42 (137) 2020
Download PDF-version


From auditing the books to monitoring cybersecurity and IT risk

By Joanna Bańkowska, President of BDO Technology Warsaw
Header dsc 0031v2


Our company is a part of BDO; the parent company’s main activity is financial audit. It’s been present on the Polish market for over 20 years; last year it came fourth in the ranking of financial audit companies in Poland.

The BDO group includes a law firm and outsourced services for accounting, as well as a unit that improves industrial processes. BDO Technology is the youngest child in the group, and deals with cyber security and digital transformation. We help business develop and implement security policy and business continuity plans; we check organisational resilience – including protection against cyberattacks – and we deliver training.

Because the Act on Statutory Auditors doesn’t allow a company to perform other services for the benefit of the audited organisation during the course of a financial audit, companies in the group cannot act together. This would violate the principle of impartiality. And we have a completely different specificity. However, we are united by brand and the highest possible quality of services.

We operate in many demanding areas, including digital transformation, cyber security, IT security, personal data protection and risk management. All this contributes to the audit. And here the optimal operation at the very beginning is the ‘gap analysis’. When we start work for a client, we check the company’s nervous system – its IT systems; for without IT there’s no business. After such an initial review, we issue recommendations. The priority is to search for compliance with global standards and to consider how together we can fill in the gaps optimally. But we are not inspecting and looking for non-conformity; rather, we are showing areas for improvement.

One thing you have to remember – you cannot protect against ill-will and always the weakest link will be the human being. Statistics are absolute, most of the activities against the company such as hacker attacks take place from within the organisation.

A tipping point at which everybody in management suddenly paid attention to cyber security was the introduction of the GDPR regulations on 25 May 2018. During the implementation process, some companies limited themselves to just the legal aspects, but there are also many that have done much more, for example, improving their IT systems, which are an integral part of data processing, as well as of the whole business.

Among the most interesting challenges and achievements of BDO Technology was a comprehensive long-term and multi-stage project concerning cryptocurrency with a Katowice-based company called Bitbay. It includes a description of business processes, risk analysis, implementation of information security policy elements and anti-corruption elements. Bitbay developed from a small company into a huge team with its own building and biometric access.

Another interesting project was a five-month-long security audit of a municipal water company in a major Polish city, improving its HR security, business continuity, crisis management and IT security. The GDPR audit at the Polish Academy of Sciences also turned out to be very positive. It is a highly computerised scientific and research unit with outstanding specialists. Many people think that we do the same thing all the time – not the case. We regularly go into the new industries and surroundings, and it is this which makes each project different and interesting.

This year we will direct to the market a new catalogue of training courses, including Agile (innovative training on project management) and training in an area of which there can by its very nature never be enough competence and knowledge – cyber security. It’s a good time to carry out training. For our customers, we plan new training projects, which consist of sharing valuable knowledge and upskilling people. The organisation is people, the greatest value of any company. All organisations implement their goals with the support of technology and talking about digital transformation, we often talk about using tools – cloud or artificial intelligence, but we have to remember that without human intervention, it will not happen. Digital transformation has a positive impact on companies, but it is necessary to prepare properly, understand and act in a planned way. The overriding goal is to prepare the company and its employees for the upcoming unavoidable challenges and changes. However, we do not look for problems, but we prepare companies in such a way that these changes become an opportunity for them.

More in Digitalisation:

How digitalisation will boost the customer experience

By Rafał Górski, Automation & Rapid Solutions Lead, and Konrad Gaponiuk, Senior Consultant, Business Advisory KPMG in Poland.


In a highly competitive market, companies are trying to understand why customers prefer certain brands, staying loyal to them and recommend them – especially when products or services of different brands are comparable.

Silent cyber

By Willis Towers Watson Polska


The concept of ‘silent cyber’ presents a number of problems for the insurance market, but arguably the most significant one is that of risk accumulation. Risk accumulation for cyber as a line of business is already an issue for insurers and reinsurers. However, it is potentially dwarfed by that of cyber as a peril across multiple lines.

Glocalisation – a niche for growth

by Guy Leclercq, CEO of Deveho Consulting Group


Deveho Consulting Group is a Sage certified partner, integrating Sage’s X3 enterprise resource planning (ERP) platform. Founded in France in 2009, the firm has grown into a business that distributes the Sage solution in the cloud. Its particular specialisation is in cross-jurisdiction implementations.

eCommerce and ERP – made for one another

A new generation of consumers is entering the market – the ‘hypermedia generation’ for whom eCommerce is a native purchasing environment. They like to have a choice, and that goes for the transaction model as well.