BDO Transparency Report 2022

About the Transparency Report

Pursuant to the Norwegian Audit and Auditors Act, BDO is required to publish an annual transparency report. This report shall show how we secure independence and quality in the audit process.

The purpose is to ensure transparency and insight into how we meet our social duties. In this year’s transparency report you can read more about our continuous efforts to improve the quality of the audit.

BDO AS is part of BDO International Limited. «BDO» or «BDO AS» in this report refers to BDO AS with the organisation number 993 606 6501. When we refer to our international network, we use the term BDO Global or BDO International Limited.

1 Numbers and statistics represent both BDO and BDO Advokater.

Trust must be earned

The world of today is characterised by volatility, uncertainty, complexity and ambiguity – on top of a sustainability problem we have to solve together, scarce resources and a number of new threats. This puts higher demands of us and drives the audit profession’s social responsibility forward.

DECISIVE TRUST

BDO Norway has audit clients all over the country and within most industries. We help our clients with their challenges and contribute to securing their values in a sustainable manner.

Well-functioning markets are created by confidence in financial and non-financial reporting from the business society. In BDO, we range the role as persons of trust on behalf of society at the top of the agenda. Each day, almost 2000 BDO people, in 60 offices in Norway, go to work in order to live up to this. Our competent technical environment contributes to strengthening this trust through an independent and objective audit. Openness and integrity is the driving force in our daily work and essential to our social duties.

QUALITY, COMPETENCE AND LEADERSHIP CULTURE

Trust requires quality at all levels. We have an uncompromising view on quality, and a quality system comprising all parts of our

business, from training and guidelines to accountability and monitoring controls. It is also important for us as an organisation to learn from any errors and develop our systems and controls, in addition to strenghtening training where necessary. We continuously invest in competence and new technology in order to work more effectively and ensure quality in the way we work.

The core of a strong competence environment is technical development. Continuous competence enhancement and the right mixture of our employees is vital to delivering services of high quality. We also focus on predictability, attitudes and behaviour. This is basic for trust and creates a culture where employees and partners can feel safe regarding what is expected in the daily work and in their role.

A clarification of the individual leader’s responsibility and a high degree of involvement among all employees are important factors. Our leaders shall be role models for a culture treasuring quality, interdisciplinary cooperation, diversity and development. They shall facilitate flexibility, create a technical fellowship and stimulate self-management.

BDO‘s global vision describes the difference we can make as a business. «People helping people achieve their dreams» summarises why we go to work and why we exist.

FOR A SUSTAINABLE DEVELOPMENT OF THE NORWEGIAN BUSINESS COMMUNITY

Sustainability is an important part of our strategy, nationally as well as globally. Sustainability in BDO is about engagement and the wish to make a difference. For the Norwegian society and business community, and for our own operations.

In our own organisation, we continuously focus on identifying where and how we can reduce our negative footprint – and maximise the positive. As auditors, we are also in a unique position to be a driving force to our clients to incorporate sustainability in their businesses. Our sustainability advisors assist both private and public sector in working determinedly towards a sustainable development and within their own operations.

In BDO, we rise in the morning to help Norwegian enterprises reach their goals and dreams. We take our part of social responsibility seriously and consider openness to be a condition to succeed. In our own firm and the business sector as a whole.

We hope you will find this year’s report informative and interesting.

Enjoy your reading!

Quality creates trust

The users of our auditor’s reports, statements and confirmations shall always be confident that these documents have been issued on an appropriate basis, and that we clearly draw attention to any material misstatement in the accounts or other information on which we issue an opinion.

We implement a number of procedures to ensure the quality of our deliveries. This primarily includes measures to prevent errors from arising, and we work incessantly for a corporate culture pervaded by the fact that we shall deliver high quality. All work carried out is reviewed by at least one other person – with the same or more experience than the one who has performed the work, in addition to a comprehensive internal training program.

We work continuously to improve ourselves and to ensure good quality in everything we do. Although we have established a number of measures to prevent errors, it may happen that a few are not uncovered by the regular quality control. We therefore have a comprehensive plan for quality controls of executed engagements.

In 2022, we carried out such subsequent internal quality controls of 140 audit engagements, and auditors responsible for engagements are controlled every third year as a minimum. Findings from these controls are considered in developing our internal training programme and individual follow-up as needed.

NEW STANDARDS FOR QUALITY MANAGEMENT

On 15th of December 2022, new standards for quality management in audit firms (ISQM 1 and ISQM 2 – International Standards

of Quality Management) became effective. The new standards carry the regulations in the former standard ISQC 1 and also to some extend the requirements related to quality management. ISQM 1 regulates how our internal control system shall be designed. Basically, the standard only regulates our audit business, but we have decided to implement the standard’s requirements in BDO’s other activities as appropriate.

ISQM 2 exclusively concerns how we designate and train engagement quality reviewers - ”second partners” - and how their work is followed up. We apply second partners on engagements of public interest and other engagement we assess having high risk. The second partner’s role is to perform a quality inspection in addition to the review already carried out by the audit team – before the auditor’s report or other statements are issued.

In BDO, we have been introducing these standards since the summer of 2021; hence, all new requirements have been implemented well before 15th of December 2022.

COMPLIANCE

We strengthened our compliance function in 2022. The purpose of this function is to ensure that others in BDO comply

with laws, regulations, ISQM 1 and internal policies and procedures and that our established internal control is functioning as expected. The compliance team reports to the QRM leader on a regular basis, but also quarterly to the internal control committee.

The internal control committee is appointed by the board and is chaired by one of the board members and also comprises five partners from our services areas. The composition of the committee ensures relevant and various competence on internal control in addition go in-depth knowledge about BDO’s operations. The internal control committee reports to the Managing Director and the board about what they consider should come to their attention. In this manner, the board is informed about any serious findings and identified improvement requirements of a certain importance. The compliance function involves all activities in BDO in Norway.

Together with our internal quality reviews (of engagements), the compliance function constitutes our monitoring controls.

