.
Knut Haugen Board member Sign.
12 TRANSPARENCY REPORT 2023
MANAGEMENT GROUP
Aasen Managing Partner
Aleksandersen Partner/Head of Region MidtNord
Telle-Hansen Partner/Head of Region Stor-Oslo
Meling Veien Finance Director
Are Lauvnes Partner/Head of Region SørVest
Brodtkorb IT Director
Evensen Partner/Head of Region Østfold/Follo
Bors HR Director
Ekrem Market & Communications Director
Fritzsønn Partner/ Head of service area Tax & Legal
Andersen Partner/ Head of QRM Morten Thuve Partner/ Head of service area Consulting
H. Lie Partner/ Head of service area Audit & Assurance
Y. Tjemsland Partner/ Head of service area Business Services Telemark SørVest Stor-Oslo Østfold MidtNord Nord Vest Buskerud Administration Market & Communications HR QRM IT Technical dept’s Support functions Board National management group Quality control committee Internal control committee Managing Partner Finance Director
Corporate structure and organisation NATIONAL
Martin
Tom
Roger
Eirik
Stig
Jørgen
Knut
Kristina
Synne
Hanne
Steinar
Erik
Andreas
Financial information
13 TRANSPARENCY REPORT 2023
Turnover per business area (as at 31.12.23, NOK000) 2023 Audit & Assurance 1 807 000 Business Services 940 000 Consulting 243 000 Tax & Legal 182 000 Totalt 3 172 000 *Turnover between BDO AS and BDO Advokater AS has been eliminated Audit and assurance 81 % Assistance 11 % Tax and legal services 5 % Consulting 1 % Statutory audit of public interest companies 2 % Audit & Assurance 57 % Tax & legal 6 % Consulting 8 % Business Services 29 % Audit client turnover (as at 31.12.23, NOK000) 2023 Audit and assurance 1 477 000 Statutory audit of public interest companies 37 000 Assistance 204 000 Consulting 26 000 Tax and legal services 89 000 Totalt 1 833 000
Quality in BDO
BDO’s system for quality management
The international standard on quality management for audit firms 1 (ISQM 1) came into effect on 15 December 2022 and requires all firms that perform audits or reviews of financial statements, or other assurance engagements or related services engagements to establish a system of quality management that complies with all the requirements in the standard. A system of quality management is not static, but shall be flexible enough to adjust to changes in the nature and circumstances of the firm and its engagements. BDO has designed and implemented a system for quality management in accordance with ISQM 1 that provides reasonable assurance for the following:
a. BDO and its employees attend to their tasks and duties in accordance with the professional standards and prevailing law and regulations and carry out engagements pursuant to such standards and requirements.
b. Engagement reports issued by BDO or engagement partners are appropriate in the circumstances.
BDO has included all quality objectives and specified measures in ISQM 1 for the eight components included in the standard. The eight components are:
1. 1. The firm’s risk assessment process
2. Governance and leadership
3. Relevant ethical requirements
4. Acceptance and continuance of client relationships and specific engagements
6. Resources
7. Information and communication
8. Monitoring and remediation process
In order to achieve the firm’s objectives for the quality management system, including establishing and continuously improving the quality management system, BDO has carried out the following activities for each of the components in the quality management system:
OBJECTIVES
BDO has established the quality objectives specified in ISQM 1 and determined additional objectives considered to be required for achieving the quality management objectives
QUALITY RISKS
BDO has identified and assessed quality risks as a basis for the design and implementation of measures
MEASURES
BDO has designed and implemented measures (procedures, guidelines or controls) to reduce the quality risk to an acceptable level
MONITORING
BDO has established a monitoring and remediation process to secure relevant, reliable and timely information about the design and implementation of the quality management system, and to manage identified weaknesses at an early stage. Based on the results of the analyses of root causes, we have also designed and carried out remediation measures to manage identified weaknesses.
14 TRANSPARENCY REPORT 2023
Evaluation of the quality management system
According to ISQM 1, the individual(s) with ultimate responsibility for the system of quality management shall evaluate the system on behalf of the firm. The evaluation shall be undertaken as of a point in time and at least annually.
The annual evaluation considers the information on the design, implementation and results from monitoring activities carried out in the period up to the evaluation date.
The evaluation date for BDO was 1 November 2023. Monitoring activities include testing of measures, review of findings from internal and external inspections of engagements, and assessments of other relevant information obtained from the quality management system.
