ING Corporate Audit Services (CAS) is ING’s internal audit group, with around 520 employees worldwide. CAS reports to the Executive Board and Audit Committee and is present at meetings of the Audit Committee.

CAS’ mission is to provide an independent assessment of the design and effectiveness of internal controls over the risks to ING’s business performance. In carrying out this work CAS will provide specific recommendations for improving the governance, risk & control framework. The CAS Charter defines its roles and responsibilities, and includes 5 Core Values that underpin its work: Independence, Global perspective, Solution oriented, Quality and Partnership. The scope of the risk assessment and reporting covers significant current and emerging risks, amongst others in the following areas:

• ING’s governance framework;
• Risk management and regulatory compliance processes; and
• Internal control systems (e.g. in finance, operations, IT and compliance).

CAS reports on a quarterly basis to the Executive Board and Audit Committee on the key findings resulting from executed audits. CAS summarises internal audit activities and key risks issues, and provides a status report on the delivery of the audit plan.

The external auditor performs the audit on the consolidated financial statements of ING Groep N.V. and the statutory financial statements of ING's subsidiaries. In this role, the external auditor attends meetings of the Audit Committee and is present during the annual General Meeting.

The 2008 annual General Meeting (AGM) of ING Groep N.V. appointed Ernst & Young Accountants as the sole auditor of the company and all of its subsidiaries for the financial years 2008 to 2011. Based on an assessment made by the Audit Committee, the Supervisory Board will make recommendations to the AGM once every four years as to the appointment of the external auditor.

The Sarbanes-Oxley Act states that listed companies must have a policy governing the independence of its external auditor. By means of the ING Group Policy on External Auditors’ Independence, ING Group wishes to avoid the auditor providing services that:

• create mutual or conflicting interests between the auditor and ING Group;
• place the auditor in the position of auditing its own work;
• result in the auditor functioning in the role of management or employee of ING Group;
• place the auditor in the position of serving in an advocacy role for ING Group.

The Audit Committee is required to separately pre-approve the types of audit, audit-related, tax and other services to be performed by the auditor in order to assure that the performance of such services would not impair the auditors' independence from ING Group. ING’s policy requires the auditor to provide the Audit Committee with a full overview of all services provided to ING Group, including related fees and supported by sufficiently detailed information. This overview will be evaluated quarterly by the Audit Committee.

ING Group Policy on External Auditors’ Independence (pdf)