Report of Independent Registered Public Accounting Firm
To the Shareholders, the Supervisory Board and the Executive Board of ING Groep N.V.
We have audited ING Groep N.V.’s internal control over financial reporting as of 31 December 2007, based on criteria established in Internal Control - Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (the COSO criteria). ING Groep N.V.’s management is responsible for maintaining effective internal control over financial reporting, and for its assessment of the effectiveness of internal control over financial reporting included in the accompanying Report of the Executive Board on Internal Control Over Financial Reporting. Our responsibility is to express an opinion on the company’s internal control over financial reporting based on our audit.
We conducted our audit in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and evaluating the design and operating effectiveness of internal control based on the assessed risk, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.
A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly refl ect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorisations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the company’s assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
In our opinion, ING Groep N.V. maintained, in all material respects, effective internal control over financial reporting as of 31 December 2007, based on the COSO criteria.
We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), the consolidated balance sheet of ING Groep N.V. as of 31 December 2007, the consolidated profi t and loss account, consolidated statement of cash fl ows and consolidated statement of changes in equity for the year then ended. Our report dated 17 March 2008 expressed an unqualifi ed opinion thereon.