COMPETENCE AND CAPACITY IN QRM

We have during 2022 increased the competence and capacity in the QRM department in several areas such as compliance, anti-money laundering, privacy and general legal competence. This has been done partly through external recruiting of persons with relevant experience from other enterprises with licences from Finanstilsynet (the Financial Supervisory Authority of Norway), and partly from our own service areas operating externally in the same technical fields as needed within QRM.

SUPERVISION

Finanstilsynet is our supervisory authority. They carried out a planned periodical supervision at BDO in November 2022. We have still not received any report from this review; it is expected in 2023. Based on the feedback we have had

after the review, we expect comments in some areas – some individual errors and some related to internal policies and procedures and the follow-up of them. We have already implemented measures to improve our guidelines and the supervision of our processes, and also taken initiatives to avoid similar individual misstatement in the future.

We normally have meetings with representatives from Finanstilsynet twice a year, where we discuss what we expect from one another and any relevant specific issues concerning the audit business.

BDO GLOBAL

BDO in Norway is among the ten largest member firms in BDO Global, implying that our global organisation is more concerned with how we in Norway manage audit quality than what is the case for the smaller member firms. Our global organisation and our QRM department have monthly meetings, where the subjects are various aspects of audit quality.

In addition, those who have the overall responsibility for audit quality in the various countries in the EMEA region meet monthly. As the QRM leader, I always attend these meetings, whereas others in the QRM department participate pending on the issues to be discussed.

CONSEQUENCES OF QUALITY DEFICIENCIES

Even though we spend much effort in quality controls and preventing errors, deliveries will in some instances not be of the desired quality. We have various ways to follow up and sanction uncovered errors and deficiencies, depending on the underlying causes. Sanctions carried out in 2022 include follow-up controls and instructions to prepare action plans after the internal quality control, replacements of the responsible auditors and considerable financial deductions in partner compensation. In some instances, several various sanctions have been applied to the same offence.

About BDO

The BDO network is an international network of independent firms in the areas of auditing, tax, accounting and consultancy. All members of BDO International Limited and providing professional services under the brand name BDO.

LEGAL AND ORGANISATIONAL STRUCTURE OF THE NETWORK

Each BDO member firm is a member of BDO International Limited, a UK company with limited liability, either as a voting member (one company per country) or non-voting member. BDO International Limited is the umbrella company in the BDO network and sets the terms for membership in its articles of association.

The BDO network is governed by the BDO International Limited Council, the Global Board and the Global Leadership Team.

The BDO International Limited Council consists of one representative for each voting member and represents the member firms of BDO International Limited in company meetings. The Council approves the network’s central budget, appoints the members of the Global Board and

1 803 OFFICES 111 307 EMPLOYEES WORLDWIDE

129.7 BILL. NOK IN TOTAL TURNOVER 164 COUNTRIES

determines any amendments to BDO International Limited’s articles of association.

The Global Board, which is the board of directors for BDO International Limited, consists of one representative for the BDO network’s seven largest member firms, each appointed for a three-year term and approved by the Council. The Global Board sets priorities for the BDO network and supervises the work performed by the Global Leadership Team. The Global Board convenes at least four times a year.

The Global Leadership Team is responsible for coordinating the activities of the BDO network. The team is led by the Managing Partner and includes the service leaders for Audit & Accounting, Tax, HR & Development, Business Development & Marketing, IT, the managing partners for EMEA, the Americas and Asia Pacific, and the International Secretary.

The Global Leadership Team is supported by the Global

Office through Brussels Worldwide Services BVBA. Brussels Worldwide Services BVBA, a Belgian limited company, provides services in connection with the coordination of the BDO network.

BDO International Limited and Brussels Worldwide Services BVBA do not provide any professional services to clients. Only the member firms, including BDO AS, provide such services.

BDO International Limited, Brussels Worldwide Services BVBA and the member firms of the BDO network are all separate legal entities and have no liability for other entities’ acts or omissions. Nothing in the arrangements or rules of the BDO network shall constitute or imply an agency relationship or a partnership between BDO International Limited, Brussels Worldwide Services BVBA and /or BDO’s member firms.

1 962 EMPLOYEES IN NORWAY

2,8 MRD NOK IN TOTAL TURNOVER

60 OFFICES

184 PARTNERS

PARTICIPANTS IN THE BDO NETWORK IN THE EU/EAA TOTAL TURNOVER FOR AUDIT SERVICES PERFORMED BY BDO IN THE EU/EAA: € 559,012,416.452

COUNTRY

AUSTRIA

AREA

NAMES OF THE BDO COMPANIES IN THE AREA

Austria BDO Salzburg GmbH Wirtschaftsprüfungs - und Steuerberatungsgesellschaft

Austria BDO Austria GmbH Wirtschaftsprüfungs- und Steuerberatungsgesellschaft

Austria BDO Steiermark GmbH Wirtschaftsprüfungs- und Steuerberatungsgesellschaft

Austria BDO Oberösterreich GmbH Wirtschaftsprüfungs - und Steuerberatungsgesellschaft

Austria BDO Audit GmbH Wirtschaftsprüfungs- und Steuerberatungsgesellschaft

BELGIUM Belgium BDO Bedrijfsrevisoren BV / Réviseurs d’Entreprises SRL

BULGARIA Bulgaria BDO Bulgaria OOD

CROATIA

Croatia BDO Croatia D.O.O.

Albania BDO Albania Sh.P.K.

Sarajevo BDO BH d.o.o. Sarajevo

Sarajevo BDO BH d.o.o. Sarajevo

CYPRUS Cyprus BDO Limited

CZECH REPUBLIC Czech Republic BDO Audit s.r.o

Czech Republic BDO Group s.r.o.

Czech Republic BDO Czech Republic s.r.o.

