[toc-this] Show
Principles
[link title="supervise" link="%2Faware%2FGAP%2FPages%2FSupervision-review.aspx" /] the audit work. It enables the audit team to be accountable for its work. It retains a record of matters of significance, also for future audits. It enables[link title="quality%20reviews" link="%2Faware%2FGAP%2FPages%2FQuality-management.aspx" /] and inspections ([link title="Quality%20assurance" link="%2Faware%2FGAP%2FPages%2FSpecific%2FQuality-assurance-procedures.aspx" /] Definitions
[toggles] [toggle title="At%20the%20ECA%2C%20audit%20documents%20typically%20include%3A"]
[/toggle] [/toggles] InstructionsUse AssystThe ECA’s audit documentation tool is Assyst and its use is mandatory for documenting an audit. Using Assyst for audit documentation facilitates quicker production of the clearing documents, and provides an audit trail for the purposes of audit documentation, thus ensuring quality, and an efficient adversarial procedure with the audited entity The use of standardised documents in Assyst is recommended as best practice. Auditors can consult the Assyst user manual and guidelines where also separate specific practical guidelines are available as regards data input in Assyst for SoA audits as well as for performance tasks and more. Structure your audit fileAudit documentation should be gathered in an audit file. A standard structure in Assyst is recommended. Reference audit documentationA documentation referencing system should be in place that links the work done to the resultant findings. A simple 'trail of evidence' should exist, cross-referencing the audit findings to the evidence, prior to their submission to the reviewer/approver. For performance audits, the cross-reference could be supplemented by a short summary explaining how the audit methodology was employed, the nature and extent of evidence collected, and the analyses to which it was subjected. This summary could be in matrix form, grouped around each of the main findings. Key documents should be recorded and cross-referenced, including major decisions influencing the audit work and its management; key correspondence and other contact with the auditee; the main items of evidence, their sources and the analysis undertaken; and evidence of supervisory reviews. Each working paper should be clearly referenced.You may easily cross-reference your findings to any document in Assyst. Cross references in both directions should provide the origin and the destination of the information. All documented information that serves as audit evidence needs to be organised and filed properly according to its purpose. Each auditor is responsible for the proper documentation of the audit task for which they are responsible. Prepare audit files in a timely mannerThis helps in the review and evaluation of audit evidence obtained and conclusions drawn. Document meetingsThe auditor must prepare minutes for all meetings involving auditee staff that the auditor intends to rely on for evidence purposes. It is a matter of judgement as to whether a particular meeting will require minutes to be signed off by the auditee in order to improve its quality as evidence, as well as the extent of detail to be recorded. In many instances, a single note summarising the key points of several meetings is sufficient. However, it is recommended that the auditor, at the beginning of the audit, inform the auditee that the record of certain meetings might be used as audit evidence and that the approval of minutes by the auditee will be necessary in such cases. Assemble the final audit fileThe auditor should complete assembly of the final (current) audit file on a timely basis after the date of the auditor’s report. Information of a long-term nature which is useful for future audits should be kept in a permanent file which is updated regularly, while information on the audit in progress should be included in a current file. Document additional audit proceduresIf, in exceptional circumstances, after the date of the auditor’s report the auditor has to perform new or additional audit procedures or draw new conclusions, the auditor should document the circumstances encountered, the new additional audit procedures performed, audit evidence obtained, and conclusions reached and when and by whom the resulting changes to audit documentation were made and, reviewed. Ensure confidentiality and data protectionAudit staff frequently has access to confidential personnel files or to information which is commercially or politically sensitive. Staff has both a duty under the Staff Regulations and an ethical responsibility to ensure that the confidentiality of such information is adequately protected. Furthermore, as a general rule, the ECA is only legally bound by documents that are formally and finally adopted by the College of Members. Documents leading to a formal adoption of a report or opinion by the ECA must be considered as being of a preparatory nature only and thus should be treated as “audit in confidence”. Data protection is a legal obligation that also applies to audit documentation. Every new treatment of personal data (collection, storage, calculation, copying, consultation, sorting, deleting, etc.) must be notified to the Data Protection Officer before the treatment starts. The notification must be done at the planning phase and, when it is a recurrent audit, such as the SoA audits, the notification need only be done at the first occurrence. For more details consult Data Protection Officer (DPO). Follow the rules for public access to ECA documentsThe ECA, like the other EU institutions has adopted rules relating to public access to documents. These rules set out how requests for information should be dealt with as well as a list of exceptions in which the general principle of free access to the documents of the ECA does not apply. Handle suspected fraud with careIn cases of fraud and corruption, the ECA operates a strict “need to know” policy. As a consequence, this information should be communicated only to the ECA Members concerned and to those members of the ECA’s staff for whom it is absolutely essential in order for them to carry out their duties. Also, information and documentation relating to a case of [link title="suspected%20fraud" link="%2Faware%2FGAP%2FPages%2FFraud.aspx%23Suspected-fraud" /] should be handled with particular care and confidentiality.Follow ownership rulesAll working papers, documents obtained in accordance with the ECA’s rights of access from external sources and internal reports drawn up in the course of an audit, remain the property of the ECA. To guarantee the proper functioning of the ECA, all documents relating to an audit, regardless of their nature or their sources, must be placed on files that are accessible to the audit staff. Exceptions to the rule apply in the case of sensitive data such as cases of actual or suspected fraud. Respect retention periodFollow the ECA retention policy. As a rule, audit documentation should be kept for at least seven years from the date of the audit. This means at least five years from the date on which the European Parliament grants discharge for the budgetary year to which the documents relate. [icons-list icon-size="2" separator="line" icon-vertical-alignment="middle" vertical-alignment="middle"] [/icons-list] [/toc-this] Which of the following documentation is not required for an audit in accordance with auditing standards?Choice “D” is correct. The auditor is not required to evaluate operating effectiveness as part of obtaining an understanding of internal control, and therefore need not document the basis for this decision.
What are the documentation requirements for auditors?Audit documentation should be prepared in sufficient detail to provide a clear understanding of its purpose, source, and the conclusions reached. Also, the documentation should be appropriately organized to provide a clear link to the significant findings or issues.
What is audit documentation in auditing?Audit documentation is the principal record of auditing procedures applied, evidence obtained, and conclusions reached by the auditor in the engagement. The quantity, type, and content of audit documentation are matters of the auditor's professional judgment.
|