Frequently Asked Questions about FAR, Surveys and Data

General questions

Q: Why is my participation in this survey important?

A: We have the ambition to move the audit profession forward and actively contribute to evidence-based policy making. Only with enough and high-quality input from audit practitioners themselves, i.e. from you, we can answer important research questions about auditing and potential improvements that really work. Thank you for your contribution!

Q: How are (survey) participants for research projects selected?

A: A central selection is performed based by the FAR Liaison (primary contact) of your audit firm based on the sample criteria formulated by the research team. The research team does therefore not know your identity and your employer does not know your answers. After a review on the absence of identifying information by a FAR employee, your answers are provided directly to the research team on a secured research environment.

Q: How is confidentiality safeguarded?

A: Your answers will be kept completely confidential. Please note that the research team does not know and will not be able to know your identity. Nor will your audit firm be able to see your responses. Only the research team involved will be able to analyze the anonymized data on an aggregated level.

We use Unique Anonymized IDs to safeguard your full anonymity through FAR’s trusted service provider CentERdata. Your answers on survey questions will remain confidential, they will be stored on a separate research environment. FAR issued an assurance report on the appropriate design, implementation, and operating effectiveness of its data gathering and information security controls (ISAE 3000 type II assurance report). This report is intended only for FAR, CentERdata and the affiliated audit firms who have a sufficient understanding of the process and the context. Therefore, the ISAE 3000 assurance report is available with the FAR Liaison of your firm. For more details see our website.

Q: What is the goal of this survey?

A: Good question! We love to discuss our research projects, but to obtain as honest and unbiased answers as possible, we try not to influence you too much about the research project and its research question. Please answer each item as truthfully as possible. Keep in mind there are no right or wrong answers. Do not spend too much time thinking over any one item.

For a short description of the research project and other FAR projects, please consult the project section on our website.

To receive updates relating to this and other research projects such as practice notes, literature reviews, podcasts, masterclasses and (working) papers, please subscribe to our newsletter (bottom right).

If you are interested in auditing research performed by FAR affiliated researchers, please subscribe to our podcast series FARview:
https://www.youtube.com/channel/UCPI1mrxz1gaPpZjaGaqVjZg
https://podcasts.apple.com/nl/podcast/farview/id1500587172
https://soundcloud.com/auditingresearch

Q: When will I receive feedback regarding the results of this survey? 

A: The affiliated audit firms, FAR and the research teams have entered into agreements to keep all answers confidential. Therefore, we cannot provide personal feedback. General feedback about the findings will be given in the regular FAR updates, research papers of the research team and masterclasses of the research team. We present research findings at our research conferences, masterclasses and strive to present research results in training sessions in your firm.

Q: Who is the Foundation for Auditing Research?

A: The Foundation for Auditing Research, established in Amsterdam on 20 October 2015 following recommendation 5.10 of the Dutch audit profession’s improvement plans (‘In the public interest’) of September 2014, aims to scientifically inform the auditing profession in its continuous development and improvement of audit quality. The Foundation for Auditing Research is a unique collaboration between science and practice, conducting relevant and rigorous academic research into the drivers of audit quality. We therefore work together with and have the explicit support for our research projects from the affiliated audit firms and the Dutch audit profession.

The mission of FAR is to structurally contribute to the learning capabilities and sustainable development in the broadest sense of auditor organizations, the audit profession, the audit education and the audit research community in the Netherlands. It does so through opening the “black box” of auditing by providing research with access to funding and data of the affiliated audit firms. By applying specific protocols and established methods geared towards working with confidential data, the affiliated audit firms and departments provide FAR access to research data including research subjects needed for the research projects defined.

Q: Who is CentERdata?

A: Stichting CentERdata is FAR’s trusted service provider for data handling and management. CentERdata implements and maintains the necessary technical and organizational measures to safeguard confidentiality and your anonymity, secure the data against unauthorized- access, disclosure or modification and theft, as well as (accidental) loss, destruction, damage, modification and the like. These measures aim to safeguard an appropriate security level, allowing for the risk that the processing and the nature of the data to be protected bring about. For more details see our website.

Confidentiality

Q: How anonymous is the survey?

A: An essential element of the research data processing process is to ensure that the data is de-personalized, transformed, and that data cannot be identified with the auditor, the audited client, the audit firm, or its personnel. The FAR processes are based on the principles of privacy by design and privacy by default.

Q: Who within the firm will be able to see my answers? Why?

A: Nobody of your firm will be able to see your responses, nor will they know your identity.

Only the research team involved will be able to analyze the anonymized data on an aggregated level. This is important as to get as honest answers as possible and to create a safe environment to speak about your experiences. All data (after anonymization and transformation) are only available in FAR’s secure information environment, so the research team does not have direct access to the data on their local computer, but only in the separated and secured research environment.

Q: What guarantee do I have that the information provided by me will not be seen by others within my company? Or will not be made available to others?

A: Good question, you must be an auditor, good job! Please refer to our ISAE 3000 type II assurance report which is audited by BDO and is available at your FAR Liaison: ISAE 3000 type II report.

Q: Will the researchers be able to trace back my answers to me? / Can my answers be traced back to me?

A: No, the researchers will only get access to anonymized and transformed information. Researchers will only be able to analyze the anonymized data on an aggregated level. The researchers do not have any interest in identifying you, they are only interested in the outcome to the research question. Furthermore, all personnel involved at CentERdata, FAR and the research team is under a strict non-disclosure agreement. All data (after anonymization and transformation) are only available in FAR’s secure information environment, so the research team does not have direct access to the data on their local computer.

