Understanding the entity and its environment

Understanding the entity and its environment

Understanding the entity and its environment

Auditors acquire an understanding of the entity so as to have a frame of reference within which to plan and perform the audit and to exercise sound professional judgment.
Compliance audit Financial audit
Planning
Ref: 14.120

Instructions

The entity's business

The auditor's understanding of the entity and its operations should focus on those elements necessary to help reach a conclusion about the audit objectives. Typically, (s)he needs to acquire an understanding of the following:
  • Legal framework - legal basis for the activity and relevant parts of the Financial Regulation and other rules and regulations.
  • General organisation and governance of the activity/audited entity, including operational structure, resources and management arrangements.
  • Business processes - the policy concerned, objectives and strategies, locations, and types/volume/values of programmes/projects.
  • Business risks related to the entity's objectives and strategies that may result in material deviations. This includes an understanding of the entity's related party relationships and transactions (e.g. obtain from management the names of related parties, the nature of the relationships, and any transactions entered into with such parties during the period).
  • Dependence on IT systems and IT related risks
  • Performance measures – an understanding of such measures (e.g. performance indicators, variance analysis) allows the auditor to consider whether pressures to achieve performance targets may result in management actions that increase the risk of material misstatement or irregularity.

Applicable management method

While according to the Treaty (TFEU) the Commission is responsible for overall implementation of the budget, the Financial Regulation provides for three different management methods for budget implementation. Each method involves a different allocation of roles and responsibilities for the implementation of the budget, which should be taken into account when planning, undertaking and reporting on an audit.

Specific instructions per type of audit

Compliance audit
Financial audit
Understanding the entity's laws and regulations Understanding the framework of laws and regulations and using this information appropriately will assist the auditor in identifying potential material deviations. This understanding then helps the auditor to determine whether the inherent risk is to be classified as high or not high, for use in the Assurance model, and in deciding upon the nature, timing and extent of audit procedures to be performed. The regulatory framework which the auditor considers when obtaining a knowledge of the auditee's activities and identifying relevant laws and regulations applicable to the auditee's activities will include the relevant parts of:
  • the TFEU ;
  • the Financial Regulation and internal financial rules of each institution (e.g. Commission internal financial rules):
  • the basic legislation establishing the policy, programme or activity;
  • rules or regulations established in accordance with that basic legislation.

  • The auditor's understanding includes knowledge of the reasons for the legislation and its objectives, as this will aid his/her understanding of any secondary legislation or subsidiary regulations. The extent of the auditor's work on obtaining a sufficient understanding of the legal and regulatory framework will depend on the nature and complexity of the laws and regulations. However, the auditor only needs to understand the parts of the legislation that are relevant to the particular audit task. In all cases, the audited entity retains the responsibility for ensuring compliance with applicable laws and regulations; this includes ensuring that legislation and regulations are appropriately reflected at all stages through to operational guidance. In complex regulatory environments, the auditor considers the translation of laws and regulations into relevant rules and procedures, and may seek written representations from management in this regard; however, such representations constitute weak audit evidence, and need to be reviewed critically. Ultimately, the auditor's conclusion should be based on evidence of compliance with the appropriate laws and regulations and the contractual framework, rather than on evidence of compliance with the entity's understanding of the framework. Where the auditor is uncertain whether legislation has been properly interpreted and the effect could be material, it may be necessary to seek a legal advice. If the laws and regulations do not change from year to year, the auditor may already have sufficient knowledge from previous audits.  
    Last Modified: 04/11/2021 11:33   Tags: