Auditing in Public Institutions Suport de Curs

Aceast carte a fost realizat n cadrul Activitii nr.
8 denumit
Realizarea de materiale i instrumente didactice i de nvare pen-
tru programele de masterat n administraia public din proiect-
ul Creterea calitii programelor de masterat n administraie
public, Contract POSDRU/86/1. 2/S/60072, proiect cofnanat
din Fondul Social European prin Programul Operaional Sectorial
pentru Dezvoltarea Resurselor Umane 2007-2013, Axa prioritar 1
Educaia i formarea profesional n sprijinul creterii economice
i dezvoltrii societii bazate pe cunoatere, Domeniul major de
intervenie 1. 2 Calitate n nvmntul superior.
AUDITING
IN PUBLIC INSTITUTIONS
Cornelia Felicia Macarie
Auditing in Public Institutions
Copyright Cornelia Felicia Macarie
Copyright Universitatea Babe-Bolyai, Cluj-Napoca, 2013 pentru ediia
prezent.
Toate drepturile rezervate, inclusiv dreptul de a reproduce fragmente din
carte.
Descrierea CIP a Bibliotecii Naionale a Romniei
MACARIE, FELICIA CORNELIA
Auditing in public institutions / Macarie Felicia
Cornelia. - Bucureti: Tritonic Books, 2013
Bibliogr.
ISBN 978-606-8536-13-2
657.633
336.148
Coperta: NICOLAE URS
Redactor: SERGIO RAMIREZ
Comanda nr. UBB56 / aprilie 2013
Bun de tipar: mai 2013
Tiprit n Romnia
All rights reserved. No part of this book may be reproduced or
transmitted in any form or by any means without written permission of
the author.
AUDITING
IN PUBLIC INSTITUTIONS
Cornelia Felicia Macarie
Table of Contents
CHAPTER 1
Te concept of internal auditing 9
1.1. Te emergence and evolution of internal auditing 9
1.2. Defnition of internal auditing 13
1.3. Functions, objectives and scope of public internal
auditing 20
1.3.1. Functions of internal auditing 21
1.3.2. Objectives and scope of internal auditing in the
public sector 23
1.3.3. Typology of internal auditing 24
1.3.3.1. System audit 25
1.3.3.2. Performance audit 26
1.3.3.3. Compliance Audit 29
CHAPTER 2
Internal Auditing in the Public Sector in Romania 31
2.1. Legislative framework 31
2.1.1. Te organization of internal auditing 33
2.1.2. Conducting internal audit activities 39
2.1.3. Te profession of internal auditor 43
2.2. Te normative framework 46
2.2.1. Te normative framework for assurance activities 46
2.2.1.1. Te application of the general rules of
public internal auditing 47
2.2.1.2. Methodological norms regarding the
internal audit missions 48
2.2.1.3. Te procedural guide 62
2.2.1.4. Internal audit charter 62
2.2.2. Normative framework for the consulting activity 63
2.3. Procedural framework 70
CHAPTER 3
Te Standardization of Internal Audit 73
3.1. Te International Organization of Internal Auditing 73
3.2. Te International Professional Practices Framework 81
3.2.1. Te Ethical Code of Internal Auditors 83
3.2.2. Te International Standards for the
Professional Practice of Internal Auditing 92
3.2.2.1. Attribute Standards 92
3.2.2.2. Te Performance Standards 95
3.2.2.3. Implementation standards 96
3.2.3. Practice Advisory 97
3.2.4. Practice Guides 99
3.3. Te Responsibility of Internal Auditors 101
CHAPTER 4
Planning internal audit in the public sector 103
4.1. Te regulation of internal audit planning 103
4.2. Te process of internal audit planning 107
CHAPTER 5
Risk management 115
5.1. Implementation of risk management 115
5.2. Risk based internal auditing 118
5.3. Relation between risk management and
internal auditing 121
5.4. Corporate governance 124
CHAPTER 6
Te relationship between internal and external audit 129
6.1. Te need for professional collaboration between
internal auditors 129
6.2. Te terms of a possible cooperation protocol
between the external and internal audit in the
public sector 131
CHAPTER 7
Case Study - Te Audit Mission THE AUDIT REGARDING
THE ADMINISTRATION OF ORGANIZATION MODEL
PATRIMONY (adapted from Tudorica, 2009) 135
Annex 178
Glossary 209
Bibliography: 216
Chapter 1
The concept of internal auditing
1.1. Emergence and evolution of internal auditing
1.2. Denition of internal auditing
1.3. Functions, objectives and scope of internal auditing in the public sector
1.1. The emergence and evolution of internal auditing
Te concept of audit originates in the Latin verb audio, audire,
audivi, auditum whose translation is to hear, to listen. Te process
this concept covers is not new even though in the past diferent
designations have been used to describe it. Te current under-
standing of auditing can be traced back to the events during the
Great Depression in the United States. Back in 1929 the listing of
American companies to the stock market depended on an external
assessment made by audit professionals, which incurred high costs
to companies already afected by the recession. Te certifcation
of the fnancial situation and assessment of accounts and balance
sheets were carried out by independent External Audit Ofces. In
general, they performed several preparatory procedures/activities
such as:
the inventory of patrimony;
the verifcation of analytic and synthetic accounts;
the verifcation of the account balance and its structure;
the verifcation of justifcatory documents; and
10 | Cornelia Felicia MACARIE AUDITING IN PUBLIC INSTITUTIONS | 11
the verifcation of the correctness and exactness of fscal ob-
ligations.
Because these activities were time consuming and expen-
sive, companies started to create their own internal audit struc-
tures. Teir function was to implement the initial and preparatory
tasks in order for the External Audit Ofces to focus solely on the
certifcation of the fnancial situations and supervision of compa-
nies activities.
In the afermath of the economic crisis, the companies main-
tained the newly established internal auditing structures which
gradually expanded their scope and modifed and diversifed their
objectives. In time, the idea of auditing as a necessary function and
area of activity within the company has taken root. Because the
emergence of internal auditing can be traced back to the activity of
account certifcation, it would be long associated with its fnancial
and accounting background.
Te emergence of auditing within organizations and the
recognition of its importance resulted in the new profession of in-
ternal auditor and further issues about professional association and
standardization of activities were raised. Consequently, in 1941 in
Orlando, Florida, the Institute of Internal Auditors (IIA) was set up
and gradually enjoyed international recognition. Te UK, France,
Sweden, Norway, Denmark and other states soon became members
and nowadays over 90 national institutes and members in over 120
countries are afliated with the Institute.
In Romania internal auditing emerged relatively late and was
associated with the concept of internal control, which is why nowa-
days the distinction between the two concepts is difcult to make.
Tis situation can be explained by the adoption of Law 672/2002
on Internal Public Auditing which required public institutions to
organize internal audit structures. Te institutions complied with
this law by transferring the employees that worked in internal con-
trol to the newly established audit departments and therefore set
the conditions for confusing internal auditing with control. Un-
fortunately, this confusion is perpetuated by their Senior Manage-
ment who do not use the internal audit function thoroughly and
act upon auditors recommendations due to a limited understand-
ing of their importance for improving organizational performance.
Overall, such an approach undermines the function of auditing
within the organization.
Te profession of internal auditor has evolved and adapted to
new circumstances and diferent organizational needs. While the
initial focus of internal auditing was on fnancial and accounting
aspects, its current objectives are the identifcation of risks and
evaluation of control and management systems in organizations.
Internal auditing takes place within a globally recognized
framework that is continuously adapted to the legislative particu-
larities of each country according to the rules and organizational
culture of the various felds of activity and auditees. Taken into ac-
count the rhythm of global changes the profession of internal audi-
tor has to adapt to, the Board of Administration of the IIA set up in
2006 the International Committee for Coordination and a Working
Group for revising the Professional Practices Framework and IIA
norms. Te group focused its eforts on the revision of the scope of
the Framework and improvement of the transparency and consist-
ence of the norm creation, revision and publication processes. Te
end result was the adoption of the new International Professional
Practices Framework (IPPF) and restructuring of the Professional
Practices Council which coordinates the approval and publication
of IPPF norms, as specifed in the 2007 Declaration on the mission
of the Council.
Generally, a framework represents a structured model of inte-
grating knowledge and norms. As a coherent system, a framework
facilitates the development, interpretation and consistent imple-
mentation of concepts, methodologies and techniques specifc to
a profession. Te specifc purpose of the IPPF is to organize the
norms authorized by IIA so that they can be accessed easily and on
time and, at the same time, strengthen the position of the Institute
as a global standardization body. Due to its role in providing guid-
ance on the current audit practice and exploring further develop-
ment of standards, the IPPF assists practitioners and other stake-
holders to respond to the booming market of high-quality internal
audit services.
As a conceptual framework organizing the norms adopted by
IIA, the scope of the IPPF has been restricted to the norms adopted
by the international technical committees of IIA following stand-
ard procedures.
A trustworthy, global guidance-setting body, Te IIA provides
for internal audit professionals all around the world authoritative
guidance organized in the International Professional Practices
Framework as mandatory and strongly recommended guidance
(IIA, 2007).
Conformance with the principles set forth in mandatory
guidance is required and essential for the professional prac-
tice of internal auditing. Mandatory guidance is developed fol-
lowing an established due diligence process, which includes
a period of public exposure for stakeholder input. Te three
mandatory elements of the IPPF are the Defnition of Internal
Auditing, the Code of Ethics, and the International Standards
for the Professional Practice of Internal Auditing (Standards).
Strongly recommended guidance is endorsed by Te IIA through
a formal approval processes. It describes practices for efective im-
plementation of Te IIAs Defnition of Internal Auditing, Code of
Ethics, and Standards. Te three strongly recommended elements
of the IPPF are Position Papers, Practice Advisories, and Practice
Guides.
Element Defnition
Defnition The Defnition of Internal Auditing states the fundamental purpose, nature,
and scope of internal auditing.
Code of Ethics The Code of Ethics states the principles and expectations governing
behavior of individuals and organizations in the conduct of internal audit-
ing. It describes the minimum requirements for conduct, and behavioral
expectations rather than specifc activities.
International
Standards
Standards are principle-focused and provide a framework for performing
and promoting internal auditing. The Standards are mandatory require-
ments consisting of:
1. Statements of basic requirements for the professional practice of
internal auditing and for evaluating the efectiveness of its performance.
The requirements are internationally applicable at organizational and
individual levels.
2. Interpretations, which clarify terms or concepts within the statements.
It is necessary to consider both the statements and their interpretations to
understand and apply the Standards correctly. The Standards employ terms
that have been given specifc meanings that are included in the Glossary.
Position Papers Position Papers assist a wide range of interested parties, including those
not in the internal audit profession, in understanding signifcant govern-
ance, risk, or control issues and delineating related roles and responsibili-
ties of internal auditing.
Practice Advisories Practice Advisories assist internal auditors in applying the Defnition of
Internal Auditing, the Code of Ethics, and the Standards and promoting
good practices. Practice Advisories address internal auditings approach,
methodologies, and consideration, but not detail processes or procedures.
They include practices relating to: international, country, or industry-spe-
cifc issues; specifc types of engagements; and legal or regulatory issues.
Practice Guides Practice Guides provide detailed guidance for conducting internal audit
activities. They include detailed processes and procedures, such as tools and
techniques, programs, and step-by-step approaches, as well as examples
of deliverables.
Internal auditors are required to know and comply with the IIA
norms as a guarantee of their professionalism in their interactions
with organizations and regulatory bodies. Te profession of auditor
is intimately related to the internalization of the norms comprised
in the framework.
1.2. Denition of internal auditing
Internal auditing as a function of the organization has evolved
through a process of successive transformations due to changes in
the economic and legislative context and new managerial needs.
While this transformative period coincided with changes in the
meaning of the concept of internal auditing, nowadays its defni-
tion is a compulsory norm imposed by the IPPF.
In 1999 the IIA in the US provided a defnition following a large
study conducted by 800 students coordinated by auditors in the
Australian universities: Internal Auditing is an independent and
objective activity which provides assurances to organizations re-
garding their degree of control over operations, makes recommen-
dations for enhancing the operations, and brings an added value to
the organization. It helps an organization accomplish its objectives
by evaluating through a systematic and methodical approach its
risk management, control and management processes and making
proposals to enhance them.
Te new IPPF adopted in 2007 by IIA defnes internal audit-
ing as an independent, objective assurance and consulting activity
designed to add value and improve an organizations operations. It
helps an organization accomplish its objectives by bringing a sys-
tematic, disciplined approach to evaluate and improve the efec-
tiveness of risk management, control, and governance processes.
(IIA, 2007)
Article 2 of Law 672/2002 on Public Internal Auditing in Ro-
mania defnes auditing in similar terms as a functionally inde-
pendent, objective assurance and consulting activity designed to
add value and enhance the activities of public institutions; it helps
the public organization to achieve its objectives through a system-
atic and methodical approach and to evaluate and improve the ef-
fciency and efcacy of risk management, control and governance
processes.
Tese defnitions delineate the activities presupposed by the in-
ternal auditing function and its main characteristics: (1) provision
of consulting services to management, (2) constructive support to
employees, and (3) the independence and objectivity of internal
auditors.
a. Consulting services to management
Te main responsibilities of management are prediction, or-
ganization, coordination, and control. In fulflling these tasks, the
managerial team needs the consulting and advice that internal au-
ditors can provide regarding the efectiveness of internal control
and the main risks facing the organization.
Te support provided to management in the area of internal
control helps managers to take decisions which enhance and opti-
mize the control function of management. Internal control is the
main activity of internal auditors that has an impact on all of the
other organizational functions (Renard, 2003, p. 23).
Whereas in its early days internal auditing mainly covered fnan-
cial and accounting activities, it currently covers all processes and func-
tions within an organization, including research and development,
production, sales, human resources. While internal auditors role is to
advice, assist and recommend ways of action to managers at all hierar-
chical levels, they cannot decide. Te decision belongs to managers as
internal audit is just a means through which they are informed about
the efectiveness of internal control under their responsibility.
In providing advice to management, the credibility of internal
auditors is enhanced by the following characteristics:
they work based on internationally recognized norms which
provides them with a degree of autonomy within the organi-
zation;
they are guided by a set of good practices which enhances
the authority of their advice;
they have working procedures that have been validated by
general practice which ensures their efectiveness;
hey know and belong to the organization and this in-depth
experience enhances their competence and credibility; and
they are independent of the processes and activities they au-
dit which guarantees their objectivity.
b. Support for employees without making value judgments
Internal audit activities must contribute to ensuring an efcient
control process and enhancing the performance of the organiza-
tion. During an internal audit engagement auditors must identify
the weaknesses of the internal control system and correctly iden-
tify the related risks which they subsequently must report to the
relevant managers. In order to complete these tasks, internal au-
ditors must cooperate with the employees involved in the audited
activities as the latter have the most accurate information about the
subsystems in which they work.
Internal auditors can not penalize employees for the risks or
internal control defciencies they identify as that falls within the
responsibility of the management. Te auditors recommend adjust-
ments in the mechanisms of internal control, but do not formulate
judgments on the performance of employees. During an engage-
ment, auditors can only provide advice and support to employees in
view of the recommendations they are to make in the audit report.
While internal auditors can identify redundant, inefcient ac-
tivities or a faulty control system, they cannot reprimand employ-
ees or propose sanctions for employees because: (1) the objective
of internal auditing is not to judge the competences of the human
resources, (2) those involved in activities cannot discuss the results
of auditing and if such discussions arise, they must take place in a
positive manner, and (3) auditors must be aware that weaknesses in
the process can have causes that do not depend solely on employ-
ees, but on the budget size, human resources selection, informati-
zation of activities.
c. Independence and objectivity
Te independence and objectivity of internal auditors are de-
fned in the professional norms of internal auditing and more pre-
cisely, the Qualifcation Standard 1100 Independence and Objec-
tivity whereby internal auditing must be independent and internal
auditors must be objective when carrying out their activities.
Internal auditors are independent when they fulfll their tasks
freely and objectively. Independence allows internal auditors to as-
sess impartially and without prejudices. Tere are two aspects of
independence covered by standards: the independence of the audit
department which requires its subordination to the highest hierar-
chic level and the independence of internal auditors guaranteed by
their non-involvement in the activities and processes they audit.
Te chief audit executive should report to a level within the organi-
zation that allows the internal auditors to fulfll their responsibili-
ties.
Te following conditions are necessary to ensure auditors in-
dependence:
1. internal auditors should beneft from the support of the
management in order to secure the cooperation of all actors
and accomplish their tasks smoothly;
2. internal auditors should report to a hierarchic level which
can enforce their independence;
3. internal auditors should report functionally to the Senior
Management and directly communicate with the Board of
the organization;
4. direct communication entails regular attendance of the
Boards meetings on issues related to audit, fnancial report-
ing, control and management; and
5. independence is enhanced when the Board intervenes in
appointing and replacing the Chief Audit Executive.
Internal auditing should be free of any intervention targeting
its scope, the implementation of activities and communication
of results. Sometimes internal auditors are asked to explain the
importance of the documents they require in their activities and
depending on the case they have to assess whether this demand
is justifed. Te presence of signifcant irregularities might hinder
the establishment of a normal cooperation relation between audi-
tor and the engagement client and the head of internal audit is re-
quired to issue a judgment depending on circumstances.
Individual objectivity is ensured if internal auditors have an im-
partial, unbiased attitude and avoid conficts of interests. Objectiv-
ity is defned as a mental attitude of independence that auditors
should maintain in performing internal audit activities. Internal
auditors should not be unduly infuenced by others in forming
judgments.
Te objectivity of internal auditing is ensured when several re-
quirements are met:
auditors are confdent about the outcome of their work
and they are not constrained to make compromises as to
its quality. Internal auditors should not be forced into situ-
ations where they would feel unable to make objective pro-
fessional judgments;
appointments to the team shall be such as to avoid any con-
fict of interest or lack of impartiality. Te Chief Audit Ex-
ecutive should be informed of any conficts of interest that
may afect the independence of auditors. It is recommended
to have a regular rotation of internal auditors within the
team;
the results of audit activities should be examined before the
communication of the auditing conclusions;
internal auditors should not accept money or gifs from an
employee, customer, supplier or partner because it is against
the code of ethics and rules of conduct. Such a behavior will
raise serious doubts about the auditors objectivity in both
ongoing and future missions. Te auditor should immedi-
ately report any situation in which they were ofered money
or gifs to their supervisor; and
internal auditing adopts a principled commitment whereby
conficts of interest or any activity that could result in a pos-
sible confict of interest are avoided.