DENMARK Denmark BDO Statsautoriseret revisionsaktieselskab

Denmark BDO Holding VI, Statsautoriseret Revisionsaktieselskab

ESTONIA Estonia Aktsiaselts BDO Eesti

FINLAND

FRANCE

Finland BDO Oy

Finland BDO Audiator Oy

France BDO France

France BDO AUDIT DES ACTIVITES SOCIALES

France BDO PARIS ENTREPRISES

France BDO PARIS AUDIT PME

France BDO ATLANTIQUE

France BDO RENNES

France BDO LYON AUDIT

France BDO IDF

France BDO LES HERBIERS

France BDO FONTENAY LE COMTE

France BDO NANTES

France BDO LES ULIS

France BDO Paris Audit & Advisory

France BDO Méditerranée

GERMANY Germany BDO AG Wirtschaftsprüfungsgesellschaft

Germany BDO Oldenburg GmbH & Co KG Wirtschaftsprüfungsgesellschaft

Germany BDO DPI AG Wirtschaftsprüfungsgesellschaft

Germany BDO Dr. Daiber Audit GmbH

GIBRALTAR Gibraltar BDO Limited

COUNTRY AREA

NAMES OF THE BDO COMPANIES IN THE AREA

GREECE Greece BDO CERTIFIED PUBLIC ACCOUNTANTS S.A.

Greece BDO Services SA

HUNGARY Hungary BDO Hungary Audit Ltd

ICELAND Iceland BDO ehf.

IRELAND Ireland BDO

ITALY Italy BDO Italia S.p.A.

LATVIA Latvia BDO Assurance, LLC

LIECHTENSTEIN Liechtenstein BDO (Liechtenstein) AG

LITHUANIA Lithuania BDO Auditas ir Apskaita, UAB

LUXEMBOURG Luxembourg BDO Audit

MALTA Malta BDO Malta CPAs

NETHERLANDS Netherlands BDO Audit & Assurance B.V.

NORWAY Norway BDO AS

POLAND

Poland BDO Spółka z ograniczoną odpowiedzialnością Sp. K.

Poland BDO Legal Latala is Wspólnicy Sp.K.

PORTUGAL Portugal BDO & Associados, SROC, Lda

ROMANIA

Romania BDO Audit SRL

Romania BDO Auditors & Accountants SRL

Romania BDO Auditors and Business Advisors SRL

SLOVAK REPUBLIC Slovak Republic BDO Audit, spol. s r.o.

SLOVENIA

Slovenia BDO Revizija d.o.o.

SPAIN Spain BDO Auditores, S.L.P.

Spain BDO Audiberia Abogados y Asesores Tributarios, S.L.P.

SWEDEN Sweden BDO AB

Sweden BDO Göteborg AB

Sweden BDO Göteborg Intressenter AB

Sweden BDO Göteborg KB

Sweden BDO Mälardalen AB

Sweden BDO Mälardalen Intressenter AB

Sweden BDO Norr AB

Sweden BDO Norr Intressenter AB

Sweden BDO Stockholm AB

Sweden BDO Sweden AB

Sweden BDO Syd AB

Sweden BDO Syd Intressenter AB

Sweden BDO Syd KB

2 Please note that BDO firms have different year-end dates and the total amount stated is a combination of statutory audit turnover of EU/EAA member firms for their last accounting year. For each firm using another currency than EUR, an average rate is applied for the period they reported.

BDO IN NORWAY

BDO is organised as a limited company and is an audit firm authorised pursuant to the Norwegian Audit and Auditors Act. BDO is also an external accounting firm authorised under the Norwegian Authorisation of Accountants Act. BDO’s business in Norway is carried out by the companies BDO AS (org. no. 993 606 650) and BDO Advokater AS (org. no. 996 798 577). These two companies have no ownership in each other, but all equity partners in BDO Advokater AS are also equity partners in BDO AS. The profit sharing is performed on the basis of the total results from BDO AS and BDO Advokater AS.

BDO AS is the principal in BDO Internal partnership, in which all the shareholders in BDO AS participate as individual silent partners. The company model has been established for practical reasons. BDO AS cannot conduct any business other than what is conducted through the BDO Internal partnership.

BDO AS is the only member of the of the limited company meeting, but all the participants are entitled to attend. Prior to each company meeting, a partner meeting is held which, with binding effect for the principal, makes decisions on issues to be discussed by the company meeting.

BDO’s operations in Norway are wholly owned by equity partners. As of 31st of December 2022, there were 138 owners of BDO AS, of which 103 were audit partners, 11 advisory partners, 11 legal partners and 12 accounting partners, in addition to 1 partner who is engaged in national management. All partners in BDO AS have an equal ownership share; they are listed in the last part of this report. All partners are individual silent partners in BDO Internal partnership, with the addition of 8 partners without project responsibilities (ambassadors).

Legal entities operating for BDO Norway or in which BDO has ownership shares:

BDO’s business in Norway is operated by

• BDO AS (org.no. 993 606 650)

• BDO Advokater AS (org.no. 996 798 577)

As of 31st of December 2022, BDO has the following wholly-owned subsidiaries:

• Evolver by BDO AS (org.no. 923 134 875)

• Noraudit AS (org.no. 968 008 358)

• Inter Revisjon Norge AS (org.no. 915 915 167)

BDO AS also has ownership shares in the following companies:

• Ørje Næringspark AS (org.no. 989 686 984)

• Økonomiklyngen AS (org.no. 917 592 950)

• Godt Sagt AS (org.no. 987 917 091)2

• Molde Sentrum AS (org.no. 961 893 992)

All across Norway, thousands of businesses and organisations work hard to create value and BDO is there to help them. We are an international consultancy and audit firm deeply rooted in Norwegian society and business community. We are familiar with the challenges, see the opportunities and make strong commitments to help our clients reach their goals.

We have 1962 employees and 60 offices in Norway

Our clients range from large, worldwide companies to small and medium-sized enterprises. We have clients from most industries in both private and public sectors. When necessary, we collaborate with large parts of the BDO network on international as well as Norwegian clients.

Our values reflect our internal company culture. OPEN. CLOSE. BRAVE. Transparency shall contribute to improvement. Our clients shall perceive us as open and attentive. We shall work closely with each other and with our clients with the appropriate expertise. Our integrity as auditors and consultants shall be high – also in other areas than our profession requires. This implies that we must have the courage to challenge the clients, the market as well as ourselves.