Root causes shall be identified for all uncovered deficiencies, and an assessment shall be made with regards to how severe and pervasive the effect of the identified deficiency is. BDO executes professional judgment in determining whether a finding, individually or in combination with other findings, represents a deficiency in the system of quality management.
Statement on the quality management system’s effectiveness
The board and management have carried out an evaluation in accordance with ISQM 1 and concluded that the quality management system provides the firm with reasonable assurance that the objectives of the system have been achieved as of the evaluation date.
Reasonable assurance is achieved when the quality management system reduces the risk that the system’s objectives are not met to an acceptably low level. Reasonable assurance is not an absolute assurance level, as there are inherent limitations in a quality management system.
Based on the results of the analyses of the root causes, BDO will design and implement compensating measures to menage any identified deficiencies. The progression of the implementation will be monitored on a regular basis.
15 TRANSPARENCY REPORT 2023
The board and management’s responsibility for quality In BDO, the board together with the managing partner, has the overall responsibility for the quality management system..
An internal control committee monitoring the internal control at a firm level has been established. The internal control committee is responsible for following up that first and second line controls function as intended, and that significant deficiencies are eliminated and new control measures implemented. It shall also contribute to improvements in the quality control system, risk management and internal control. The committee is appointed by the board, among the firm’s equity partners, and the board members appoint the leader. The internal control committee reports to the managing partner and the board. You can read more about the internal control at firm level here.
A quality control committee for audit monitoring internal control at an engagement level has been established for engagements requiring authorisation as auditors. This committee comprises partners who are authorised auditors and have experience as audit engagement partners. A corresponding quality control committee for the firm’s other services has also been established. The quality control committees report to the head of QRM and the board. You can read more about internal control at an engagement level here.
Management is responsible for the design, implementation and follow-up of governance and control that takes care of the firm’s commitment to quality, including a culture for quality, roles and responsibilities, actions and behaviour, organisation and allocation of resources. Through policies and procedures, the firm has established a framework for the enterprise that shall substantiate the requirements for quality.
The head of the QRM department has the operational responsibility for designing and implementing the firm’s quality management system. The QRM department is a department in BDO responsible for tasks related to quality and risk management. The areas of responsibility include risk management, ethics, independence and conflicts of interests, monitoring and compliance, anti-money laundering, data protection and internal legal issues. The QRM department has dedicated teams taking care of the strategic and operational second line control. The QRM department’s function ensures the board and managing partner that BDO meets the requirements to a supplier of auditing, accounting, consultancy and legal services. The work is carried out along three dimensions:
Preventive activities
• Developing policies, procedures and guidance
• Providing information and carrying out training activities
• Building a quality-oriented firm culture
Ongoing assistance and advice in individual matters
• Consulting with engagement partners and employees
• Handling complaints and insurance matters
• Maintaining dialogues with external supervisory bodies
• Reporting suspicious transactions to Økokrim (the Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime)
Review and monitoring of compliance
• Coordinating and conducting internal quality inspections
• Verifying compliance with external and internal guidelines and requirements
• Keeping the managing partner and the board continuously updated on important issues.
The day-to-day responsibility for monitoring and remediation is allocated to the Head of Monitoring and Remediation (HMR). The HMR is an audit engagement partner with relevant experience, knowledge, influence and authority in the firm. The HMR’s work is segregated from the work of those with the overall responsibility for the quality management system.
As part of the quality management system, BDO carries out periodical evaluations of the managing partner, the head of QRM, the HMR, heads of regions and service lines and others with responsibilities related to quality management in BDO.
BDO’s risk assessment process
BDO has established a risk assessment process according to the requirements in ISQM 1 and regulations on risk management and internal control. This process encompasses all business areas in BDO.
The quality management system is designed as a dynamic process, where the risk assessment process on a regular basis is carrying out analyses information about various events. issues, actions or the lack of actions. This is made to identify the need for any new quality objectives or changes in quality risks or measures that can be required as a consequence of changes
in BDO or our activities. The basis for the risk assessment process is defined objectives and strategies for the business and addresses key risks. All service areas are subject to a systematic assessment of whether BDO’s risk management and internal control is adequate to manage identified risks in an appropriate manner.
All risks and measures identified as part of BDO’s risk assessment process are discussed by BDO’s management group. The managing partner prepares an annual formal report summarising the risk assessment process to the board.