If the objectivity or independence of internal auditors is im-
paired, the details of the impairment should be disclosed to rel-
evant stakeholders. Internal auditors should report to the chief
audit executive the existence or likelihood of a confict of interest
or impartiality. In such cases, the head of internal audit must re-
place the respective auditors. Limiting the scope of activity is one
of the restrictions that can be imposed to internal auditors which
prevents them from planning and achieving the objectives of in-
ternal audit. Limitations of this type may, among other things,
refer to:
the areas of applicability defned in the Charter;
internal auditors access to records, personnel and physical
assets necessary during engagements;
the approved plan of auditing activities;
the implementation of engagement procedures; and
the approved budget and human resources.
Such restrictions should be communicated, preferably in writ-
ing, to the Board.
Internal auditors should avoid assessing specifc operations for
which they were previously responsible. Objectivity is presumed to
be impaired if an internal auditor provides assurance services for
an activity for which the internal auditor had responsibility within
the previous year. At the time of the communication of the out-
come of the audit engagement, this potential damage to objectivity
must be taken into account.
Internal auditors should not be assigned operational responsi-
bilities. If internal auditors are occasionally assigned tasks unre-
lated to audit activities, it must be clearly stated that they no longer
perform internal audit tasks.
Staf members that were transferred or temporarily appointed
within the Internal Audit Department should not participate in au-
diting their previous work before the lapse of a reasonable period
of time (at least one year). It is considered that their previous expe-
rience might impair their objectivity and it should be taken into ac-
count when supervising audit activities and disseminating results.
Te internal auditors objectivity is not compromised when she
recommends the application of control norms for the assessment
systems and procedures before their implementation. Conversely,
the auditors objectivity is considered impaired if she designs and
implements those procedures or exploits these systems.
Engaging occasionally in activities that are not audit related
does not necessarily compromise an internal auditors independ-
ence as long as they are clearly disclosed in the audit report. How-
ever, the chief audit executive should closely monitor the impact of
these activities on auditors objectivity.
1.3. Functions, objectives and scope of public internal auditing
Internal auditing is a function of the organization whose role
and importance largely depends on the size and structure of the
audited entity, but also on its perception by the management team
as a source of information and support for decision making.
Internal audit is a functionally independent and objective ac-
tivity that provides assurance and support to the management of
an organization for the efective administration of revenues and
expenses. Also, it enhances the activities of the public organization
and assists it in achieving its objectives through a systematic and
methodical approach evaluating and improving the risk manage-
ment, control and administration systems and processes.
One of the tasks of internal auditors is to monitor the manage-
ment control systems, report to the senior management about its
weaknesses and propose improvements.
1.3.1. Functions of internal auditing
Internal auditing has the following functions:
Consulting function; and
Assurance function.
The consulting function
Consulting is a function of internal audit comprising those ac-
tivities of internal auditors designed to add value and improve the
management of the public entity and its risk and internal control
management without internal auditors assuming management re-
sponsibilities (OMFP 1702/2005). Te advisory work performed
by internal auditors has the following objectives (Joel, Smith, 2006,
p. 117).
identifying the obstacles and causes preventing the normal
unfolding of processes, analysing its consequences and fnd-
ing appropriate solutions;
obtaining additional information to facilitate an in-depth
knowledge of the operation of a standard system or of a
regulatory stipulation by the relevant personnel; and
training and professional development designed to provide
theoretical and practical knowledge on fnancial manage-
ment, risk management and internal control, through the
organization of courses and seminars.
In their advisory role, internal auditors should demonstrate
high standards of professional behavior by complying with the
Charter of Internal Audit and the legal stipulations regarding con-
sulting services. Tey should communicate the results within an
agreed time framework and develop an appropriate engagement
work program.
Te consulting services of auditors are defned in the norms of
the IIA as advisory activities ofered to the client, whose nature
and scope are agreed upon in advance with the client, which are
designed to add value and improve the governance, risk manage-
ment and control processes of the organization, without auditors
assuming management responsibility. Examples include expertise,
advice, facilitation and training. (IIA, 2007, p. 14)
Consulting services are advisory and generally performed at
the specifc request of the client. Te nature and scope of the con-
sulting engagement are subject to prior agreement with the client.
Consulting services generally involve two parties: (1) the person or
group ofering the advice - the internal auditor, and (2) the person
or group seeking and receiving the advice - the engagement client.
When performing consulting services, the internal auditor should
maintain objectivity and not assume management responsibility
(IIA, 2007, p. 7).
The assurance function
Assurance is a function of internal auditing whereby internal
auditors identify the risks in the processes and activities within the
organization, including the control and management processes.
Assurance represents an objective examination of evidence in or-
der to provide an independent assessment on risk management
and control processes. (Ghita, Popescu, 2006, p. 116)
Assurance services involve the internal auditors objective as-
sessment of evidence to provide an independent opinion or con-
clusion regarding a process, system or other subject matter. Te
nature and scope of the assurance engagement are determined by
the internal auditor. Tere are generally three parties involved in
assurance services: (1) the person or group directly involved with
the process, system or other subject matter - the process owner, (2)
the person or group making the assessment - the internal auditor,
and (3) the person or group using the assessment - the user (IIA,
2007, p. 7).
1.3.2. Objectives and scope of internal auditing in the public sector
Article 3 of Law 672/2002 on Internal Auditing in the Public
Sector, amended and republished in the Ofcial Gazette no. 856 of
5 December 2011, sets out the overall objective and scope of public
internal audit. Te overall objective of internal auditing in public
organizations is to improve their management through:
a. assurance activities that objectively examine evidence in
order to provide public organizations with an independent
assessment of risk management, control and governance
processes;
b. consulting activities designed to add value and improve the
processes of governance in public entities without internal
auditors assuming management responsibilities.
Te scope of internal audit includes all activities through which
public entities achieve their objectives, including the evaluation of
the system of managerial control. Te specifc objectives of public
internal auditing are:
a. objective assurance and consulting designed to improve the
systems and activities of public institutions;
b. support for the achievement of the objectives of the public
institution through a systematic and methodical approach;
c. evaluation of risk management and control systems;
d. support to the manager of the public organization to iden-
tify and assess signifcant risks and improve the risk man-
agement systems; and
e. evaluation of the efciency and efectiveness and continuous
improvement of the control system of the public organiza-
tion. Te assessment of the relevance and efectiveness of in-
ternal control is based on the results of the risk assessment.
Internal audit activities are intended to identify signifcant risks
and defciencies in the internal control procedures. Internal audit-
ing comprises the analysis of process and activities, an assessment
of the degree to which outcomes correspond to objectives and the
conformity of existing regulations.
Te evaluation of the control system requires the use of adequate
criteria. Te audit determines the extent to which the manager of
the public organization had defned adequate assessment criteria and
whether the objectives were achieved. If these criteria were appropri-
ate, they can be also used by auditors in the evaluation of the internal
control system. If the criteria are inadequate, the audit department,
together with the management of the public organization, will design
adequate criteria for evaluating the control system.
Te scope of internal auditing covers:
a. fnancial activities undertaken by the public institution from
the earmarking of funds to their use by fnal benefciaries,
including funds from external assistance;
b. the collection of public revenue, including the authorization
and establishment of tax liabilities and revenue raising fa-
cilities;
c. the management of public assets and the sale, pledge, ces-
sion or lease of goods in the private/public property of the
government or territorial-administrative units; and
d. the systems of fnancial management and control, including
accounting and the IT related systems.
Te Ministry of Finance and the Chamber of Financial Audi-
tors of Romania are required by art. 3 (3) of Law 672/2002 to design
a Common Framework comprising the specifc objectives of inter-
nal auditing in the economic entities in the public sector.
1.3.3. Typology of internal auditing
Article 14 of Law 672/2002 established the following types of
auditing:
a. system audit refers to the in-depth assessment of the man-
agement and internal control systems in order to determine
whether they operate efciently and efectively, identify pos-
sible defciencies and make recommendations for their cor-
rection;
b. performance audit examines whether the criteria that were
established for the implementation of activities and fulfl-
ment of objectives are relevant for the evaluation of results
and assesses whether the results are consistent with the ob-
jectives; and
c. compliance audit examines the organizations adherence and
compliance with all principles, procedural and methodo-
logical rules in spending public money.
1.3.3.1. System audit
System audit includes both the compliance and performance
audit. Tis type of internal auditing provides an independent as-
surance on the economic efciency and efectiveness of the systems
that were designed, implemented and controlled by the manage-
ment, i.e. the degree to which they correspond to best practices.
When carrying out system auditing activities, internal auditors
must focus on the following elements:
the achievement of objectives, goals, targets and compli-
ance with the quality and performance standards previously
agreed upon;
the compliance with both the internal policies, plans, reg-
ulations, procedures and the external obligations and re-
quirements;
the reliability, clarity, completeness and usefulness of infor-
mation related to fnancial, operational and management as-
pects and reliability of records and justifcatory documents;
the regularity of transactions and ethical behavior;
the economic efciency of acquisitions, resources utiliza-
tion and operations; and
the protection of the assets from loss, waste and fraud.
1.3.3.2. Performance audit
Public sector performance is a relative concept whose measure-
ment can be achieved in several ways (OECD, 1994):
comparison with a set of results obtained in prior periods;
comparison of the organizations results with results of similar
organizations or organizations providing similar services;
comparison of results and objectives; and
comparing the potential of the organization to its actual
programmes and plans of action.
Te main objective of a performance audit is to examine the
impact that the fulfllment of objectives and implementation of
quality standards can have when the criteria of efciency and ef-
fectiveness are met. Tis type of audit assesses the managerial and
operational performance of public organizations and the efciency
and efcacy of the utilization of the fnancial, material, human and
information resources.
Tere are two types of performance audit:
a. management audit; and
b. operational audit.
Te management audit analyses the formal process of decision
making and communication of decisions to stakeholders in all rel-
evant areas of activity (Oprean, Popa, Lenghel, 2007, p. 102). Te
role of this type of auditing is to advise and make recommenda-
tions to the management team regarding:
working procedures which must be modifed, introduced or
removed;
human resources management (job description, organiza-
tional chart, regulations, etc.); and
elements of the strategy requiring to be updated, adapted,
linked to diferent functions of the organization.
Te operational audit examines the risks and threats in difer-
ent areas of activity and makes recommendations to eliminate def-
ciencies and enhance internal control in order to enable the organi-
zation to achieve its objectives and performance criteria (Oprean,
Popa, Lenghel, 2007, p. 102). Te use of the concept of operational
audit has provoked much controversy. Some authors contend that
(Arens, Loebbecke, 2003, p. 919) the concept of managerial audit
is more appropriate than operational audit as it also includes the
assessment of internal control mechanisms and a test of their efec-
tiveness. Other authors (Cosserat, 2000, p. 87) do not make these
distinctions and consider both concepts to have the same meaning.
Our opinion is that the operational audit examines the efciency
and efectiveness of any activity of the organization, including in-
ternal control, provided that the purpose of auditing is to provide
information underlying decisions that aim at enhancing the organ-
izational performance.
Before auditing, auditors identify, depending on the organiza-
tional component, the specifc criteria to be used when assessing
efectiveness and efciency. Te most frequently used criteria are:
1. historical results
One way of assessing current results is by using criteria derived
from the results of prior periods and audit reports. However, these
criteria can not provide accurate information about the quality of
the present situation, but only an overview of the evolution of the
organization.
2. reference indicators
Because the organizations that are undergoing an operational
audit are not unique, professionals can use information about the
work of other internal or external entities as benchmarks. While
in the case of internal entities data is easily accessible and avail-
able, the collection of data from external entities is facilitated by the
requirements for transparency and access to information in pub-
lic organizations. In the case of public institutions subordinate to
higher hierarchical structures, the relevant benchmarks can be pro-
vided by the latter to all subordinate organizations in the territory.
3. technical standards
In some operational audit engagements, the specifc evaluation
criteria are defned based on technical standards relevant to the or-
ganization. For example, when auditing the medical laboratory of
a hospital and assessing the quality of the results obtained, audi-
tors will have to use the appropriate technical standards for testing
the medical equipment. While setting criteria based on technical
standards can be time consuming, expensive and requiring the in-
volvement of external specialists, it is a necessary activity justifed
by the need to prevent any type of organizational risks.
4. discussions and agreements
If establishing objective criteria is likely to be difcult and ex-
pensive, auditors can also discuss with the management and the
fnal benefciaries of the audit report to agree on a set of criteria.
Discussions are concluded in an agreement which shall be attached
to the audit report.
Te operational audit can take three forms (Arens, Loebbecke,
2003, p. 914), namely:
functional auditing that tests one or more functions of the
organization such as: services provision, the acquisition of
goods and services, public marketing, staf and remunera-
tion, payments and accounting, research, control, etc. Tis
type of audit enables a functional specialization of auditors,
which increases their professionalism, but can also create
problems in cases where functions are interdependent. In
those situations, using an audit team is recommended;
organizational auditing approaches the organization and its
parts (branches, departments, decentralized units, etc.) with
an emphasis on the efectiveness and efciency of function
interaction. In this type of auditing the organizational chart
and the coordination of activities, jobs, functions are of ut-
most importance; and
special auditing engagement can be required by managers
when they notice a problem, identify certain risks or want
to assess the efectiveness and efciency of certain decisions,
usually those taken under risky or uncertain circumstances.
For example, a special audit can be requested to analyze the
causes of the increase in the number of average day of hos-
pitalization in a certain section of a hospital, to make rec-
ommendations to reduce the number of trafc accidents in
a particular area of a city or investigate cases of corruption
that might appear in public procurement in a city hall, etc.
1.3.3.3. Compliance Audit
Te main objective of this type of auditing is to ensure the com-
pliance of procedures and operations with the internal norms and
regulations, on the one hand, and the legal requirements, on the
other hand. Te scope of the compliance audit includes the opera-
tions and transactions carried out by the organization. Tis type of
auditing establishes whether:
the decisions and policies adopted by management are re-
spected;
the operations are conducted in conformity with the proce-
dure manuals;
the contract stipulations are respected;
the fscal regulations and external restrictions are enforced;
the information in documents is accurate and exact;
the security of the patrimony assets is ensured;
the working conditions are adequate;
the fnancial and accounting entries comply with legal stip-
ulations;
30 | Cornelia Felicia MACARIE
the control system is functional; and
there are risks in the management and control systems.
Chapter 2.
Internal Auditing in the Public Sector in Romania
2.1. Legislative framework
2.2. Normative framework
2.3. Procedural framework
2.1. Legislative framework
Public Internal Audit in Romania is regulated by Law 672/2002,
published in the Ofcial Gazette no. 856 of 5

December 2011, sub-
sequently amended and supplemented by:
Government Ordinance (GO) no. 37/2004 amending and
supplementing Regulation no. 91 of 31 January 2004, ap-
proved by Law 106/2004, published in the Ofcial Gazette,
Part 1, no 332 of 16 April 2004;
Government Emergency Ordinance (GEO) no. 35/2009 on
certain fnancial decisions regarding the cost of human re-
sources in the public sector, published in the Ofcial Ga-
zette, Part 1, no. 249 of 14 April 2009, approved by Law no.
260/2009 published in the Ofcial Gazette, Part 1, no. 484
of 13 July 2009;
Law 329/2009 on the reorganization of certain public insti-
tutions, rationalization of public spending, support for the
business environment and compliance with the framework
agreements concluded with the European Commission and
International Monetary Fund, published in the Ofcial Ga-
zette, Part 1, no. 761 of 9 November 2009, as amended and
supplemented;
Framework Law 284/2010 on the single remuneration
scheme for employees in the public sector, published in the
Ofcial Gazette, Part 1, no 877 of 28 December 2010, as
amended.
In 2011 Law 672/2002 was amended by Law 191/2011, published
in the Ofcial Gazette, Part 1, no. 780 of 3 November 2011. Follow-
ing these modifcations, the Law 672/2002 was republished in the
Ofcial Gazette, Part 1 no. 856 of 5 December 2011 and the texts
were renumbered. Law 672/2002 on Public Internal Audit and GO
37/2004 regulate internal audit in public entities as an independ-
ent, objective functional activity evaluating the collection and use of
public money and the administration of public patrimony. Article
2 of Law 672/2002 defnes the public entity as a public authority;
public institution; national company; company where the state or
a territorial administrative unit is a majority shareholder with legal
personality; entity fnanced more than 50% from public funds.
Article 3(1) of Law 672/2002 stipulates that the general objec-
tive of public internal audit is the enhancement of the management
of public organizations which can be achieved through:
a. assurance activities which objectively examine evidence in
order to provide an independent assessment of risk man-
agement, control and governance processes to the public
and the management of the public organization; and
b. consulting activities which add value and improve the gov-
ernance processes in public entities without the internal au-
ditor assuming managerial responsibilities.
Article 3(2) of the same Law stipulates the scope of internal
audit involves all the activities of the public institutions through
which they achieve their objectives.
2.1.1. The organization of internal auditing
Structurally, internal auditing is organized as follows:
a. Te Committee for Public Internal Auditing (CPIA);
b. Te Central Unit for the Harmonization of Public Internal
Auditing (CUHPIA);
c. Internal Audit Committees;
d. Internal Audit Departments in public organizations.
a. Te Committee for Public Internal Auditing (CPIA) exists
along the Central Unit for Harmonization of Public Internal Auditing
(CUHPIA) and is a consultative body whose purpose is to defne the
strategy and improve the internal audit activity in the public sector.
CPIA has 11 members whose selection is regulated by the Or-
der of the Minister of Finance. Its membership is composed of the
President of the Chamber of Financial Auditors of Romania, two
professors specialized in internal auditing, three specialists with
high credentials in this feld, the General Director of CUHPIA,
three experts from related areas of work (accounting, legal, IT)
and one representative of local public authorities. With the excep-
tion of the General Director, the CPIA members cannot be part of
the Ministry of Finance. Te process of nomination is determined
through the rules approved by the Government Decision 235/2003.
CPIA is headed by a President elected with the simple majority of
its members for a period of three years. Te President convenes the
meetings of the Committee. Te Internal Regulations of CPIA are
approved in a plenary session with a majority vote. Its technical
secretariat is provided by CUHPIA. Te Minister of Finance can
discharge the Committee members only at the specifc request of
the President in conditions stipulated by the law, which provides
the Committee with a relatively high level of stability.
According to Article 6 of Law 672/2002 CPIA has the following
main responsibilities:
to discuss the strategic development plans in public internal
auditing and provide an authoritative opinion on the direc-
tion of its development;
to debate and issue an opinion on the normative act devel-
oped by CUHPIA;
to discuss and approve the annual report on public internal
audit and the presentation of this report to the Government;
to approve the plan of internal audit engagements that are of
national interest and have cross-sectoral implications;
to debate and issue an opinion on the reports of internal
audit of national interest with cross-sectoral implications;
to analyze the importance of the recommendations made
by internal auditors in cases where there is a divergence of
opinion between them and the manager of the public or-
ganization, and to issue an opinion about the consequences
of non-compliance with auditors recommendations;
to analyze the cooperation agreements between internal
and external auditors regarding the defnition and use of the
concepts in the feld, exchanges of results and the common
professional training of auditors; and
to approve the appointment and dismissal of the Director
of CUHPIA.
b. Te Central Unit for the Harmonization of Public Internal
Auditing (CUHPIA) was established within the Ministry of Fi-
nance, in direct subordination to the Minister and is divided along
specialization services. CUHPIA is headed by a General Director
appointed by the Minister of Finances following the approval by
CPIA. Te General Director is a civil servant and should have ex-
cellent professional qualifcations and competence in accounting
and/or audit and meet the requirements of the Ethical Code of In-
ternal Auditors as stipulated in article 7(3) of Law 672/2002.