CORPORATE STRUCTURE General meeting

The general meeting of BDO AS is executed in accordance with the Norwegian Limited Liability Companies Act, the company’s articles of association and shareholder agreement, and it elects the board of directors of BDO AS. The board of directors of BDO AS Internal partnership comprises the same members as those at any time elected as chair and members of the board of directors of BDO AS. The company board is responsible for BDO’s operations.

Nomination committee

The nomination committee is elected by the general meeting of BDO AS and shall propose members for the board of directors. The nomination committee has three members and one deputy member. The composition of the nomination committee shall reflect the varying sizes of the departments. No region may have more than one member in the nomination committee.

Board of directors

The representation on the board of directors shall reflect the individual department’s size as well as geographical location. The board of directors must at all times represent a combined expertise that serves the partners. Employees are entitled to representation on the board pursuant to section 6-4 of the Norwegian Limited Liability Companies Act.

The board of directors shall comprise 5 to 8 members as decided by the general meeting, with the addition of employee representatives. The board consists of 10 members of which 3 represent the employees. The board members are elected for a period of up to 2 years.

The chair is elected by the general meeting, and the board appoints the deputy chair. According to BDO AS’ articles of association, the board must have a composition that meets the prevailing requirements of the Norwegian Audit and Auditors Act. This implies that the majority of both the members and the deputy members of the board must be authorised auditors.

The Board of Directors has the following members:

• Chair Ingjer Ofstad, Partner

• Deputy Chair Henrik Dagestad, Partner

• Anne Merete Vorpenes, Partner

• Knut Haugen, Partner

• Kåre Rødssæteren, Partner

• Cathrine Sæther Karlsen, Partner

• Yngve Gjethammer, Partner

• Svein Zwygart, Manager

• Ingrid Lønmo Cappelen, Senior Manager

• Kristine Vasseng, Manager

Organisation of the business

BDO AS shall have a managing partner appointed by the board of BDO AS. The managing partner in BDO AS shall also be the managing partner of BDO Internal partnership.

BDO has 60 offices in Norway headed by an office manager. Each office is part of a region. As of 31st of December 2022, BDO has 10 regions. Each region is a separate financial entity distributing its profit among the equity partners of the entity.

Managing partner and management group

The managing partner’s role and responsibilities are determined by the board of directors’ instructions for the managing partner.

The managing partner reports directly to the company board and presents a summary of the business developments and the most important goals in the time to come. The managing partner keeps the employees continuously informed through weekly vlogs, monthly information meetings, office visits and presentations at internal events, thereby providing knowledge about BDO’s focus and operations. This also gives individuals an opportunity to raise issues directly with the managing partner.

Together with the national management group, the managing partner prepares BDO’s business strategy and ensures that it is implemented when adopted by BDO’s board. The national management group has monthly meetings.

Members of the national management group:

• Martin Aasen, Managing Partner

• Roger Telle-Hansen, Partner / Head of Region Stor-Oslo

• Stein Rhoar Juul, Partner / Head of Region SørVest

• Knut Evensen, Partner / Head of Region Østfold/Follo

• Tom Aleksandersen, Partner / Head of Region MidtNord

• Eirik Meling Veien, Finance Director

• Jørgen Brodtkorb, IT Director

• Kristina Bors, HR Director

• Kjersti Svang Olsen, Market & Communications Director

• Steinar Andersen, Partner / Head of QRM

• Gro Hovde Fiksdahl, Director / Head of internal Sustainability

• Hanne Fritzsønn, Partner / Head of service area Tax & Legal

• Erik H. Lie, Partner / Head of service area Audit & Assurance

• Andreas Ystgaard Tjemsland, Partner / Head of service area Business Services

• Morten Thuve, Partner / Head of service area Consulting

* The financial figures include BDO Advokater AS. Revenue between BDO AS and BDO Advokater AS has been eliminated.

Quality in BDO

RISK ASSESSMENT PROCESS

According to the international standard for quality management (ISQM1), the audit firm shall design and implement a process for risk assessments. The standard applies for audit and assurance services. The risk process comprises

• establishing quality objectives

• identifying and assessing quality risks

• designing and implementing measures to manage the quality risks

BDO has set quality objectives in accordance with the quality standard’s components (following the headings below), and risks related to these components have been identified. The components are also established in BDO Global’s ‘System of Quality Management’ (SoQM).

Even though the standard applies for audit etc., many risks in a shared system for risk management are relevant for all service areas. Hence, some risks concern all departments, while others are specific for some service areas: audit, accounting, consulting, tax and legal and internal shared services. The risks are assessed (quantified) for remaining risk, both regarding the geographical dimension (regions), the service dimension and our internal shared services: finance, IT, HR, market and communication, technical departments and QRM.

Control measures are also established in the risk assessment process. They include measures that reduce or manage inherent risk and future initiatives to reduce the remaining risk. In a continuous process, both implemented measures and the introduction of new measures will be followed up, partly by those responsible for the risk and and party by the department

for quality management (QRM) (ref. the paragraph on monitoring and improvement processes below).

Pursuant to the regulation on risk management and internal control, the audit firm shall also perform a risk assessment comprising the entire business. As it includes all service areas, several of the risks according to the quality standard mentioned above will be relevant, and as such a basis for making joint risks applicable for everyone. The company will also have separate objectives for the entire business related to both quality and quantity. Hence, the process for risk management is carried out correspondingly for these risk as for the quality objectives in the standard. These risk and measures are assessed by the national management group.

The Managing Partner in BDO provides a summary of risk management and measures in reports to the board. BDO’s auditors also receive reports and documentation for their confirmation of the process.

CORPORATE GOVERNANCE

The system for quality management is ensured through the process for risk management. It shall secure that BDO considers the type of audit engagement and relevant circumstances in exercising its professional judgment.

The board of directors has the overall responsibility for quality at BDO and ensures that the managing partner attends to his or her operational duties through satisfactory systems for quality control, risk management and internal controls in the business. A separate internal control committee monitoring the internal control at a company level (compliance controls) has been established.

