The company monitors its internal controls through a systematic approach to risk assessment and internal audit. The Business Assurance team assists in the independent review of the company's risk management controls. The VP of Business Assurance reports functionally to the Audit Committee and administratively to the CFO. During 2014, the VP of Business Assurance reported each quarter to the Audit Committee.
The internal audit programme covers key business processes, subsidiary office reviews, the auditing of major ICT projects before go live and special requests. Working with management, Internal Audit selects the areas of the business to be audited during the year. Members of the Audit Committee and Management Board may at any time request Internal Audit to carry out an internal audit or special consulting service.
The Internal Audit Plan for 2014 – 2016 was developed by the Business Assurance team working with Management. A top-down approach was used, taking into consideration the key risk areas of the business as well as the geographical spread of our offices and the core activities performed there. The external auditors provided their input to the Internal Audit Plan. The Audit Committee reviewed and approved the final Internal Audit Plan 2014 – 2016.