Te main role and responsibilities of CUHPIA are:
to develop and apply a unifed strategy of public internal
auditing and monitor the activity at the national level;
to develop a normative framework in public internal auditing;
to develop and implement harmonized procedures and
methodologies based on international standards, including
internal audit manuals;
to develop methodologies for risk management;
to elaborate the Ethical Code of Internal Auditors;
to approve the methodological norms in specifc areas of
activity in the feld of public internal auditing, including the
norms of the internal audit departments organized at the
level of associative structures;
to develop the reporting system of the internal audit results
and elaborate the annual report based on the audit reports
received;
to conduct internal audit engagements of national interest
with cross-sectoral implications;
to verify the compliance with norms, regulations, the Ethi-
cal Code by the internal audit departments, including those
organized at the level of the associative structures;
to evaluate their activity and take the necessary corrective
measures in cooperation with the manager of the public or-
ganization;
to establish the general framework of the cooperation agree-
ment to carry out the internal activity in local public institu-
tions;
to support local public institutions and associative struc-
tures in the implementation of the cooperation system to
carry out the internal audit activity;
to establish the knowledge, skills and competences individ-
uals must have in order to carry out internal audit activities;
to coordinate the recruitment system, the national system
of certifcation and continuous professional training of in-
ternal auditors;
to approve the appointment/dismissal of the heads of inter-
nal audit departments in public institutions;
to cooperate with the Court of Auditors to ensure the co-
ordination of the internal and external audit activities and
increase their efciency and cooperate with other authori-
ties and public institutions in Romania; and
to cooperate with public authorities that have fnancial con-
trol responsibilities in other states, including with the Euro-
pean Commission.
c. Internal Audit Committees are established within central
public institutions that run during one fnancial year a budget of
more than 2 billion RON in order to increase the efciency of inter-
nal auditing. Te Committee comprises 5 to 7 members appointed
by the head of the central public institution and its membership in-
cludes: (1) two-three internal auditors with a minimum experience
of fve years; (2) two-three professionals with a minimum experi-
ence of fve years in a feld relevant for the activity of the respective
institution; and (3) the head of the internal audit department. Te
internal auditors in the Internal Audit Committee work in other
public institutions that are not subordinated or coordinated by the
respective public organization. Te professionals in the Committee
are working in the central public organization, but they do not as-
sume management positions.
Te Committee is headed by a president elected by a simple ma-
jority for a three-year term which can be renewed once; the head of
the internal audit department cannot act as a president. Te Internal
Regulations of the Committee are approved in a plenary session by
a simple majority. Its technical secretariat is ensured by the internal
audit department of the central public institution. Upon the request
of the head of the central public organization, the President of the
Internal Audit Committee will attend the top management meet-
ings to express the Committees opinion on the topics under debate.
According to article 10 of Law 672/2002, the main responsibili-
ties of the Internal Audit Committee are:
to debate and approve the multi-annual and annual plan for
the internal audit activity;
to analyze and express an opinion on the recommendations
made by internal auditors, including on - those that were
not accepted by the head of the central public organization;
to approve the Charter of Public Internal Auditing;
to review and propose measures regarding breaches of the
Ethical Code of Internal Auditors;
to assess and approve the Annual Report of public internal
auditing activities; and
to approve the cooperation agreements with other public
institutions.
d. Internal Audit Departments are organized in public insti-
tutions by the manager or the Board that has the responsibility to
establish the organizational and functional framework required for
the internal audit activity.
Local public entities that cooperate for ensuring internal audit-
ing can use the capacity of the audit department that is constituted
within the organizing entity or at the level of the associative struc-
ture. Local public entities that did not establish their own audit de-
partment or did not conclude cooperation agreements can contract
the services of certifed auditors. In the case of small public institu-
tions that are not subordinated to other public entities, the public
internal auditing is restricted to compliance audit and is carried out
by the audit departments of the Ministry of Finance.
For those central public institutions whose managers are pri-
mary credit controllers and oversee a budget until 5 million RON
and have not established an internal audit department, the audit
activity is carried out by the Ministry of Finance, through CUH-
PIA, based on a cooperation protocol. Te head of the public en-
tity subordinate or under the coordination of another public en-
tity establishes and maintains a functional department of internal
auditing with the agreement of the superior public entity. In case
it doesnt secure this agreement, the latters internal audit depart-
ment must carry out the audit activities for the subordinate public
institution.
Te internal audit department is established under the direct
management of the public entity and should not be involved in the
design of the internal control procedures and the implementation
of activities to be audited. Te head of the internal audit depart-
ment is appointed and dismissed by the head of the entity/associa-
tive structure with the approval of CUHPIA; for the subordinate
public entities, the appointment/dismissal is made with the ap-
proval of the hierarchically superior public entity. Te head of the
internal audit department is responsible for the organization and
implementation of internal audit activities.
Te size of the Internal Audit Department is determined ac-
cording to the volume of activity and the magnitude of associated
risks of the particular institution. Te costs of the internal audit
carried out within the cooperation framework, especially the hu-
man resources costs (remuneration, contributions), are distributed
among the entities having signed the cooperation agreement de-
pending on the number of days worked by auditors. Te other ma-
terial costs, unless the parties agree otherwise, are to be covered by
the organizing entity or associative structure.
Te function of internal auditor is incompatible with the pur-
suit of this career for proft or rewards.
According to article 13 of Law 672/2002, internal audit depart-
ments have the following responsibilities:
to draw up methodological norms specifc to the public or-
ganization in which it carries out activities;
to develop the multi-annual plan of public internal audit,
usually over a three-year period, and the annual auditing
plan;
to carry out internal audit activities to assess whether the
fnancial management and control systems are transparent,
efective, efcient and comply with existing laws and regula-
tions;
to inform CUHPIA about the auditors recommendations
that were not accepted by the head of the public institution
and provide advice about their consequences;
to periodically report its fndings, conclusions and recom-
mendations as a result of its auditing;
to prepare the annual report of internal audit activity;
to immediately inform the head of the public entity and the
internal control responsible about any irregularities and
damage identifed;
to verify the compliance with norms, instructions and the
Ethical Code of Internal Auditors and take the necessary
corrective measures together with the head of the public
institution.
2.1.2. Conducting internal audit activities
Internal auditing in public institutions is the responsibility of the
internal audit departments which assess whether the management
and internal control systems are transparent, efcient, efective,
and in compliance with laws and regulations. Te scope of internal
auditing covers all the activities carried out in a public institution,
including the activities of those entities subordinate or under the
coordination of other public institutions. Te internal audit depart-
ment audit, at least once every three years, the following:
the fnancial activities from the moment the public funds
are earmarked until their utilization by the fnal benefciar-
ies, including those funds available through external assis-
tance;
payments made according to budget and legal stipulations,
including payments from EU funds;
the administration of patrimony and the sale, lease or rental
of goods in the private property of the state or the territorial
administrative unit;
the lease or rental of goods in the public property of the state
or the territorial administrative units;
the formation of public revenues and establishment of ac-
counts receivable and the advantages ofered upon their col-
lection;
the allocation of budgetary credits;
the accounting system and its efectiveness;
the decision making system;
the management and control systems and the risks associ-
ated with these systems; and
the IT systems.
Te internal audit engagements are made according to a work
programme or plan. Te multi-annual and annual auditing plans
are prepared by the internal audit departments afer the evalua-
tion of the risk level of diferent structures, activities, programmes/
projects or operations. In this process, the suggestions of the head
of the public organization, the recommendations of the Romanian
Court of Auditors and the European Commission should be taken
into account. Tose activities posing a high level of risk should be
audited on a yearly basis.
Te projects for the multi-annual and annual plans of the local
public entities that manage their audit though external cooperation
are centralized and included in the audit plans of the organizing
public entity or the associative structure.
Te multi-annual and annual plans in those organizations car-
rying out activities through service provision contracts are elabo-
rated and approved by the head of the organization. Te heads of
public institutions approve annually the internal audit plan.
Auditors in the internal audit departments conduct, with the
approval of the head of the organization, ad-hoc, exceptional en-
gagements that are not covered by the audit plans.
In their audit engagements, internal auditors are authorized
by an order issued by the head of the internal audit department.
Trough this order the head nominates the auditing team and
clearly stipulates the purpose, objectives, type and duration of the
authorized activities.
Te Internal Audit Department shall notify the department or
structure to be audited 15 days in advance. Te notifcation, includ-
ing the Charter of internal audit in the public sector, shall include
information about the purpose, main objectives and duration of
the engagement.
Tere are diferent types of internal audit engagement:
a. system auditing represents an in-depth assessment of the
management and internal control systems in order to de-
termine whether they operate efciently and efectively,
identify possible defciencies and make recommendations
for their correction;
b. performance auditing examines whether the criteria that
were established for the implementation of activities and
fulfllment of objectives are relevant for the evaluation of
results and assesses whether the results are consistent with
the objectives;
c. compliance auditing examines the organizations adherence
and compliance with all principles, procedural and meth-
odological rules in spending public money.
Internal auditors have access to all data and information, in-
cluding those in electronic format, they consider relevant for
achieving the objectives of their mission. Te management and ex-
ecution personnel in the audited structure must provide the docu-
ments and information requested within the set deadlines and all
the support to assure that the audit takes place in the best possible
conditions. Internal auditors may request data, information, cop-
ies of documents, conformity certifcates from physical and juridi-
cal persons in connection to the audited structure and they are
required to respond to these requests in due time. Also, internal
auditors can make fnancial and accounting assessments in order to
verify the legality and conformity of the internal control activities
these physical and legal persons underwent.
In order to protect the fnancial interests of the EU, the author-
ized representatives of the European Commission and the Europe-
an Court of Auditors are granted similar rights o those of internal
auditors. To prove their identity and position, the representatives
must have a written authorization and an accompanying document
stating the object and purpose of the control or on-site inspection.
If the need for specialist/expert knowledge in the execution of
the audit arises, the head of the internal audit department can de-
cide to contract external experts and consultants.
At the end of each audit mission, the auditors prepare a report
comprising the general framework, objectives, fndings, conclu-
sions and recommendations. Te report is accompanied by the jus-
tifcatory documents. Te draf of the report is sent to the audited
structure which can transmit its comments in maximum 15 days.
Within 10 days from the receipt of these comments, the internal
audit department organizes the conciliation meeting with the au-
ditee to analyze the fndings and conclusions and advance towards
the acceptance of the proposed recommendations. Te head of the
internal audit department shall transmit the fnal draf of the inter-
nal audit report, together with the results of the conciliation meet-
ing, for review and approval to the following persons depending
on the case:
1. the head of the public entity that approved the mission;
2. the head of the local public entity that manages its auditing
through external cooperation without informing other ju-
ridical or physical persons, except as provided by law, about
data, deeds or situations discovered during the audit mis-
sion; and
3. the head of the small public institution.
Afer approval the recommendations in the internal audit re-
port shall be communicated to the auditee which is required to in-
form the internal audit department about the method and timeline
of their implementation. Te head of the department then informs
CUHPIA or the hierarchically superior body about the recommen-
dations that were not approved. Tese recommendations will be
accompanied by the supporting documents. Also, the department
assesses and reports about the progress made in the implementa-
tion of recommendations to CUHPIA or the hierarchically supe-
rior body.
2.1.3. The profession of internal auditor
Te internal auditors who are civil servants are subject to the
legal stipulations on incompatibilities and rights and obligations
according to Law 188/1999 on the Statute of Civil Servants, repub-
lished and amended, and Law 672/2002 republished.
Te appointment or dismissal of internal auditors is made by
the head of the public institutions or the managing board, with the
approval of the head of the internal audit department. According
to the Professional Standard approved for internal auditors, their
professional background and general framework of competences
cover at least the following areas: internal auditing, risk manage-
ment, internal control and governance, management, accounting,
public fnances, information technology, and law.
Te recognition of internal auditors professional competences
is made based on:
the match between the courses taken during the undergrad-
uate and graduate studies, as revealed by transcripts and na-
tionally recognized diplomas, and the areas covered by the
general framework of competences; and
if the auditors background is not covered by these areas,
they must complete the professional training by graduat-
ing relevant programmes organized by accredited institu-
tions.
Te certifcate of attestation is issued if all the following condi-
tions have been met:
a. the auditor has the required professional background;
b. the auditor has a professional experience of minimum one
year; and
c. professional integrity confrmed by two recommendations
of internal auditors or specialists with a minimum experi-
ence of 5 years in the public sector.
Te internal auditors with an internal audit certifcate issued
by internationally recognized institutions in the feld, such as the
Institute of Internal Auditors in the USA, the French Institute of
Audit and Internal Control, the Institute of Internal Auditors in the
UK and Ireland, have their professional competences recognized at
the national level.
Te certifcate of attestation loses its validity when:
a. the internal auditor did not carry out internal audit activi-
ties in the last 5 years; and
b. the internal auditor did not attend professional training
courses in the context of the continuous professional train-
ing programme.
Te recruitment process and the rights and obligations of the
internal auditors that are not civil servants must comply with the
internal regulations of each public institution and the stipulations
of the Law 672/2002. Te physical persons requesting a certifcate
of attestation will be subjected to the same conditions regarding is-
suance and duration of validity as those applied to internal auditors
in public institutions.
Internal auditors should discharge their duties objectively and
independently, with professionalism and integrity, according to
Law 672/2001 and the rules and procedures of internal auditing.
Tey are not to be sanctioned or demoted for their actions under-
taken in good faith to achieve tasks within their mandate. Internal
auditors shall not disclose any data, facts or situations found during
or in connection to their missions.
It is the responsibility of internal auditors to protect the docu-
ments associated with the internal auditing conducted at a public
institution. Te responsibility for the actions taken afer analyzing
the audit reports belongs to the management.
Internal auditors should comply with the Ethical Code of
the Internal Auditor. Also, they are required to improve their
knowledge, skills and values as part of continuous profession-
al training, even after obtaining the certificate of attestation,
through:
a. participation in courses and seminars on topics that fall
within the areas of the professional competence framework
or relevant for the activity of the public institution;
b. individual studies on topics approved by the head of the in-
ternal audit department; and
c. professional publications.
Te continuous professional training, which is the responsibility
of the head of the internal audit department and of the public in-
stitution, is organized for a period of minimum 15 days every year.
Internal auditors are required to submit every fve years reports re-
garding the organization of these trainings to the body having is-
sued the certifcate. On this basis the validity assessment is decided.
Spouses, relatives and in-laws, up to the fourth degree, including
the head of the public institution, can not be internal auditors within
the same entity. Internal auditors can not be appointed to conduct in-
ternal audit missions in an institution if they are spouses, relatives or in-
laws, up to the fourth degree, of the manager or members of the board.
Internal auditors should not be involved at all in undertaking
activities or implementing the internal control systems that they
could potentially audit. Auditors that have responsibilities in the
implementation of programmes fnanced totally or partially by the
European Union should not be involved in their auditing. Also, au-
ditors should only be assigned audit missions in areas of activity
where they previously held positions only afer the lapse of three
years. Internal auditors found in any of the situations mentioned
above are required to immediately notify, in writing, the head of
the public institution and of the internal audit department.
2.2. The normative framework
In addition to the legislative framework, internal auditing is
regulated by a normative framework for the assurance and consult-
ing activities.
2.2.1. The normative framework for assurance activities
Te general normative framework for the audit activity of as-
suring the management of a public entity as to the efectiveness of
the internal control system is comprised of:
Order of the Minister of Finance 38/2003 for the approval of
the General Norms regarding the accuracy of public inter-
nal auditing known as the Internal Auditing Manual;
Order of the Minister of Finance 252/2004 for the approval of
the Ethical Code of Internal Auditors which repealed Order
880/2002 adopting the Ethical Code of Internal Auditors;
Order of the Minister of Finance 423/2004 that amends and
supplements the Order 38/2003 on the General Norms re-
garding the activities of public internal auditing.
Te internal audit structures from public institutions have de-
veloped their own general norms on the basis of the general meth-
odological norms as required by law.
General Norms are structured in fve parts:
Part I - Te application of the general rules of public internal
auditing
Part II - Te methodological rules regarding the internal audit
missions
Part III - Te procedural guide
Part IV - Te internal auditing charter
Part V - Glossary
2.2.1.1. The application of the general rules of public internal auditing
Tis frst part of the methodological rules has the following
structure:
a. General provisions where internal auditing in the public
sector and the types of internal audit are defned;
b. Internal audit structures in Romania which discusses in de-
tail the organization of the internal audit in Romania and
the responsibilities of every structure; and
c. Rules applicable to the internal audit department and in-
ternal auditors. Tis section provides detailed information
about the following norms:
Qualifcation norms which are comprised of: (1) Te
Charter of Internal Audit and the Ethical Code of Inter-
nal Auditors, (2) Independence and Objectivity, (3) Pro-
fessional competence and integrity, and (4) Enhance-
ment of quality; and
Operational rules of internal auditing.
2.2.1.2. Methodological norms regarding the internal audit missions
Tis section describes the methods and tools used in conduct-
ing internal audit assignments according with the General scheme
(Figure 1) which provides a holistic perspective over the internal
audit process. Te lef side of the graph presents the stages of inter-
nal auditing and the relevant procedures, while the right side pre-
sents the results obtained and the corresponding documentation.
An internal audit mission involves the following steps:
Step 1 Preparation for the internal audit assignment. Te fol-
lowing procedures (P) are to be undertaken at this stage:
P01-P03 Te initiation of auditing which requires the prepa-
ration of the documents:
P01 Te order of authorization is adopted by the head of the in-
ternal audit department based on the annual plan approved by the
manager of the public institution. Te order represents the man-
date granted to internal auditors to start the activities and com-
prises the division of tasks among internal auditors.
P02 Te declaration of independence whereby internal auditors
involved in the mission guarantee to maintain their independence
throughout their engagement.
P03 Te notice of initiation through which the Department of
Internal Auditing informs the auditee 15 days in advance about the
purpose, main objectives, duration of the mission and the planned
on-site interventions whose schedule will be decided by common
agreement.
P04 Collecting and processing the information. Tis pro-
cedure requires that internal auditors collect general information
about the structure to be audited. Te information must be relevant
for the achievement of the following objectives:
a. the identifcation of the main elements of the socio-eco-
nomic and institutional context in which the institution un-
dertakes its activities;
b. acquiring knowledge about the entity/structure that will be
audited in respect to its working methods and the hierarchic
levels;
c. the identifcation of the strengths and weaknesses and con-
trol systems of the structure/entities to be audited;
d. the identifcation and assessment of signifcant risks; and
e. the identifcation of those pieces of evidence necessary to
achieve the objectives of control and the selection of the ad-
equate investigative techniques.