It is selected by and among the partners, with a board member as the leader. The internal control committee reports to the managing partner and the board.

Management ensures that the company has established appropriate governance with respect to the company’s obligations to quality, including a culture for quality, roles and responsibilities, actions and behaviour, organisation and allocation of resources. Through policies and procedures, the company has set the framework for the business that shall substantiate the quality requirements.

The head of Quality and Risk Management (QRM) in BDO has the operational responsibility for designing and implementing the company’s quality and risk management system. QRM has a dedicated team in the company’s internal staff taking care of the strategical and operational second line control. QRM’s function ensures the board that BDO as a supplier of auditing, accounting, consultancy and legal services meets requirements and expectations. The work is carried out along three dimensions:

• Preventive activities

- Developing policies and procedures

- Providing information, courses and other training activities

- Building a quality-oriented company culture

• Ongoing assistance and advice in individual matters

- Consulting with partners and employees

- Handling complaints and insurance matters

- Having dialogues with external supervisory bodies

- Reporting suspicious transactions to Økokrim

• Review and monitoring of compliance

- Coordinating and conducting internal quality inspections

- Verifying compliance with external and internal guidelines and requirements

- Keeping the managing partner and the board currently updated on important issues.

ETHICAL REQUIREMENTS

Ethical requirements and independence

BDO has ethical guidelines set by the company’s board of directors. We impose absolute requirements for the integrity and independence of employees and partners. We must be independent as well as perceived as such by our clients. This implies that we cannot provide services to or enter into business relationships with our clients that may affect our professional role.

When hired, and thereafter at least annually, all employees confirm that they know and follow our ethical guidelines and thereby also confirming their independence of our clients. This is supplemented by training activities for employees regarding our ethical guidelines and ongoing monitoring of compliance with independence rules. In addition, all employees and partners engaged in each audit team confirm their independence on all audit engagements.

Our ethical guidelines are more comprehensive than required by laws and standards to ensure BDO’s independence.

Limitations concerning investments

Management, partners, directors, state authorized public accountants and board members in BDO cannot have investments in companies audited by BDO. This also applies for members of the audit team in question. There are also corresponding limitations for their spouses/co-habitants/ partners, but they may apply for exceptions for insignificant investments. The definition of spouses/co-habitants/partners is the same as in the Audit and Auditors Act. Management, board members and persons with access to non-public information concerning the client cannot have investments in BDO’s clients of public interest (regardless of service delivery). Other employees cannot have significant investments in companies audited by BDO. Should BDO accept an audit engagement where any of the above circumstances applies, the persons in question will be requested to dispose of their investments. Investments shall be registered in the register for board positions and investments.

Limitations concerning board positions

As a general rule, employees and partners may not be board members. The same applies for similar positions, such as members of audit committees, shareholder committees and the like. Exceptions to the general rule may be approved when applied for, and registered n the register for board positions and investments.

Gifts and anti-corruption

BDO has zero tolerance for corruption, and there shall be no bribery between us and our business associates. We shall under no circumstances receive gifts, discounts on goods or services, or other benefits from our business relations in return for, or expectation of, return services. Gifts, invitations or expense coverage shall always be turned down, unless it is of symbolic value or regarded as a courtesy gift. The same applies when BDO is the contributor.

Rotation

For public-interest entities audited by BDO, rotation plans have been prepared in order to comply with the independence requirements of the Norwegian Audit and Auditors Act, the EU Statutory Audit Regulation, and IESBA’s Code of Ethics. For auditors responsible for engagements, second partners and co-partners, this implies that they are rotated out of the engagement after 7 years at the latest. The same applies for leading employees (state authorized auditors and managers) on the engagement, but they can remain longer if it is considered appropriate and has been agreed with QRM. Audit firms must be changed after a maximum of 20 years. As a general rule, changing audit firms is the client’s own responsibility,

ACCEPTANCE AND CONTINUANCE OF CLIENT RELATIONSHIPS AND SPECIFIC ENGAGEMENTS Acceptance of clients and engagements

BDO has procedures for acceptance of new clients and engagements, and QRM carries out controls on an ongoing basis to ensure that these procedures are complied with. Much of the work connected with acceptance and continuance of client relationships is carried out by a team of dedicated resources, the KYC team. The team has competence on antimoney laundering and general risk assessment concerning client relationships and is an important partner for the client teams

Our procedures include:

• Conflict checks to uncover possible independence and interest conflicts

• Independence checks to ensure formal independence between our clients and our leading employees

• Engagement assessments to uncover other risk factors, including requirements for special expertise on the team carrying out the engagement, and requirements related to the Norwegian Anti-Money Laundering Act

• Inquiry to the previous auditor

• Annual confirmation from all employees that procedures for client acceptance are known and that training activities related to client and engagement acceptance have been carried out

• Barrier that prevents a client from being registered in internal systems before the procedure for client acceptance has been completed.

For clients with international connections, we also perform conflict and independent checks in our international network.

EXECUTION OF ENGAGEMENTS Audit methodology

BDO’s audit methodology has been developed globally and is

based on the International Standards on Auditing (ISAs) issued by the International Auditing and Assurance Standards Board (IAASB). The methodology is divided into the following phases:

• Definition and scoping

• Planning

• Obtaining audit evidence

• Completion

The audit methodology ensures that we comply with the auditing standards and that the audit is concentrated on the areas with the highest risk. In 2022, the methodology was changed and updated as a consequence of amended international auditing standards. The methodology is used by all auditors in BDO globally to ensure consistent quality worldwide.

Tools, data and technology

APT is BDO’s global audit tool and is used by auditors for planning, documenting, executing and concluding the audit. The audit tool enhances the quality of our audit and ensures compliance with the ISAs as it is scalable and can be adjusted to types of clients, complexity and industry.

The flexible technology platform on which the audit tool is built has been developed in collaboration with Microsoft and enables the audit teams to cooperate efficiently on both large and small engagements, including cross-border audit engagements. The tool is also designed for seamless integration with other support systems used in daily operations.