16 TRANSPARENCY REPORT 2023
The monitoring and remediation process
Monitoring and remediation is an important part of the system of quality management to ensure continuous improvements. BDO has organised the monitoring and remediation process by separating it into two functions: monitoring at a firm level and monitoring at an engagement level. Through these functions, improvement areas and deficiencies in the quality management system are identified.
All deficiencies are assessed by how severe and pervasive they are. As part of this work, a thorough root cause analysis of the most frequent and significant findings uncovered in the monitoring period is carried out. The results are reviewed in detail with the relevant key individuals and functions in the firm. On the basis of the analyses, remedial actions to be designed and carried out to manage the identified weaknesses are considered. Remedial actions can be both national and regional. The measures are regularly followed up and are included in the internal control committee’s reporting.
Root cause analyses
Root cause analyses (RCA) constitute an important part of our process for continuous improvements. The methods involves thorough inquiries about why a problem arose until the actual reason has been identified. The objective is to address underlying causes, not only symptoms.
In BDO, we have a top-down approach in our RCA process. The process contributes to a more thorough understanding of deficiencies and weaknesses in the quality management system and to implement required improvements addressing the identified deficiency
Monitoring at a firm level
BDO has established a compliance team that through preventive actions, subsequent controls and other monitoring activities shall contribute to compliance with all laws and regulations that the firm is subject to in addition to requirements from our international network and our internal procedures. The compliance team focuses on monitoring at a firm level and designs and carries out monitoring activities as a basis for identifying weaknesses in the quality management system.
One of the compliance team’s responsibilities is to ensure that BDO complies with laws, standards and internal guidelines for the acceptance of clients, independence and other ethical requirements. Various control mechanisms are applied, both sample based and embedded controls / notifications in our systems.
Monitoring at an engagement level
BDO has implemented a system of internal quality control at an engagement level. Internal control constitutes a significant part of BDO’s monitoring at an engagement level and applies to all service areas. This transparency report, however, only includes what is applicable for audit engagements.
The internal quality inspection is carried out every third year as a minimum for all auditors in charge of engagements. New auditors in charge shall have a quality control the first year they sign auditor’s reports. A control object may be subject to a quality control more frequently than every third year – based on a risk assessment or randomly selected for review. Quality inspections can also be carried out as a measure after external inspections and other events requiring closer follow-up. The reviews may be performed as often as appropriate to enhance quality in the service delivery or reduce the risk. The internal quality inspection comprises a given number of engagements per review object, normally 2-3 engagements.
The inspection is executed by a team of two experienced auditors. All quality reviewers complete annual training. In order to ensure independence, the reviewer cannot review engagements in his or her own department or in other instances with independence issues.
When the inspections are completed, a meeting is held in the quality control committee (for audits), where the results are discussed. The quality control committee shall conclude at an engagement level and decide further measures. Each control object will receive a conclusion based on the findings uncovered during the review. The quality control committee can issue the following conclusions at an engagement level:
Approved / Approved with improvement needs
• The engagement review uncovered no or few errors/deficiencies
• Any errors or deficiencies are not severe enough to cause any critic of the individual in charge of the engagement/BDO in a quality control from others
Significant improvements needed
• Severe errors/deficiencies uncovered during the review
Not approved
• The engagement review uncovered very severe errors/deficiencies
Non-compliance concerning quality can result in financial sanctions against the auditor in charge. The quality control committee can also propose to the board that the person in question is deprived the right to sign on all engagements or some types of engagements, as a consequence of issues uncovered by the quality inspection.
17 TRANSPARENCY REPORT 2023
Monitoring by the global BDO network
Out international network conducts regular quality controls of BDO in Norway, normally once every third year. These controls include reviewing internal policies and procedures and compliance with them in addition to reviews of several audit engagements. The last review from BDO Global took place in November 2020, and the next is expected during 2024.
In addition to the formal quality control from BDO Global, BDO regularly reports to our global organisation, on matters like various defined AQIs (Audit Quality Indicators). Monthly meetings with the global QRM departments are also arranged to review various aspects related to quality, risk management and compliance.
Monitoring by Finanstilsynet
As BDO is auditing entities of public interest, we are subject to a firm inspection directly by Finanstilsynet. Every third year Finanstilsynet carries out a so-called firm inspection, which is part of the ordinary supervision of the largest audit firms and entails reviews of several audit engagements in addition to internal policies and procedures. The firm inspection shall also include an assessment of our internal quality control.
