BDO Transparency Report 2023

About the Transparency Report

Pursuant to the Norwegian Audit and Auditors Act and EU’s regulation on audits of Public Interest Entities, BDO is required to publish an annual transparency report. This report shall show how we secure independence and quality in the audit process.

The purpose is to ensure transparency and insight into how we meet our social duties. In this year’s transparency report, you can read more about our continuous efforts to improve the quality of the audit.

BDO AS is part of BDO International Limited. «BDO» or «BDO AS» in this report refers to BDO AS with the organisation number 993 606 650. When we refer to our international network, we use the term BDO Global or BDO International Limited.

Continuous development

– Trust is the fundament for a well-functioning society. As auditors for more than 25.000 Norwegian businesses, we play a significant part in the Norwegian society and business life.

Unpredictability seems to be the new normal all over the world. For BDO this implies to have a robust organisation, a good culture and effective systems enabling us to manage change – on our own and our clients’ behalf.

2023 has to a large extent been a year of ensuring a predictable development. We have achieved our growth targets, secured investment power and prepared for further efforts, particularly within technology and sustainability. We also strengthen robustness in the organisation, develop our internal quality systems and implement a quality system complying with the International standard on quality management (ISQM 1).

In the beginning of 2024, we launched our new business strategy containing significant drivers for our audit business, more specifically to put people first, have a future-oriented technology and client deliverables of high quality.

We know that good employee experiences create good client experiences. Our people is our most important resource, and this shall be reflected in the distribution of tasks and competence building, tailoring of each individual’s wishes and needs as well as our efforts of inclusion and diversity. These are decisive factors to secure consistent quality.

The last years have been a battle for the talents. We have succeeded in recruiting the right competence in line with our increasing requirements and also strengthened our onboarding programmes. Today, we are more than 2200 employees in BDO, and our work to build competence and culture will continue with undiminishing strength in the time to come.

The rapid development of technology, particularly within generative artificial intelligence (AI) is bringing us into a new era. In BDO, we are used to and appreciate changes that can improve us. The good solutions emerge from the interaction between people and technology. When this interaction changes, we must ensure that it represents opportunities and that risks are managed.

As auditors of more than 25.000 Norwegian businesses, we play an important role in the Norwegian society and business life. This is a trust we value highly, respect and safeguard. The clients using our competence and services shall be certain that audit and assurance engagements hold high quality and are delivered with independence and professional scepticism.

In BDO, we appreciate transparency, internally as well as externally. The Transparency Report describes how we work for a productive business life and well-functioning capital markets, in addition to creating a safe and developing work place for all. The report also discusses our improvement areas and how we have worked with them during 2023.

I hope you find this year’s report useful and informative. Enjoy your reading!

Administrerende Managing Director in BDO AS

We never take trust for granted

The audit business is the core of BDO. Measured by turnover, we are second-largest within audit in Norway with our more than 1000 auditors distributed in 60 offices all over the country.

As auditors, we have a unique insight in Norwegian companies, organisations, government owned enterprises, municipalities, and foundations. In a time, characterised by uncertainty and unrest, both politically and financially, with interest rises and increased costs as direct consequences, our mission to secure confidence in financial reporting is even more important. We take our role as the public’s trustee very seriously, and we do it through quality and integrity.

To keep up with changing circumstances and demands, technology is playing an increasingly important part and pervades both society and business life. Our goal is to meet tomorrow’s expectations from clients as well as employees in everything we do. We therefore work systematically with the use of technology in the audit to secure efficiency and high quality. We focus on our auditors’ understanding of technology competence to enable them to be relevant discussion partners for our clients.

As auditors, we have made sustainability and ESG (environmental, social and governance issues) part of our mission. We strongly wish to promote the transition to a more sustainable society. As the requirements to reporting on issues like equality and diversity increase, we contribute to this both through adjustments in our own organisation and by supporting our clients in developing relevant reporting with high integrity. We shall continue to develop and deliver services accelerating a sustainable development of society and business life.

We never take trust for granted and know that it must be taken care of. Competent employees, efficient use of technology and quality at all levels contribute to maintain the trust. As head of audit, it makes me proud to see how we continuously work to take new steps and the journey we have had with our clients.

Quality at the front

High quality is a prerequisite for our work as auditors and the basis for everything we do in BDO. This requires both knowledge and integrity.

As head of Quality and Risk Management (QRM), it is my duty to ensure that quality is the basis for all aspects of our business, and that we, as a firm, continuously work to fulfil our role as society’s trustee. The expectations to us as auditors are constantly changing – a high quality delivery yesterday will not necessarily be perceived as such tomorrow.

In the QRM department, we are engaged in a number of tasks contributing to high quality deliveries in our client work, such as coordinating our process for risk assessments and risk reducing measures together with monitoring/compliance controls. Our monitoring activities include reviews of completed audit engagements as well as a number of various controls of our procedures not directly related to the execution of audits. You can read more about our monitoring activities here.

Our overall work with ethics and independence, anti-money laundering and data protection is also organised in the QRM department, in addition to our in-house legal work.

International standard on quality management

On 15 December 2022, a new international standard on quality management in audit firms – ISQM 1 (International Standards on Quality Management) became effective. By integrating ISQM 1 in our quality management system, we lay the foundation for an even more effective and robust process for quality management. The implementation of ISQM 1 is enabling us to better identify strengths, address weaknesses and improve our internal policies and procedures. The incorporation of the standard in our practice also enhances our ability to meet future challenges and continue to deliver services of high quality to our clients. Your can read more about our quality management system here.

Competence and capacity in the QRM department

The tasks in the QRM department are divided into Risk Management, Ethics and independence, Compliance, AML/Anti-money laundering, GDPR/Data protection and in-house legal/Legal. In the course of several years, we have strengthened our competence and capacity by recruiting people with relevant experience from other regulated enterprises. In 2023, we continued this enhancement of both competence and capacity

within Compliance, Risk Management, Ethics and independence and legal competence. From 1 January 2024, we have also made changes in the organisation of our KYC (Know Your Client) team by bringing it closer to the QRM department. On 1 February, the KYC team was strengthened by more employees with experience from corresponding work in other enterprises subjected to the regulations in the Anti-Money Laundering Act.

As many others, we are engaged in finding out how we can utilise artificial intelligence (AI) in our business to ensure and improve the quality of our work. A thorough and responsible approach to AI is decisive for future success.

AI is important also for the QRM departure. We wish to be a relevant contributor to the organisation’s strategy and practice concerning AI. As is the case for most new and untried technological solutions, the use of AI will imply trial and error. It is important to us that the development takes place in an orderly manner, thereby securing professional confidentiality, data integrity and privacy. We must also be certain that AI really contributes to securing and improving quality in our work.

The introduction of GRC tools

As part of our work on strengthening our quality management, we have decided to introduce a GRC (Governance, Risk and Compliance) tool. The implementation of the system started in 2023, but will continue into the first quarter of 2024, enabling it to be effective before 1 April 2024. This tool contributes to collect the documentation of our efforts concerning quality management and support our continuous work on those risks that affect our business, and how we manage them on a day-to-day basis.

Sustainability reporting

In preparing the introduction of requirements to the assurance on sustainability reporting, we have started developing internal inspections of such assurance engagements. Inspections of sustainability assurance reports issued in 2023 have been carried out through document based reviews, and this will continue in the coming year. More comprehensive inspections of issued sustainability assurance reports concerning 2023 will be carried out as part of our internal inspections in the autumn of 2024.

