1. Internal Audit 2016
Audit took place on at Raildata office in Basel
Participants: Edith Waldvogel, Raildata
Petr Červinka, CD Cargo Auditor Christian Kettmann, CFL Auditor

2. Raildata Audit 2016 Used / checked general documents:
Accounting procedure description (version )
Delegation of signatory powers (by UIC director general, July 2013)
Procedure of handling invoices ( )
Procedure of handling…of change request by IT supplier
Travel policy (refund of travel costs, )
RDx Members and Signature model (auth. signatures, )
Rules for detached & consulted people
Checked 2016 accounting documents:
Lists of expenses, incomes, contracts
Random check of some bills and invoices
Random check of some contracts
Bank account reports for start and end of the audit period 2

3. Raildata Audit 2016 Accounting procedure: In general OK
Recommendation from 2015 to store invoices as pdf is fulfilled, also new contracts will be stored in electronic form.
Important files are stored on external hard disc for redundancy.
We suggest to improve security at least with 2nd hard disc to be stored on another place (or with storage in cloud e.g. at Lusis)
Annual report:
Done by Cofime, we get also in electronic form
Report for 2015 is stored on our web site
Report for 2016 is not completed yet 3

4. Raildata Audit 2016 Procedures (contracts, handling of invoices etc.):
Minor changes requested by last audit are done
Wording needs be updated as RD has chairmen, not presidents
We suggest to include also rules for services for 3° parties (like CoReDa, ATTI or eRF)
2nd paragraph needs be changed: invoices should be signed by always two persons, but not always same.
We suggest to define specific sigrnature rules for the four types: General, ISR, ORFEUS, Services for 3° parties.
For ISR and ORFEUS we suggest assembly chairman is one of the person to sign invoices and contracts.
For services for 3° parties we suggest to nominate a project leader, which name will be given on dedicated project sheet and signature model. He/she will co-sign invoices and contracts. 4

5. Raildata Audit 2016
Procedure of handling, acceptance and delivery of Change request by IT supplier:
Designed for services of LUSIS only
Mixture of internal RD rules and conditions for LUSIS
Changes requested last year were done
List of contracts:
Generally OK
Contracts are available (random checked)
Some (old) contracts are not in English
RD has no employment contracts
Content of the old detachment „contracts“ is vague
Poor rights of RD in case of long term absence 5

6. Raildata Audit 2016 Staff management:
Procedure for (future) staff management, required by Audit 2014 was not defined (not clear what it should be).
But overview of conditions (working hours, maximum yearly hours/ costs, holidays, travel cost option) per staff member was created.
Conditions vary per original company or per consultancy contract.
Good evidence of work is through monthly sheets from each person (also hours split per project). 6

7. Raildata Audit 2016 Travel procedure: Requested by audit of year 2014
New rules defined, valid from 15th June 2015
Two options for choose by staff:
a) refunds based on UIC daily rates (valid since )
b) refunds of real costs with some limits
We suggest:
To add description how travel duration is calculated in fix price option
To allow purchases of travel tickets (e.g. airline tickets) also to other people than by EW.
We did random check of some travels, no issues found. 7

8. Raildata Audit 2016 Invoices:
A number of randomly chosen incoming invoices was checked.
The checked incoming invoices were coherent with internal and financial regulations (entry no, check against contract/contents, signed by chairman and vice-chairman…)
Outgoing invoices are signed by chairman and one more person
More general issue was detected: many items and services are purchased by individual staff members on their behalf and money, and reimbursed by RD. It means legally they are owners or contractors (e.g. printer and DNS contract).
One of the reason is lack of credit card, other reason is that we are French company in Switzerland.
We suggest to get company credit card to pay these costs directly.
If possible bills and invoices should be addressed to RD. 8

9. Raildata Audit 2016 Accounts:
Access to bank account is limited to RD authorized persons
All payments done via cheques or bank transfers
No credit cards in use and no cash reserve kept
Status of bank account on (end of booking for 2015): ,6 € (88 972,6 € at account plus € deposit)
Status of bank account on (end of booking for 2016):
739660,15 € ( ,15 € at account plus € deposit)
Result was explained /proofed by coherent calculation and according to invoicing/bills. 9

10. Raildata Audit 2016 Bank account + incomes - expenses check:
bank report:
common
ISR
ORFEUS
total
start:
,60
228753,2
245219,9
214999,5
688972,6
incomes
458938,82
502178
231001
,82
expenses:
476817,7
463606,28
201006,3
,27
end:
739660,15
210874,32
283791,62
244994,2 10

11. Raildata Audit 2016 Pending Member fees payments:
ZS did not pay 2015 fee € yet
ZS also did not pay 2016 fee € yet
Credit € from 2013 and 2014 may deducted
ZS should pay €, credit is €, pending amount is €
RD sent several messages/ letters to ZS
ZS asked (2nd Feb 2016) to terminate membership.
Formally they were members until end 2016.
ZS never used any RD system.
Proposal: consider € as loss with no further action. 11

12. Raildata Audit 2016
Some invoices not yet received due to different reasons:
€ from 2014 (SNCF, UIC/student)
SNCF invoices can be ignored after end of 2017
€ from 2015 (RNE, UIC/student)
€ from 2016 (DBC-Gutbrod, LUSIS-web ISR/ORF.)
We still expect incomes:
9 155,1 € from UIC for eRailFreight:
About € from Abendrot for energies over-payment 12

13. Books are kept well Accounts are kept well Raildata Audit 2016
Overall situation:
Procedures are described and could be explained
All demanded documents could be found immediately and explained
Financial procedures are described in “Accounting procedure”
Books seem be coherent to rules and invoices or bills
Bank account saldo at the end of the “budget” year is coherent with invoicing / payment status
Results:
Books are kept well
Accounts are kept well 13

14. Raildata Audit 2016 Remarks / Recommendations
Remarks / Recommendations
Security of electronic documents storage should be increased
Procedures should be extended for services for 3rd parties
Signature rules for contracts, invoices need be reviewed (to involve assembly chairman and 3rd party project leaders)
General staff management procedure, requested by audit 2014 could not be defined, other topics were covered.
We suggest little changes in travel policy.
We propose to acquire debit card to RD and pay on line services and low value purchases with this card, with RD as the client/purchaser.
Consider pending payment € from ZS as loss with no further action.
Next internal audit: March 2018, CFL and ??? 14