Finanstilsynet may also conduct other forms of reviews, either on-site or topic inspections. Reports from Finanstilsynet’s various inspections are published on their websites.
The most recent firm inspection of BDO took place in November 2022, and the final report was published in December 2023. Finanstilsynet has assessed BDO’s independence, allocation of resources, audit fees and audits of selected engagements. An assessment has also been made of our internal systems for quality control and compliance with duties pursuant to the Anti-Money Laundering Act. The report is made available on Finanstilsynet’s official website, and you can read more here.
BDO has worked systematically and structured with improvement measures since the inspection in November 2022 and taken the required initiatives to secure and increase the quality in the processes where weaknesses and deficiencies have been uncovered.
18 TRANSPARENCY REPORT 2023
Ethical requirements and independence
BDO has ethical guidelines set by the company’s board of directors. We impose absolute requirements to the integrity and independence of employees and partners. We must be independent as well as perceived as such by our clients. This implies that we cannot provide services to or enter into business relationships with our clients that may affect our integrity and objectivity.
When hired/joining (and then annually), all partners , employees and hired resources confirm that they know and follow our ethical guidelines and thereby also confirming their independence of our clients. This is supplemented by training activities for employees regarding our ethical guidelines and ongoing monitoring of compliance with independence rules. In addition, all employees and partners engaged in each audit team confirm their independence on all audit engagements where they are involved.
Limitations concerning investments
Management, partners, directors, state authorised public accountants and board members in BDO cannot have investments in companies audited by BDO. This also applies for members of the audit team in question. There are also corresponding limitations for their spouses/co-habitants/partners, but they may apply for exceptions for insignificant investments. The definition of spouses/co-habitants/partners is the same as in the Audit and Auditors Act. Management, board members and persons with access to non-public information concerning the client cannot have investments in BDO’s clients of public interest (regardless of service delivery). Other employees cannot have significant investments in companies audited by BDO. Should BDO accept an audit engagement where any of the above circumstances applies, the persons in question will be requested to dispose of their investments. Investments shall be registered in the register for board positions and investments.
Limitations concerning board positions
As a general rule, employees and partners may not be board members. The same applies for similar positions, such as members of audit committees, shareholder committees and the like. Exceptions to the general rule may be approved when applied for, and registered in the register for board positions and investments. Such exceptions can under no circumstances be granted if it concerns an audit client of BDO.
Gifts and anti-corruption
BDO has zero tolerance for corruption and trading in influence.
Statement on independence practices
Those representing BDO shall not offer, demand, promise, receive or give any form of inappropriate service or incentive to anybody, in connection with the execution of their tasks, with the intention to provide personal or business-like benefits. This applies regardless of whether the benefit is offered directly or indirectly through others.
All those representing BDO must follow the guidelines described above in order to ensure that such offers do not impact our objectivity, independence or integrity. Openness and reporting of gifts or benefits contribute to maintain this.
Rotation of key personnel on audit engagements
For public-interest entities audited by BDO, rotation plans have been prepared in order to comply with the independence requirements of the Norwegian Audit and Auditors Act, the EU Statutory Audit Regulation, and IESBA’s Code of Ethics. For audit engagement partners, quality reviewers and co-partners, this implies that they are rotated out of the engagement after 7 years at the latest. The same applies for leading employees (state authorised public accountants and managers) on the engagement, but they can remain longer if it is considered appropriate and has been agreed with the QRM department. Audit firms must be changed after a maximum of 20 years provided a public tender is performed after 10 years.
Pursuant to the EU Statutory Audit Regulation, art. 13.2(g), BDO confirms that the firm has internal guidelines for the compliance with and control of independence on audit engagements and that BDO complies with law, standards and internal guidelines.
Independence is confirmed by each team member at the engagement level, by individuals in charge of engagements in the annual continuance assessment, and in annual conformations of independence for all partners, employees and hired resources. The Quality and Risk Management department performs monitoring activities to ensure compliance with the independence rules and BDO’s internal guidelines.