Supervision

On 16 November 2023, we received a report from Finanstilsynet (the Financial Supervisory Authority of Norway) after the inspection they had with us in November 2022. The content of the report has essentially been known to us since the end of their visit in 2022, and we have implemented a number of measures in 2023 to improve and correct the issues mentioned by Finanstilsynet in the report. The report is discussed here.

BDO Global

BDO in Norway is among the ten largest member firms in BDO Global, implying that our global organisation is more concerned with how we in Norway manage audit quality than what is the case for the smaller member firms. This also implies that BDO Norway is subject to tighter and more frequent ongoing inspection activities than other member firms in the global BDO network. In this transparency report you can read more about how we work with our global organisation to secure quality.

Consequences of quality deficiencies

Even though we spend much effort in quality assurance and preventing errors, engagement deliveries will, in some instances, not be of the desired quality. We have various ways to follow up and sanction uncovered misconducts and deficiencies, depending on the underlying causes. Sanctions carried out in 2023 include follow-up inspections and instructions to prepare action plans after the internal quality inspection, replacements of the auditor in charge of individual engagements and considerable financial deductions in partner compensation. In some instances, several different sanctions have been applied to the same case.

Key figures

About BDO

The BDO network is an international network of independent firms in 166 countries with more than 115 000 employees within audit, tax, business services and consulting. The firms are members of BDO International Limited, providing professional services under the brand name BDO.

Legal and organisational structure of the network

Each BDO member firm is a member of BDO International Limited, a UK limited liability company, either as a voting member (one firm per country) or non-voting member. BDO International Limited is the umbrella company in the BDO network and sets the terms for membership in its articles of association.

The BDO network is governed by the BDO International Limited Council, the Global Board and the Global Leadership Team.

The BDO International Limited Council (the Council) consists of one representative for each voting member and represents the

member firms of BDO International Limited in company meetings. The Council approves the network’s central budget, appoints the members of the Global Board and determines any amendments to BDO International Limited’s articles of association.

The Global Board, which is the board of directors for BDO International Limited, consists of one representative for the BDO network’s seven largest member firms, each appointed for a three-year term and approved by the Council. The Global Board sets priorities for the BDO network and supervises the work performed by the Global Leadership Team. The Global Board convenes at least four times a year.

The Global Leadership Team is responsible for coordinating the activities of the BDO network. The team is led by the Global CEO and includes the Global Chief Strategy & Operations Officer, the Global Head of Audit & Assurance, the Global Head of Tax, the Global Head of People & Culture, the Global Head of Advisory, the Global Head of Technology, the Global Head of Risk & Compliance and the Global General Counsel.

The Global Leadership Team is supported by the Global Office through Brussels Worldwide Services BVBA. Brussels Worldwide Services BVBA, a Belgian limited company, provides services in connection with the coordination of the BDO’s network.

BDO International Limited and Brussels Worldwide Services BVBA do not provide any professional services to clients. Only the member firms, including BDO AS, provide such services.

BDO International Limited, Brussels Worldwide Services BVBA and the member firms of BDO are all separate legal entities and have no liability for other entities’ acts or omissions. Nothing in the arrangements or rules of BDO shall constitute or imply an agency relationship or a partnership between BDO International Limited, Brussels Worldwide Services BVBA and /or BDO’s member firms.

1

115

150

OFFICES

166 COUNTRIES

60 OFFICES

2200 EMPLOYEES AND PARTNERS

3,2

187 PARTNERS

Participants in the BDO network in the EU/EAA

Total turnover for audit services performed by BDO in the EU/EAA: €1 630,045,046.71.

ALBANIA Albania BDO Albania Sh.P.K.

AUSTRIA Austria BDO Salzburg GmbH Wirtschaftsprüfungs - und Steuerberatungsgesellschaft

BDO Steiermark GmbH Wirtschaftsprüfungs- und Steuerberatungsgesellschaft

BDO Oberösterreich GmbH Wirtschaftsprüfungs - und Steuerberatungsgesellschaft

BDO Assurance GmbH Wirtschaftsprüfungs- und Steuerberatungsgesellschaft

BELGIUM Belgium BDO Bedrijfsrevisoren BV / Réviseurs d’Entreprises SRL

BULGARIA Bulgaria

CROATIA Croatia

Sarajevo

BDO AFA OOD

BDO Croatia D.O.O.

BDO BH d.o.o. Sarajevo

CYPRUS Cyprus BDO Limited

CZECH REPUBLIC Czech Republic

DENMARK Denmark

BDO Audit s.r.o

BDO Group s.r.o.

BDO Czech Republic s.r.o.

BDO Statsautoriseret revisionsaktieselskab

BDO Holding VI, Statsautoriseret Revisionsaktieselskab

ESTONIA Estonia Aktsiaselts BDO Eesti

FINLAND Finland BDO Oy

BDO Audiator Oy

FRANCE France BDO France

BDO Paris Entreprises

BDO Paris Audit Pme

BDO Atlantique

BDO Rennes

BDO Lyon Audit

BDO Idf

BDO Les Herbiers

BDO Fontenay Le Comte

BDO Nantes

BDO Les Ulis

BDO Paris Audit & Advisory

BDO Méditerranée

GERMANY Germany

BDO AG Wirtschaftsprüfungsgesellschaft

BDO Oldenburg GmbH & Co KG Wirtschaftsprüfungsgesellschaft

BDO DPI AG

BDO Dr. Daiber Audit GmbH (until 24 April 2023)

BDO Concunia GmbH Wirtschaftsprüfungsgesellschaft

Country Area Names of the BDO companies in the area

GIBRALTAR Gibraltar

GREECE Greece

HUNGARY Hungary

BDO Limited

BDO Certified Public Accountants S.A.

BDO Services SA

BDO Hungary Audit Ltd

ICELAND Iceland BDO ehf.

IRELAND Ireland BDO

ITALY Italy

LATVIA Latvia

BDO Italy S.p.A.

BDO Assurance, LLC

LIECHTENSTEIN Liechtenstein BDO (Liechtenstein) AG

LITHUANIA Lithuania

LUXEMBOURG Luxembourg

MALTA Malta

NETHERLANDS Netherlands

NORWAY Norway

POLAND Poland

PORTUGAL Portugal

ROMANIA Romania

SLOVAK REPUBLIC Slovak Republic

SLOVENIA Slovenia

SPAIN Spain

SWEDEN Sweden

BDO Auditas ir Apskaita, UAB

BDO Audit

BDO Malta CPAs

BDO Audit & Assurance B.V.

BDO AS

BDO Spółka z ograniczoną odpowiedzialnością Sp. K.

BDO & Associados, SROC, Lda

BDO Audit SRL

BDO Auditors & Accountants SRL

BDO Auditors and Business Advisors SRL

BDO Audit, spol. s r.o.

BDO Revizija d.o.o.

BDO Auditores, S.L.P.

BDO Audiberia Abogados y Asesores Tributarios, S.L.P.

BDO AB

BDO Göteborg AB

BDO Göteborg Intressenter AB

BDO Göteborg KB

BDO Mälardalen AB

BDO Mälardalen Intressenter AB

BDO Norr AB

BDO Norr Intressenter AB

BDO Stockholm AB

BDO Sweden AB

BDO Syd AB

BDO Syd Intressenter AB

Please note that BDO firms have different year-end dates and the total amount stated is a combination of statutory audit turnover of EU/EAA member firms for their last accounting year. For each firm using another currency than EUR, an average rate is applied for the period they reported.

* The list of participants in the BDO network in the EU/EAA is updated as of 20 October 2023.