Information processing consists of:
1. the analysis of the entity to be audited and its activities (hu-
man resources chart, internal regulations, job description,
the circuit/fow of documents);
2. the analysis of the normative framework;
3. the analysis of those elements susceptible to prevent the re-
alization of the audit assignments;
4. the analysis of the results of the previous audit missions; and
5. the analysis of the external information concerning the en-
tity to be audited.
At this stage auditors should draf the Checklist of the objects
of Auditing. Te objects of auditing represent the basic activities
of the audited domain whose characteristics can be defned theo-
retically and compared against the reality. Teir identifcation takes
place in 3 stages:
1. the defnition in detail of every activity and process start-
ing with its initiation and ending with its recording (audit
cycle);
2. the agreement of the conditions every operation has to meet
from the point of view of the specifc controls and the cor-
responding risks to be avoided; and
3. the identifcation of those operating procedures necessary for
the institution to achieve its objective and minimize risks.
P05 Risk analysis
Risk represents any event, action, situation or behavior that
might have a negative impact upon the capacity of the public entity
to achieve its objectives. Tere are several risk categories:
a. Organizational risks: lack of precise responsibilities, def-
cient organization of human resources, insufcient and out
of date documentation;
b. Operational risks: failure to register activities in the ac-
counting system, improper archiving of justifcatory docu-
ments, lack of control over the operations having a high
level of risk;
c. Financial risks: unsecured payments, undetected fnancial
operations posing signifcant risks; and
d. Risk generated by legislative, structural, managerial chang-
es, etc.
Te components of risk are: the probability of occurrence and
the level of impact measured by the gravity and duration of its con-
sequences.
Risk analysis, as one of the main procedures in internal audit-
ing, has the following objectives:
to identify the dangers in the entity undergoing an audit;
to identify whether the internal control or other procedures
in the public entity can prevent, eliminate or minimize risks;
and
to evaluate the structure and evolution of the internal control.
Te stages of risk analysis are:
1. the analysis of the activities of the entity;
2. the identifcation and assessment of inherent risks with an
impact over the fnancial operations;
3. the verifcation and assessment of internal controls, internal
control procedures; and
4. the assessment, measurement and classifcation in groups of
risk of the weaknesses identifed. Internal auditors should
incorporate in the identifcation and assessment of signif-
cant risks those risks discovered during previous assign-
ments.
Te criteria used for the measurement of the risk occurrence
are the vulnerability of the entity and internal control assessment.
Te risk occurrence probability varies from impossibility to cer-
titude on a three-level scale: low probability, medium probability
and high probability.
a. Te vulnerability of the entity
To make an assessment, the auditor will take into considera-
tion all factors that might have an impact upon vulnerability, such
as the human resources, the complexity of processing operations,
the available technical means. Te vulnerability is assessed on three
levels: low, average and high.
b. Internal control assessment
Tis assessment is based on an analysis of the quality of internal
control on three levels: proper, insufcient serious shortcomings.
Te level of the impact refers to the efects of risk occurrence and
can be expressed on a scale with three values: low, moderate and
high.
In a risk analysis, internal auditors comply with the following
procedures:
1. they identify the operations and objects that will be audited
and their interdependences and establish the scope of the
analysis;
2. they identify the threats and inherent risks associated with
these operations and activities by establishing their fnancial
impact;
3. they establish the criteria for risk analysis. It is recommend-
ed that internal auditors use the following criteria: internal
control assessment, quantitative and qualitative assessment;
4. they establish the risk level for each criterion using a scale of
values on three levels as follows:
d1) for the internal control assessment: appropriate in-
ternal control - level 1; inadequate internal control - lev-
el 2; defcient internal control - level 3;
d2) for the quantitative assessment: low fnancial impact
low - level 1; average fnancial impact level 2; impor-
tant fnancial impact - level 3;
d3) for the qualitative assessment: low vulnerability -
level 1; average vulnerability - level 2; high vulnerability
- level 3;
5. they establish the total score for the criterion used (T). Each
criterion is assigned a weight factor and risk level. Te result
of the multiplication represents the score of that particular
criterion. Afer adding all the scores, one obtains the total
risk value of a particular operation/activity. Total risk score
is obtained by using the formula:
T= P(i) x N(i)
Where: 1 = 1 ... n
P(i) = the risk weight for each criterion;
N(i) = the risk level for each criterion used or
T = N1 x N2 x .... x N (i), where
N= the risk for each criterion used.
6. they classify risks based on the obtained scores in low risk,
medium risk, high risk;
7. they rank the operations and activities to be audited and
create a table of strengths and weaknesses. Te latter sum-
marizes the outcome of the assessment of each activity ana-
lyzed and allows risk prioritization to guide internal audit-
ing and decide the audit topics in detail. Te lef side of the
table displays the outcome of the risk analysis, while the
right side presents the auditors opinions and comments.
P06 Establishing in detail the theme of the internal audit mission
Te detailed theme comprises all areas and objects of auditing se-
lected, is approved by the head of the internal public department and
circulated to the management team in the public institution during
the opening meeting. Based on the detailed theme, the internal au-
dit programme, an internal working document, is adopted. Te pro-
gramme comprises the specifc actions to be undertaken by auditors
according to each objective in the detailed theme and the division of
tasks in the team. Te purpose of the internal audit programme is:
to assure the head of the internal audit department that all
aspects related to the objectives of the audit mission have
been taken into account;
to establish the way in which tasks are allocated and activi-
ties planned.
Te preliminary programme of on-site interventions is created
based on the internal audit programme and presents in detail the
activities that internal auditors propose themselves to carry out, in-
cluding the studies, measurements, tests, the collection and assess-
ment of evidence, and the schedule of these activities.
P07 The opening meeting
Te opening meeting takes place at the institution that will be
audited, with the participation of auditors and the personnel of the
public institution. Te agenda of the meeting should comprise:
the introduction of internal auditors;
the presentation of the objectives of the audit mission;
the establishment of the reporting deadlines of the assess-
ment stages;
the presentation of the detailed theme;
the calendar of the meetings; and
ensuring the material conditions required for carrying out
the internal audit mission.
Te institution that is undergoing the audit can request the post-
ponement of the engagement on relevant grounds. Te postpone-
ment should be discussed within the internal audit department and
a notice should be sent to the head of the public institution.
Te date of the opening meeting, the name of the participants,
the important aspects of the discussion should be recorded in the
minutes of the opening meeting. Te internal audit department
should notify the entity to be audited about the schedule of the on-
site verifcations and provide the Internal Audit Charter.
Step 2 On site interventions (eld work)
Te feld work includes the collection, analysis and assessment
of documents. It presupposes the following steps:
1. the knowledge of the system, processes and procedures un-
der investigation;
2. interviewing the personnel;
3. verifcation of the accounting entries;
4. the analysis of data and information;
5. the assessment of efciency and efectiveness of internal
control;
6. conducting tests; and
7. assessing the way in which the corrective measures pro-
posed in the previous audit mission were implemented.
Te main techniques used by internal auditors are:
a. comparison: confrmation of the identity of a piece of infor-
mation by using more sources;
b. examination: the detection of errors and irregularities;
c. re-computation or the verifcation of the mathematical cal-
culations;
d. confrmation: requesting information from two or more in-
dependent sources;
e. agreement: the process of matching two distinct categories
of records;
f. guaranteeing: assessing the accuracy of the registered trans-
actions by examining every item registered and its justifca-
tory documents; and
g. follow up: the verifcation of procedures from justifcatory
documents to items recorded. Te purpose of follow up is to
assess whether the real transactions were recorded.
Te main instruments used in internal auditing are:
1. Te questionnaire comprising the questions asked by inter-
nal auditors. Tere are several types of questionnaire: the
acknowledgement questionnaire (questions about the socio-
economic context, internal organization, activities); the in-
ternal control questionnaire (serves as a guide for internal
auditors in identifying the dysfunctions and their causes);
the check list questionnaire (establishing the conditions
that every area undergoing audit should meet; it comprises
a set of standard questions about the defned objectives, re-
sponsibilities, fnancial, technical means, available human
resources)
2. Te auditing fow chart which establishes the circuit of the
information, the responsibilities and attributions, the justi-
fcatory documentation and the reconstitution of the opera-
tions from the total sum to the individual details
3. Te internal audit fndings forms that are used to present
the outcome and conclusions of the audit engagement.
P08 Te form identifcation and analysis of problems is flled
out for every dysfunction detected. It includes its summary, causes
and consequences and recommendations. Te form must be ap-
proved by the coordinator of the audit mission, confrmed by the
representatives of the entity that was audited and supervised by the
head of the internal audit department.
P09 Te form ascertainment and reporting of irregularities is
flled out if internal auditors ascertain the existence or likelihood
of irregularities. It is immediately forwarded to the head of inter-
nal department who will inform within 3 days the manager of the
public institution and the authorized control structure to continue
verifcations.
Te internal audit records contain information which links
the audit task, on-site intervention and the internal audit report.
Te records are then used by internal auditors to formulate their
conclusions. Types of internal audit records:
a. the permanent record comprises the following sections:
Section A- Internal audit report and annexes:
authorization order;
independence declaration;
reports (intermediary, fnal, summary of recommendations);
the form identifcation and analysis of problems;
the form ascertainment and reporting of irregularities; and
audit programme.
Section B- Administrative:
the notice regarding the initiation of the internal audit mis-
sion;
the minutes of the opening meeting;
the minutes of the reconciliation meeting;
the minutes of the closing meeting; and
the correspondence with the public institution undergoing
auditing.
Section C- Te documentation of the internal audit mission:
internal strategies;
rules, regulations and applicable laws;
work procedures;
materials about the entity/structure undergoing auditing
(debts, responsibilities, number of employees, job descrip-
tion, organizational graph, nature and location of account-
ing entries);
fnancial information;
previous internal audit reports;
information regarding key positions/the fux of operations; and
the risk analysis documentation.
Section D- Supervising and revising the internal audit mission
and its results:
revision of internal audit reports; and
internal auditors response to the revision of the internal au-
dit report.
b. the working document records comprises photocopies and
extracts of the justifcatory documents. Te fle is indexed
by assigning letters and numbers for every section/objective
in the audit programme. Te index must be clear and easy
to follow.
P10 Te review of working documents shall be carried out by
internal auditors before the internal audit report to ensure that the
working documents are prepared appropriately.
Te internal audit records are the property of the public institu-
tion and are confdential. Tey shall be kept until the implementa-
tion of the recommendations in the internal audit report and sub-
sequently archived according to the existing regulations.
P11 Te closing meeting is organized to enable internal audi-
tors to express their opinion, present the fnal recommendations in
the report and agree on a calendar for implementing the recom-
mendations.
Step 3 The internal audit report
Te procedures to be followed at this stage are:
P12 Te draf preparation of the internal audit report (in-
termediary report). Te following requirements shall be met in
drawing up the report:
a. the fndings should be directly related to the objective of the
audit mission and be supported by appropriate justifcatory
documents;
b. the recommendations should be consistent with the fnd-
ings and determine the minimization of potential risks;
c. the report should refect the internal auditors opinion based
on fndings; and
d. the report is developed by building upon the form identif-
cation and analysis of problems.
Te principles that must be observed in drafing the report are:
1. the fndings must be expressed in a pertinent and undeni-
able manner;
2. the avoidance of vague expressions, abstract language;
3. using correct language and a common vocabulary;
4. avoiding polemical, ofensive and biased tone;
5. the prioritization of fndings (only the most important will
be presented in the summary or conclusions); and
6. the emphasis of the positive aspects and the improvements
made since the last audit mission.
Te draf of the internal audit report must comprise at least the
following items:
the purpose and objectives of the internal audit mission;
the identifying data of the internal audit mission (legal ba-
sis, authorization order, audit team, entity/structure under-
going auditing, the duration of audit activities);
the method through which the audit activities are carried
out (survey, documentation; procedures, techniques; exam-
ined documents and materials; documents drafed during
internal audit mission);
fndings;
conclusions and recommendations; and
annexes (references, situations, documents, any type of evi-
dence).
P13 Communication of the draft report
Te draf of the internal audit report shall be sent to the audited
structure which can send its comments to the internal auditors
within 15 days.
P14 Conciliation meeting
Within 10 days from receiving the comments, internal auditors
organize the conciliation meeting where the fndings and conclu-
sions are discussed in view of securing agreement for the recom-
mendations.
P15 Preparation of the internal audit report
Te internal audit report should include the modifcations
agreed upon during the conciliation meeting. It will include a sum-
mary of the main fndings and conclusions. Te head of the inter-
nal audit department must inform CUHPIA or the hierarchically
superior body about the recommendations, accompanied by sup-
porting documentation, that were not approved by the manager of
the public institution.
P16 Dissemination of the internal audit report
Te head of the internal audit department shall send the re-
port, together with the outcome of the conciliation meeting and
the comments made by the entity having undergone auditing, to
the manager of the public institution that approved the mission. In
the case of a small public institution, the report is sent for approval
to its manager. Afer the approval of the recommendations com-
prised in the report, they are to be communicated to the auditee.
Te Court of Auditors has access to the internal audit report during
its verifcations.
Step 4 Monitoring the recommendations
Te objective of activities at this stage is to ensure that the rec-
ommendations in the report are enforced efectively and timely and
that the management has assessed the risk of non-enforcement.
Te auditee must inform the internal audit department about the
method of implementation of recommendations. Te responsibili-
ties of the auditee in this respect are:
to develop an action plan, including a concrete timetable;
to nominate those responsible for implementing each rec-
ommendation;
to implement the recommendations;
to periodically communicate the level of progress; and
to evaluate the obtained results.
Te internal audit department assesses and reports back to
CUHPIA or the hierarchically superior body about the progress
achieved in implementing the recommendations. Also, the internal
audit department will notify the manager of the public institution
about the degree to which recommendations are implemented.
Te head of the internal audit department is responsible for su-
pervising all the phases and steps of the internal audit mission. Be-
cause the purpose of its supervisory functions is to ensure that the
objectives of the audit mission were properly achieved, the head of
the department undertakes the following:
a. provides adequate advice for conducting the internal audit
mission;
b. assess whether the programme of the mission was correctly
implemented;
c. verifes the existence of evidence; and
d. assesses whether the internal audit report is accurate, clear,
concise and completed in due time.
If the head of the internal audit department was involved in the
audit mission, the supervision is ensured by the internal auditor he
designates.
2.2.1.3 The procedural guide
Contains detailed descriptions of all the procedures that should
be followed in an audit mission and models of the documents in-
ternal auditors must draw up during their mission.
2.2.1.4. Internal audit charter
Establishes the rights and obligations of internal auditors. Its
purpose is to:
inform about the objectives and methods of auditing;
clarify aspects of the audit engagement;
establish the working rules between auditor and auditee; and
promote rules of conduct.
Te Charter comprises the following chapters:
a. Roles and objectives of internal auditing in the public sector
b. Statute of the internal audit department
c. Principles applicable to the internal audit department and
internal auditors
d. Internal audit methodology
e. Rules of conduct
2.2.2. Normative framework for the consulting activity
Te normative framework for the consulting activity of internal
auditing in public institutions is established by the Order of the
Ministry of Finance 1702 of 14.11.2005 for approving the norms
regarding the organization and performance of consulting activi-
ties which will be referred to as Consulting Norms.
Consulting is the activity undertaken by internal auditors intend-
ed to add value and enhance the administration of the public institu-
tion, risk and internal control management without the internal au-
ditor assuming managerial responsibilities. Te consulting activities
are carried out according to the annual programme, together with
assurance activities, but also at the request of the management of the
public institution (article 2 (1) of the Consulting norms).
Te consulting norms regulate the internal auditors activities
and are prepared according to internationally recognized standards
and EU best practices. Article 3 of the Consulting norms stipulates
three types of consulting activities;
a. consulting, whose purpose is to identify the obstacles pre-
venting the normal unfolding of processes, to establish
causes and consequence, to put forward solutions;
b. knowledge gathering, intended to obtain additional infor-
mation and acquire an in-depth understanding of the op-
eration of a standard system or legal stipulation relevant for
the personnel with implementation responsibilities; and
c. training and professional development designed to provide
theoretical knowledge and practical information about f-
nancial, risk and internal control management through the
organization of courses and seminars.
Te consulting activities can take the following forms:
1. formal consulting missions, comprised in a distinct section
of the internal audit plan, and carried out systematically
and methodically according to pre-determined formal pro-
cedures as presented in chapters 3 and 4 in the Consulting
Norms;
2. informal consulting missions conducted through participa-
tion in various permanent committees, temporary projects,
meetings, information exchanges according to specifc pro-
cedures;
3. consulting missions in exceptional circumstances whereby
auditors join teams formed in order to resume activities in
the afermath of an exceptional event.
Te heads of the internal audit departments have the duty to
include in the Charter of Internal Audit, based on the Consulting
Norms, the methods of organization and realization of consulting,
next to assurance activities. Te organization and performance of
the consulting mission are proposed by the heads of audit depart-
ments and approved by the management of the public organization
granted they do not generate conficts of interests and are not in-
compatible with the internal auditors duties.
Internal auditors need to be objective when presenting their
fndings, conclusions and proposals to the management of the
public organization. Te latter shall be informed without delay
about any situation that might interfere with the independence
and objectivity of internal auditors, irrespective of the timing of
its occurrence. In order to avoid the infringement of the principles
of independence and objectivity in cases when the assurance mis-
sions are performed afer consulting, the heads of internal audit
will designate diferent auditors and supervisors for the two types
of missions.
To conduct formal audit missions, internal auditors should ob-
serve high professional standards. Tey are also required to:
a. respect the provisions of the Internal Audit Charter and the
other provisions governing consulting missions;
b. meet the deadlines and schedules of the audit mission and
communicate its results to the management of the public
institution;
c. establish the scope of activities necessary to achieve the ob-
jectives of the consulting mission;
d. present in writing the general requirements, identifed
problems, the results of the mission and information related
to the method of organization of the mission; and
e. communicate and report the results of the consulting mis-
sion.
Te heads of internal audit are responsible for the organization
of these missions, including the fnancial aspects, and ensure au-
ditors compliance with the principles and rules stipulated in the
Ethical Code.
Te formal consulting missions are organized by taking the fol-
lowing steps (Figure 2):
Step 1 Te preparation of the consulting mission presupposes
the procedures below:
P01 Initiation of consulting mission presupposes the follow-
ing documentation:
Authorization order represents the disposition of the head of
internal audit allocating tasks to internal auditors;
Te independence and impartiality declaration through which
it is intended to avoid situations whereby the same internal audi-
tors designated for consulting activities might conduct assurance
activities in areas with direct implications for the activity that is
also the object of consulting
Te notice regarding the initiation of the consulting mission
whereby the Internal Audit Department notifes the auditee 15
days in advance about the purpose, objectives, duration and sched-
ule of on site interventions.