19 TRANSPARENCY REPORT 2023
Acceptance and continuance of client relationships and specific engagements
BDO has established formal procedures for acceptance and continuance of engagements and client relationships. The firm is performing controls on an ongoing basis to ensure that these procedures are complied with. Key in our approach to client and engagement acceptance is our dedicated KYC (Know your Client) team, which has specialised competence within anti-money laundering and risk assessments concerning client relationships. This team is an important collaborating partner for our client teams and contribute to ensure that we meet our high standards concerning client integrity and risk assessment.
Our policies and procedures for acceptance and continuance of engagements include:
• Conflict checks to uncover possible independence and interest conflicts , both nationally and in our international network
• Independence checks to ensure independence between our clients and our leading employees
• Engagement assessments to uncover other risk factors, including requirements for independence and expertise on the team carrying out the engagement, and requirements related to the Norwegian Anti-Money Laundering Act
• Procedures for following up the previous auditor
• Annual confirmation from all partners, employees and hired personnel that the procedures for client acceptance are known
• Barrier that prevents a client from being registered in internal systems before the procedure for client acceptance has been completed, including the approval of required roles.
Engagement performance
Audit methodology
BDOs audit methodology has been developed globally and is based on the International Standards on Auditing (ISAs) issued by the International Auditing and Assurance Standards Board (IAASB). The methodology is divided into the following phases:
• Scoping
• Planning
• Obtaining audit evidence
• Completion
The audit methodology ensures that we comply with the International Standards on Auditing and that the audit is concentrated on the areas with the highest risk. The methodology is applied by all auditors in BDO globally to ensure consistent quality worldwide
Consultations
Audit engagements sometimes involve complex accounting and business related issues. Consultations give the audit team the opportunity to benefit from the expertise of experienced colleagues or experts, enabling them to manage and solve challenging problems in a correct and effective manner.
BDO has implemented formal procedures for consultations. According to these procedures, audit team members shall seek advice from qualified resources in the firm, including the technical department and the QRM department if difficult or disputed questions arise in connection with the performance of the audit. In certain circumstances, there are also requirements to consult formally with our global organisation.
Engagement quality control reviews
BDO designates an engagement quality control reviewer (EQCR) on all public-interest companies and other defined risk engagements. The EQCR shall carry out an objective evaluation of the most significant judgmental assessments made by the audit team and their conclusions. The appointment of the EQCR is following the requirements determined in the professional standards and our internal guidelines, including the regulations in ISA 220 Quality management for an audit of financial statements, ISQM 2 (International standard for quality management 2) and the EU’s Statutory audit regulation. This includes criteria related to the EQCR’s competence, skills, capacity and compliance with relevant ethical requirements.
It is of particular importance for BDO to ascertain that the engagement reviewer complies with the highest standards for competence and integrity to ensure the quality and reliability in the engagement review process.
Accreditation requirements for certain types of engagements
Engagements of Public Interest Entities (including listed companies), companies listed on various non-regulated markets and/or entities preparing financial statements according to IFRS, require specific competence and due care from us as auditors. This typically applies to companies of significant social importance, where the public interest is high and the entities are subject to specific legislation. BDO therefore, has set various accreditation requirements of engagement partners and managers on these engagements. The requirements also apply for those carrying out quality controls as engagement reviewers on audit engagements or those performing “two pairs of eyes” reviews on accounting engagements. The accreditation is divided into the main categories “public interest” and “IFRS”.
The public interest accreditation is required for entities with listed securities (shares, bonds, equity certificates etc.) in regulated markets in Norway or within the EU/EAA. In BDO, we also require public interest accreditation for audit and accounting clients with listed securities on non-regulated markets that, in accordance with the listing rules for the market place, have many corresponding requirements as entites listed on regulated markets. Public interest accreditation for bank and financial industries is required for audit and accounting engagements for banks, credit institutions and insurance companies.
General IFRS accreditation is required for all audit and accounting engagements of entities with securities listed on regulated and non-regulated markets with company accounts or consolidated financial statements reporting pursuant to IFRS. This also applies for audit and accounting engagements for IFRS reporting entities defined as risk clients for other reasons. The IFRS accreditation for bank and finance is required for banks, credit and financing institutions and insurance companies preparing accounts according to IFRS or other relevant accounting regulation.
In order to achieve accreditation, certain training programmes must be carried out, including both basic training and annual updates.
Audit engagements of public interest entites and risk clients shall also be subject to IFRS reviews if the accounts have been prepared in accordance with IFRS. The objective of an IFRS review is to uncover possible misstatement and deviations from IFRS. IFRS reviews are carried out by persons associated with or appointed by the Technical Department, and they are not part of the audit team.