BDO in Norway

BDO is organised as an internal partnership, externally represented as a limited company, and is an audit firm authorised pursuant to the Norwegian Audit and Auditors Act. BDO is also an external accounting firm authorised under the Norwegian Authorisation of Accountants Act. BDO’s business in Norway is carried out by the companies BDO AS (org. no. 993 606 650) and BDO Advokater AS (org. no. 996 798 577). These two companies have no ownership in each other, but all equity partners in BDO Advokater AS are also equity partners in BDO AS. The profit sharing is performed on the basis of the total results from BDO AS and BDO Advokater AS.

BDO AS is the principal in BDO Internal partnership, in which all the shareholders in BDO AS participate as individual silent partners. The company model has been established for practical reasons. BDO AS cannot conduct any business other than what is conducted for BDO Internal partnership.

BDO AS is the only member of the company meeting, but all the partners are entitled to attend. Prior to each company meeting, a partner meeting is held which, with binding effect for the principal, makes decisions on issues to be discussed by the company meeting.

BDO’s operations in Norway are wholly owned by equity partners. As at 31 December 2023, there were 142 owners of BDO AS. All partners in BDO AS have an equal ownership share; they are listed in the last part of this report. All partners are individual silent partners in BDO Internal partnership, with the addition of 11 partners without project responsibilities (ambassadors).

Legal entities operating for BDO Norway or in which BDO has ownership shares:

BDO’s business in Norway is operated by:

• BDO AS (org.nr. 993 606 650)

• BDO Advokater AS (org.no. 996 798 577)

As at 31.12.2023, BDO has the following wholly-owned subsidiaries:

• Evolver by BDO AS (org.nr. 923 134 875)

• Godt Sagt AS (org.nr. 931 917 056)

• Noraudit AS (org.nr. 968 008 358)

• Inter Revisjon Norge AS (org.nr. 915 915 167)

BDO AS also has ownership shares in the following companies:

• Ørje Næringspark AS (org.nr. 989 686 984)

• Økonomiklyngen AS (org.nr. 917 592 950)

All across Norway, thousands of businesses and organisations work hard to create value and BDO is there to help them. We are an international consultancy and audit firm deeply rooted in Norwegian society and business community. We are familiar with the challenges, see the opportunities and make strong commitments to help our clients reach their goals.

We have 2200 employees and 60 offices in Norway.

Our clients range from large, worldwide companies to small and medium-sized enterprises. We have clients from most industries in both private and public sectors. When necessary, we collaborate with large parts of the BDO network on international as well as Norwegian clients.

Our values reflect our internal firm culture. OPEN. CLOSE. BRAVE. Transparency shall contribute to improvement. Our clients shall perceive us as open and attentive. We shall work closely with each other and with our clients with the appropriate expertise. Our integrity as auditors and consultants shall be high – also in other areas than our profession requires. This implies that we must have the courage to challenge the clients, the market as well as ourselves.

Corporate structure

General meeting

BDO AS is governed by decisions in the general meeting, the supreme body in BDO AS. The general meeting of BDO AS is executed in accordance with the Norwegian Limited Liability Companies Act, the company’s articles of association and shareholder agreement, and it elects the board of directors of BDO AS. The board of directors of BDO AS Internal partnership comprises the same members as those at any time elected as chair and members of the board of directors of BDO AS. The company board is responsible for BDO’s operations.

Nomination committee

The nomination committee is elected by the general meeting of BDO AS and shall propose members for the board of directors. The nomination committee has three members and one deputy member. The composition of the nomination committee shall reflect the varying sizes of the departments. No region may have more than one member in the nomination committee.

Board of directors

The representation on the board of directors shall reflect the individual department’s size as well as geographical location. The board of directors must at all times represent a combined expertise that serves the participants. Employees are entitled to representation on the board pursuant to section 6-4 of the Norwegian Limited Liability Companies Act.

The board of directors shall comprise 5 to 8 members as decided by the general meeting, with the addition of employee representatives. The board consists of 11 members of which 4 represent the employees. The board members are elected for a period of up to 2 years.

The chair is elected by the general meeting, and the board appoints the deputy chair. According to BDO AS’ articles of association, the board must have a composition that meets the prevailing requirements of the Norwegian Audit and Auditors Act. This implies that the majority of both the members and the deputy members of the board must be state authorised public accountants.

As of 14.3.2024, the board has the following members:

• Chair Ingjer Ofstad, Partner

• Deputy chair Henrik Dagestad, Partner

Board members:

• Anne Merete Vorpenes, Partner

• Yngve Gjethammer, Partner

• Cathrine Sæther Karlsen, Partner

• Knut Haugen, Partner

• Vidar Såheim, Partner

Employee representatives:

• Eirik Tveit, Senior Manager

• Håvard Tysdal, Senior Manager

• Elise Aune Wallum, Manager

• Helene Johannessen, Manager

Eirik

Helene

Håvard Tysdal Employee repr. Sign.

Organisation of the business BDO AS shall have a managing partner appointed by the board of BDO AS. The managing partner in BDO AS shall also be the managing partner of BDO Internal partnership.

BDO has 60 offices in Norway headed by an office manager. Each office is part of a region. As at 31.12.2023, BDO had 7 regions. At 1.1.2024, BDO has 5 regions. Each region is a separate economic entity distributing its profit among the equity partners of the entity.

Managing partner and management group

The managing partner’s role and responsibilities are determined by the board of directors’ instructions to the managing partner.

The managing partner reports directly to the board and presents a summary of the business developments and the most important goals in the time to come. The managing partner keeps the employees continuously informed through weekly vlogs, monthly information meetings, office visits and presentations at internal events, thereby providing knowledge about BDO’s focus and operations. This also gives individuals an opportunity to raise issues directly with the managing partner.

Together with the national management group, the managing partner prepares BDO’s business strategy and ensures that it is implemented when adopted by BDO’s board. The national management group has monthly meetings.

Members of the national management group:

• Martin Aasen, Managing Partner

• Roger Telle-Hansen, Partner/Head of Region Stor-Oslo

• Stig Are Lauvnes, Partner/Head of Region SørVest

• Knut Evensen, Partner/Head of Region Østfold

• Tom Aleksandersen, Partner/Head of Region MidtNord

• Eirik Meling Veien, Finance Director

• Jørgen Brodtkorb, IT Director

• Kristina Bors, HR Director

• Synne Ekrem, Market & Communications Director

• Steinar Andersen, Partner/ Head of QRM

• Hanne Fritzsønn, Partner/ Head of service area Tax & Legal

• Erik H. Lie, Partner/ Head of service area Audit & Assurance

• Andreas Ystgaard Tjemsland, Partner/ Head of service area Business Services

• Morten Thuve, Partner/ Head of service area Consulting

Financial information

Quality in BDO

BDO’s system for quality management

The international standard on quality management for audit firms 1 (ISQM 1) came into effect on 15 December 2022 and requires all firms that perform audits or reviews of financial statements, or other assurance engagements or related services engagements to establish a system of quality management that complies with all the requirements in the standard. A system of quality management is not static, but shall be flexible enough to adjust to changes in the nature and circumstances of the firm and its engagements. BDO has designed and implemented a system for quality management in accordance with ISQM 1 that provides reasonable assurance for the following:

a. BDO and its employees attend to their tasks and duties in accordance with the professional standards and prevailing law and regulations and carry out engagements pursuant to such standards and requirements.

b. Engagement reports issued by BDO or engagement partners are appropriate in the circumstances.

