[section separator="true"]
[section-item 9]
[row]
[column 12]
[toc-this]
Principles
The auditor may use the work of another auditor or internal audit as follows:
- at the planning phase, reports prepared by others can provide information that warns the auditor of potential weaknesses in systems of control or of a history of serious errors that have arisen in the audit field. The auditor should consider the independence, objectivity and competence of such parties; whether their objectives and methods coincide with those of the audit; and whether their conclusions were based upon sufficient appropriate evidence;
- during the examination phase, the work of others can be used to provide a part of the audit evidence deemed necessary to achieve the audit objectives, thus reducing the amount of work undertaken by ECA. The overriding principle is that, if intending to rely on the work of others, the auditor should ensure that such work provides sufficient, appropriate and cost-effective evidence for the purposes of the audit;
- the reports of others can also help to corroborate the auditor's findings or conclusions, or to cast doubt upon them. In the latter case, the auditor should investigate the discrepancy; satisfy him/herself of the audit evidence which (s)he has obtained; reconsider whether his/her analysis and interpretation of the audit evidence was reasonable, and clearly document such discrepancies that remain.
Definitions
Other auditors
In general, "other auditors" means a public or private auditor called upon to express a professional opinion about systems, transactions, and/or accounts. ECA distinguishes between two categories of such auditors:
1. Those obliged by EU legislation (regulatory or contractual obligation) to present their audit opinion. These form an integral part of the internal control systems and should be audited as such. An absence of such audits, or deficiencies in relation to the work of such other auditors are considered as weaknesses in the internal control system and reported as such.
Other auditors as part of the internal control systems are:
2. Those not bound by the EU legal framework. They include
Instructions
Use of other auditor's work
When using the work of other auditors, the auditor should:
- consider the independence and objectivity of the other auditor;
- take account of the other auditor's professional competence for the specific audit;
- consider the scope of the other auditor's work;
- determine the cost-effectiveness of using such work;
- perform procedures to obtain sufficient appropriate audit evidence that the work of the other auditor is adequate for ECA's purposes in the context of the specific audit (which may require access to the other auditor's working papers); and
- consider the significant findings of the other auditor when analysing and interpreting the results of that work. Where these findings are significant to the opinion, ECA's auditor should discuss these findings with the other auditor and consider whether it is necessary to carry out additional audit testing him/herself.
Considerations
Audits within the scope of the internal control systems
The auditor’s assessment of the system of [link title="other%20audits" link="%23other-auditors" /]
within the scope of the internal control systems (typically carried out by private-sector auditors on behalf of the entity) will be based on:
- the entity's strategy documents and annual audit programmes;
- the selection procedure, terms of reference, presentation of the audit report and follow-up by the entity regarding the other auditors;
- the quality of audits performed. This assessment will be supported by a review of a sample of audit reports, randomly selected to be as representative as possible.
Audits outside the scope of the internal control systems
The work of [link title="other%20auditors" link="%23other-auditors" /]
falling outside the scope of the internal control systems may be taken into account as corroborative evidence for ECA's audits, where relevant and appropriate. If so, the auditor should perform audit procedures to determine the extent to which reliance may be placed on the work of the other auditors. (S)he should determine how the work of such other auditors will affect the audit, e.g. (s)he may identify, for the locations to be visited for the audit, whether there are observations in the reports of other auditors that relate to his/her audit objectives. If so, the auditor may request additional information from the body concerned.
The other auditors falling outside the scope of the internal control systems have their own terms of reference and in practice enjoy almost complete operational independence vis-à-vis the European institutions. As their work on EU finances is not always repeated, cooperation may sometimes be difficult. Thus, it may prove difficult to carry out the assessment necessary to be able to use their work as audit evidence. Therefore, this problem should be addressed at the planning stage of the audit so that, if such use proves not to be possible, alternative audit procedures can be planned to ensure that sufficient, reliable audit evidence is obtained.
When considering using the work of a SAI of one of the member states, ECA’s auditor should bear in mind that, in many cases, the rights of access granted to the ECA are more extensive than those available to the SAIs. It may thus be the case that a SAI does not have the powers fully to carry out the audit in question. Furthermore, when the work of a SAI is used or a joint or coordinated audit with a SAI is undertaken, ECA’s auditor should follow the principles and/or procedures for cooperation with SAIs established by the Contact Committee of Presidents and/or meetings of Liaison Officers of the ECA and the SAIs.
When using the work of external auditors from the private sector, ECA’s auditor should carefully consider that, in strict interpretation of the relevant auditing standards, the external auditor may only recognise a duty of care to the addressee of the audit report. For example, beneficiaries of certain programmes may be required to submit auditors’ reports certifying that the amounts claimed correspond to expenses incurred. ECA’s auditor will determine the reliability of these auditors' reports as audit evidence when they are addressed to the final beneficiary of the EU programme rather than to the relevant paying agency.