20 TRANSPARENCY REPORT 2023
Resources and People in BDO
People in BDO
In BDO, our people are det most important we have, and in our business strategy from 2024, we put «People first». We know that when we create the best employee experiences, we also create the best client experiences, with deliveries of high quality. We have visualised how we in a structured manner approach this through «The employee journey in BDO».
Culture and commitment
As an advisory and audit firm, we depend on trust from clients and society. For us, this implies that we at all times are committed to deliver services of high quality, and continuous learning and development therefore characterise our culture. We must ensure that everybody in BDO is offered relevant, updated and attractive alternatives within learning and competence development.
We measure job satisfaction and commitment in BDO in an annual employee survey and regular pulse surveys. The surveys show high commitment among the employees in BDO – we feel a great del of pride, community and belonging to the firm.
Recruiting
We work strategically to map the needs for competence and capacity – and convert this into operational activities and measures. We must at all times ensure that we have the right people at the right places, both newly qualified and experienced. The brand building as employer and professional recruitment processes of high quality are important to us.
21 TRANSPARENCY REPORT 2023
Onboarding
Welcoming new BDOs in the right way is very important. We use much resources in having the best onboarding – both for newly qualified and experienced hires. Those coming straight from education, participate in a comprehensive programme over four years, with tight follow-up the first year, followed by one gathering per year in the next three years. A streamlined programme for onboarding ensures that we can continue to deliver high quality to our audit clients.
The topics in the onboarding range from technical service-specific and technological training, client and market oriented, to personal, and later management development and introduction into BDO’s culture and values. Experienced new hires follow the four-year programme as appropriate to their level of experience. They also have a joint national onboarding programme.
Learning
Learning and competence development is highly prioritised in BDO. Our courses and learning activities are based on our competence model, within our three dimensions: Client – People – One BDO. Continuous competence development within these areas is an important part of BDO’s fundament and for our way to work. Courses and learning activities support BDO’s strategic goals and priorities in consideration of regular adjustments regarding our need for competence. We map how much competence we have, compare it to the need for competence and try to identify the gap, adjusting our courses and training activities correspondingly.
We continuously emphasise that our training shall be technically and pedagogically updated – and that we apply all the opportunities digital solutions offer us.
Development
We say that «BDO shall be a great place to work for committed, motivated and competent employees and partners». This obliges us with regards to what we offer and how we prepare for technical and personal development for the whole firm. Everybody in BDO shall have the opportunity to relevant development, follow-up and acknowledgement they deserve and need – to continue being committed, motivated and competent – and to deliver quality and excellent client experiences.
We have established processes and tools to ensure the continuous management and staff development. All employees and partners have their individual development plan with clear goals and activities contributing to the desired development. Everybody shall have
a performance review with his/her personnel officer three times a year. This is a structured, prepared discussion about the employee’s technical and personal development. It is a tool to secure BDO’s employees have the right competence, commitment, and motivation, as well as a mutual «binding» dialogue about a short- and long-term career planning. In addition, «15:3 talks» are carried out during the year – 15 minutes’ status with three fixed questions between the leader and employee.
All employees in BDO shall get feedback in an organised and systematic manner through our system for evaluations in our HRM system, Workday. The evaluations shall primarily give qualitative and constructive feedback focusing on both perceived strengths and areas for development.
Leaders are measured by annual leader evaluations, and any improvement areas shall be included in the leader’s development plan. In addition, we have a number of feedback and evaluation systems that are both simple and more extensive – voluntary and ad hoc, or mandatory.
All employees and partners shall know what is expected of them in the daily work and in their role. Everybody shall be familiar with the opportunities and offers to further development., whether related to technical specialisation, leadership, sales, market, system competence, presentation technics or other.
Continuing education
The Norwegian Audit and Auditors Act requires all state authorised public accountants to complete continuing education. All state authorised public accountants in BDO complete such education, and BDO records all continuing education hours in our own digital course portal. BDO’s requirements are stricter than the Audit and Auditors Act for audit engagement partners, and specific hourly requirements have been determined within each technical category to be complied with by those auditors.
The requirements for continuing education are met through participation in internal or external courses and conferences. BDO reviews continuing education hours annually to ensure that the legal and BDO’s internal requirements are met.
