Winson Woo FCPA had an interest in cybersecurity before it became a hot topic, and is passionate about fighting increasingly sophisticated cyberattacks on businesses.
You may imagine it would be the complexities of assisting large firms with their IT systems that would be the most daunting challenge for a 28-year-old technology auditor relocating from Hong Kong to South China.
Rather, it was the difficulties involved in learning perfect Mandarin that had Winson Woo FCPA on the ropes.
“Growing up in Hong Kong, I spoke Cantonese,” says Woo, now 42 and working as partner, advisory services at EY China. “In China, I not only had to speak Mandarin, but write reports in Chinese.
“My first meeting with a client was a disaster. I don’t think they understood anything I was trying to say.”
The young employee recruited a language tutor and, today, not only speaks Mandarin, Cantonese and English, but is also fluent in explaining the challenges of cybersecurity to clients including global leaders in consumer products, technology and internet businesses.
Graduating from the University of Hong Kong in 2000 with a master’s degree in computer science, Woo originally planned a career in IT.
“As a primary school student, I loved playing computer games and configuring my computer to maximise its performance,” he says. However, the dot.com bubble exploded and, instead, he started his career with EY.
It’s a move he has never regretted. “It provided me with a very clear career path, and the company has helped me to develop as a professional with knowledge on both technology and business.”
Woo was promoted to manager of the risk advisory team in 2005, then senior manager in 2008. In 2012, he made partner in advisory services, thanks to his achievements in growing the client base, as well as boosting revenue by double digits in China every year over a 10-year period.
“When I came to South China, cybersecurity was not a very hot subject,” Woo says. “I needed to develop the business portfolio related to risk advisory, including internal control and corporate governance, for organisations of all sizes in China, as well as in Hong Kong.
“Now, local compliance, lost data and system hacking are subjects everyone is talking about.”
Woo says that, today, successful organisations are likely to be confronted by a wave of attacks with varying levels of sophistication and that they can, and must, fight back.
“As some of these attacks will inevitably breach the organisation’s defences, the focus needs to be on how quickly and effectively they are dealt with.”
Woo is on call 24/7, as are some of his 100-plus consultants – up from five since 2006 – whose ongoing development he is responsible for.
With the rapid expansion of the sector, the challenge of retaining them is countered by what Woo describes as a very good inclusiveness and diversity culture.
“Many employees have been with us long term, as have many major clients.”
Naturally outgoing, Woo often conducts face-to- face meetings rather than relying on Skype or WeChat, and says: “For me, the highlight is the recognition you receive from a satisfied client.
“They are also happy to see a guy who understands their business, but can make recommendations in digital transformation, technology and cybersecurity.”
Woo’s FCPA qualification, completed in 2010 at the encouragement of his father and brother, who are both CPAs, has helped him to understand an enterprise’s culture, structure and processes.
Woo’s natural passion for digital technology and the fast adoption by Chinese consumers of high-tech payment options such as the e-wallet, make him optimistic about the future for EY in the cybersecurity domain.
One piece of advice
“Accountants need to understand new technology solutions and how they impact our business processes, business models and financial position.”
CPA Library resource:
Cybersecurity program development for business: the essential planning guide. Read now.