P02 Gathering and processing general information about the
auditee in order to ensure:
the identifcation of the main elements of the institutional
context in which the activities are carried out in order to
draw a list of the objects targeted by the consulting activ-
ity;
knowledge about the way in which the auditee is organized,
its working techniques, its hierarchical levels;
the identifcation of the objectives of the consulting activity.
Tis activity can be carried out in the following stages:
a. providing details about every activity and the underlying
processes, starting with the beginning of the activity until
the recording of its results;
b. establishing for every operation the risks with high likeli-
hood of occurrence; and
c. establishing the operation mechanisms of the necessary
controls to minimize risks and the scope of risk efects;
the selection of the proper techniques to gather the relevant
information for achieving the objectives of consulting.
Te document Detailed theme of the consulting mission is ob-
tained as result of the analysis of the information collected at this
stage and comprises the areas selected as highlights of the consult-
ing mission which will be discussed in the opening meeting.
P03 Drafing the programme of the consulting mission. Te
programme comprises the detailed themes of the mission, specifc
actions to be undertaken for every objective, measurements, tests
and evidence and schedule of activities.
P04 Te opening meeting of the on site intervention takes
place at the public entity undergoing audit, with the participation
of the internal auditors and the representatives of the entity. Its pur-
pose is to introduce the internal auditors, to present the objectives
of the mission, the detailed themes, the calendar of the working
meeting to ensure the logistical conditions and to agree on the re-
porting deadlines.
Step 2 Te on site intervention presupposes gathering docu-
ments (P05), document analysis and evaluation (P06) in view of
the objectives of the mission. It enables auditors to acquire knowl-
edge of the activities/systems/processes of the auditee, to study the
associated procedures, to discuss with the personnel, analyze data
and information, assess the efciency and efectiveness of internal
control and to implement tests.
Te main techniques used in the consulting missions are the
stimulation, which enables a qualitative assessment of procedures;
the observation through which internal auditors form an opinion
about the analyzed activity; and the interviews conducted by audi-
tors with the personnel based on questionnaires in order to identify
potential weaknesses.
Te main instruments in the consulting missions are tests and
working sheets used to present the fndings and results of the as-
sessment of every activity/operation under analysis, which allow
the re- prioritization of signifcant risks.
Te consulting records allow the establishment of a corre-
spondence between the audit objectives, on site intervention and
consulting report. Te records comprise the entire documentation
underlying the proposal of recommendations made by internal au-
ditors.
P07 Working documents are revised by internal auditors be-
fore completing the on-site intervention to make sure that all the
needed documents were obtained and systematized in an appropri-
ate manner.
P08 During the closing meeting internal auditors present con-
clusions and propose solutions that will be included in the consult-
ing report.
Step 3 Te consulting report must comprise the following
items:
a. purpose and objectives of the consulting mission;
b. the elements identifying the consulting engagement (legal
basis, authorization order, consulting team, auditee, the
time framework);
c. activities carried out during the mission (documenting;
procedures, methods, techniques used; materials examined;
written submissions);
d. results and fnings;
e. deductive reasoning processes;
f. conclusions and recommendations;
g. the documents presented; and
h. the signature of internal auditors.
P11 Te supervision of all stages in the consulting engagement
is the responsibility of the head of audit or the internal auditor des-
ignated by the latter. Its objective is to ensure that the objectives of
the mission were achieved. Te head of the audit sends the fnal
consulting report to the manager of the public organization who
approved the engagement for consideration and approval. Afer the
report gets approved, it will be communicated to the auditee.
2.3. Procedural framework
CUHPIA designed the legislative and normative framework
for the organization and performance of internal audit activities.
For the internal audit to be conducted appropriately, the normative
framework must be improved, completed and developed with an
adequate procedural framework. To that end, practical guidelines
for the main activities of the public institutions were developed.
CUHPIA has so far designed the following practical guidelines:

No. Practical Guidelines Year
1 Human resources management 2005
2 Public procurement 2005
3 Legal activities 2006
4 IT activities 2006
5 Financial and accounting activities 2007
6 Management activities 2007
7 Public internal audit 2010
8 Local tax collection and administration 2010
Te practical guidelines are accessible on the website of the
Ministry of Finance (http://www.mfnante.ro/audit.html?pagina=
domenii) and represent useful working tools for the internal audi-
tors in the public system on the basis of which practical guidelines
for diferent areas of activity can be developed. At the same time,
these guidelines can be developed and adapted to other functions
of the public organization. Starting from the guidelines drawn by
CUHPIA, the public institutions must prepare their own practical
guidelines according to the focus of its activity. An internal audit
department will be assessed positively depending on the number of
areas for which it developed practical guidelines and formal proce-
dures to support their implementation.
Chapter 3.
The Standardization of Internal Audit
3.1. International Organization of Internal Audit
3.2. International Framework of Professional Practices
3.2.1. Ethical code
3.2.2. International Standards for the Professional Practice of Internal
Auditing (the Standards)
3.2.2.1. Attributive Standards
3.2.2.2. Performance Standards
3.2.2.3. Implementation Standards
3.2.3. Practice Advisory
3.2.4. Practice Guides
3.3. Internal Audit Responsibility
3.1. The International Organization of Internal Auditing
Internal auditors conduct missions by observing certain pro-
fessional norms based on internationally recognized standards.
Te internal auditors work follows common rules imposed by the
standardization of their activities. However, the rules are also rela-
tive as they depend on the type of organization and the national
legislation regulating the internal audit function.
Te international coordination of the internal audit activities
has begun with the establishment of the Institute of Internal Au-
ditors (IIA) in 1941 with the headquarters in Orlando, USA. Te
beginnings were marked by its Anglo-Saxon origins and the in-
ternationalization has progressed gradually as other national insti-
tutes and individual members became afliated. At present, over 90
national institutes of internal auditors and 95.000 members in over
129 countries are afliated with IIA. Also, 42.000 of its members
have an internal auditor certifcate, the internationally recognized
accreditation.
In our country the Romanian Association of Internal Auditors
(AAIR) was established on 29 June 2004 having 18 founding mem-
bers. On 1 December 2007 the Association became a member of
IIA and on 6 July 2007 it became fully afliated with the European
Confederation of Institutes of Internal Auditing (ECIIA).
AAIR is ofcially recognized by IIA Global under the name of
Te Institute of Internal Auditors of Romania (IIA Romania) ac-
cording to its Charter and Constitutive Act (AAIR, 2012).
Te stated aims of AAIR are (AAIR, 2004):
a. to constitute an open forum for the promotion and develop-
ment of the internal audit practices;
b. to represent a forum for the promotion of the internation-
al standards of internal audit where internal auditors and
other stakeholders can improve the means and methods of
professional expression and receive specialized support;
c. to enhance the prestige of the internal audit profession;
d. to represent the common position of its members in relation
to public institution in Romania and abroad; and
e. to defend and represent, whenever necessary, the interests
of its members vis--vis third parties, in their relations and
the relations with the society.
To achieve its purpose AAIR has decided to undertake the fol-
lowing actions:
a. to provide information about the needs and requirements
of the internal audit activity, the most appropriate methods
and procedures implemented at the international level and
the connections between this activity and society in general;
b. to debate in an organized manner and publicly express the
views generally held in the feld and to make proposals for
professional progress;
c. to contribute to the integration and development of the in-
ternal audit activities by ensuring a fexible framework for
cooperation among members but with other national and
international professional bodies as well;
d. to establish and develop the cooperation with associations,
specialized institutions and international bodies to achieve
the stated aims;
e. to develop an internal audit culture and popularize the pro-
fessional principles and ethical code of the feld;
f. to encourage the development of the relations among simi-
lar institutions in Romania based on the principles of inde-
pendence and professional competence;
g. to strengthen and advocate among its members for organi-
zational independence, professional accountability, con-
tinuous professional training, the understanding and inter-
nalization of the new concept of professionalized activity
emerging as result of developments in the Romanian and
international society;
h. to promote the principles, rules and standards of the IIA;
i. to edit, publish and disseminate, on its own or in collabora-
tion with partners, magazines, brochures, informative bul-
letins, advertising materials. Tis activity is relevant for the
implementation of its activities, acquiring knowledge about
the activities of other institutions related to its purpose,
and about the internal audit activity carried out nationally
or internationally. Tese activities are undertaken follow-
ing a specifc request or at its own initiative for an audience
decided by the National Conference at the proposal of the
Board;
j. to attend relevant events nationally and internationally; to
organize seminars, colloquiums and other events for the ad-
equate information of its members and promotion of prin-
ciples, rules and standards of the Association;
k. to provide consultancy and specialized support to its mem-
bers; to propose, design and provide methodological training
and professional development programmes upon request;
l. to represent, protect and defend the legitimate interests of its
members, in connection to the audit activity, before public
authorities and any legal and physical persons. In that sense,
it can take legal action and have interventions in proceed-
ings for the enjoyment of rights and recognition of interests;
m. to carry out studies of prognosis and diagnosis of the spe-
cifc system of activities at the national and international
level, to analyze and evaluate statistical data regarding the
evolution of internal auditing;
n. with the approval of the Board, the Association can provide
specialized support, through its members and upon request,
to institutions, associations, professional organizations;
o. to cooperate with similar associations and organizations
from other countries and afliate with relevant interna-
tional bodies in order to obtain data and information and
facilitate professional exchanges;
p. to notify the relevant national bodies, legislative and admin-
istrative authorities whenever necessary about the violation
of rights of internal auditors and members of the Associa-
tion according to the national regulations covering internal
auditing;
q. to give awards, diplomas and distinctions for outstanding
merits to those members or personalities who distinguished
themselves in the Association or by developing and promot-
ing internal audit; and
r. to promote any other actions in compliance with its Charter
for efectively achieving the aims and objectives of the As-
sociation.
IIA has a rich experience in the feld of professional training,
research and publishing as evidenced by:
the annual organization of professional exams for the posi-
tion of Certifed Internal Auditor (CIA) through rotation in
diferent world cities;
the elaboration and regular revision for its members, based
on its own research and international practice, of the inter-
national standards;
the publication of the magazine Internal Auditor;
the elaboration and periodic updating of the International
norms of good practices;
the preparation of practical guidelines for the internal audit
activity;
the publication of market studies to diagnose the current
and future situation of internal audit;
the editing of books, guidelines and manuals for internal
auditors; and
the organization of conferences and colloquiums for spe-
cialized debates at the international level in diferent geo-
graphical regions though rotation.
Te elaboration and adoption of the international standards for
the profession of internal auditor has been a long process achieved
through diferent stages:
in 1947 the Declaration of Responsibilities defning the ob-
jective and scope of internal audit was drafed;
in 1974, the Standards of Internal Audit were adopted;
in 1981, 1991 and 1995 the Standards were revised in the
context of the global evolution of the internal audit func-
tion;
in 1999, the IIA Committee for Direction created a working
group to assess whether standards were applied diferently
in the world and whether and how standards should be im-
proved; and
in 2002, following this study, the standards and professional
norms were updated.
Te study carried out by the working group was coordinated by
Australia and involved over 800 persons at the international level,
including professors, auditors, researchers and students. Te start-
ing point was the internal audit framework adopted in 1998 and
the various studies conducted by universities until then.
Te conclusions of the studies mainly referred to:
internal auditing is based on risk assessment;
global professionalism should be attached to auditing;
the profession is undergoing transformations and conse-
quently the internal audit paradigm has progressed from
an activity aimed at providing assurance to management
regarding the efectiveness of the internal control system to
an activity that adds values to the organization;
the role of the internal auditor has also evolved from a per-
son informing the management to a person pursuing posi-
tive transformations in the organization; and
the preventative role of internal auditing has become more
salient.
Trough this international study, the working group has con-
tributed to bringing up to date the professional Standards and best
practices that were ofcially adopted on 1 January 2002.
An analysis of the conclusions of the international study reveals
the special status of internal auditors. Internal auditors assess the
efectiveness of the internal control system in order to provide the
management with information, analyses, direction based on the
testing they perform. By supporting the achievement of the objec-
tives of the organization and encouraging positive changes, they
bring an added value to the organization.
In 2006 the Board of the Institute of Internal Auditors has es-
tablished an international coordination committee and a working
group for revising the Professional Practices Framework (PPF) and
the structure of IIA norms accompanying the related processes. Te
eforts of the working group focused on the revision of the scope of
the Framework and increasing the transparency and consistency in
the processes of norm creation, revision and publication. Te out-
come was the new International Professional Practices Framework
(IPPF) and a restructured Professional Practices Council (PPC).
Te Council coordinates the approval and publication of IPPF
norms as specifed in the Declaration on the Councils mission ap-
proved in June 2007.
Generally, a framework represents a structured model of inte-
grating knowledge and norms. As a coherent system, a framework
facilitates the development, interpretation and consistent imple-
mentation of concepts, methodologies and techniques specifc to
a profession. Te specifc purpose of the IPPF is to organize the
norms authorized by IIA so that they can be accessed easily and on
time and, at the same time, strengthen the position of the Institute
as a global standardization body. Due to its role in providing guid-
ance on the current audit practice and exploring further develop-
ment of standards, the IPPF assists practitioners and other stake-
holders to respond to the booming market of high-quality internal
audit services.
As a conceptual framework organizing the norms adopted by
IIA, the scope of the IPPF has been restricted to the norms adopted
by the international technical committees of IIA following stand-
ard procedures. Tere are two categories of authorized norms:
Obligatory.Compliance is required and the norms are elabo-
rated following compulsory processes including the presentation
of views from the public. Te compliance with the principles com-
prised in the compulsory norms is essential for the professional
practice of internal audit. Te obligatory norms include: (1) Te
defnition of internal auditing, (2) Ethical Code, and (3) Standards.
Strongly recommended.Compliance is strongly recommend-
ed, and norms are approved by IIA. Tey describe the practices
for the efective implementation of Internal audit defnition, Ethical
code and International Standards for the Internal Audit Professional
Practice. Te strongly recommended norms include: (1) Position
documents, (2) Practice advisory and (3) Practice guides.
Te most important modifcations at the level of the new IPPF
are:
Process related improvements for various elements, increased
transparency and defned revision cycles for all norms. Te revi-
sion cycle of IPPF has been decided to be three years. Even though
the norms will not necessarily be changed every three years, IIA
has committed to ensure that they are completely revised and, if
necessary, to implement all required changes.
Practical and development support. Tis element is not part
of the Framework anymore. It previously included all resources
(e.g. training, publications, research reports) that internal auditors
could use in their activities. Because the scope of the new IPPF
comprises only the authorized norms, this category was excluded
from the new Framework.
Interpretations. Tese were added to the Standards to provide
additional clarifcations on meaning of terms and phrases. When
necessary, the interpretation will be presented immediately afer
the Standard it is supposed to explain.
Practical Guidelines. Teir scope was limited to the methodol-
ogy and the approach taken in the implementation of the Ethical
Code and Standards. Te content that referred to instruments or
techniques was transferred to the Practice Guides.
Practice Guides and Position Documents. Tese elements
were added to IPPF. Te practice guides provide guidance at the
level of instruments and techniques and include detailed processes,
procedures, programmes and step by step approaches (e.g. samples
of documents that should be transmitted to the benefciaries of the
mission). Te position documents represent the IIA position on
the tasks and responsibilities of internal auditors regarding a cer-
tain problem.
3.2. The International Professional Practices Framework
At present the IPPF includes the following elements (IIA, 2007):
1. The denition of internal auditing
Internal Auditing is an independent and objective activity
which provides assurances to organizations regarding their degree
of control over operations, makes recommendations for enhanc-
ing the operations, and brings an added value to the organization.
It helps an organization accomplish its objectives by evaluating
through a systematic and methodical approach its risk manage-
ment, control and management processes and making proposals
to enhance them.
2. The Ethical Code
Te Ethical Code details the principles and expectations that
should inform the behavior of internal auditors. It describes a set of
minimum behavioral requirements and expectations.
3. The International Standards
(Te Standards) include Attribute Standards, Performance
Standards and Implementation Standards.
Te Standards represent compulsory requirements that include
two elements:
a. core requirements regarding the professional practice of
internal auditing and the assessment of the efectiveness of
audit with an international, organizational and individual
application; and
b. interpretations that clarify the terms and concepts of core
requirements.
For the correct understanding and implementation of Standards
one has to take into account both elements. Te Standards use terms
that have been given a precise meaning and explained in the Glossary.
4. Position documents
Tese documents assist various stakeholders, including those
that are not internal auditors, to understand signifcant aspects re-
garding governance, risk and control and to divide tasks and re-
sponsibilities in the internal audit activity.
5. Practical guidelines
Tese guidelines present approaches, methodology and con-
siderations, but not detailed processes and procedures. Tey con-
stitute a guide assisting internal auditors with the application of
the Ethical Code and Standards and promoting good practices.
Te guidelines include practices regarding specifc aspects at the
national and international level, specifc area of activity, types of
mission and legal and regulatory aspects.
6. Practice guides
Te practice guides are detailed guides regarding the perfor-
mance of internal audit activities. Tey include detailed processes
and procedures, but also instruments and techniques, programmes,
step by step approaches.
At the global level, the internal audit missions are conducted in
diferent contexts, environments and organizations. Tese difer-
ences can infuence the internal audit practice and consequently
the implementation of IPPF depends on the particular environ-
ment where auditors carry out their activities.
Te compulsory nature of Standards is emphasized by the use of
the word must. In certain exceptional circumstances, the Stand-
ards use the word should which means that there are situations
that justify the deviation from norms and auditors are entrusted
with taking decisions based on their professional reasoning.
For the responsibilities of internal auditors to be efectively
fulflled, it is essential that the compulsory norms should be ob-
served at all times. As specifed in the Ethical Code, internal au-
ditors will perform their activities in compliance with the Stand-
ards. Internal auditors are those members of the Institute, those
holding professional certifcates issued by IIA or candidates for
the IIA professional certifcation and the individuals providing
internal audit services according to the defnition of internal au-
diting.
Despite being approved by IIA and elaborated by an IIA techni-
cal committee and/or institute following compulsory procedures,
the strongly recommended norms are not compulsory. Tey were
created to provide a variety of practical solutions for meeting the
requirements comprised in the obligatory norms.
3.2.1. The Ethical Code of Internal Auditors
Te Ethical Code represents a declaration over the principles
and behavioral rules that should guide the every day activities of
internal auditors. Te Code is the component of IPPF that puts for-
wards the principles and details the way in which internal auditors
must observe them so that they remain bound by the stipulations
of Standards.
Te Ethical Code consists of four fundamental principles au-
ditors must observe and respect: (1) integrity, (2) objectivity, (3)
confdentiality and (3) competence.