BDO has included all quality objectives and specified measures in ISQM 1 for the eight components included in the standard. The eight components are:

1. 1. The firm’s risk assessment process

2. Governance and leadership

3. Relevant ethical requirements

4. Acceptance and continuance of client relationships and specific engagements

6. Resources

7. Information and communication

8. Monitoring and remediation process

In order to achieve the firm’s objectives for the quality management system, including establishing and continuously improving the quality management system, BDO has carried out the following activities for each of the components in the quality management system:

OBJECTIVES

BDO has established the quality objectives specified in ISQM 1 and determined additional objectives considered to be required for achieving the quality management objectives

QUALITY RISKS

BDO has identified and assessed quality risks as a basis for the design and implementation of measures

MEASURES

BDO has designed and implemented measures (procedures, guidelines or controls) to reduce the quality risk to an acceptable level

MONITORING

BDO has established a monitoring and remediation process to secure relevant, reliable and timely information about the design and implementation of the quality management system, and to manage identified weaknesses at an early stage. Based on the results of the analyses of root causes, we have also designed and carried out remediation measures to manage identified weaknesses.

Evaluation of the quality management system

According to ISQM 1, the individual(s) with ultimate responsibility for the system of quality management shall evaluate the system on behalf of the firm. The evaluation shall be undertaken as of a point in time and at least annually.

The annual evaluation considers the information on the design, implementation and results from monitoring activities carried out in the period up to the evaluation date.

The evaluation date for BDO was 1 November 2023. Monitoring activities include testing of measures, review of findings from internal and external inspections of engagements, and assessments of other relevant information obtained from the quality management system.

Root causes shall be identified for all uncovered deficiencies, and an assessment shall be made with regards to how severe and pervasive the effect of the identified deficiency is. BDO executes professional judgment in determining whether a finding, individually or in combination with other findings, represents a deficiency in the system of quality management.

Statement on the quality management system’s effectiveness

The board and management have carried out an evaluation in accordance with ISQM 1 and concluded that the quality management system provides the firm with reasonable assurance that the objectives of the system have been achieved as of the evaluation date.

Reasonable assurance is achieved when the quality management system reduces the risk that the system’s objectives are not met to an acceptably low level. Reasonable assurance is not an absolute assurance level, as there are inherent limitations in a quality management system.

Based on the results of the analyses of the root causes, BDO will design and implement compensating measures to menage any identified deficiencies. The progression of the implementation will be monitored on a regular basis.

The board and management’s responsibility for quality In BDO, the board together with the managing partner, has the overall responsibility for the quality management system..

An internal control committee monitoring the internal control at a firm level has been established. The internal control committee is responsible for following up that first and second line controls function as intended, and that significant deficiencies are eliminated and new control measures implemented. It shall also contribute to improvements in the quality control system, risk management and internal control. The committee is appointed by the board, among the firm’s equity partners, and the board members appoint the leader. The internal control committee reports to the managing partner and the board. You can read more about the internal control at firm level here.

A quality control committee for audit monitoring internal control at an engagement level has been established for engagements requiring authorisation as auditors. This committee comprises partners who are authorised auditors and have experience as audit engagement partners. A corresponding quality control committee for the firm’s other services has also been established. The quality control committees report to the head of QRM and the board. You can read more about internal control at an engagement level here.

Management is responsible for the design, implementation and follow-up of governance and control that takes care of the firm’s commitment to quality, including a culture for quality, roles and responsibilities, actions and behaviour, organisation and allocation of resources. Through policies and procedures, the firm has established a framework for the enterprise that shall substantiate the requirements for quality.

The head of the QRM department has the operational responsibility for designing and implementing the firm’s quality management system. The QRM department is a department in BDO responsible for tasks related to quality and risk management. The areas of responsibility include risk management, ethics, independence and conflicts of interests, monitoring and compliance, anti-money laundering, data protection and internal legal issues. The QRM department has dedicated teams taking care of the strategic and operational second line control. The QRM department’s function ensures the board and managing partner that BDO meets the requirements to a supplier of auditing, accounting, consultancy and legal services. The work is carried out along three dimensions:

Preventive activities

• Developing policies, procedures and guidance

• Providing information and carrying out training activities

• Building a quality-oriented firm culture

Ongoing assistance and advice in individual matters

• Consulting with engagement partners and employees

• Handling complaints and insurance matters

• Maintaining dialogues with external supervisory bodies

• Reporting suspicious transactions to Økokrim (the Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime)

Review and monitoring of compliance

• Coordinating and conducting internal quality inspections

• Verifying compliance with external and internal guidelines and requirements

• Keeping the managing partner and the board continuously updated on important issues.

The day-to-day responsibility for monitoring and remediation is allocated to the Head of Monitoring and Remediation (HMR). The HMR is an audit engagement partner with relevant experience, knowledge, influence and authority in the firm. The HMR’s work is segregated from the work of those with the overall responsibility for the quality management system.

As part of the quality management system, BDO carries out periodical evaluations of the managing partner, the head of QRM, the HMR, heads of regions and service lines and others with responsibilities related to quality management in BDO.

BDO’s risk assessment process

BDO has established a risk assessment process according to the requirements in ISQM 1 and regulations on risk management and internal control. This process encompasses all business areas in BDO.

The quality management system is designed as a dynamic process, where the risk assessment process on a regular basis is carrying out analyses information about various events. issues, actions or the lack of actions. This is made to identify the need for any new quality objectives or changes in quality risks or measures that can be required as a consequence of changes

in BDO or our activities. The basis for the risk assessment process is defined objectives and strategies for the business and addresses key risks. All service areas are subject to a systematic assessment of whether BDO’s risk management and internal control is adequate to manage identified risks in an appropriate manner.

All risks and measures identified as part of BDO’s risk assessment process are discussed by BDO’s management group. The managing partner prepares an annual formal report summarising the risk assessment process to the board.

The monitoring and remediation process

Monitoring and remediation is an important part of the system of quality management to ensure continuous improvements. BDO has organised the monitoring and remediation process by separating it into two functions: monitoring at a firm level and monitoring at an engagement level. Through these functions, improvement areas and deficiencies in the quality management system are identified.

All deficiencies are assessed by how severe and pervasive they are. As part of this work, a thorough root cause analysis of the most frequent and significant findings uncovered in the monitoring period is carried out. The results are reviewed in detail with the relevant key individuals and functions in the firm. On the basis of the analyses, remedial actions to be designed and carried out to manage the identified weaknesses are considered. Remedial actions can be both national and regional. The measures are regularly followed up and are included in the internal control committee’s reporting.

Root cause analyses

Root cause analyses (RCA) constitute an important part of our process for continuous improvements. The methods involves thorough inquiries about why a problem arose until the actual reason has been identified. The objective is to address underlying causes, not only symptoms.

In BDO, we have a top-down approach in our RCA process. The process contributes to a more thorough understanding of deficiencies and weaknesses in the quality management system and to implement required improvements addressing the identified deficiency

Monitoring at a firm level

BDO has established a compliance team that through preventive actions, subsequent controls and other monitoring activities shall contribute to compliance with all laws and regulations that the firm is subject to in addition to requirements from our international network and our internal procedures. The compliance team focuses on monitoring at a firm level and designs and carries out monitoring activities as a basis for identifying weaknesses in the quality management system.

One of the compliance team’s responsibilities is to ensure that BDO complies with laws, standards and internal guidelines for the acceptance of clients, independence and other ethical requirements. Various control mechanisms are applied, both sample based and embedded controls / notifications in our systems.

Monitoring at an engagement level

BDO has implemented a system of internal quality control at an engagement level. Internal control constitutes a significant part of BDO’s monitoring at an engagement level and applies to all service areas. This transparency report, however, only includes what is applicable for audit engagements.

