What does an ENSIA audit provide?
Municipalities must annually account for the state of affairs regarding information security. ENSIA stands for Uniform Standard Single Information Audit.
One of the goals of ENSIA is to reduce the audit burden for municipalities by replacing individual audits with a single audit. This relates to the so called vertical accountability of municipalities to national supervisors such as Logius. Another aim is to stimulate the horizontal accountability of the official organization to politics (city council). Qbit supports municipalities with ENSIA.
The design of an ENSIA audit
Our approach starts by assessing the results of a self-evaluation: Qbit looks whether a municipality is ready to carry out the formal ENSIA audit.
During the ENSIA audit itself, Qbit assesses the in control statement to issue an assurance report based on this. The ENSIA audit results in an assurance report with the in control statement. The audit is performed by qualified auditors (RE and/or CISA) according to Guideline 3000 of NOREA.
The benefits of an ENSIA audit by Qbit:
- Short intake, we do no more than necessary
- We support municipalities in interpreting the questions in the self-evaluation
- One audit party for all individual topics such as DigiD and SUWI
- Qbit shows how the annual audit is more than just an obligation