BDO in Norway has developed the tool Heartbeat, a data and analysis platform directly integrating with our clients’ accounting systems. During the audit we have access to the client’s digital systems, which simplifies obtaining updated accounting data for our clients and BDO. Our clients want increasingly more insight into their own operations and the markets in which they operate. We therefore work continuously on identifying and integrating new data sources.

Our client portal is a seamless and secure workplace for information sharing and interaction between BDO and our clients. The portal provides advantages for all clients in all service areas and contributes to secure and effective communication in connection with monitoring engagements and sharing documents.

We regard data as a valuable asset in BDO, and our clients must be confident that we administer their data in a good manner. All client data is therefore processed according to

laws and regulations, in addition to BDO’s own policies for use of client data and information security.

Consultations

The audit teams consult with qualified persons who are independent of the audit team, or the Technical Support Department or QRM, if difficult or disputed questions arise in connection with the performance of the audit. QRM has prepared guidelines for consultations. For certain issues, we are also required to consult with our global organisation.

Engagement review

EU’s audit regulation was effective in Norway from 1st of January 2021. The regulation determines particular requirements in audits of public interest entities, such as specified requirements of appointing engagement reviewers and the execution of engagement reviews.

The quality standard ISQM 2 came into effect for financial statements with accounting years starting on 15 December 2022 or later. ISQM 2 has stricter requirements for assessing the engagement reviewers’ qualifications than before. The requirements to the reviewer’s documentation of executed work have been strengthened, and the same applies for timely performance of the work. BDO has updated internal procedures pursuant to the requirements in the audit regulation and the new quality standard.

BDO designates engagement reviewers («second partners») on all public interest companies and other clients defined as risk engagements. Second partners are appointed on the basis of expertise and capacity. The purpose of a second partner is to ensure an objective evaluation of the significant judgmental assessments made by the audit team and the conclusions they have arrived at in the audit. The second partner can therefore not be part of the audit team on the client in question.

Accreditation requirements etc. for certain types of engagements: Engagements of public interest entities, companies listed on various non-regulated markets and/or companies preparing financial statements according to IFRS require special competence and due care from us as auditors. This typically applies to companies subject to special legislation and are of significant social importance and interest. BDO has therefore determined various accreditation requirements of those responsible for engagements and managers on these engagements. The requirements also apply for those carrying out quality reviews as second partners on audit engagements.

The accreditation is divided into the main categories «Public interest» and «IFRS».

The public interest accreditation is required for enterprises with listed securities (shares, bonds, equity certificates etc.) in regulated markets in Norway or within the EU/EAA. Public interest accreditation for bank and finance is required for audit and accounting engagements for banks, credit institutions, finance institutions, insurance companies and pension funds with operations requiring a licence from Finanstilsynet.

General IFRS accreditation is required for all audit and accounting engagements of enterprises with securities listed on regulated and non-regulated markets with company accounts or consolidated financial statements reporting pursuant to IFRS. The IFRS accreditation for bank and finance is required for banks, credit institutions and insurance companies (including pension funds) preparing accounts according to IFRS or other relevant annual accounts regulation.

In order to achieve accreditation, certain training programmes must be carried out, including both basic training and annual updates.

Audit engagements of public interest entities and risk clients shall also be subject to IFRS reviews if the accounts have been prepared in accordance with IFRS. The objective of an IFRS review is to uncover possible misstatement and deviations from IFRS. IFRS reviews are carried out by persons associated with or appointed by the technical department and not part of the audit team.

RESOURCES

Human resources

BDO has both human and technological resources. BDO’s personnel is employed, trained and has the right competence for executing engagements in a good manner as well as for operating BDO’s systems for quality management. BDO devotes significant resources in developing employees, we believe in an approach cultivating the strengths of each individual employee. BDO is focused on staff development, and employee surveys demonstrate that the employees feel comfortable and are motivated.

Continuing education

The Norwegian Audit and Auditors Act requires all state authorized public accountants to take continuing education.

All state authorized public accountants in BDO complete such education, and we record and monitor continuing education hours in our own digital course portal. BDO’s requirements are stricter than the Audit and Auditors Act for auditors responsible for engagements, and specific hourly requirements have been determined within each technical category to be complied with by those in charge of engagements.

The requirements for continuing education are met through participation in internal and/or external courses and conferences. In addition, our goal is that everyone working with auditing has continuing education corresponding to at least 5 course days annually. HR Learning in BDO reviews annual continuing education hours to ensure that the legal and BDO’s requirements are met.

Technological resources

In order to work efficiently and effectively, BDO applies technological resources acquired or developed to perform our tasks and ensure that the quality management system is carried out. For all systems applied, we focus on information security and privacy to protect our information.

Information security and privacy

Many of our systems are supplied by BDO Global IT. BDO Global IT is ISO 27001 certified by the auditing body DEKRA. By passing DEKRA’s external audit, we can be certain that our services are in accordance with the internationally approved ISO 27001 standard for information security.

We apply an external service to continuously monitor the traffic in our own network in addition to penetration testing of our infrastructure.

To enable us to fulfil our obligations under the data protection regulations and process data in an efficient manner, we follow the “BDO Global Privacy Programme”. An important part of the programme is BDO’s global data protection policy (“BDO’s Binding Corporate Rules for Controllers and Processors”), in addition to other training material, guidelines and templates. The policy has been designed in line with the provisions in the GDPR. Compliance with BDO’s global data protection policy is a requirement for all members of the BDO network.

INFORMATION AND COMMUNICATION

Information and communication is vital for the work carried out in audit. BDO has a communication strategy and a communication plan for the company that is complied with

and contributes to secure internal and external communication. In 2022, we initiated a survey to all employees to map their perception of management’s focus on quality. We have also updated internal instructions such as «the tone from the top» clearly reflects BDO’s responsibility for quality. Towards the end of 2022, BDO started to use BDO Global’s tool for quality management. The system captures the statutory, annual risk assessment we perform and shall be used to document measures, controls and any findings affecting our risk picture.