The internal quality inspection is carried out every third year as a minimum for all auditors in charge of engagements. New auditors in charge shall have a quality control the first year they sign auditor’s reports. A control object may be subject to a quality control more frequently than every third year – based on a risk assessment or randomly selected for review. Quality inspections can also be carried out as a measure after external inspections and other events requiring closer follow-up. The reviews may be performed as often as appropriate to enhance quality in the service delivery or reduce the risk. The internal quality inspection comprises a given number of engagements per review object, normally 2-3 engagements.

The inspection is executed by a team of two experienced auditors. All quality reviewers complete annual training. In order to ensure independence, the reviewer cannot review engagements in his or her own department or in other instances with independence issues.

When the inspections are completed, a meeting is held in the quality control committee (for audits), where the results are discussed. The quality control committee shall conclude at an engagement level and decide further measures. Each control object will receive a conclusion based on the findings uncovered during the review. The quality control committee can issue the following conclusions at an engagement level:

Approved / Approved with improvement needs

• The engagement review uncovered no or few errors/deficiencies

• Any errors or deficiencies are not severe enough to cause any critic of the individual in charge of the engagement/BDO in a quality control from others

Significant improvements needed

• Severe errors/deficiencies uncovered during the review

Not approved

• The engagement review uncovered very severe errors/deficiencies

Non-compliance concerning quality can result in financial sanctions against the auditor in charge. The quality control committee can also propose to the board that the person in question is deprived the right to sign on all engagements or some types of engagements, as a consequence of issues uncovered by the quality inspection.

Monitoring by the global BDO network

Out international network conducts regular quality controls of BDO in Norway, normally once every third year. These controls include reviewing internal policies and procedures and compliance with them in addition to reviews of several audit engagements. The last review from BDO Global took place in November 2020, and the next is expected during 2024.

In addition to the formal quality control from BDO Global, BDO regularly reports to our global organisation, on matters like various defined AQIs (Audit Quality Indicators). Monthly meetings with the global QRM departments are also arranged to review various aspects related to quality, risk management and compliance.

Monitoring by Finanstilsynet

As BDO is auditing entities of public interest, we are subject to a firm inspection directly by Finanstilsynet. Every third year Finanstilsynet carries out a so-called firm inspection, which is part of the ordinary supervision of the largest audit firms and entails reviews of several audit engagements in addition to internal policies and procedures. The firm inspection shall also include an assessment of our internal quality control.

Finanstilsynet may also conduct other forms of reviews, either on-site or topic inspections. Reports from Finanstilsynet’s various inspections are published on their websites.

The most recent firm inspection of BDO took place in November 2022, and the final report was published in December 2023. Finanstilsynet has assessed BDO’s independence, allocation of resources, audit fees and audits of selected engagements. An assessment has also been made of our internal systems for quality control and compliance with duties pursuant to the Anti-Money Laundering Act. The report is made available on Finanstilsynet’s official website, and you can read more here.

BDO has worked systematically and structured with improvement measures since the inspection in November 2022 and taken the required initiatives to secure and increase the quality in the processes where weaknesses and deficiencies have been uncovered.

Ethical requirements and independence

BDO has ethical guidelines set by the company’s board of directors. We impose absolute requirements to the integrity and independence of employees and partners. We must be independent as well as perceived as such by our clients. This implies that we cannot provide services to or enter into business relationships with our clients that may affect our integrity and objectivity.

When hired/joining (and then annually), all partners , employees and hired resources confirm that they know and follow our ethical guidelines and thereby also confirming their independence of our clients. This is supplemented by training activities for employees regarding our ethical guidelines and ongoing monitoring of compliance with independence rules. In addition, all employees and partners engaged in each audit team confirm their independence on all audit engagements where they are involved.

Limitations concerning investments

Management, partners, directors, state authorised public accountants and board members in BDO cannot have investments in companies audited by BDO. This also applies for members of the audit team in question. There are also corresponding limitations for their spouses/co-habitants/partners, but they may apply for exceptions for insignificant investments. The definition of spouses/co-habitants/partners is the same as in the Audit and Auditors Act. Management, board members and persons with access to non-public information concerning the client cannot have investments in BDO’s clients of public interest (regardless of service delivery). Other employees cannot have significant investments in companies audited by BDO. Should BDO accept an audit engagement where any of the above circumstances applies, the persons in question will be requested to dispose of their investments. Investments shall be registered in the register for board positions and investments.

Limitations concerning board positions

As a general rule, employees and partners may not be board members. The same applies for similar positions, such as members of audit committees, shareholder committees and the like. Exceptions to the general rule may be approved when applied for, and registered in the register for board positions and investments. Such exceptions can under no circumstances be granted if it concerns an audit client of BDO.

Gifts and anti-corruption

BDO has zero tolerance for corruption and trading in influence.

Statement on independence practices

Those representing BDO shall not offer, demand, promise, receive or give any form of inappropriate service or incentive to anybody, in connection with the execution of their tasks, with the intention to provide personal or business-like benefits. This applies regardless of whether the benefit is offered directly or indirectly through others.

All those representing BDO must follow the guidelines described above in order to ensure that such offers do not impact our objectivity, independence or integrity. Openness and reporting of gifts or benefits contribute to maintain this.

Rotation of key personnel on audit engagements

For public-interest entities audited by BDO, rotation plans have been prepared in order to comply with the independence requirements of the Norwegian Audit and Auditors Act, the EU Statutory Audit Regulation, and IESBA’s Code of Ethics. For audit engagement partners, quality reviewers and co-partners, this implies that they are rotated out of the engagement after 7 years at the latest. The same applies for leading employees (state authorised public accountants and managers) on the engagement, but they can remain longer if it is considered appropriate and has been agreed with the QRM department. Audit firms must be changed after a maximum of 20 years provided a public tender is performed after 10 years.

Pursuant to the EU Statutory Audit Regulation, art. 13.2(g), BDO confirms that the firm has internal guidelines for the compliance with and control of independence on audit engagements and that BDO complies with law, standards and internal guidelines.

Independence is confirmed by each team member at the engagement level, by individuals in charge of engagements in the annual continuance assessment, and in annual conformations of independence for all partners, employees and hired resources. The Quality and Risk Management department performs monitoring activities to ensure compliance with the independence rules and BDO’s internal guidelines.

Acceptance and continuance of client relationships and specific engagements

BDO has established formal procedures for acceptance and continuance of engagements and client relationships. The firm is performing controls on an ongoing basis to ensure that these procedures are complied with. Key in our approach to client and engagement acceptance is our dedicated KYC (Know your Client) team, which has specialised competence within anti-money laundering and risk assessments concerning client relationships. This team is an important collaborating partner for our client teams and contribute to ensure that we meet our high standards concerning client integrity and risk assessment.

Our policies and procedures for acceptance and continuance of engagements include:

• Conflict checks to uncover possible independence and interest conflicts , both nationally and in our international network

• Independence checks to ensure independence between our clients and our leading employees

• Engagement assessments to uncover other risk factors, including requirements for independence and expertise on the team carrying out the engagement, and requirements related to the Norwegian Anti-Money Laundering Act

• Procedures for following up the previous auditor

• Annual confirmation from all partners, employees and hired personnel that the procedures for client acceptance are known

• Barrier that prevents a client from being registered in internal systems before the procedure for client acceptance has been completed, including the approval of required roles.

