The Governing Council
- 4 pages
- Strictly Confidential
- November 3, 1998
As far as joint projects and joint components of the systems of the European System of Central Banks (ESCB) are concerned, this document defines the role, responsibilities, objectives and reporting lines of Internal Auditors of the European Central Bank (ECB) and National Central Banks (NCBs) and their relationship with external auditors.
The reason for establishing a framework for the Internal Audit of the ESCB, through co-ordinated work involving the NCB/ECB Internal Auditors, is to ensure audit coverage of those systems or procedural risks that cannot be addressed exhaustively at the local level. However, all those risks which fall outside the common framework are subject only to local audit coverage by NCB or ECB Internal Auditors, as appropriate.
The audits of joint projects have to be co-ordinated and carried out according to common principles and methodologies. Therefore, an Internal Auditors Committee (IAC) has been established, within which the Internal Audit functions of the NCBs and the ECB will co-ordinate their work. Sections 2 and 3 below describe the role and responsibilities of Internal Audit within the ESCB and the kinds of generic task it may be expected to undertake. Section 4 describes the role, composition, objectives and broad approach of the IAC. Section 5 describes the involvement of external auditors in ESCB audit work.
2. Role and responsibilities of Internal Audit within the ESCB
It is the responsibility of Management to put in place an appropriate system of internal control. Internal Audit provides an independent assessment of all the significant operating risks and existing controls over those risks. To that end, Internal Audit will examine, report upon and, if appropriate, suggest improvements to internal controls within the ESCB.
The responsibilities of Internal Audit within the ESCB are broken down as follows:
• The Internal Audit functions of the NCBs are responsible for auditing the local systems and
operations of their respective NCB (including the local components of ESCB systems).
• The ECB’s Internal Audit’s responsibilities for the ESCB cover the following:
• the ECB’s information systems;
• those parts of the ESCB’s systems which are operated or administered by ECB’s staff;
• the assets and liabilities entered in the ECB’s balance sheet and operations related to the ECB’s balance sheet;
• the ESCB’s functions, processes or systems in respect of components physically located at the ECB or for which running costs are entered in the ECB’s Profit and Loss Account. Depending on the type of audit envisaged, specific arrangements can be made between the ECB’s and NCBs’ Internal Auditors.
• Joint ESCB projects and joint components of ESCB systems, as specified in an annual audit programme, will be audited using a common approach. The IAC is responsible for co-ordinating these joint audits.
In order to perform their role properly, Internal Audit functions should:
• be independent of the operational management, which is responsible for managing risk on a day-today basis;
• have adequate reporting lines to safeguard their independence;
• have direct access to all information within their own organisations;
• have adequate staff with appropriate skills and qualifications; and
• apply generally accepted principles and professional standards.1
3. Tasks of Internal Audit
Although there may be differences in the way in which the Internal Audit functions of the ECB and the NCBs operate, it is generally recognised that the Internal Audit tasks comprise, inter alia:
• auditing annual statements;
• auditing the scope, effectiveness and efficiency of internal controls and procedures;
• auditing the application and effectiveness of risk management procedures and, if appropriate, the identification and analysis of risks;
• auditing controls over information systems, including electronic information systems, accounting and other records;
• testing transactions and the operation of specific internal control procedures;
• conducting special investigations, e.g. in fraud cases; and
• advising on and monitoring projects during their development and drafting procedures.
4. The Internal Auditors Committee
The ESCB will share common systems and procedures and exchange data. Internal consistency in the management of ESCB systems and procedures is an essential pre-condition for their effective functioning.
Given the autonomy and varying responsibilities of the ECB’s and individual NCBs’ Internal Audit functions, differences between the constituent parts of the ESCB exist, inter alia, in audit methodology and philosophy.
Hence it is important to co-ordinate the audits of joint projects and joint components of ESCB systems and to use generally accepted auditing principles and standards. Therefore, the Internal Audit functions of the ECB and the NCBs will work together within the IAC.
Composition of the IAC
The IAC will comprise authorised representatives of the Internal Audit function of the ECB and of each NCB. The Governing Council will appoint the chairperson. The secretarial function will be performed by the ECB.
Objectives of the IAC
The objectives of the IAC are:
• to define common standards for the joint audits of common ESCB processes, operations and systems;
• to define common standards for internal audit work in the field of financial reporting;
• to exchange information on audit best practices and to promote the exchange of technical expertise; and
• to co-ordinate joint audit projects and reports.
Organisation of the work of the IAC
The IAC will make recommendations for co-ordinated audit work in the following year. This will be derived from a risk-based overview of activities. In order to perform its risk analysis, the IAC will take into consideration the ESCB as a whole, but it will address only the risks that cannot be addressed locally (subsidiarity principle). The overview of activities, which will take account of the availability of resources at each of the NCBs and at the ECB, will be submitted to the Governing Council for endorsement via the Executive Board of the ECB. Once endorsed it will provide the annual audit plan for that year.
The Governing Council or, after consultation with the Governor of the national central bank involved, the President can commission, at any time, special investigations outside the annual audit plan for the IAC. In such circumstances, the annual audit plan will be reviewed so that lower priority work can be omitted or deferred in order to accommodate the work commissioned outside the annual audit plan. The IAC will produce consolidated reports on joint audit projects. The reports will reflect all the views expressed within the IAC. These reports are to be submitted in accordance with the reporting line of the ESCB Committees.
At least annually, the IAC will prepare a report on IAC activities during the preceding period for submission to the Governing Council via the Executive Board. This report will highlight issues of general concern or specific issues arising from joint audits or other audit-related tasks affecting the ESCB as a whole.
5. External auditors
In order to fulfil its duty (to give an opinion on the financial statement), the external auditor of the ECB may rely on the work of the external auditors of the various NCBs. As a general principle, external auditors may rely on internal audit work in order to be able to conclude in their opinion on the financial statement and the internal control system that the internal auditors’ work has met the required standards. It is also common practice in many countries for the external auditors to review the work of Internal Audit in respect of those processes that contribute to the preparation of the financial statement.