Why are BDO implementing this kind of integration?
We are focusing on continuously improving the quality in today’s audits and are working towards making the auditing process more digital. The storage of accounting data in a more structured and secure way is a necessary step in this process. According to Section 5-2 of the Norwegian Auditors Act the auditor shall collect the accounting information required for the execution of audit. Using a data warehouse in the auditing process will improve the information and documentation flow.
Will the integration result in any changes for me?
The integration makes it possible to export accounting reports directly from our data warehouse. For you as a client the integration will reduce the number of administrative tasks and facilitate information flow between you and your account manager/team. In the long term, the analysis we develop will make it possible to give you as a client even more relevant feedback and points of improvement.
How can I be sure that my sensitive data remains secure at BDO?
At BDO we acknowledge the importance of data security. We have a continuous focus on securing our clients’ data and have established guidelines for these purposes. Click on the “Data security” tab for detailed information.
Who will have access to our data?
In the data warehouse your auditing team, database administrators and developers will be the only ones that have access to your data. The database administrators and developers are subject to the same confidentiality and use of client information rules as the auditing team. With legal basis in Section 5-2 of the Norwegian Auditors Act we will only gather information which is necessary for the execution of audit. BDO has developed routines for securing data and information. Click on the “Data security” tab for detailed information.
What kind of routines do BDO have to secure privacy?
Our initiatives on the area is regulated by BDO’s own privacy policy. In addition, you may find BDO’s data protection declaration describing what kind of personal data we process and how, published on our website.
Data protection is an important part of BDO’s deliveries and we attach the highest priority to protecting the integrity, accessibility and confidentiality of all personal data. Your auditing team, database administrators and developers will be the only ones that have access to your data in BDO’s data warehouse. All information that comes to our knowledge in the course of our work is subject to confidentiality restrictions.
If you have any questions or concerns regarding our privacy policy, you can always e-mail personvern@bdo.no.
Do we need to sign a data processing agreement?
The legal basis for processing personal data in connection with BDO’s audit services is based on Section 8 first paragraph of the Norwegian Personal Data Act, cf. Chapter 5 of the Norwegian Auditors Act. When BDO act as the auditor the audit services are covered by the Norwegian Auditors Act and BDO is considered as the data controller, meaning that there is no need to sign a data processing agreement for these purposes only.
What kind of resources do I need to have available to complete the integration?
The integration can be implemented by the one or those who have the appropriate access rights in the accounting system. The integration is easily done following the steps in our setup guide. You only need to do the integration process once, not every year.
For what purposes will you use our data?
With a standardized method of collecting and structuring data it will be structured in the same way every time, and we will be able to better perform data analysis. The audit will still be performed according to the Norwegian Auditors Act. Our clients are different, their core businesses and areas of risk varies, meaning that the analysis performed will vary between our clients.
What kind of data will BDO collect?
As an auditor we are required to collect the information we find necessary for the execution of audit. According to Section 5-2 of the Norwegian Auditors Act we have the right to access such information. We will only use the integration to collect the reports which we need to perform the audit and which the clients accounting system allows us to. This will for instance be balance sheets, general ledger, subledgers and other information related to the general ledger (for example user-ID, project-codes, entity-codes, billing information etc.).
The personal data we collect will include accounting system user-ID and payroll data.