Evaluations
When an [link title="evaluation" link="%2Faware%2FPA%2FPages%2FExamination%2FEvaluation.aspx" /]
is used to support particular audit findings in performance audits, the work on which the auditors intend to rely should be assessed and corroborated, to determine if it meets the standards for sufficient, relevant and reliable audit evidence. This may be done by assessing the reputation, qualifications and independence of those performing such work, as well as by reviewing their reports and working papers. The nature and extent of the review depends on the significance of the work in relation to the audit questions and the extent to which the auditors will rely on it.
Internal audit function
The auditor should obtain an understanding of the internal audit function, including its organisational status and scope, when obtaining an understanding of internal control.
When considering using the work of internal audit, the auditor should evaluate the following, bearing in mind the materiality and risk involved, and the subjectivity of audit evidence:
- the objectivity and technical competence of internal audit staff;
- whether internal audit work is carried out with due professional care;
- the effect of any constraints placed on internal audit by management.
When using internal audit work, the auditor should perform procedures to evaluate its adequacy, while considering the scope of work and whether the evaluation of the internal audit function remains appropriate. In particular, the auditor evaluates:
- the skills and expertise of those performing the work;
- whether there is supervision, review and documentation of the work;
- if sufficient, relevant and reliable audit evidence is obtained;
- whether conclusions reached are appropriate and reports are consistent with the work done;
- whether exceptions and unusual matters identified by internal audit are properly resolved.
Internal Audit Service
In the [a-glossary term="Statement%20of%20Assurance"]Statement of Assurance[/a-glossary]
reliability audit the auditor should:
The [link new-window title="Financial%20Regulation" link="https%3A%2F%2Feur-lex.europa.eu%2Flegal-content%2FEN%2FTXT%2F%3Furi%3DCELEX%3A32018R1046%23118" icon="external-link" /]
requires the internal auditor to issue independent opinions. In addition, the IAS's Mission Charter requires the Commission’s internal auditor to provide annual an overall opinion on the state of financial management in the Commission. Also, as an input for the [link new-window title="Annual%20Activity%20Reports" link="https%3A%2F%2Fec.europa.eu%2Finfo%2Fpublications%2Fannual-activity-reports_en" icon="external-link" /]
of the Authorising Officer of each DG or service, the Commission’s internal auditor is required to provide an opinion or conclusion on the ‘state of internal control’ in the DG/service (‘negative assurance’) based on the audit work carried out in the last three years.
In addition, compliance audits may focus on the role of the IAS as part of the auditee's internal control system, with the objective of analysing progress achieved from previous years as regards the ability of the internal control systems to manage compliance risks. For example, the review of the IAS may focus on the planning and execution of their work programmes in light of its risk assessment and priority setting.
In performance audits, the auditors can use data and findings generated by the IAS.
Documenting
The main decisions and conclusions with regard to reliance on others' work should be documented in the audit working papers.
Reporting
When the auditors use data or findings generated by other auditors or internal audit in the audit report, this should be disclosed and source of findings should be indicated.
[icons-list icon-size="2" separator="line" icon-vertical-alignment="middle" vertical-alignment="middle"]
[/icons-list]
[/toc-this]
[/column]
[/row]
[/section-item]
[section-item 3]
[row]
[column 12]
[panel panel-style="boxed" title="Related%20documents" icon="book" class="ref-panel"]
[standards]
[link new-window title="ISA%20600" link="https%3a%2f%2fwww.ifac.org%2fsystem%2ffiles%2fpublications%2ffiles%2fIAASB-2020-Handbook-Volume-1.pdf%23INTERNATIONAL%2520STANDARD%2520ON%2520AUDITING%2520600" /]
[link new-window title="ISA%20610" link="https%3a%2f%2fwww.ifac.org%2fsystem%2ffiles%2fpublications%2ffiles%2fIAASB-2020-Handbook-Volume-1.pdf%23INTERNATIONAL%2520STANDARD%2520ON%2520AUDITING%2520610" /]
[/standards]
[rules]
[link new-window title="Art%20118%20FR" link="https%3A%2F%2Feur-lex.europa.eu%2Flegal-content%2FEN%2FTXT%2F%3Furi%3DCELEX%3A32018R1046%23118" /]
[link new-window title="Art%20287(3)%20TFEU" link="https%3A%2F%2Feur-lex.europa.eu%2Flegal-content%2FEN%2FTXT%2FPDF%2F%3Furi%3DCELEX%3A12012E%2FTXT%26from%3DEN%23page%3D124" /]
[/rules]
[/panel]
[/column]
[/row]
[row]
[column 12][/column]
[/row]
[row]
[column 12]
[toc fixed="true" selectors="h2%2Ch3" class="basic-toc" /]
[/column]
[/row]
[/section-item]
[/section]