BDO is obliged to report any suspicious transactions to Økokrim and to the Data Protection Authority in the event of any violations of the personal data security.

THE MONITORING AND IMPROVEMENT PROCESS Monitoring

Monitoring at the company level

BDO has established a compliance team to monitor internal controls carried out in the service lines, in internal shared functions and QRM. A dedicated partner is responsible for compliance at the company level. In addition, an internal control committee has been established, comprising equity partners who supervise monitoring at a company level. The committee has been appointed by, and reports to, the BDO board.

The compliance team controls that we comply with legislation, standards and internal guidelines for client acceptance, including anti-money laundering, independence, ethical requirements and human resources. Various control mechanisms are applied, based on tests as well as embedded controls/alerts in our systems. Deviations uncovered by compliance controls are followed up individually, and national measures are implemented in the event of repeated findings. Such findings are reported to the internal control committee.

Annual internal quality inspection

BDO has implemented a system for internal quality inspection to ensure high quality in all deliveries and to secure compliance with technical standards and internal policies and procedures. The system applies to all service areas, but this transparency report only includes what is applicable for audit. The system for internal quality control in BDO Norway is based on our global organisation’s inspection programme.

The quality inspection is carried out for all auditors responsible for engagements every third year as a minimum. New audit

partners in charge shall have a quality inspection in the first year they sign auditor’s reports. A review object may be subject to a quality inspection more frequently than every third year – based on a risk assessment or as randomly selected for review.

Quality controls can be carried out as a measure after external inspections and other events demanding closer follow-up. Control procedures may also be performed on some parts of an engagement. This type of monitoring can be carried out by analytical procedures, like random or pointed selections and/or based on a risk assessment. The reviews may be performed as often as appropriate to enhance quality in the service delivery or reduce the risk.

The internal quality inspection comprises a given number of engagements per review object and is executed by a team of two experienced auditors. All quality reviewers complete annual training. In order to ensure independence, the reviewer cannot review engagements in his or her own department or office.

Findings from the quality inspection are considered by a quality control committee. When the reviews have been completed, a committee meeting is held and the findings discussed.

Non-compliance concerning quality can result in financial sanctions against the responsible auditor. The quality control committee can also propose to the board that the person in question loses the right to sign on all engagements or some types of engagements, as a consequence of issues uncovered by monitoring at an engagement level.

The result of each quality inspection is communicated to the auditor reviewed and his or her leader. The result of all reviews is reported to the management of BDO. The report includes an analysis of assumed root causes for errors and deviations and suggestions for relevant measures. The quality inspection results are also discussed in information meetings for partners, and findings from the reviews are the basis for courses, training and developing support tools to secure continuous improvement.

Quality inspection by BDO Global

Our international network conducts quality inspections of BDO in Norway at least once every third year. These inspections include reviewing internal policies and procedures and compliance with them in addition to reviews of a number

of audit engagements. The last review from BDO Global took place in November 2020. We received a report in May 2021 with some individual findings on inadequate formalisation of some written procedures and compliance controls. We have worked on these deviations and improvement measures have been implemented.

Inspections by Finanstilsynet

As BDO is auditing entities of public interest, we are subject to a firm inspection by Finanstilsynet every third year. The firm inspection entails a review of our organisation and procedures in key areas, as well as a sample of randomly selected audit engagements. The firm inspection shall also include an assessment of our internal quality inspection, and the results are documented in a written report. Finanstilsynet may also conduct other forms of reviews, either through visits to us or based on documentation we submit upon request.

Firm inspections

Finanstilsynet’s firm inspection is part of the regular supervisory duties with the largest auditing firms. The inspection comprises a control of several audit engagements, as well as a review of internal policies and procedures. The most recent ordinary firm inspection of BDO took place in November 2022. The final report from this inspection has not been published when this transparency report is presented, but will be made available on Finanstilsynet’s websites when published. The last report from a firm inspection of BDO is dated 18th of May 2020.

Other inspections

Finanstilsynet performs other inspections of the audit profession in general, including on-site and topic inspections. Reports from Finanstilsynet’s various inspections are published on their website www.finanstilsynet.no/tilsyn.

STATEMENTS

Statements on independence measures

BDO confirms, pursuant to Article 13.2(g) of the EU Statutory Audit Regulation, that we have internal policies and procedures for compliance with and review of independence on audit engagements and that BDO meets the requirements of laws, standards and internal policies and procedures. Independence is confirmed by each individual team member in addition to the engagement partner of the team’s independence in the annual continuation assessment for all partners and employees. Quality and Risk management conducts reviews for compliance with the independence regulations and BDO’s internal ethical guidelines.

Statement on continuing education

Audit Regulation, that we facilitate and verify that auditors responsible for engagements have adequate continuing education according to the requirements of the Norwegian Audit and Auditors Act. As at 31 December 2022, there had been no violations of the continuing education requirements pursuant to the above act.

STATEMENT FROM THE BOARD OF DIRECTORS REGARDING THE QUALITY CONTROL SYSTEM

The board of directors is responsible for BDO’s quality system. The system has been prepared and implemented to ensure satisfactory quality on the work carried out by employees and partners at all times. The board’s duty is to ensure that the system functions satisfactorily, while the managing partner and QRM shall ensure that prevailing guidelines and routines for independence are complied with.

In the BDO board’s opinion, the quality system functions effectively. The board deals with matters concerning breaches of approved guidelines for quality. BDO’s board and management use the main conclusions from the quality control work to provide recommendations to practising employees and partners. In our view, BDO’s quality system has functioned satisfactorily in the period. The same applies to BDO’s guidelines for ensuring that the auditors comply with the independence requirements.