Integrity
Te Ethical Code (IIA, 2007, p. 1) stipulates that: Te integrity
of internal auditors establishes trust and thus provides the basis for
reliance on their judgment.
Integrity implies correctitude in the performance of the in-
ternal audit missions and honesty in the achievement of specifc
actions and the dialogues with the auditee. Te relations with the
colleagues and external relations must be based on the same values.
(Ghita, Popescu, 2006, pg. 134)
To conduct the internal audit activity in line with such values, it
is important that an organizational culture be developed to ensure
the trust of personnel in all the activities carried out professionally
by the internal audit team. Te employees must feel that the inter-
nal auditor treats all of their problems equally, without any type
of discrimination or prejudices related to gender, position, age or
experience in the organization. It is under these conditions where
there is no suspicion about double standards that the advice and
recommendations of auditors will be accepted and implemented.
Te members of the internal audit team must prove integrity
in their work. In case they make mistakes, they must assume their
responsibility in the relations with co-workers and the personnel
of the organization. Tis attitude will bolster the general attitude of
respect for the auditing functions and can enhance the organiza-
tional performance.
Objectivity
Te Ethical Code (IIA, 2007, p.1) refers to objectivity in the fol-
lowing terms: Internal auditors exhibit the highest level of pro-
fessional objectivity in gathering, evaluating, and communicating
information about the activity or process being examined. Internal
auditors make a balanced assessment of all the relevant circum-
stances and are not unduly infuenced by their own interests or by
others in forming judgments.
Objectivity is a mental state and an attitude that allows indi-
viduals to approach and examine information objectively without
being infuenced by the personal interests and opinions of others.
Internal auditors must form their own opinion following the inde-
pendent assessment of facts as they identify and understand them.
(Ghita, Popescu, 2006, pg. 136)
Maintaining an attitude of professional objectivity throughout
the mission enhances the credibility of auditors and their fndings
in their interaction with the management and colleagues. Internal
auditors have the obligation to refrain from auditing processes or
activities in connection to which they have personal interests and
which might therefore impair their objectivity.
Also, internal auditors are equally required to prove their ob-
jectivity and impartiality at all stages in their activities and in par-
ticular when they prepare the report and formulate fndings and
recommendations following the assessment of the auditee. Teir
objectivity must be based exclusively on the evidence collected in
compliance with the methodological rules.
Te issue of objectivity is covered by the Standard 1120 Indi-
vidual objectivity whereby internal auditors must have an impartial,
unprejudiced attitude and avoid conficts of interest. It is recom-
mended that internal auditors should take into consideration the
following suggestions when assessing their degree of objectivity:
1. objectivity is a mental attitude of independence that audi-
tors should maintain in performing internal audit activities.
Internal auditors should not be unduly infuenced by others
in forming judgments;
2. objectivity requires that auditors should be confdent about
the outcome of their work and not be constrained to make
compromises as to its quality. Internal auditors should not
be forced into situations where they would feel unable to
make objective professional judgments;
3. appointments to the team shall be such as to avoid any con-
fict of interest or lack of impartiality. Te Chief Audit Ex-
ecutive should be informed of any conficts of interest that
may afect the independence of auditors. It is recommended
to have a regular rotation of internal auditors within the
team;
4. the results of audit activities should be examined before the
communication of the auditing conclusions in order to en-
sure that the activity was carried out objectively;
5. internal auditors should not accept money or gifs from an
employee, customer, supplier or partner because it is against
the code of ethics and rules of conduct. Such a behavior will
raise serious doubts about the auditors objectivity in both
ongoing and future missions. Te nature of the mission can
not justify under any circumstance the acceptance of gifs
or money; and
6. internal auditing adopts a principled commitment whereby
conficts of interest or any activity that could result in a pos-
sible confict of interest are avoided.
Te attribute standard 1130 Impairments to Independence and
Objectivity stipulates that if independence or objectivity is im-
paired in fact or appearance, the details of the impairment should
be disclosed to appropriate parties. Te nature of disclosure will
depend upon the impairment.
In the implementation standard 1130.A1 regarding the assur-
ance activity it is mentioned that internal auditors should refrain
from assessing specifc operations for which they were previously
responsible. Objectivity is presumed to be impaired if the auditor
provides assurance services for an activity for which she had re-
sponsibility within the previous year.
Condentiality
Te Ethical Code treats the confdentiality aspect in the follow-
ing paragraph: internal auditors respect the value and ownership
of information they receive and do not disclose information with-
out appropriate authority unless there is a legal or professional ob-
ligation to do so.
During the audit engagements, the members of the audit team
receive information about activities, processes and individuals.
Tey must not disclose the information with the exception of cases
where there is a professional or legal requirements allowing them
to do so. Equally important, the confdential information obtained
by auditors should not be used in furthering their private interests.
Te limits of confdentiality are established through the prac-
tical experience of the auditor. When facing complex situations
where auditors feel they cannot take a decision, they must ask the
support of the head of the internal audit department.
Confdentiality requires that internal auditors treat very care-
fully the security of the collected documents and especially those
having a negative content and not make them available to other
persons except those involved in the processes and activities au-
dited.
Competence
In the Ethical Code there is the following reference made to
competence: Internal auditors apply the knowledge, skills, and
experience needed in the performance of internal audit services.
Internal auditors must have a professional behavior and ap-
ply the existing standards in their missions. Also, the members of
the internal audit team must apply the knowledge, experience and
skills acquired as a team to fulfll the tasks it was assigned. Internal
auditors must know the standards and professional norms and not
accept missions for which they lack the necessary competence.
Te profession of internal auditor is described in the occupa-
tional standard the Internal Auditor in the public sector (CNFPA,
2010) designed and approved on 15 April 2010. According to this
standard, the internal auditor in the public sector is the individual
with the necessary competence for conducting internal audit mis-
sions in public entities.
Te internal auditor in the public sector must have university
studies and a Bachelor degree recognized by the relevant authority.
Te auditor has the responsibility to obtain the Attestation Certif-
cate until 2015. From that year onwards, internal auditors will not
be able to sit public exams for occupying the position of internal
auditor without this certifcate.
Te internal auditor in the public sector has the obligation to
improve and constantly develop the profciency and professional
knowledge. Taken into account the complexity of the management
processes in most public organizations, internal auditors must be
encouraged to enhance their performances through continuous
training. For this purpose, the head of the internal audit depart-
ment in public organizations creates the enabling conditions for
the organization of professional training which must take place
minimum 15 days every year.
Te persons aspiring to become internal auditors in the public
sector must have the necessary knowledge, skills and values in order
to perform the audit activities.
Te knowledge is structured in domains of competence refer-
ring to:
Internal audit includes knowledge about the norms, proce-
dures and techniques used in internal auditing;
Risk management, internal control and governance includes
knowledge about the structure of the governance process, the or-
ganization of the fnancial management systems and internal con-
trol in public entities with the objective of risk management;
Accounting includes knowledge about the organization of ac-
counting and its role in the informational system of public institu-
tions, knowledge about the management of costs and the system of
cost analysis and modeling and about the budgetary control sys-
tem;
Public fnances includes knowledge about the nature of re-
sources and public expenditures at the local and national level,
knowledge about the budget systems through which public funds
are run, including the way of fnancing budgetary defcits;
Management comprises knowledge about management prin-
ciples in view of understanding the deviations from best practices.
It also implies a capacity to apply and adapt general knowledge to
the situations that might arise during the missions, to detect sig-
nifcant deviations and make the necessary research to reach rea-
sonable solutions;
Information technology (IT) comprises the knowledge regard-
ing basic concepts in IT, organization and protection of folders, use
of sofware designed for audit activities, access to databases; and
Law includes knowledge about basic notions in commercial,
administrative, fnancial, labour, civil, criminal and community
law.
Te skills that internal auditors must demonstrate according to
the regulations in place and best practices set at the international
level are:
Planning as an activity in auditing, it requires solid knowl-
edge about management, corporative governance and specifc au-
dit techniques, but also practical experience and a realist vision
regarding what, when and how has to be done;
Research and analysis involves activities that identify, collect
and process information and data about institutions, domains and
systems that are undergoing audit, such as data collection, infor-
mation recording and analysis;
Evaluation it represents a central component in internal au-
diting, it requires solid knowledge and practical experience cover-
ing the domains that can be audited;
Communication and reporting includes active listening skills
and the capacity to efectively communicate diferent views. Tese
skills refer to both oral and written communication, at all organi-
zational levels and in all work situations;
Consulting includes activities whose objective is to add value
and enhance the functioning of organizations. In order to achieve
these objectives, the auditor must demonstrate skills such as prob-
lem solving, creativity, strategic thinking, etc; and
Development of expectations Improving the continuous profes-
sional training includes a set of professional abilities that target
the expectations of the personnel, management and partners.
Te values that the internal auditor in the public sector must
have include ethical, moral and personal values.
Professional ethic it is required because the internal auditor in
the public sector is expected to observe high standards of profes-
sionalism in order to meet the performance levels in the feld and
more generally to guarantee the quality of services and maintain
the confdence of the public. Te values of the professional ethic
include integrity, independence and objectivity, confdentiality and
professional competence;
Te moral values should be at least at the level of the ethical
rules, and the internal auditor in the public sector must discern
what is correct or incorrect from a moral standpoint; and
Te personal values during the selection and recruitment pro-
cess it is very important to pay attention to the personal charac-
teristics of the candidates. Te personal values are one of the best
predictors on the long term of the professional potential of internal
auditors. Internal auditors should be balanced, ambitious, enthusi-
ast, persuasive, devoted, motivated, fexible, etc.
Te code of conduct developed by the Ethical Code (IIA, 2007,
pp. 1-2) is based on the following principles and rules of behavior:
1. Integrity whereby internal auditors shall:
a. Shall perform their work with honesty, diligence, and re-
sponsibility;
b. Shall observe the law and make disclosures expected by the
law and the profession;
c. Shall not knowingly be a party to any illegal activity, or en-
gage in acts that are discreditable to the profession of inter-
nal auditing or to the organization; and
d. Shall respect and contribute to the legitimate and ethical ob-
jectives of the organization.
2. Objectivity whereby internal auditors shall:
a. Shall not participate in any activity or relationship that may
impair or be presumed to impair their unbiased assessment.
Tis participation includes those activities or relationships
that may be in confict with the interests of the organization;
b. Shall not accept anything that may impair or be presumed
to impair their professional judgment; and
c. Shall disclose all material facts known to them that, if not
disclosed, may distort the reporting of activities under re-
view.
3. Confdentiality whereby internal auditors shall:
a. Shall be prudent in the use and protection of information
acquired in the course of their duties; and
b. Shall not use information for any personal gain or in any
manner that would be contrary to the law or detrimental
to the legitimate and ethical objectives of the organization.
4. Competence whereby internal auditors shall:
a. Shall engage only in those services for which they have the
necessary knowledge, skills, and experience;
b. Shall perform internal audit services in accordance with the
International Standards for the Professional Practice of Inter-
nal Auditing; and
c. Shall continually improve their profciency and the efec-
tiveness and quality of their services.
3.2.2. The International Standards for the Professional Practice of Internal
Auditing
Te purpose ofStandardsis to (IIA, 2007, p.1):
1. Delineate basic principles that represent the practice of in-
ternal auditing;
2. Provide a framework for performing and promoting a broad
range of value-added internal auditing;
3. Establish the basis for the evaluation of internal audit per-
formance; and
4. Foster improved organizational processes and operations.
Te structure of the Standards is divided between Attribute and
Performance Standards. Te Attribute and Performance Standards
are also provided to apply to all internal audit services.
3.2.2.1. Attribute Standards
Attribute Standards address the attributes of organizations and
individuals performing internal auditing (IIA, 2007, pp. 2-13).
Tese standards comprise the following:
Standard 1000 Purpose, authority and responsibility
Te purpose, authority, and responsibility of the internal audit
activity must be formally defned in an internal audit charter, con-
sistent with the Defnition of Internal Auditing, the Code of Ethics,
and the Standards. Te chief audit executive must periodically re-
view the internal audit charter and present it to senior management
and the board for approval.
Interpretation:
Te internal audit charter is a formal document that defnes the in-
ternal audit activitys purpose, authority, and responsibility. Te inter-
nal audit charter establishes the internal audit activitys position within
the organization, including the nature of the chief audit executives
functional reporting relationship with the board; authorizes access
to records, personnel, and physical properties relevant to the perfor-
mance of engagements; and defnes the scope of internal audit activi-
ties. Final approval of the internal audit charter resides with the board.
Standard 1100 Independence and objectivity
Te internal audit activity must be independent, and internal
auditors must be objective in performing their work.
Interpretation:
Independence is the freedom from conditions that threaten the
ability of internal auditors to carry out internal audit responsibilities in
an unbiased manner. To achieve the degree of independence necessary
to efectively fulfll the responsibilities of the internal audit activity, the
chief audit executive has direct and unrestricted access to senior man-
agement and the board. Tis can be achieved through a dual-reporting
relationship. Treats to independence must be managed at the indi-
vidual auditor, engagement, functional, and organizational levels.
Objectivity is an unbiased mental attitude that allows internal
auditors to perform engagements in such a manner that they be-
lieve in their work product and that no quality compromises are
made. Objectivity requires that internal auditors do not subordi-
nate their judgment on audit matters to others. Treats to objectiv-
ity must be managed at the individual auditor, engagement, func-
tional, and organizational level.
Standard 1200 Prociency and Due Professional Care
Engagements must be performed with profciency and due pro-
fessional care. Internal auditors must possess the knowledge, skills,
and other competencies needed to perform their individual re-
sponsibilities. Te internal audit activity collectively must possess
or obtain the knowledge, skills, and other competencies needed to
perform its responsibilities.
Internal auditors must apply the care and skill expected of a rea-
sonably prudent and competent internal auditor. Due professional
care does not imply infallibility.
Interpretation:
Knowledge, skills, and other competencies is a collective term
that refers to the professional profciency required of internal au-
ditors to efectively carry out their professional responsibilities.
Internal auditors are encouraged to demonstrate their profciency
by obtaining appropriate professional certifcations and qualifca-
tions, such as the Certifed Internal Auditor designation and other
designations ofered by Te Institute of Internal Auditors and other
appropriate professional organizations.
Standard 1300 Quality Assurance and Improvement Program
Te chief audit executive must develop and maintain a quality
assurance and improvement program that covers all aspects of the
internal audit activity.
Interpretation:
A quality assurance and improvement program is designed to
enable an evaluation of the internal audit activitys conformance
with the Defnition of Internal Auditing and the Standards and an
evaluation of whether internal auditors apply the Ethical Code. Te
program also assesses the efciency and efectiveness of the inter-
nal audit activity and identifes opportunities for improvement.
3.2.2.2. The Performance Standards
Te Performance Standards describe the nature of internal au-
diting and provide quality criteria against which the performance
of these services can be measured. (IIA, 2007, pp. 14-28)
Tese standards comprise seven main standards and namely:
Standard 2000 Managing the Internal Audit Activity
Te chief audit executive must efectively manage the internal
audit activity to ensure it adds value to the organization.
Interpretation:
Te internal audit activity is efectively managed when:
1. Te results of the internal audit activitys work achieve the
purpose and responsibility included in the internal audit
charter;
2. Te internal audit activity conforms with the Defnition of
Internal Auditing and the Standards; and
3. Te individuals who are part of the internal audit activity
demonstrate conformance with the Code of Ethics and the
Standards.
Te internal audit activity adds value to the organization (and
its stakeholders) when it provides objective and relevant assurance,
and contributes to the efectiveness and efciency of governance,
risk management, and control processes.
Standard 2100 Nature of Work
Te internal audit activity must evaluate and contribute to the
improvement of governance, risk management, and control pro-
cesses using a systematic and disciplined approach.
Standard 2200 Engagement Planning
Internal auditors must develop and document a plan for each
engagement, including the engagements objectives, scope, timing,
and resource allocations.
Standard 2300 Performing the Engagement
Internal auditors must identify, analyze, evaluate, and docu-
ment sufcient information to achieve the engagements objectives.
Standard 2400 Communicating results
Internal auditors must communicate the results of engagements.
Standard 2500 Monitoring Progress
Te chief audit executive must establish and maintain a system
to monitor the disposition of results communicated to manage-
ment.
Standard 2600 Resolution of Senior Managements Acceptance of Risks
When the chief audit executive believes that senior manage-
ment has accepted a level of residual risk that may be unacceptable
to the organization, the chief audit executive must discuss the mat-
ter with senior management. If the decision regarding residual risk
is not resolved, the chief audit executive must report the matter to
the board for resolution.
3.2.2.3. Implementation standards
Te Implementation Standards accompany the Attribute and
Performance Standards, providing the requirements applicable to
assurance (A) and consulting (C) activities (IIA, 2007, p. 2-3).
Te assurance missions involve the internal auditors objective
assessment of evidence to provide an independent opinion or con-
clusion regarding an entity, operation, function, process, system,
or other subject matter. Te nature and scope of the assurance en-
gagement are determined by the internal auditor. Tere are gener-
ally three parties involved in assurance services: (1) the person or
group directly involved with the entity, operation, function, pro-
cess, system, or other subject matter the process owner, (2) the
person or group making the assessment the internal auditor, and
(3) the person or group using the assessment the user.
Te consulting missions are advisory and generally performed
at the specifc request of an engagement client. Te nature and
scope of the consulting engagement are subject to agreement with
the engagement client. Consulting services generally involve two
parties: (1) the person or group ofering the advice the internal
auditor, and (2) the person or group seeking and receiving the ad-
vice the engagement client. When performing consulting servic-
es the internal auditor should maintain objectivity and not assume
management responsibility.
Practitioners from diferent countries use the standards elabo-
rated by IIA in English in an attempt to apply the internationally
recognized practice as correctly as possible. In that sense, the Nor-
dic countries constitute a relevant example: Sweden, Norway and
Denmark have used the Standards in English since 1951 when they
were frst introduced. Te rationale was that translating the Stand-
ards into their national languages might distort their meaning and
undermine their accuracy (Ghita, Popescu, 2006, p. 140).
3.2.3. Practice Advisory
Te French Institute of Audit and Internal Control elaborated
in 1999 the Professional Norms of Internal Auditing comprising
the Practice Advisory which have an authoritative status for inter-
nal audit practitioners. Tey constitute best practices in the feld
and were also published by the Romanian Ministry of Finance as
an activity in a PHARE programme in 2004.
Te proposed Practice Advisory are considered practical guide-
lines for the implementation of standards. Tey constitute answers
to questions that might arise in the practical activity of auditors.
However, their implementation is to be adapted to the diferent cul-
tural contexts and organizations by observing the Standards and
Code of Conduct.