Engagement performance

Audit methodology

BDOs audit methodology has been developed globally and is based on the International Standards on Auditing (ISAs) issued by the International Auditing and Assurance Standards Board (IAASB). The methodology is divided into the following phases:

• Scoping

• Planning

• Obtaining audit evidence

• Completion

The audit methodology ensures that we comply with the International Standards on Auditing and that the audit is concentrated on the areas with the highest risk. The methodology is applied by all auditors in BDO globally to ensure consistent quality worldwide

Consultations

Audit engagements sometimes involve complex accounting and business related issues. Consultations give the audit team the opportunity to benefit from the expertise of experienced colleagues or experts, enabling them to manage and solve challenging problems in a correct and effective manner.

BDO has implemented formal procedures for consultations. According to these procedures, audit team members shall seek advice from qualified resources in the firm, including the technical department and the QRM department if difficult or disputed questions arise in connection with the performance of the audit. In certain circumstances, there are also requirements to consult formally with our global organisation.

Engagement quality control reviews

BDO designates an engagement quality control reviewer (EQCR) on all public-interest companies and other defined risk engagements. The EQCR shall carry out an objective evaluation of the most significant judgmental assessments made by the audit team and their conclusions. The appointment of the EQCR is following the requirements determined in the professional standards and our internal guidelines, including the regulations in ISA 220 Quality management for an audit of financial statements, ISQM 2 (International standard for quality management 2) and the EU’s Statutory audit regulation. This includes criteria related to the EQCR’s competence, skills, capacity and compliance with relevant ethical requirements.

It is of particular importance for BDO to ascertain that the engagement reviewer complies with the highest standards for competence and integrity to ensure the quality and reliability in the engagement review process.

Accreditation requirements for certain types of engagements

Engagements of Public Interest Entities (including listed companies), companies listed on various non-regulated markets and/or entities preparing financial statements according to IFRS, require specific competence and due care from us as auditors. This typically applies to companies of significant social importance, where the public interest is high and the entities are subject to specific legislation. BDO therefore, has set various accreditation requirements of engagement partners and managers on these engagements. The requirements also apply for those carrying out quality controls as engagement reviewers on audit engagements or those performing “two pairs of eyes” reviews on accounting engagements. The accreditation is divided into the main categories “public interest” and “IFRS”.

The public interest accreditation is required for entities with listed securities (shares, bonds, equity certificates etc.) in regulated markets in Norway or within the EU/EAA. In BDO, we also require public interest accreditation for audit and accounting clients with listed securities on non-regulated markets that, in accordance with the listing rules for the market place, have many corresponding requirements as entites listed on regulated markets. Public interest accreditation for bank and financial industries is required for audit and accounting engagements for banks, credit institutions and insurance companies.

General IFRS accreditation is required for all audit and accounting engagements of entities with securities listed on regulated and non-regulated markets with company accounts or consolidated financial statements reporting pursuant to IFRS. This also applies for audit and accounting engagements for IFRS reporting entities defined as risk clients for other reasons. The IFRS accreditation for bank and finance is required for banks, credit and financing institutions and insurance companies preparing accounts according to IFRS or other relevant accounting regulation.

In order to achieve accreditation, certain training programmes must be carried out, including both basic training and annual updates.

Audit engagements of public interest entites and risk clients shall also be subject to IFRS reviews if the accounts have been prepared in accordance with IFRS. The objective of an IFRS review is to uncover possible misstatement and deviations from IFRS. IFRS reviews are carried out by persons associated with or appointed by the Technical Department, and they are not part of the audit team.

Resources and People in BDO

People in BDO

In BDO, our people are det most important we have, and in our business strategy from 2024, we put «People first». We know that when we create the best employee experiences, we also create the best client experiences, with deliveries of high quality. We have visualised how we in a structured manner approach this through «The employee journey in BDO».

Culture and commitment

As an advisory and audit firm, we depend on trust from clients and society. For us, this implies that we at all times are committed to deliver services of high quality, and continuous learning and development therefore characterise our culture. We must ensure that everybody in BDO is offered relevant, updated and attractive alternatives within learning and competence development.

We measure job satisfaction and commitment in BDO in an annual employee survey and regular pulse surveys. The surveys show high commitment among the employees in BDO – we feel a great del of pride, community and belonging to the firm.

Recruiting

We work strategically to map the needs for competence and capacity – and convert this into operational activities and measures. We must at all times ensure that we have the right people at the right places, both newly qualified and experienced. The brand building as employer and professional recruitment processes of high quality are important to us.

Onboarding

Welcoming new BDOs in the right way is very important. We use much resources in having the best onboarding – both for newly qualified and experienced hires. Those coming straight from education, participate in a comprehensive programme over four years, with tight follow-up the first year, followed by one gathering per year in the next three years. A streamlined programme for onboarding ensures that we can continue to deliver high quality to our audit clients.

The topics in the onboarding range from technical service-specific and technological training, client and market oriented, to personal, and later management development and introduction into BDO’s culture and values. Experienced new hires follow the four-year programme as appropriate to their level of experience. They also have a joint national onboarding programme.

Learning

Learning and competence development is highly prioritised in BDO. Our courses and learning activities are based on our competence model, within our three dimensions: Client – People – One BDO. Continuous competence development within these areas is an important part of BDO’s fundament and for our way to work. Courses and learning activities support BDO’s strategic goals and priorities in consideration of regular adjustments regarding our need for competence. We map how much competence we have, compare it to the need for competence and try to identify the gap, adjusting our courses and training activities correspondingly.

We continuously emphasise that our training shall be technically and pedagogically updated – and that we apply all the opportunities digital solutions offer us.

Development

We say that «BDO shall be a great place to work for committed, motivated and competent employees and partners». This obliges us with regards to what we offer and how we prepare for technical and personal development for the whole firm. Everybody in BDO shall have the opportunity to relevant development, follow-up and acknowledgement they deserve and need – to continue being committed, motivated and competent – and to deliver quality and excellent client experiences.

We have established processes and tools to ensure the continuous management and staff development. All employees and partners have their individual development plan with clear goals and activities contributing to the desired development. Everybody shall have

a performance review with his/her personnel officer three times a year. This is a structured, prepared discussion about the employee’s technical and personal development. It is a tool to secure BDO’s employees have the right competence, commitment, and motivation, as well as a mutual «binding» dialogue about a short- and long-term career planning. In addition, «15:3 talks» are carried out during the year – 15 minutes’ status with three fixed questions between the leader and employee.

All employees in BDO shall get feedback in an organised and systematic manner through our system for evaluations in our HRM system, Workday. The evaluations shall primarily give qualitative and constructive feedback focusing on both perceived strengths and areas for development.

Leaders are measured by annual leader evaluations, and any improvement areas shall be included in the leader’s development plan. In addition, we have a number of feedback and evaluation systems that are both simple and more extensive – voluntary and ad hoc, or mandatory.

All employees and partners shall know what is expected of them in the daily work and in their role. Everybody shall be familiar with the opportunities and offers to further development., whether related to technical specialisation, leadership, sales, market, system competence, presentation technics or other.

Continuing education

The Norwegian Audit and Auditors Act requires all state authorised public accountants to complete continuing education. All state authorised public accountants in BDO complete such education, and BDO records all continuing education hours in our own digital course portal. BDO’s requirements are stricter than the Audit and Auditors Act for audit engagement partners, and specific hourly requirements have been determined within each technical category to be complied with by those auditors.

The requirements for continuing education are met through participation in internal or external courses and conferences. BDO reviews continuing education hours annually to ensure that the legal and BDO’s internal requirements are met.

BDO may require a certain basic knowledge among employees and partners within various topics. Training in these areas can be mandatory for all or some employees and partners. Such training must be carried out regardless of whether the person already has met the requirement for continuing education.

