Skip to main content

Compliance & audit

Shillinq includes tools for demonstrating compliance with Dutch legal and regulatory requirements — from contractor classification (DBA) to information security auditing (ENSIA) and document retention policies.

DBA compliance (Wet DBA)

The Wet DBA (Deregulering Beoordeling Arbeidsrelaties) replaced the VAR in 2016. When working with self-employed contractors (ZZP-ers), organisations must assess whether the relationship constitutes employment.

Shillinq's DBA module covers:

  • Intake — initial assessment of each contractor engagement
  • Portfolio — overview of all active contractor engagements and their DBA risk rating
  • Evidence — upload and store model agreements (modelovereenkomsten) and supporting evidence
  • Modelovereenkomsten — manage the library of approved FNV/SNA model agreements

Go to DBA Compliance → Intake to start a new contractor assessment.

ENSIA

ENSIA (Eenduidige Normatiek Single Information Audit) is the mandatory annual self-assessment for municipalities covering information security (BIO/BIG) and specific system categories (DigiD, Suwinet, BAG, BGT, BRO, WOZ, BRP).

Shillinq's ENSIA module supports:

  • Cycles — the annual ENSIA cycle, with its assessment periods and deadlines
  • Evaluations — answers to each BIO control and system-specific question
  • Findings — non-conformities discovered during the assessment, with remediation tasks
  • Audit trail — evidence log for each control
  • College verklaring — the board declaration (collegebesluit) that must accompany the ENSIA submission

Go to Reporting & Compliance → ENSIA to manage your annual cycle.

Bewaartermijnen (data retention)

Dutch law specifies how long financial records must be kept:

Document typeRetention period
Fiscal records (invoices, ledger)7 years
Real estate records10 years
Personnel files5 years after leaving
Contracts5–20 years (depends on type)

Go to Reporting & Compliance → Bewaartermijnen to configure retention schedules and manage the destruction log (vernietigingsrapport).

Audit documents

The Audit documents page stores documents that must be available for external auditors — signed financial statements, management letters, internal audit reports, board minutes.

Compliance audit

The Compliance audit page provides a structured checklist view for internal compliance reviews. Track which controls have been tested, by whom, and with what result.

Bookkeeping audit trail

Shillinq maintains a complete audit trail of all changes to financial records:

  • Audit trail — every create, update, and delete with timestamp and user
  • Signing trail — electronic signatures on posted journal entries (required for advanced audit packs)
  • Destruction report — records of deliberate data destruction per retention schedule
  • Change history — who changed what and when, with before/after values
  • Compliance export — export the audit trail in formats required by Belastingdienst (e.g. for a tax audit)
  • Activity feed — real-time feed of all bookkeeping activity

Management letter

The Management letter section stores and tracks observations and recommendations from the external auditor, with a status per observation (open / in progress / resolved).

  • Year-end close — compliance checks are part of the year-end checklist
  • Public sector — ENSIA and BBV compliance are public-sector specific