According to the Professional Practice Framework, those pub-
lic organizations that have developed an internal auditing func-
tion should establish their own normative framework consisting
of the Ethical Code, Te Specifc Professional Standards, manuals
and guides which all constitute the Internal Audit Charter of the
organization.
Te implementation of the Internal Audit Standards will bring
added value to the organization at least in the following areas:
advisory services to management;
risk analysis and assessment;
planning and preparation of the internal audit mission;
preliminary assessment of internal control;
assuring the executive management about the efectiveness
of the internal control system;
support to employees;
the assessment of the risk management and governance sys-
tems;
the assessment of organizational functions such as the fnan-
cial and accounting function, legal, IT, procurement functions;
the assessment of budget and fnance related processes; and
the assessment of the internal audit performance.
In Romania the General Norms regarding the Performance of
Internal Audit were developed based on the Law 672/2002 on in-
ternal auditing. Te General Norms constitute the Internal Audit
Manual used by public institutions for the creation of their own
internal audit manuals.
3.2.4. Practice Guides
Practice Guides provide detailed guidance for conducting in-
ternal audit activities. Tey include detailed processes and proce-
dures, such as tools and techniques, programs, and step-by-step
approaches, as well as examples of deliverables.
IIA has developed and published until present time (April
2012) the following Practice Guides (IIA, 2012):
1. Practice Guides
Coordinating Risk Management and Assurance;
Quality Assurance and Improvement Program;
Practice Guide Overview;
Reliance by Internal Audit on Other Assurance Providers;
Independence and Objectivity;
Interaction with the Board;
Auditing the Control Environment;
Assisting Small Internal Audit Activities in Implementing
the International standards for the Professional Practice of
Internal Auditing;
Assessing the Adequacy of Risk Management;
Measuring Internal Audit Efectiveness and Efciency;
Appointment, Performance Evaluation and Termination;
Auditing Executive Compensation and Benefts;
Evaluating Corporate Social Responsibility/Sustainable De-
velopment;
Formulating and Expressing Internal Audit Opinions;
Auditing External Business Relationships; and
Internal Auditing and Fraud.
2. Global Technology Audit Guide
Te Global Technology Audit Guides are written in straightfor-
ward business language to address a timely issue related to infor-
mation technology (IT) management, control, and security.
Data Analysis Technologies;
Information Security Governance;
Auditing User-developed Applications;
Fraud Prevention and Detection in an Automated World;
Auditing IT Projects;
Developing the IT Audit Plan;
Business Continuity Management;
Identity and Access Management;
Auditing Application Controls;
Information Technology Outsourcing;
Managing and Auditing IT Vulnerabilities;
Managing and Auditing Privacy Risks;
Management of IT Auditing;
Continuous Auditing: Implications for Assurance, Monitor-
ing, and Risk Assessment;
Change and Patch Management Controls: Critical for Or-
ganizational Success; and
Information Technology Risks and Controls.
3. Guide to the Assessment of IT Risks (GAIT)
Te GAIT series describes the relationships among business
risk, key controls within business processes, automated controls
and other critical IT functionality, and key controls within IT gen-
eral controls. Each practice guide in the series addresses a specifc
aspect of IT risk and control assessments.
Te GAIT Methodology;
GAIT for IT General Control Defciency Assessment; and
GAIT for Business and IT Risk.
Te Practice Guides developed by IIA have also been adopted
by the French Institute of Auditors and Internal Control (IFACI).
3.3. The Responsibility of Internal Auditors
Te Internal Audit Department is subordinate, from the organ-
izational structure standpoint, to the top management (Board, Ex-
ecutive Management, Supervisory Board). Te internal auditor is
an employee subordinated to the Head of the internal audit depart-
ment who in its turn is subordinate to the general manager. Inter-
nal Auditors, through their profession, cannot be held responsible
for their professional activities, with the exception of cases where a
criminal responsibility can be proved.
Te internal auditor is treated diferently from the accountant,
external auditor or fnancial auditors who are accountable for the
activities performed at all levels (Ghita, Popescu, 2006, p. 142).
Te internal auditors responsibility lies in observing the profes-
sional norms. In cases of infringements, he can be sanctioned as
follows:
for disciplinary reasons auditors can be sanctioned by the
professional organization to which she belongs IIA; the
sanction can consist of the interdiction to practice the pro-
fession or adhere to any other IIA; and
at the administrative level auditors can be sanctioned by the
management of the organization; the actions taken can af-
fect remuneration, career advancement and termination of
employment contract.
Te Romanian legislation respects the international standards
on the employment and dismissal of internal auditors and the ap-
pointment of the Head of internal audit. For any of these actions
the public organization needs the approval of CUHPIA within the
Ministry of Finance.
Chapter 4.
Planning internal audit in the public sector
4.1. The regulation of internal audit planning
4.2. The process of internal audit planning
4.1. The regulation of internal audit planning
In public institutions the internal audit activity is conducted in a
planned manner according to the audit plan. Te planning process
is governed by the norms regarding the internal audit activity ap-
proved by the Order of the Ministry of Finance 38/2003. Tese reg-
ulations have as legal basis the Law 672/2002 on internal auditing
in public organizations whose article 6 stipulates that to achieve
its objectives the Committee for Public Internal Auditing (CPIA)
has the following main responsibilities: a) to debate the strategic
development plans for internal auditing and issue an opinion on its
development paths, while article 13 regarding the responsibilities
of the internal audit department stipulates that b) it designs the
internal audit multi-annual plan, usually for a three year period,
and on its basis, the annual plan. Te article 10 of the above Law
stipulates that the Internal Audit Committee has the responsibility
to a) debate and approve the multi-annual and annual plans for
internal auditing activities.
From these legal stipulations one can infer that in Romania the
internal auditing is planned on the following levels:
a. at the strategic level and on the long term, the planning is
carried out by CPIA that evaluates the internal audit func-
tion of public organizations having established internal au-
dit committees and departments. Tis evaluation is carried
out at least every fve years.
b. at the strategic level on the medium term, the planning is car-
ried out by the public institution obliged to audit all activities at
least once every 3 years. In this situation, the internal audit de-
partment will take into account the risk probability/likelihood in
the diferent activities of the institution so that certain activities
should be audited more frequently that once every three years.
c. at the tactical level, the planning is done annually and is
comprised in the Internal Audit Plan that describes the en-
gagements to be conducted the following year. According to
the norms regarding the internal audit activity, the variables
to be taken into account in the preparation of the audit plan
are at least the following:
a. the assessment of the risks in diferent structures, activities,
projects and operations;
b. the signal criteria/ suggestions of the head of the public in-
stitution and namely:
defciencies in the previous audit reports;
defciencies in the minutes concluded afer inspections;
defciencies in the reports of the Court of Auditors;
the opinions of specialists/experts regarding the struc-
ture and dynamic of internal and systemic risks;
the analysis of long term trends regarding some aspects
of system operation;
other information regarding defciencies and shortcom-
ings; and
the assessment of the impact of certain changes in the
environment of the auditee.
c. the separate themes in the annual plan of CUHPIA. Te
heads of the public organizations are required to take all
the organizational measures so that the themes decided by
CUHPIA be introduced in the internal audit plan, imple-
mented in good conditions and reported on time.
d. the number of the subordinate public entities;
e. periodical auditing, at least once every 3 years;
f. the types of auditing suitable for every subordinate entity;
and
g. the recommendations of the Court of Auditors.
Te draf of the internal audit plan should be completed before
30 November the year prior to the year of the audit mission. Te
head of the public institution approves the draf before 20 Decem-
ber.
Te annual internal audit plan is an ofcial document kept in
the archives of the public institution together with the justifcatory
report in compliance with the stipulations of the Law on National
Archives. Te justifcatory report accompanying the internal audit
plan brings information about the selection criteria used when de-
ciding the internal audit missions. For every mission, this report
should contain:
the results of the risk analysis;
the signal criteria; and
other elements taken into account when agreeing upon con-
ducting a particular mission.
Te annual plan has the following structure:
the purpose of auditing;
the objectives of auditing;
the selection/description of the activity/operation to be au-
dited;
the selection/description of the entities/structures to be au-
dited;
the duration of the audit activities;
the time period covered by the audit mission;
the number of auditors involved in the mission;
the identifcation of those activities that require specialized
knowledge and contracts with external auditors for consul-
tancy services (if it is the case); and
the number of auditors to be involved in the internal audit
activities within the decentralized structures.
Updates to the internal audit plan will be made depending on:
the legislative or organizational changes that might modify
the level of importance of auditing certain operations, ac-
tivities or actions; and
the requests of CUHPIA or the hierarchically superior pub-
lic entity to introduce/replace/eliminate certain missions in
the internal audit plan.
Te update is comprised in a Report modifying the internal au-
dit plan which is approved by the head of the public entity.
d. at the operational level the planning is achieved for every
audit mission in the preparation stage when the auditors fol-
low the procedure Designing the internal audit programme
(P06) by preparing the documents the Audit Programme
and the Preliminary programme of of on-site interventions.
Te internal audit is therefore a planned activity that is per-
formed based on risk analysis and is intended to bring add value to
the auditee. Te auditor must plan the audit so that it should meet
the requirements of resource efciency, efectiveness and timeli-
ness in public management. Te planning of auditing is defned by
(Ghita, Popescu, 2006, p. 144):
1. Rationality
Planning is a rational process based on the logical assessment
of the results of previous activities, the analysis of tasks and their
fulfllment, and the setting of clear and achievable objectives.
2. Anticipation
Planning allows the organization of the auditors tasks on the
medium and long term depending on the complexity of the audited
activities and the duration of the previous missions. Planning al-
lows therefore auditors to emphasize and focus on priorities.
3. Coordination
Planning allows auditing bodies to coordinate the audit poli-
cies with the audit engagements, but also the activities carried out
by other auditors and experts. Also, coordination is a function of
planning because it better exposes the results of the annual mis-
sions comprised in the reports prepared by the public institutions
that are further centralized by CUHPIA.
Planning has a high level of complexity that varies according to
the size of the public institution, the practical experience of the au-
dit team, type of activities, but also the auditors knowledge about
the auditee.
4.2. The process of internal audit planning
Te outcome of planning is the Internal Audit Plan for the as-
surance and consulting missions to be organized the following year.
Article 5 of the Norms regarding the organization of consulting by
internal auditors in the public sector mentions that consulting ac-
tivities are organized as formal missions, mentioned in a distinct
section of the internal audit plan, and carried out systematically
and methodically according to established, formal procedures.
Te planning process presupposes the identifcation of the main
areas of auditing. If planning is not correctly designed, it can lead
to situations where highly risky processes or activities will not be
audited, which in time might generate inefciency and inefective-
ness. In order to avoid such situations, internal auditors must iden-
tify in advance those activities posing risks. Te planning process
ought to meet the Performance Standard 2010- the head of audit
must establish risk-based planning to determine priorities for in-
ternal audit activities in accordance with the organizational goals.
Te head of audit, taking into account the risk management
framework developed for the organization, is responsible for pre-
paring a risk based plan. In the absence of such a framework, he
can use his own risk assessment developed afer consultations with
the management and board.
According to the implementation standard 2010.A1- Planning
internal audit missions, planning assurance internal audit mis-
sions should be based on a documented risk assessment carried
out at least annually. In this process, the issues raised by the man-
agement and board should be taken into account.
Te implementation standard 2010.C1 regulates the relation
with the management in the case of consulting engagements: Te
head of internal audit must consider the proposals received regard-
ing consulting missions justifed by their likelihood to enhance risk
management, add value and enhance the operations of the organi-
zations. Te missions that are accepted must be included in the au-
dit plan.
Te head of audit must submit for analysis and approval the au-
dit plans, the resources requirements, including temporary modif-
cations to the management and board. Also, he must inform about
the impact of resources shortages.
Te head of audit should ensure that resources allocated to au-
diting are appropriate (resources that can bring into process the
necessary competences, abilities and knowledge), sufcient and
used efciently and efectively to implement the approved plan.
He/she must establish the policies and procedures necessary for
directing the internal audit activities. Te form and content of poli-
cies and procedures depend on the size, structure and complexity
of internal auditing function and activities. Also, the head of in-
ternal audit should share information and coordinate its activities
with other internal and external providers of audit services to en-
sure that the activities should be appropriately covered by the audit
team and minimize the duplication of eforts.
Te head of audit must regularly report to management and
board as to the purpose of internal audit, authority, responsibilities
and the degree of implementation of the plan. Reporting must in-
clude control related and risk exposure problems, including fraud
risk, governance related aspects and other information requested
by management. Te frequency and content of the reporting are
established as result of discussions with the management team and
depend on the importance of the information that must be com-
municated and the emergency of the measures proposed for adop-
tion.
To ensure objectivity in planning, it is recommended that in-
ternal auditors request the opinion of the staf in the audited or-
ganization because the latter, being directly involved in activities,
can identify much faster risks that might otherwise go unidentifed.
According to paragraph 8.6.5 of the Norms regarding the in-
ternal auditing activities, the steps of the planning process are the
following:
1. The identication of the activities/operations/objects that can be audited
In order to identify new auditable activities/operations audit-
able, the statutory documents, Internal Regulations, portfolio of
management decisions are analyzed at this stage.
2. The identication of threats and risks associated with these activities/
operations by determining their nancial impact
Risk is defned in the Glossary of International Standards as
follows: Te probability that an event with an impact on the ful-
fllment of objectives might occur. Te risk is measured from the
perspective of its impact and likelihood.
At this stage auditors investigate the risk associated with every
activity/operation included in the list of audited activities by taking
into account the transformations that might afect the organization
in time. Te factors that might bring about changes in the organi-
zational environment are:
internal factors such as the type of activities, the structure
and training of the human resources, the management sys-
tem, managerial methods/techniques, organizational cul-
ture, recent events in the organization, structure and vol-
ume of material and fnancial resources; and
external factors such as legislation, economic context, part-
nerships, political factors, governmental conditionality, etc.
Due to their impact on the performance of the organization,
these factors must be taken into account when assessing risks.
Also, in risk assessment internal auditors must verify the existence
of working procedures that provide a common and harmonized
understanding of activities and requirements by all staf. It is es-
sential that employees have the same understanding about the ex-
pectations of the management regarding the tasks associated with
their position and expected results. Tese procedures should also
include the internal control component- for auditors, its absence is
a clear indication of potential risk.
In the fnal stage, the document Identifcation of risks associated
with audited activities is prepared which details the potential risks
corresponding to each activity. For example, if the activity is re-
cruitment, hierarchical position and remuneration of employees
then the following potential risks might be identifed:
non-compliance with the relevant legal stipulations;
inappropriate and incorrect remuneration levels;
mismanagement of personnel fles;
incorrect wage payments, etc
3. The establishment of the criteria for risk analysis
At this stage internal auditors should take into consideration
the recommendations in the Norms for using the criteria:
internal control assessment;
quantitative assessment; and
qualitative assessment.
In addition to the criteria recommended by the Norms, one can
use criteria specifc to every activity depending on the stipulations
in the Audit Manual of every public entity. To establish the weight
of every risk factor, auditors take into account the importance of
the risk factor for every activity and the observation whereby the
sum of the risk factor weights must be equal. To exemplify, if the
chosen criteria are those found in the Norms, the following weights
can be established:
the assessment of internal control has 50% weight/share;
the quantitative assessment has a 30% weight; and
the qualitative assessment has a 20% weight.
Te use of risk factors enables auditors to identify the occur-
rence of phenomena that might negatively impact the audited ac-
tivity. Te assessment of risk factors is done on several levels rep-
resenting the modifcation produced by the risk on the auditable
area. At the end of this stage the document Situation on the analysis
of risk factors and levels of assessments is written.
4. The establishment of the risk level for every criterion
In this stage for every risk factor a scale of values on three levels
is created as follows:
4.1. for internal control assessment:
proper internal control - procedures that work properly-
level 1;
insufcient internal control- procedures are in place but
they are not enforced- level 2; and
defcient internal control no procedures in place - level 3.
4.2. for the quantitative assessment:
weak fnancial impact - level 1;
average fnancial impact - level 2; and
signifcant fnancial impact - level 3.
4.3. for the qualitative assessment:
low vulnerability - level 1;
average vulnerability - level 2; and
high vulnerability - level 3.
Te stage is concluded with the preparation of the document
Establishment of risk assessment where the assessment level of every
factor risk for every auditable activity is measured.
5. Establishing the total score for the criterion used
A weight factor and risk level is assigned to every criterion. Te
product of these two elements gives the score for the respective
criterion, while the sum of scores for a certain auditable activity/
operation represents the total score of the risk associated with that
operation/activity.
6. The classication/ranking of auditable activities based on risk assessment
Based on the total risk scores, one can create a hierarchy of
activities and categorize them as: low risk activities; average risk
activities; and high risk activities. Te document drawn up in this
stage is Te ranking of activities and risks.
7. The hierarchization of activities/operation
Auditors include all the analyzed activities that will be audited
in the document the Table of Strengths and Weaknesses. For every
activity/operation, this table presents synthetically the result of the
assessment which allows the hierarchization of risks, provides di-
rection to the audit missions and enables the preparation of the
detailed theme. Te lef side of the table presents the results of the
risk analysis (auditable domains/objects, specifc objectives, risks,
indicators/indices), while the right side includes the auditors opin-
ions and comments.
8. Elaborating the Detailed Theme of the auditable activities and internal
audit mission;
Te detailed theme comprises all the auditable objects/domains
(objectives to be achieved), is signed by the head of audit and com-
municated to the main supervisors of the audited organization in
the closing meeting.
9. Preparing the annual internal audit plan/internal audit programme
At this stage, the risk level of every auditable activity, the
amount of time required for every audit engagement, the date of
the last audit mission are analyzed and based on this information,
the Internal Audit Plan is adopted. Te plan comprises the audit-
able activities for the following year, the audited period and the
number of auditors in the audit team.
Te Annual Internal Audit Plans must be adapted throughout
the year depending on changes and the emergence of events that
might generate risks that had not been identifed at the moment of
the development of the plan. Te Annual Plan should also contain
time reserves for unforeseen events (medical leaves of internal au-
ditors, etc) and time for providing advice to the management. Te
planning process must take into account the professional training
days of internal auditors (at least 15 days per year) and their vaca-
tion. Ten, outside the binding objectives the time budget for audi-
tors and fnancial budget for planned activities is established.
Chapter 5.
Risk management
5.1. Implementation of risk management
5.2. Risk based internal auditing
5.3. Relation between risk management and internal auditing
5.4. Corporate governance
5.1. Implementation of risk management
Organizations can achieve their planned objectives if manage-
ment understands the nature of risks, the relation between risks
and opportunities and is successful in striking the right balance
between the two. In risk management, the management has the fol-
lowing responsibilities (Mares et al., 2007, p. 360):
to integrate a risk management component into the daily
activities of the organization;
to appropriately assess the implications of the organization-
al resources allocation for the achievement of certain objec-
tives; and
to adequately assess risks and opportunity costs in the deci-
sion making process.
