Information about our auditors
ING Corporate Audit Services (CAS) is ING’s internal audit group, with around 340 employees worldwide. CAS services ING Bank and ING Group and reports to the Executive Board and the Audit Committee and is present at meetings of the Audit Committee.
CAS’ mission, its scope of work, its authority and responsibilities are laid down in the Internal Audit Charter, which is endorsed by the CEO/Executive Board and approved by the Audit Committee. CAS’ mission is to provide an independent assessment of the design and effectiveness of internal controls over the risks to ING’s business performance. In carrying out this work CAS provides specific recommendations for improving the governance, risk and control framework. CAS’ Charter defines its roles and responsibilities, and includes 5 Core Values that underpin its work: Independence, Global perspective, Solution oriented, Quality and Partnership. The scope of the risk assessment and reporting covers significant current and emerging risks, amongst others in the following areas:
- ING’s governance framework;
- Risk management, including Product Approval and Review Process;
- Internal control systems (e.g. in finance, operations, IT and compliance); and
- Regulatory compliance processes.
The budget for the operations of CAS is approved by the Audit Committee on an annual basis. CAS’ annual risk based audit plans for ING Bank and ING Group are reviewed by the Executive/Management Board and approved by the Audit Committee. CAS also initiates periodic exchange of its risk analysis and audit planning results with the external auditor.
CAS submits periodic reports, with key performance indicators (including audit plan realisation and implementation of recommendations) to the Audit Committee and Executive Board/Management Board. This includes an annual report on the adequacy and effectiveness of ING’s systems of control, which comprises a summary of internal audit activity results and key issues.
CAS is subject to an independent quality review at least every five years. In 2013, qualified reviewers of the Institute of Internal Auditors organisation (IIA) confirmed that CAS performs its activities in conformance with the IIA standards
The external auditor performs the audit on the consolidated financial statements of ING Groep N.V. and ING Bank N.V. and the statutory financial statements of their subsidiaries. In this role, the external auditor attends meetings of the Audit Committee and is present during the annual General Meeting of Shareholders (AGM).
As part of the audit engagement, the external auditor issues a management letter to the Executive Board, the Management Board Banking and the Audit Committee, in which (potential) improvements in the adequacy and effectiveness of the governance, risk and control framework are being recommended.
Based on the legally required rotation of auditors, the annual General Meeting held on 11 May 2015, appointed KPMG as the external audit firm for ING Group for the audit of the annual accounts for the financial years 2016 through 2019.
The Supervisory Board will make recommendations to the AGM at least once every four years as to the appointment of the external auditor, based on an assessment made by the Audit Committee.
External auditor Independence policy
The Sarbanes-Oxley Act states that listed companies must have a policy governing the independence of its external auditor. By means of the ING Group Policy on External Auditors’ Independence, ING Group wishes to avoid the auditor providing services that:
- create mutual or conflicting interests between the auditor and ING Group;
- place the auditor in the position of auditing its own work;
- result in the auditor functioning in the role of management or employee of ING Group;
- place the auditor in the position of serving in an advocacy role for ING Group
The Audit Committee is required to separately pre-approve the types of audit, audit-related, tax and other services to be performed by the auditor in order to assure that the performance of such services would not impair the auditors' independence from ING Group. ING’s policy requires the auditor to provide the Audit Committee with a full overview of all services provided to ING Group, including related fees and supported by sufficiently detailed information. This overview will be evaluated quarterly by the Audit Committee.