Leif Åge Aabø

Sven Mozart Aarvold

Siv Irene Aasen

Martin Aasen

Magne Aasheim

Tom Aleksandersen

Arne Almklov

Alexander Amundsen

Steinar Andersen

Knut Andreassen

Kjetil Andrè Ardem

Yngve Aslaksrud

Anders Olai Aunli

Jan Ove Bergin

Arnfred Lennart Berntsen

Anders Bjerke

Thomas Bjørseth

Gro Kristin Borchgrevink

Dagfinn Buset

Norunn Byrkjeland

Charlotte Bårdsen

Kjetil Bårdsen

Eli-Ann Murberg Casso

Henrik Dagestad

Christian Reegård Dalby

Henning Dalsegg

Solveig Bø Dalstø

Kim-Are Dønland

Håvard Edvardsen

Kristen Elstad

Per Harald Eskedal

Knut Evensen

John Arne Fiskerstrand

Stig Andre Fjelldahl

Stig Forr

Hanne Fritzsønn

Owners of BDO

Azad Gake

Arve Garberg

Per Ove Giske

Yngve Gjethammer

Rolf Udnes Glesne

Kjell Henriksen Grure

Trine Gulestø

Jens Arne Hagen

Audun Halsen

Tollef Halvorsen

Per Aage Hansen

Knut Haugen

Roald Haugland

Pål Alfstad Haug

Jarle Haukvik

Vidar Hermansen

Øyvind Hjemgård

Bente Hodne

Tore Hoem

Erik Horghagen

Ingeborg Hukkelås

Harald Husabø

Jostein Håland

Else Iversen

Kjell Iversen

Rune Iversen

Ketil Jacobsen

Stein Rhoar Juul

Cathrine Sæther Karlsen

Marianne Rygvold Karlsen

Laina M. Karlsen

Eivin Aleksander Redbo Kjær

Lars Terje Klæth

Stein Knutsen

Frode Kristiansen

John Krogstad

Gunhild Kveine

Erik Langlo-Johansen

Tom Erik Lehne

Thomas Lidsheim

Erik H. Lie

Johan Henrik L’orange

Trine Agathe Lorentzen

Ståle Lorås

Frode Ludvigsen

Jørn Løken

Einar Giljarhus Løkken

John Christian Løvaas

Jan Erik Marthinsen

Ellen Marie Mo Marvik

Karl-Ludvig Mauland

Elisabeth Moum

Anders Nordahl

Knut Nyerrød

Lars Kristian Nygaard

Ingjer Ofstad

Geirr Fuglestad Olsen

Thomas Olstad

Rune Pettersen

Anders Ramberg

Roger Rambjør

Martin Rasmussen

Snorri Sverrisson Rasch

Erik Ritch-Reinfjord

Håkon Romuld

Jan Inge Rygg

Grete Sørvik Rød

Henning Rødal

Kåre Rødssæteren

Sigbjørn Selvik

Børre Skisland

Kent Olav Stabell

Idar Stavran

Marius Christoffer Storvik

Arve Sunde

Roar Svensbakken

Stein Erik Sæther

Geir Bjarne Sørensen

Roger Telle-Hansen

Morten Thuve

Andreas Ystgaard Tjemsland

Henning Torgersen

Jan Inge Torset

Espen Trædal

Terje Tvedt

Frank Tveita

Toril Ulfsnes

Anders Urdal

Hans Petter Urkedal

Olav Velure

Trond Vidar Vettestad

Roald Viken

Anne Merete Vorpenes

Asbjørn Wathne

Ole Jørgen Winther

Eldar Zahl

Stine Marie Zetterstrøm

Øyvind Ørbeck

Siv Merethe Øveraasen

Kristine Øvrebø

Erlend Åsebø

Espen Åsulfsen

PARTICIPANTS WITHOUT RESPONSIBILITY FOR ENGAGEMENTS (AMBASSADORS3)

Partner compensation

BDO has salary partners and equity partners. The salary partners are employed in BDO and compensated for their work in the form of salary and performance-based bonus. Equity partners are participants in BDO’s Internal partnership and are compensated by being entitled to a share of the profit.

Profits are distributed to the partners annually, and the remuneration is determined locally in the respective regions. The compensation models are performance-based whereby an individual’s effort and contributions are assessed. Quality is a key parameter in the evaluation process, and a specific assessment is made of each equity partner when considering

quality in the compensation process. Non-performance with respect to quality may result in reduced compensation, which was the case at the 2022 distribution. For salary partners, such non-compliance with regard to quality will affect the size of the bonus and can imply that no bonus is paid.

The compensation models also include each partner’s contributions to developing employees, the client portfolio and the business in general. The compensation models do not reward sales from other service areas to audit clients. The final remuneration to equity partners consists of remuneration for work and profit share.

Entities of public interest audited by BDO4

• Arribatec Group ASA

• Atlantic Sapphire AS

• Boligbanken ASA

• Bud og Hustad Forsikring Gjensidig

• Bulk Industrier AS

• Bulk Infrastructure Group AS

• Cultura Sparebank

• Drangedal Sparebank

• Endùr ASA

• Europris ASA

• First Mover Group Holding AS

• Gentian Diagnostics ASA

• Gyldendal ASA

• Hjartdal og Gransherad Sparebank

• Komplett ASA

• MediStim ASA

• Mercell Holding ASA

• Nord-Odal Gjensidige Brannkasse

• Norske Skog ASA

• Olav Thon Eiendomsselskap ASA

• Petronor E&P ASA

• Pioneer Property Group ASA

• Romsdal Sparebank

• Salmon Evolution ASA

• Surnadal, Heim og Tingvoll Gjensidig

Brannkasse

• Techstep ASA

• Varig Orkla Forsikring Gjensidig

• Ørskog sparebank

• Østfold Energi AS

BDO AS www.bdo.no

The contents of this publication are only for general information and cannot replace professional guidance on the individual matters discussed. Please contact one of our offices if you would like answers to your specific questions concerning matters discussed. BDO, the firm’s partners, employees and business partners are not to be regarded as liable for any losses resulting from actions or decisions based on the contents.

BDO AS, a Norwegian limited company, is a member of BDO International Limited, a UK company limited by guarantee, and is part of the international BDO network, which consists of independent companies in individual countries.

BDO is the trademark name for the BDO network and for each individual BDO member firm.

Copyright © April 2023 BDO AS. All rights reserved. Published in Norway.