pwc About this Chairman's Corporate Consolidated Financial Company Financial Report Foreword Management Report Appendices Governance Statements Statements Key audit matter Our audit work and observations We assessed the reasonableness of assumptions and interpretations of the SME framework by management in relation to their calculations by performing back testing procedures on the final settlements and offer letters send to customers before 31 December 2018 and comparing the results of the individual compensation offers to the original estimates of management. In addition we have sampled a number of individual files and reviewed for these files the compensation calculated and the accuracy of the input data used in the calculation. Based upon the procedures performed, we concur with the provision for SME interest rate derivatives accounted for by the Bank. We have assessed that the disclosures were sufficiently clear in highlighting the uncertainties and exposures of potential liabilities that exist. Our efforts relating to understanding, evaluating and testing the design and operating effectiveness of ITGCs focused on: Entity level controls over information technology in the IT-organisation, including IT-governance, IT- risk management and cyber security management; Management of access to programs and data, including user access to the network, access to and authorizations within applications, privileged access rights to applications, databases and operating systems and physical access to data centres. As the Bank uses automated tools to manage access rights we have evaluated the use of these tools. Governance over the strategic IT-transformation projects and assessment of the impact on our 2018 audit; Management of changes to applications and IT- infrastructure, including the change management process and the implementation of changes in the production systems using automated deploy mechanisms; and Computer Operations, including batch monitoring, back-up and recovery and incident management. Design and effectiveness oflT-General Controls IT-General Controls (ITGCs) are controls, implemented in IT-processes, ensuring the integrity and continuity of IT-programs and data. Effective ITGCs are conditional for reliance on automated controls in the Bank's operations, and in our audit approach. Deficiencies in IT general controls as such could have a pervasive impact across the Bank's internal control framework. In addition, the Bank has a number of long-term strategic regulatory and transformation projects, with important IT-components to continue to meet the high reporting standards and expectations from stakeholders relating to operating effectiveness, efficiency and data quality. Through the periods of change there is an increased risk that ITGCs are not operated as intended, Therefore, we identified the Bank's IT-General Controls as a key audit matter. We focused on the ITGCs to the extent relevant for the purpose of our audit of the financial statements. Most of these controls operated effectively. For certain controls, specifically relating to privileged access rights to a limitec number of systems and certain deployment mechanisms, remedial control actions were taken by management. Coöperatieve Rabobank UA. - EH44X5NCPJUJ-1288894667-935 Page 13 of 17

Rabobank Bronnenarchief

Annual Reports Rabobank | 2018 | | pagina 255