Statement on continuing education

Pursuant to the EU’s Statutory Audit Regulation art. 13.2(h), BDO confirms that we have prepared for, and control that auditors in charge of audit engagements have adequate continuing education within the requirements in the Norwegian Audit and Auditors Act. As at 31.12.23, there were no violations of the requirements for continuing education.

Technology resources

Technology and audit

In BDO, technology is a natural part of the audit. This is apparent in our use of smart digital solutions and our digital competence. The combination enables us to deliver effective and value-adding, high quality audits..

Digital solutions

BDO’s portfolio of digital solutions comprises third-party applications, in-house developed systems and solutions from BDO’s global organisation. The development, operations and management of audit-relevant systems and applications is carried out in close cooperation between the IT department, the technical department and the unit «Digital Revisjon». In addition to safeguarding the systems, our clients shall be certain that we manage their data in a good manner. All data is therefore handled in accordance with current laws and regulations in addition to BDO’s internal procedures and guidelines. You can read more about information security here.

Our most important digital solutions include:

• The audit tool Audit Process Tool (APT)

APT is BDO’s global audit tool and is used by auditors to plan, document, perform and conclude an audit. The audit tool enhances the quality of our audit and secures compliance with the ISAs as it is scalable and adjusted to clients, complexity and industry.

The flexible platform on which the audit tool is built is developed in cooperation with Microsoft and helps the audit teams to cooperate effectively on large as well as small engagements, also across national borders. In addition, the tool is prepared for seamless integrations with other support systems used in daily operations.

• The data and analysis tool Heartbeat

BDO applies the data and analysis platform Heartbeat for data analyses in the audit. The platform is developed by BDO in Norway and thereby tailored for BDO’s clients. This implies integration with private and public data sources and direct integration with our clients’ accounting systems. The work with obtaining updated accounting data for our clients and BDO is simplified, and the automation of data flows reduces the risk of errors as a consequence of manual data handling.

• Salesforce

Salesforce is our CRM system. In addition to traditional CRM tasks like sales and client contact, we use Salesforce in our processes for acceptance and continuation of client relationships and our anti-money laundering tasks.

• BDO’s client portal

Our client portal is a seamless and safe workplace for information sharing and interaction between BDO and our clients. The portal benefits all clients in all service areas and contributes to secure and effective communication in connection with following up tasks and sharing documents.

Formal guidelines have been established to ensure the reliability of the technological tools applied. This includes procedures and processes for the maintenance of our global audit tools, formal authorisation procedures for both technical and professional changes in the tools etc. Any change is subject to thorough discussions and documentation to secure verifiability. Technology tools depending on functionality from our international network are managed through formal test programmes carried out by the global network.

Digital competence

The requirement of technology understanding among the auditors increases in line with the technological progress and digitalisation in the business community. Digital competence is therefore systemised and a natural part of BDO’s training and development. You can read more about learning and development in BDO here. This applies to the use of digital tools as well as understanding the technology used by our clients. In that manner, we secure the audit quality, also when we facing complex issues related to data and technology at our clients.

Intellectual resources

Intellectual resources comprise information used to secure the implementation of the quality management system and facilitate consistency in the execution of engagements. In BDO, we focus on acquiring and applying intellectual resources contributing to promote high quality and consistency in performing engagements. We have established guidelines for the use or intellectual resources. They include requirements to use specific types of intellectual resources when executing engagements, such as designing and preparing engagement letters and statutory reporting to clients and public authorities.

Outsourcing

As an audit and accounting firm, BDO is subject to certain specific requirements when outsourcing any of our business. Outsourcing implies the use of external contractors to carry out tasks that are part of our services subject to licensing. An agreement on the right to use software, platform and/or infrastructure (ICT systems and services) operated by the contractor on the the contractor’s servers, typically «SaaS (Software as a Service)» agreements, is also considered to be outsourcing by the regulators. BDO has established processes and guidelines to comply with relevant laws and regulations concerning outsourcing.

Information security and data protection

In BDO, we have roles requiring our clients and the outside world to have confidence in us. To secure this confidence, we very much depend on handling data in a good manner. Hence, we focus on information security and data protection in all our work. All data is managed in accordance with prevailing regulations in addition to BDO’s internal procedures and guidelines for information security and data protection.

Organisation

BDO has a dedicated role (CISO) for managing the information security work and a security team. The CISO is responsible for leading and implementing the organisation’s overall strategy for information security. The security team shall ensure that our systems, data and processes are robust and compliant with the newest safety standards.

BDO also has resources in the QRM department engaged in ensuring that the firm complies with the requirements to data protection. A data protection officer has been appointed for the firm.

Management system

BDO has implemented management systems for information security and data protection. BDO’s information security management system (ISMS) is based on the ISO27001 standard, a globally approved standard for information security. This system provides a structured approach to identify, manage and minimise risk related to information security. Our ISMS complies with the industry standards and is regularly reviewed to secure relevance and effectiveness.

BDO’s management system for data protection is based on requirements in the Personal Data Act and the General Data Protection Regulation (GDPR), in addition to the «BDO Global Privacy Programme». The latter contains a set of rules, templates, guidance and information to ensure that companies in the BDO network handles personal data pursuant to GDPR. An important part of the programme is BDO’s binding corporate rules («BDO’s Binding Corporate Rules for Controllers and Processors», approved by the European data protection authorities.

The procedures and guidelines in the management systems are available for all employees on our intranet at all times. These documents are the basis for how employees shall manage, store and share information in their daily work. Through regular reviews and updates, we ensure that our guidelines are in line with the newest requirements and threats..

Education and awareness training

BDO provides continuous and regular training within information security and data protection for all employees. This includes specific training programmes in information security and data protection in addition to “fishing” exercises to increase the awareness around potential security threats. All employees must confirm annually that they comply with our internal procedures and guidelines within information security and data protection.

Security monitoring

Security monitoring of our environment is carried out by a professional external party, This includes continuous monitoring of network traffic, system log files and potential threat indicators

ISO 27001 certification

Many of our systems are delivered by BDO’s global organisation, which is ISO 27001 certified. This implies that we benefit from an internationally approved framework for information security in several of our services and tools.

Annual reviews

in order to main a high standard within information security, BDO carries out annual external independent reviews. These reviews assess the effectiveness of our security systems, identify any weaknesses and provide recommendations for continuous improvement, ensuring that we are proactive in addressing new threats and maintain a solid security level.

Information and communication

Reliable and relevant information is decisive for BDO’s quality management system. We have established a communication strategy and plan that is actively followed up to ensure that the firm maintains an appropriate system for both internal and external communication.

Written policies and procedures have been established to secure compliance with laws, regulations and professional standards that require the company to communicate information to external parties. This includes reporting of suspicious transactions to “Økokrim” and whistleblowing to the Data Protection Authority in the event of any violations of the personal data security.

BDO has its own system for whistleblowing and discrepancies. It is called #Sifra and is available on our intranet. The whistleblowing system constitutes an important part of our quality management system. Employees are encouraged to give notice of any criticisable matters and discrepancies. Some discrepancies must be notified in the whistleblowing system, like violations of information security procedures that may result in loss of client data or personal data.

BDO presents results from internal quality inspections and other monitoring activities to the controlled object as well as other relevant bodies to secure adequate follow-up and continuous learning and improvement. This includes reporting to the nearest management level and control and management bodies. A communication form like this, contributes to strengthen an organisational culture facilitating effective management and control and promotes the «tone at the top» related to quality.

BDO has established formal guidelines regulating the communication with clients in the event of poor quality This includes situations with findings related to individual engagements indicating lack of required procedures in the execution of the engagement or that the statement from the auditor in charge is incorrect. In such instances, the firm shall consider the consequences for both the client and BDO and implement required measures.

