pwc
About this Chairman's Corporate Consolidated Financial Company Financial
Report Foreword Management Report Appendices Governance Statements Statements
Key audit matter
Our audit work and observations
We assessed the reasonableness of assumptions and
interpretations of the SME framework by management
in relation to their calculations by performing back
testing procedures on the final settlements and offer
letters send to customers before 31 December 2018 and
comparing the results of the individual compensation
offers to the original estimates of management. In
addition we have sampled a number of individual files
and reviewed for these files the compensation calculated
and the accuracy of the input data used in the
calculation. Based upon the procedures performed, we
concur with the provision for SME interest rate
derivatives accounted for by the Bank. We have assessed
that the disclosures were sufficiently clear in
highlighting the uncertainties and exposures of potential
liabilities that exist.
Our efforts relating to understanding, evaluating and
testing the design and operating effectiveness of ITGCs
focused on:
Entity level controls over information technology in
the IT-organisation, including IT-governance, IT-
risk management and cyber security management;
Management of access to programs and data,
including user access to the network, access to and
authorizations within applications, privileged access
rights to applications, databases and operating
systems and physical access to data centres. As the
Bank uses automated tools to manage access rights
we have evaluated the use of these tools.
Governance over the strategic IT-transformation
projects and assessment of the impact on our 2018
audit;
Management of changes to applications and IT-
infrastructure, including the change management
process and the implementation of changes in the
production systems using automated deploy
mechanisms; and
Computer Operations, including batch monitoring,
back-up and recovery and incident management.
Design and effectiveness oflT-General
Controls
IT-General Controls (ITGCs) are controls,
implemented in IT-processes, ensuring the integrity
and continuity of IT-programs and data. Effective
ITGCs are conditional for reliance on automated
controls in the Bank's operations, and in our audit
approach. Deficiencies in IT general controls as such
could have a pervasive impact across the Bank's
internal control framework.
In addition, the Bank has a number of long-term
strategic regulatory and transformation projects, with
important IT-components to continue to meet the high
reporting standards and expectations from
stakeholders relating to operating effectiveness,
efficiency and data quality. Through the periods of
change there is an increased risk that ITGCs are not
operated as intended,
Therefore, we identified the Bank's IT-General
Controls as a key audit matter.
We focused on the ITGCs to the extent relevant for the
purpose of our audit of the financial statements. Most of
these controls operated effectively. For certain controls,
specifically relating to privileged access rights to a limitec
number of systems and certain deployment mechanisms,
remedial control actions were taken by management.
Coöperatieve Rabobank UA. - EH44X5NCPJUJ-1288894667-935
Page 13 of 17