BDO may require a certain basic knowledge among employees and partners within various topics. Training in these areas can be mandatory for all or some employees and partners. Such training must be carried out regardless of whether the person already has met the requirement for continuing education.
Statement on continuing education
Pursuant to the EU’s Statutory Audit Regulation art. 13.2(h), BDO confirms that we have prepared for, and control that auditors in charge of audit engagements have adequate continuing education within the requirements in the Norwegian Audit and Auditors Act. As at 31.12.23, there were no violations of the requirements for continuing education.
22 TRANSPARENCY REPORT 2023
Technology resources
Technology and audit
In BDO, technology is a natural part of the audit. This is apparent in our use of smart digital solutions and our digital competence. The combination enables us to deliver effective and value-adding, high quality audits..
Digital solutions
BDO’s portfolio of digital solutions comprises third-party applications, in-house developed systems and solutions from BDO’s global organisation. The development, operations and management of audit-relevant systems and applications is carried out in close cooperation between the IT department, the technical department and the unit «Digital Revisjon». In addition to safeguarding the systems, our clients shall be certain that we manage their data in a good manner. All data is therefore handled in accordance with current laws and regulations in addition to BDO’s internal procedures and guidelines. You can read more about information security here.
Our most important digital solutions include:
• The audit tool Audit Process Tool (APT)
APT is BDO’s global audit tool and is used by auditors to plan, document, perform and conclude an audit. The audit tool enhances the quality of our audit and secures compliance with the ISAs as it is scalable and adjusted to clients, complexity and industry.
The flexible platform on which the audit tool is built is developed in cooperation with Microsoft and helps the audit teams to cooperate effectively on large as well as small engagements, also across national borders. In addition, the tool is prepared for seamless integrations with other support systems used in daily operations.
• The data and analysis tool Heartbeat
BDO applies the data and analysis platform Heartbeat for data analyses in the audit. The platform is developed by BDO in Norway and thereby tailored for BDO’s clients. This implies integration with private and public data sources and direct integration with our clients’ accounting systems. The work with obtaining updated accounting data for our clients and BDO is simplified, and the automation of data flows reduces the risk of errors as a consequence of manual data handling.
• Salesforce
Salesforce is our CRM system. In addition to traditional CRM tasks like sales and client contact, we use Salesforce in our processes for acceptance and continuation of client relationships and our anti-money laundering tasks.
• BDO’s client portal
Our client portal is a seamless and safe workplace for information sharing and interaction between BDO and our clients. The portal benefits all clients in all service areas and contributes to secure and effective communication in connection with following up tasks and sharing documents.
Formal guidelines have been established to ensure the reliability of the technological tools applied. This includes procedures and processes for the maintenance of our global audit tools, formal authorisation procedures for both technical and professional changes in the tools etc. Any change is subject to thorough discussions and documentation to secure verifiability. Technology tools depending on functionality from our international network are managed through formal test programmes carried out by the global network.
Digital competence
The requirement of technology understanding among the auditors increases in line with the technological progress and digitalisation in the business community. Digital competence is therefore systemised and a natural part of BDO’s training and development. You can read more about learning and development in BDO here. This applies to the use of digital tools as well as understanding the technology used by our clients. In that manner, we secure the audit quality, also when we facing complex issues related to data and technology at our clients.
23 TRANSPARENCY REPORT 2023
Intellectual resources
Intellectual resources comprise information used to secure the implementation of the quality management system and facilitate consistency in the execution of engagements. In BDO, we focus on acquiring and applying intellectual resources contributing to promote high quality and consistency in performing engagements. We have established guidelines for the use or intellectual resources. They include requirements to use specific types of intellectual resources when executing engagements, such as designing and preparing engagement letters and statutory reporting to clients and public authorities.
Outsourcing
As an audit and accounting firm, BDO is subject to certain specific requirements when outsourcing any of our business. Outsourcing implies the use of external contractors to carry out tasks that are part of our services subject to licensing. An agreement on the right to use software, platform and/or infrastructure (ICT systems and services) operated by the contractor on the the contractor’s servers, typically «SaaS (Software as a Service)» agreements, is also considered to be outsourcing by the regulators. BDO has established processes and guidelines to comply with relevant laws and regulations concerning outsourcing.
