The Partner's Headquarter is considered a key place for auditing, because is where the Partner defines the procedures to be applied, where is located the finance department in charge of controlling Financial returns and where supporting documentations related to payments and transactions are generally stored.
The audit itself will consist in
- review of the internal control procedures to issue recommendations for improvement
- substantive testing of transactions: for all budget lines the testing includes verification of eligibility of transactions, original supporting documents, accounting entries, procedural requirements, verification of payments.
HQ audit objectives
The first aim of HQ audit is to ensure that funds have been spent in accordance with applicable rules.
Moreover, ECHO must ensure that the quality of its partners and of their actions reaches high-level targets, in particular in terms of efficiency and accountability. For this reason, HQ audits include the provision of recommendations to improve the financial management of ECHO partners and their procedures applicable to grant management.
Although not their primary function, the auditors may also make recommendations for improvements to the partner's systems and procedures, which should be expected to be relevant to the specific circumstances. These recommendations are made in the spirit of partnership between ECHO and its partners to assist their development through external independent review of the organisation without extra cost and to share best practices within the partner community.
It is important to understand that auditors’ recommendations are not mandatory – they are intended to be helpful and constructive in assisting partners meeting their obligations to ECHO. The decision to follow a recommendation lies with the partner although ECHO would expect there to be a good reason if a recommendation is rejected entirely. During the periodic Assessment, ECHO will do a follow-up of the most important recommendations made during previous audits
HQ audit planning
Annually it is foreseen to carry out between 40 and 60 Headquarter Audits of NGOs. Each partner is audited every 2 to 4 years.
The frequency of HQ audits depends on the
- date of the previous HQ audit and
- identified risk level. This risk level could be real, i.e. based on amount and number of Grant Agreements signed; hypothetical on risk identified in previous audit/annual assessment; perceived i.e. based on concerns raised by desks and/or experts.
Actions to be tested are selected according to a specific timeframe, as the agreements selected for audit should cover the decision year between the last HQ audit and the date of preparation of the new HQ audit.
Once these considerations have been made, the selection of agreements will take into consideration special requests or concerns raised by Desks Officers or Field Experts, an overall coverage of partner's countries of operation, ongoing programmes and Actions already audited at field level. This means that for smaller ECHO partners there is the possibility that all grant agreements are selected for audit, while for bigger ECHO partners a sample of Actions is selected.
This means that for smaller DG ECHO Partners there is the possibility that all grant agreements are selected for audit, while for bigger DG ECHO Partners a sample of Actions is selected.
Phases of HQ audits
Once the Opening Letter is sent to the Partner, the HQ audit can be considered as officially started.
The Partner is requested to fill in the HQ model of the Internal Control Questionnaire (ICQ), which score will determine the testing level. In fact, the completed ICQ gives an automatic scoring of the control environment (low risk or adequate, medium risk or partially satisfactory, high risk or inadequate), which is used to determine the level of testing of costs claimed underlying documents, normally between 35 and 70% of grant agreement value.
The ICQ questions responses are scored on a pre-agreed basis with DG ECHO and the final scores achieved are used to assisting in whether the associated overall audit risk of each Partner can be considered to be low, medium or high.
This in turn forms part of the final equation/assessment as to the level of substantive testing to be applied on those actions selected for audit. The final sample levels currently range normally between 30% and 70% of action value depending on the determining score and the specific issues identified in the ICQ analysis and elsewhere in the planning process.
The opening meeting between Audit Contractor and Partner can be held directly in the premises of the Partner or telephone based. It is used to outline objectives and working method and agree audit fieldwork timetable and overall audit life cycle or process.
At the closing meeting, the auditors present the preliminary findings and recommendations. As soon as the Partner receives the draft audit report, it has 2 to 4 weeks to reply: Partner's comments are then attached to the audit report and submitted to DG ECHO. When the Audit report is approved by DG ECHO and becomes final, the Partner will receive a Closure Letter, informing that the audit is finished and explaining the follow up.
The final Audit report includes suggestions to the Partner for the improvement of its internal control systems and proposes recommendations to ECHO relating to the recovery of sums where the Partner did not respect the FPA.
Recoveries are proposed solely on the basis of regularity and legality, meaning adherence to FPA and Grant Agreement. The Partner has to report on mitigating circumstances, but audit contractors cannot decide on how to deal with them. In fact, it is the role of DG ECHO authorising officer(s) in charge to take a decision on this recommendation to issue a recovery order or not due to exceptional operational circumstances.