In line with our continuous focus on quality, we regularly organise meetings for central management in the organisation, where we prioritise relevant quality dimensions (Quality in BDO meetings, Partner meetings, etc.). These meetings are designed to engage management in key aspects of the quality work, and they constitute a critical component in strengthening the manner in which quality information is communicated, within management and the entire organisation.

Employee surveys are carried out regularly to evaluate their perception of management’s focus on quality. The results from these surveys provide not only valuable insight, but give a better understanding of how information and communication of quality is communicated and received in the firm.

Partner compensation

BDO has salary partners and equity partners. The salary partners are employed in BDO and compensated for their work in the form of salary and performance-based bonus. Equity partners are participants in BDO’s Internal partnership and are compensated by being entitled to a share of the profit.

Profits are distributed to the partners annually, and the remuneration is determined locally in the respective regions. The compensation models are performance-based whereby an individual’s efforts and contributions are assessed. Quality is a key parameter in the evaluation process, and a specific assessment is made of each equity partner when considering quality in the compensation process. Non-performance with respect to quality may result in reduced compensation, which was the case at the 2023 distribution. For salary partners, such non-compliance with regard to quality will affect the size of the bonus and can imply that no bonus is paid.

The compensation models also include each partner’s contributions to developing employees, the client portfolio and the business in general. The compensation models do not reward sales from other service areas to audit clients. The final compensation to equity partners consists of remuneration for work and profit share.

Owners of BDO

Active equity partners as of 31.12.

ACTIVE PARTNERS

Aleksandersen, Tom

Almklov, Arne

Amundsen, Alexander

Andersen, Steinar

Andreassen, Knut

Ardem, Kjetil Andrè

Aslaksrud, Yngve

Aunli, Anders Olai

Bergin, Jan Ove

Bjerke, Anders

Bjørnevåg, Hanne

Bjørseth, Thomas

Borchgrevink, Gro Kristin

Buset, Dagfinn

Byrkjeland, Norunn

Bårdsen, Charlotte

Bårdsen, Kjetil

Casso, Eli-Ann Murberg

Dagestad, Henrik

Dalby, Christian Reegård

Dalsegg, Henning

Dalstø, Solveig Bø

Dønland, Kim-Are

Elstad, Kristen

Eskedal, Per Harald

Evensen, Knut

Fiskerstrand, John Arne

Fjelldahl, Stig Andre

Forr, Stig

Fritzsønn, Hanne

Førsund, Tom Olav

Gake, Azad

Garberg, Arve

Giske, Per Ove

Giæver, John

Gjesteby, Ole Anders Stenerud

Gjethammer, Yngve

Glesne, Rolf Udnes

Grure, Kjell Henriksen

Gulestø, Trine

Haider, Samran

Halsen, Audun

Hansen, Klaus

Hansen, Per Aage

Harsem, Øistein

Haug, Pål Alfstad

Haugen, Knut

Haugland, Roald

Haukvik, Jarle

Henriksen, Kristian

Hermansen, Vidar

Hjemgård, Øyvind

Hodne, Bente

Hombornes, Eivind

Hukkelås, Ingeborg

Husabø, Harald

Husby, Simen

Håland, Jostein

Iversen, Jostein Ødegaard

Iversen, Rune

Jacobsen, Ketil

Jensen, Reidar

Juul, Stein Rhoar

Karlsen, Cathrine Sæther

Karlsen, Marianne Rygvold

Kjær, Eivin Aleksander Redbo

Klæth, Lars Terje

Knutsen, Stein

Kristiansen, Frode

Krogstad, John

Kveine, Gunhild

Kvello, Lene

Langlo-Johansen, Erik

Lausund, Anders

Lauvnes, Stig Are

Lehne, Tom Erik

Lidsheim, Thomas

Lie, Erik H.

L’orange, Johan Henrik

Lorentzen, Trine Agathe

Lorås, Ståle

Ludvigsen, Frode

Løken, Jørn

Løkken, Einar Giljarhus

Løvaas, John Christian

Mamelund, Håvard

Marthinsen, Jan Erik

Marvik, Ellen Marie Mo

Mauland, Karl-Ludvig

Moum, Elisabeth

Nordahl, Anders

Nyerrød, Knut

Nygaard, Lars Kristian

Ofstad, Ingjer

Olsen, Geirr Fuglestad

Pettersen, Rune

Ramberg, Anders

Rambjør, Roger

Rasmussen, Martin

Ritch-Reinfjord, Erik

Romuld, Håkon

Rygg, Jan Inge

Rødal, Henning

Rødssæteren, Kåre

Selvik, Sigbjørn

Skisland, Børre

Stabell, Kent Olav

Stavran, Idar

Storvik, Marius Christoffer

Sunde, Arve

Svensbakken, Roar

Sæter, Tone Solem

Sæther, Stein Erik

Sørensen, Geir Bjarne

Såheim, Vidar

Telle-Hansen, Roger

Thuve, Morten

Tjemsland, Andreas Ystgaard

Torgersen, Henning

Torset, Jan Inge

Trædal, Espen

Tvedt, Terje

Tveita, Frank

Ulfsnes, Toril

Urdal, Anders

Urkedal, Hans Petter

Velure, Olav

Viken, Roald

Vorpenes, Anne Merete

Wathne, Asbjørn

Winther, Ole Jørgen

Zetterstrøm, Stine Marie

Ørbeck, Øyvind

Øveraasen, Siv Merethe

Øvrebø, Kristine

Aabø, Leif Åge

Aarvold, Sven Mozart

Åsebø, Erlend

Aasen, Martin

Aasen, Siv Irene

Aasheim, Magne

Åsulfsen, Espen

PARTICIPANTS WITHOUT RESPONSIBILITY FOR ENGAGEMENTS (AMBASSADORS4)

Hagen, Jens Arne

Horghagen, Erik

Hyllestad, Kurt Inge

Iversen, Else

Iversen, Kjell

Jelstad, Tor Johan

Lindberg, Trond-Morten

Vettestad, Trond Vidar

Zahl, Eldar

Øhre, Dag Georg

Øyslebø, Vidar

Public Interest Entities

audited by BDO 5

Airswift Global AS

Airthings ASA

Arribatec Group ASA

Bud og Hustad Forsikring Gjensidig

Cultura Sparebank

Drangedal Sparebank

Endúr ASA

Europris ASA

First Mover Group Holding AS

Gentian Diagnostics ASA

Gram Car Carriers ASA

Gyldendal ASA

Hjartdal og Gransherad Sparebank

Hydrogenpro ASA

Komplett ASA

MediStim ASA

Nord-Odal Gjensidig Brannkasse

Olav Thon Eiendomsselskap ASA

PetroNor E&P ASA

Pioneer Property Group ASA

Romsdal Sparebank

Salmon Evolution ASA

Spir Group ASA

Surnadal, Heim og Tingvoll Gjensidig Brannkasse

Techstep ASA

Valdres Gjensidig Brannkasse

Varig Forsikring Nordmøre og Romsdal Gjensidig

Varig Hadeland Forsikring

Varig Orkla Forsikring Gjensidig

Ørskog sparebank

Østfold Energi AS

BDO AS www.bdo.no

BDO AS, a Norwegian limited company, is a member of BDO International Limited, a UK company limited by guarantee, and is part of the international BDO network, which consists of independent companies in individual countries.

BDO is the trademark name for the BDO network and for each individual BDO member firm.

Copyright © April 2024 BDO AS. All rights reserved. Published in Norway.

Photo: BDO / Shutterstock