Understanding the entity and its environment
Show/hide Sharepoint toolbar
Toggle navigation
Menu
Home
General
Currently selected
Compliance
Concepts
Planning
Examination
Reporting
Financial
Concepts
Planning
Examination
Reporting
Performance
Concepts
Planning
Examination
Reporting
More
Review
Opinion
Tools
How To ?
Page index
Resources
Terms
It looks like your browser does not have JavaScript enabled. Please turn on JavaScript and try again.
Understanding the entity and its environment
Understanding the entity and its environment
Auditors acquire an understanding of the entity so as to have a frame of reference within which to plan and perform the audit and to exercise sound professional judgment.
Compliance audit
Financial audit
Planning
Ref: 14.120
Page Content
Instructions
The entity's business
The auditor's understanding of the entity and its operations should focus on those elements necessary to help reach a conclusion about the audit objectives. Typically, (s)he needs to acquire an understanding of the following:
Legal framework
- legal basis for the activity and relevant parts of the Financial Regulation and other rules and regulations.
General organisation and governance
of the activity/audited entity, including operational structure, resources and management arrangements.
Business processes
- the policy concerned, objectives and strategies, locations, and types/volume/values of programmes/projects.
Business risks
related to the entity's objectives and strategies that may result in material deviations. This includes an understanding of the entity's related party relationships and transactions (e.g. obtain from management the names of related parties, the nature of the relationships, and any transactions entered into with such parties during the period).
Dependence on IT systems and
IT related risks
Performance measures –
an understanding of such measures (e.g. performance indicators, variance analysis) allows the auditor to consider whether pressures to achieve performance targets may result in management actions that increase the risk of material misstatement or irregularity.
Applicable management method
While according to the
Treaty (TFEU)
the Commission is responsible for overall implementation of the budget, the
Financial Regulation
provides for three different
management methods for budget implementation
. Each method involves a different allocation of roles and responsibilities for the implementation of the budget, which should be taken into account when planning, undertaking and reporting on an audit.
Specific instructions per type of audit
Compliance audit
Financial audit
Understanding the entity's laws and regulations
Understanding the framework of laws and regulations and using this information appropriately will assist the auditor in identifying potential material deviations. This understanding then helps the auditor to determine whether the inherent risk is to be classified as high or not high, for use in the
Assurance model
, and in deciding upon the nature, timing and extent of audit procedures to be performed.
The regulatory framework which the auditor considers when obtaining a knowledge of the auditee's activities and identifying relevant laws and regulations applicable to the auditee's activities will include the relevant parts of:
the
TFEU
;
the
Financial Regulation
and internal financial rules of each institution (e.g. Commission internal financial rules):
the basic legislation establishing the policy, programme or activity;
rules or regulations established in accordance with that basic legislation.
The auditor's understanding includes knowledge of the reasons for the legislation and its objectives, as this will aid his/her understanding of any secondary legislation or subsidiary regulations.
The extent of the auditor's work on obtaining a sufficient understanding of the legal and regulatory framework will depend on the nature and complexity of the laws and regulations. However, the auditor only needs to understand the parts of the legislation that are relevant
to the particular audit task. In all cases, the audited entity retains the responsibility for ensuring compliance with applicable laws and regulations; this includes ensuring that legislation and regulations are appropriately reflected at all stages through to operational guidance.
In complex regulatory environments, the auditor considers the translation of laws and regulations into relevant rules and procedures, and may seek written representations from management in this regard; however, such representations constitute weak audit evidence, and need to be reviewed critically. Ultimately, the auditor's conclusion should be based on evidence of compliance with the appropriate laws and regulations and the contractual framework, rather than on evidence of compliance with the entity's understanding of the framework.
Where the auditor is uncertain whether legislation has been properly interpreted and the effect could be material, it may be necessary to seek a legal advice.
If the laws and regulations do not change from year to year, the auditor may already have sufficient knowledge from previous audits.
Related documents
Standards
ISA 315
Rules
Art 317 TFEU
Art 62 FR
Instructions
The entity's business
Applicable management method
Specific instructions per type of audit
Last Modified
: 04/11/2021 11:33
Tags
:
‹
›
×