Q: Who will have access to the answers I will provide?

A: The research team gets access to the anonymized answers you provide after CentERdata and FAR performed a confidentiality check to safeguard that the data does not hold identifying information. All identifying information is removed / replaced before any data is provided to the research team. This check on identifying information is performed by designated central key personnel of CentERdata and FAR. No personal information whatsoever will be provided. All data (after anonymization and transformation) are only available in FAR’s secure information environment, so the research team does not have direct access to the data on their local computer.

Q: What guarantee do I have that only FAR employees and researchers connected to FAR will be able to use the data from this survey?

A: The data are in FAR’s separated secured research environment. This environment has strict data access policies, all personnel involved have signed NDA’s, CentERdata personnel all have certificates of good conduct (VOG’s) and access rights are reviewed quarterly by FAR’s management. The research the environment has been subject of several voluntary pen-tests and part of the research infrastructure is subjected to a voluntary pen-test every year. Please refer to our ISAE 3000 type II assurance report which is audited by BDO and is available at your FAR Liaison if you should have further questions.

Q: What type of analysis/analyses will be performed based on the answers I provide in the survey? / How will my answers be used?

A: This depends on the research question of the project. For the most part data will be analyzed on an aggregated level such as an audit team, office, firm, or profession as a whole. Researchers will only receive Unique Anonymized IDs to safeguard your full anonymity through FAR’s trusted service provider CentERdata.

Q: I have received a personal reminder e-mail, does this mean my personal information is known to the researchers?

A: No. There is a strict segregation of duties between the research team, the audit firm, FAR and CentERdata. CentERdata is the intermediate party to ensure data confidentiality, so only CentERdata has the e-mail address for the purpose of distributing the survey only. Not even the FAR team has your e-mail address. FAR and the research team will only have access to fully anonymized respondents’ IDs that cannot be traced back to any individual. Nor will anybody else but the researchers and designated FAR staff be able to see any responses or research data.

Q: How will personal information be kept confidential?

A: By anonymization: The anonymization of the CentERdata Anonymization Tool results in a non-traceable hash key for every entered variable. Furthermore, all data is reviewed by FAR and CentERdata on confidentiality before any data is placed on the research environment where the research team can access the data. FAR has European Privacy Guideline (GDPR) guided DPA’s in place with all relevant parties in the data processing process.

Q: Who is funding this survey?

A: All FAR research projects are co-funded by academic institutions (universities) and the affiliated audit firms. FAR, CentERdata, the researchers and the affiliated audit firms in their collaboration with FAR comply with the Dutch scientific code of conduct (VSNU).

In addition to that, FAR received generous financial support from Stichting Accountantsfonds (donor).

For a list of affiliated audit firms and donors refer to: https://foundationforauditingresearch.org/en/governance-and-organization/affiliated-firms-and-donors/

Data security

Q: What assurance do I have that the data is stored safely?

A: Good question, you must be an auditor, good job! Please refer to our ISAE 3000 type II assurance report which is audited by BDO and is available at your FAR Liaison.

Q: How will my information be protected? / How do I know my information is safe?

A: All parties involved entered into Data Processing Agreements. In this agreement we agreed to treat all data in line with data protection laws and regulations, e.g., for safeguarding a legitimate and correct processing of personal data (i.e. data privacy). Key for these measures is that all data processing will be conform ISO 27001 and all data processing, except for the research results, will take place on secured CentERdata virtual servers at the Dutch ISO 9001 and ISO 27001 certified cloud service provider. All virtual servers involved will be solely used for FAR purposes and will only be accessible by authorized FAR approved CentERdata personnel.

We have several (internal) controls in place to ensure data protection. One of those is that we subject a part of the research environment to an ethical hack (pen-test) to discover vulnerabilities yearly. For further information, please refer to: Please refer to our ISAE 3000 type II assurance report which is audited by BDO and is available at your FAR Liaison.

Q: What assurance do I have that the anonymization procedure regarding my personal information is performed correctly?

A: We love assurance too! For that reason, we performed several tests of the CentERdata Anonymization Tool together with affiliated audit firms and external (data security) experts.

Furthermore, we review the data on identifying information before the researchers team get access to this on the secured sever environment, from which they cannot download or copy the data. In addition to that we subject a part of the research environment to an ethical hack at least once a year. To provide you and the affiliated audit firms with assurance that we comply with these procedures, we prepared an ISAE 3000 type II assurance report audit, which is audited by BDO and is available at your FAR Liaison.

Practical information

Q: I was not involved in the (audit) engagement the survey is referring to.

A: When this is the case, please contact the CentERdata contact mentioned in the invitation/reminder e-mail and ask to be removed from the mailing list for this project due to this reason.

Q: I cannot find my login credentials to the secured survey environment. Can you help me?

A: Please contact the CentERdata employee mentioned in the invitation/reminder e-mail, he/she will provide you with new credentials.

Q: Can I save an active survey to complete it later?

A: Yes, the survey system automatically saves your progress.

Q: How personal is my personal invitation link to the survey?

A: It is important that only you use the link in the invitation. These links should thus not be shared as to secure personal confidentiality and ensure that the right people fill in the right survey

Unable to find an answer here?

Q: Who can I contact if I have questions that are not addressed in this Q&A?
A: Our general e-mail address is: info@foundationforauditingresearch.org