Information security and data protection
In BDO, we have roles requiring our clients and the outside world to have confidence in us. To secure this confidence, we very much depend on handling data in a good manner. Hence, we focus on information security and data protection in all our work. All data is managed in accordance with prevailing regulations in addition to BDO’s internal procedures and guidelines for information security and data protection.
Organisation
BDO has a dedicated role (CISO) for managing the information security work and a security team. The CISO is responsible for leading and implementing the organisation’s overall strategy for information security. The security team shall ensure that our systems, data and processes are robust and compliant with the newest safety standards.
BDO also has resources in the QRM department engaged in ensuring that the firm complies with the requirements to data protection. A data protection officer has been appointed for the firm.
Management system
BDO has implemented management systems for information security and data protection. BDO’s information security management system (ISMS) is based on the ISO27001 standard, a globally approved standard for information security. This system provides a structured approach to identify, manage and minimise risk related to information security. Our ISMS complies with the industry standards and is regularly reviewed to secure relevance and effectiveness.
BDO’s management system for data protection is based on requirements in the Personal Data Act and the General Data Protection Regulation (GDPR), in addition to the «BDO Global Privacy Programme». The latter contains a set of rules, templates, guidance and information to ensure that companies in the BDO network handles personal data pursuant to GDPR. An important part of the programme is BDO’s binding corporate rules («BDO’s Binding Corporate Rules for Controllers and Processors», approved by the European data protection authorities.
The procedures and guidelines in the management systems are available for all employees on our intranet at all times. These documents are the basis for how employees shall manage, store and share information in their daily work. Through regular reviews and updates, we ensure that our guidelines are in line with the newest requirements and threats..
Education and awareness training
BDO provides continuous and regular training within information security and data protection for all employees. This includes specific training programmes in information security and data protection in addition to “fishing” exercises to increase the awareness around potential security threats. All employees must confirm annually that they comply with our internal procedures and guidelines within information security and data protection.
Security monitoring
Security monitoring of our environment is carried out by a professional external party, This includes continuous monitoring of network traffic, system log files and potential threat indicators
ISO 27001 certification
Many of our systems are delivered by BDO’s global organisation, which is ISO 27001 certified. This implies that we benefit from an internationally approved framework for information security in several of our services and tools.
Annual reviews
in order to main a high standard within information security, BDO carries out annual external independent reviews. These reviews assess the effectiveness of our security systems, identify any weaknesses and provide recommendations for continuous improvement, ensuring that we are proactive in addressing new threats and maintain a solid security level.
24 TRANSPARENCY REPORT 2023
Information and communication
Reliable and relevant information is decisive for BDO’s quality management system. We have established a communication strategy and plan that is actively followed up to ensure that the firm maintains an appropriate system for both internal and external communication.
Written policies and procedures have been established to secure compliance with laws, regulations and professional standards that require the company to communicate information to external parties. This includes reporting of suspicious transactions to “Økokrim” and whistleblowing to the Data Protection Authority in the event of any violations of the personal data security.
BDO has its own system for whistleblowing and discrepancies. It is called #Sifra and is available on our intranet. The whistleblowing system constitutes an important part of our quality management system. Employees are encouraged to give notice of any criticisable matters and discrepancies. Some discrepancies must be notified in the whistleblowing system, like violations of information security procedures that may result in loss of client data or personal data.
BDO presents results from internal quality inspections and other monitoring activities to the controlled object as well as other relevant bodies to secure adequate follow-up and continuous learning and improvement. This includes reporting to the nearest management level and control and management bodies. A communication form like this, contributes to strengthen an organisational culture facilitating effective management and control and promotes the «tone at the top» related to quality.
BDO has established formal guidelines regulating the communication with clients in the event of poor quality This includes situations with findings related to individual engagements indicating lack of required procedures in the execution of the engagement or that the statement from the auditor in charge is incorrect. In such instances, the firm shall consider the consequences for both the client and BDO and implement required measures.
In line with our continuous focus on quality, we regularly organise meetings for central management in the organisation, where we prioritise relevant quality dimensions (Quality in BDO meetings, Partner meetings, etc.). These meetings are designed to engage management in key aspects of the quality work, and they constitute a critical component in strengthening the manner in which quality information is communicated, within management and the entire organisation.
Employee surveys are carried out regularly to evaluate their perception of management’s focus on quality. The results from these surveys provide not only valuable insight, but give a better understanding of how information and communication of quality is communicated and received in the firm.
25 TRANSPARENCY REPORT 2023