In accordance with the International Standards, risk is defned
as the likelihood of the occurrence of an event that will impact the
fulfllment of objectives. Risk is measured from the point of view of
impact and probability.
Te occurrence of risk is generated by two types of events: (1)
events that produce negative efects concretized in threats that
might cause the failure of the organization to achieve its objectives;
and (2) events with positive efects representing opportunities for
the organization that, if properly exploited, can enhance its organi-
zational performance.
In the life of organizations risks are a natural phenomenon
whose occurrence must be known by management and staf. Be-
cause it is impossible to fully prevent risks, managers can only es-
tablish adequate procedures to identify, manage and control their
emergence.
Te organizations that implement such procedures can obtain
reasonable assurances as to the achievement of their proposed ob-
jectives. Risk management is a process that must be integrated in
the organizational culture at all levels in order to enable the general
participation and involvement within the organization.
Te implementation of risk management is a process that un-
folds in more stages and namely:
1. Organizational diagnosis
At this stage the organization and its environment is analyzed
in depth. One efective method is the SWOT analysis that identi-
fes strengths and weaknesses (internal environment) on the one
hand, and opportunities and threats (external environment) on the
other hand. Tis analysis helps the members of the organization to
acquire knowledge and a good understanding of the organizational
environment. Tis stage is also important for the clarifcation of
the policies and objectives of the organization and its perception
by the staf in order to promote a coherent approach at all levels.
Afer the establishment of the purpose and objectives of the risk
management policy, the members of the staf are assigned specifc
roles and responsibilities.
At the end of the stage the procedures for the identifcation,
evaluation, management and communication of risks are estab-
lished.
2. The identication of risks
Te frst condition for controlling risks is their acknowledge-
ment. At this stage all possible risks and potential sources of risks
are identifed: threats in the environment, events, weaknesses.
Teir identifcation is of course dependent on the in-depth knowl-
edge of the organization, its environment and history. Te process
of risk identifcation is ongoing as changes in the internal and ex-
ternal environment can generate new risks or distort the impact of
the familiar risks.
3. Risk assessment
At this stage the identifed sources of risk are examined and the
likelihood of risk occurrence and level of impact (positive or nega-
tive) are measured. Tere are several risk categories:
a. Organizational risks: lack of precise responsibilities, def-
cient organization of human resources, out of date and in-
sufcient documentation;
b. Operational risks: failure to register accounting entries, in-
appropriate archiving of the justifcatory documents, lack of
control over high risk operations;
c. Financial risks: unsecured payments, undetected fnancial
risk operations; and
d. Risks generated by legislative, structural, mangerial changes;
4. Risk management
Te fourth stage is characterized by the transformation of risks
into a competitive advantage for the organization. While some events
can be advantageous for the organization with risks having a positive
impact, others have a negative impact that must be minimized. In
both cases, the organization should have an action plan comprising
the procedures to follow for risk control. Te organizations response
to risk occurrence is refected by the internal control system.
5. The communication of risks and action plan
Te implementation of risk management is achieved by the
involvement of the members of the organization who should be
aware of the future risks, their origin and in particular the actions
to be taken once risks emerge. Te management is responsible for
facilitating a process of ongoing, two-way communication that en-
sures an efcient control system. Is is here that internal auditors
have a specifc role.
5.2. Risk based internal auditing
Risk based internal auditing (RBIA) is a methodology which
provides assurance to the management that risks are controlled
within the bounds of the risk appetite of the organization (Grif-
fths, 2006a, p. 2). Te risk appetite of the organization constitutes
a comparison term used to decide if and to what extent certain
control systems must be implemented (Mares et. al., 2007, p. 368).
RBIA is an opinion ofered by the internal audit department to
the Board within the framework of corporative governance. Tis
opinion is conventionally known as an assurance and includes
the possibility to indicate why the assurance cannot be provided
partially or totally.
Te responsibility of the internal audit department is to meet
the requirements of management, whereas the responsibility of
management is to ensure the implementation of the legislation.
Te RBIA methodology consists of the main fve roles of inter-
nal auditing which cover the risk management of the entire organi-
zation:
1. Providing assurance that the processes used by manage-
ment to identify all signifcant risks are efcient;
2. Providing assurance that risks are correctly assessed by
management so that it can establish relevant priorities;
3. Evaluating the risk management processes in order to en-
sure that the response to any risk is adequate and in compli-
ance with the policies of the organization;
4. Evaluating the reporting of key risks by managers; and
5. Revising the management of key risks to ensure that inter-
nal controls were activated and monitored.
Te RBIA can be applied for every risk that threatens the ful-
fllment of the organizations objectives. It includes the fnancial,
operational, strategic risks that are internal or external to the or-
ganization.
According to the legal regulations in place, the management has
the following tasks:
1. to identify existing risks;
2. to assess risks;
3. to provide assurances that there is an adequate response to
all risks;
4. to inform the Board about the risks that are not within the
generally acceptable levels; and
5. to provide assurances that the monitoring of the internal
control system reduces risks to a level that is deemed ac-
ceptable.
When Prime Minister Harold Macmillan (1957-1963) was
asked by a journalist what can most easily steer a government of
course, he answered: Events, dear boy, events. Investors and man-
agers dread unexpected events. Te regulation bodies now require
organizations to identify those risks that might lead to such events
and, in certain cases, to make them public. Tis requirement is not
bureaucracy specifc an organization that understands the risks it
faces, it must also understand the opportunities lying ahead (Grif-
fth, 2006, p. 1). Awareness of potential risks is important because:
the organization that does not know its potential risks, it
also does not understand the risks it can accept and inter-
nalize;
if the organization does not know the risks it can accept, it
does not know the risks it can take;
if it does not know the risks it can take, it does not know
how to grow;
if it does not know how to grow, it will stagnate and gradu-
ally disappear.
Organizations must understand their risks in order to be
equipped to respond to unexpected events and seize opportunities.
To control events and take opportunities the organizations have to
know: (1) the risks they face at present and in new projects; (2) the
risks they are prepared to assume; and (3) the actions necessary to
manage those risks it is not prepared to accept.
If the management is responsible for the control of events and
fructifcation of opportunities, it is then also responsible for the
identifcation, assessment and management of risks. Te correct
operation of these processes is essential for the achievement of ob-
jectives by the organization. Te stakeholders expect that the man-
agement confrm that the risk management system works properly.
Similar to the way in which external auditors provide assurances as
to the fnancial accounts, internal auditors provide such assurances
as to the risk management framework. (Grifths, 2006, p. 1)
Te risk management framework includes the following aspects
(Grifths, 2006, p. 5-6):
the directors and managers have identifed and assessed
the risks that threaten the objectives of the organization,
developed an internal control system or another adequate
response to minimize the threat or, if these actions are not
possible, they have prepared and presented a report to the
board;
the inherent risks are recorded and assessed in a manner
that allows their classifcation as to the level of threat; and
the Board has approved a risk appetite for the organization
so that risks can be easily identifed as being below or above
the risk appetite level.
5.3. Relation between risk management and internal auditing
Te entire responsibility for the comprehensive identifcation of
risks and implementation of risk management belongs to the man-
agerial team. Auditors should not be involved in risk management
as it infringes upon their independence and objectivity. However,
if auditors identify certain risks that were not detected by the man-
agement, they must discuss about them with the latter or inform
the Internal Audit Department and the Board about this omission.
Organizations response to risks can take more forms and
namely (Grifths, 2006, p. 10):
1. toleration of risks, when the organization does not take any
action to avoid the risk either because it cannot mitigate it
or because the costs would be disproportionately high;
2. transfer of risks, when the organization invests in certain
types of insurance or decides to outsource functions and
activities with high potential of risk, such as IT, human re-
sources, accounting. In the latter case, organizations should
be aware that the transfer of risk does not necessarily make
the risk disappear as it can only change the person that is
responsible for managing it;
3. treatment of risks, when the organization implements inter-
nal control systems that lower the level of risk appetite. In
such cases, it is important that the costs of internal control
and the importance of identifed risks are balanced; and
4. elimination of risks, when the organization interrupts or ter-
minates the risk- generating activities. In public institutions,
it is difcult to use this method as certain services or activi-
ties must be provided irrespective of their inherent risks.
Te main responsibility falling within the scope of internal au-
dit is the revision and testing of the internal control procedures
implemented by management to avoid and minimize the efects of
risks. Te auditors make recommendations that the auditors can
choose to implement. Internal audit departments carry out activi-
ties such as: (1) providing assurances to the management about
risk mitigation processes; (2) the assessment and revision of risk
management procedures; (3) the assessment of the communication
of risks to management; (4) facilitating employees understanding
of the processes of risk identifcation and reporting; (5) consulting
services to the management so that it understands the advantages
stemming from the implementation and maintenance of the risk
management system in the organization; and (6) the assessment of
the efectiveness of the risk management system.
In order to observe the principles of independence and objec-
tivity, internal auditors must meet the following requirements: (1)
they must not take responsibilities in the risk management system;
(2) they must not be involved in the establishment of the risk ap-
petite of the organization; (3) they ought not contribute to the im-
plementation of risk management procedures; and (4) they must
not implement response measures to identifed risks.
Te quality of the audit results as well as the way in which they
are implemented by management depend on the correct risk as-
sessment. Tis assessment is a function of the likelihood of risk
emergence and its impact (the consequences of the occurrence
of risks). Te common method of risk evaluation is through the
risk assessment grid (Grifths, 2006, pp. 11-12) which represents
a matrix structure that measures the intensity of the impact of the
two factors and identifes by numerical measurements the inher-
ent and residual risks. Inherent risks are those risks or events that
emerge because of factors in the environment of the organization
and exclude the organizations activities of risk management. Re-
sidual risks are those risks that remain afer the organization had
carried out control actions intended to reduce their likelihood and
minimize impact.
Te likelihood of risks is assigned a numerical value from 1 to
5 as in Table 5.1.
Table 5.1. Likelihood of risks
Likelihood level The description of the situation
1 Rare It never occurred and it is highly unlikely to occur any time soon
2 Unlikely It occurred a very few times and it is relatively unlikely to occur again soon
3 Possible It occurred before and on the medium term it is likely to occur again
4 Probable It occurred several times in the previous year and it is likely to occur again
5 Almost certain It occurred often and it is very likely to occur again very soon
Te second factor of importance is the impact of risks or the
gravity of consequences. Tis factor is assessed from 1 to 5 and is
described in Table 5.2.
Table 5.2. Levels of risk impact
Level of impact The description of situation
1 Insignifcant
With very low impact on the activities of the organizations and fulfll-
ment of objectives
2 Minor
With low impact on the activities of the organizations and fulfllment
of objectives
3 Average
With average impact on the activities of the organizations and fulfll-
ment of objectives
4 Major
With major impact on the activities of the organizations and fulfllment
of objectives
5 Extreme
With extreme impact on the activities of the organizations and fulfll-
ment of objectives
Te Grid showing the signifcance of risks (Figure 5.1.) presents on
its column the risk likelihood and on its rows the levels of risk impact.
At the crossroads of columns and risks the general score of risks is de-
termined and it can take values from 1 to 25 (Table 5.3). Te manage-
ment then has to establish the risk appetite of the organization.
Table 5.3. The level of risk tolerance
Tolerance level Description of situation
1-4 Acceptable Does not require control measures
5-8 High Requires medium and long term internal control measures
9-12 Low Requires short term measures
13-25 Unacceptable Requires control measures urgently
Fig. 5.1 Grid showing the signicance of risks
5
HIGH TOLERANCE
10
LOW TOLERANCE
15
INACCEPTABLE
20
INACCEPTABLE
25
INACCEPTABLE
4
ACCEPTABLE
8
HIGH TOLERANCE
12
LOW TOLERANCE
16
INACCEPTABLE
20
INACCEPTABLE
3
ACCEPTABLE
6
HIGH TOLERANCE
9
LOW TOLERANCE
12
LOW TOLERANCE
15
INACCEPTABLE
2
ACCEPTABLE
4
ACCEPTABLE
6
HIGH TOLERANCE
8
HIGH TOLERANCE
10
LOW TOLERANCE
1
ACCEPTABLE
2
ACCEPTABLE
3
ACCEPTABLE
4
ACCEPTABLE
5
HIGH TOLERANCE
Source: Grifths, 2006, p.12
Depending on the level of risk tolerance the Plan for control of
activities and risk minimization is established. Te inherent risks
can be found in the superior part of the Grid (scores over 15) and
the residual risks in the inferior part (scores below 15). Te inten-
sity of internal control decreases from inherent to residual risks.
5.4. Corporate governance
Te concept of corporate governance is relatively new and re-
ceived widespread attention afer the crisis in the 1980s and the
failures of major private corporations. An analysis of these fail-
ures was made by Adrian Cadbury who prepared in 1992 the
Cadbury Report whereby the bankruptcies of these corporations
were caused by defciencies in the organization and working of the
internal control system. According to the analysis in the report,
the management was unsuccessful in avoiding this outcome and
in certain cases it actually contributed to the failure. It is this re-
port that introduces in the organizational vocabulary the concept
of corporate governance which refects a process of management
perceived as a system composed of subsystems working together
under the leadership of one recognized management structure.
In the period afer the release of the report, the interest for cor-
porate governance surged. A series of other reports on the same
topic followed (Hampel Report 1998, Turbull Report 2001) and or-
ganizations such as the Organization for Economic Co-operation
and Development (OECD) or the World Bank turned their atten-
tion to the phenomenon.
In the literature there are more defnitions of corporate govern-
ance such as: the procedures and processes through which an or-
ganization is managed and controlled (ECGI, Cadbury Report) or
a mix of laws, regulations and codes of conduct adopted voluntar-
ily which helps the company to attract the necessary fnancial and
human capital and enables it to carry out activities in an efcient
way and generate value on the long term for its shareholders and
society in general (World Bank).
Te Institute of Internal Auditors defne governance as gov-
ernance is the combination of processes and structures implement-
ed by the board in order to inform, direct, manage and monitor the
activities of the organization toward the achievement of its objec-
tives (IIA, 2012, Glossary).
From an analysis of these defnitions, one can conclude that
governance is a type of behavior of top managers through which
the interests of stockholders are protected and the objectives are
met. Also, the concept of governance refers to the quality and ad-
equacy of the internal control system. In our opinion, the corporate
governance can be defned as a package of responsibilities and best
practices of the management of an organization that provide stra-
tegic direction and assurance that objectives will be met efectively
and by an efcient use of resources, and risks will be managed ap-
propriately.
Te principles of corporate governance established by Cadbury
are:
1. integrity; it refers to an appropriate, ethical behavior and
concern for the stakeholders interests and social responsi-
bility (implicit principle in the case of public organizations);
2. transparency; in the case of public institutions, this is a re-
quirement stipulated by law and it is based on the assump-
tion that the visibility of public decisions compels decision
makers to behave correctly and responsibly;
3. accountability is the most important principle of corporate
governance, but also the most difcult to implement. It re-
quires a good understanding of responsibilities and a clear
hierarchical and accountability chain. Te implementation of
this principle falls upon the management that must organize
the activity in such a way that every employee should know
her tasks, position in the hierarchic structure and the decision
making chain, rewards and sanctions. Also, the chain of ac-
countability must be subjected to an independent assessment,
such as that provided by internal auditing, as it would bring
recognition and add value to the work of management; and
4. competence; it refers to the assessment of the abilities and
knowledge of the employees to ensure the professional per-
formance of tasks and duties. Te level of competence must
be established for every position and regularly revised by
management.
At the global level, there is a strong interest of international or-
ganizations in promoting the principles of corporate governance.
OECD promotes the following principles (OECD, 2004) as pillars
of corporate governance: (1) ensuring the basis for an efective gov-
ernance framework; (2) the rights of shareholders and key owner-
ship functions, (3) the equitable treatment of shareholders; (4) the
role of stakeholders; (5) disclosure and transparency and (6) the
responsibilities of the Board.
In July 2005 the UK Treasury designed a Governance Code for
public institutions that clarifes some problems related to the indi-
vidual responsibilities of ministers and civil servants and formal-
izes the compulsory and consultative codes for corporate govern-
ance. In the European Union, the Green Paper on the Corporate
Governance Framework was adopted. According to this document
(EC, 2011, pp.2-3): Corporate governance is one means to curb
harmful short-termism and excessive risk-taking. Te purpose of
this Charter is to assess the efectiveness of the current framework
of corporate governance for European companies. Corporate gov-
ernance is traditionally defned as the system by which companies
are directed and controlled and as a set of relationships between a
companys management, its board, its shareholders and its other
stakeholders. Te corporate governance framework for listed com-
panies in the European Union is a combination of legislation and
sof law, including recommendations and corporate governance
codes. While corporate governance codes are adopted at national
level, Directive 2006/46/EC promotes their application by requir-
ing that listed companies refer in their corporate governance state-
ment to a code and that they report on their application of that
code on a comply or explain basis.
For the corporate governance to work it is necessary that or-
ganizations meet certain conditions:
to implement an efcient internal control system;
to ensure that the internal control system works properly;
to monitor the internal control system (the responsibility of
top management);
to implement a risk management system;
to develop and ensure the independence of the internal au-
dit function; and
to integrate internal audit in risk assessment.
Internal auditing can play an important role in corporate gov-
ernance in two situations: (1) when the corporate governance is
introduced and internal auditors can provide consulting reports for
the implementation of policies, mechanisms and procedures and
(2) when the corporate governance system is audited and auditors
provide assurances to the management as to its conformity and
efectiveness.
Chapter 6.
The relationship between internal and external audit
6.1. The need for professional collaboration between internal auditors
6.2. The terms of a possible cooperation protocol between the external and
internal audit in the public sector
6.1. The need for professional collaboration between internal auditors
An institution will function more efciently if a healthy relation
between internal and external audit is developed; therefore, the two
important activities must start an efective collaboration in order to
bring that expected added value to the public entitys activity.
Te purpose of the collaboration between internal and external
audit should have as a basis the following arguments (Ghita, 2007,
p. 80):
management awareness regarding the necessity of imple-
menting the internal audit function within their own enti-
ties;
providing additional assurance that the internal audit is in-
dependent;
assuming the implementation of internal audit;
a complete awareness of risks, both by management and by
auditors;
minimizing overlays;
professional exchange of problems;
joint professional trainings;
personnel mobility between the two structures;
corroboration of the audit programs and plans;
sharing useful information and ensuring an efective com-
munication;
understanding the role of each party by the other;
careful clarifcation of the two activities;
eliminating institutional rivalries or any competition be-
tween the two activities;
putting less pressure on the audited entities;
creating a joint audit culture in the public sector; and
achieving true compatibility with similar European structures.
Te cooperation between the structures performing internal
auditing and the ones efectuating external auditing implies a num-
ber of advantages, both for the two sides, as well as for the audited
entities.
Firstly, the internal audit has a better understanding of risks
within the entities it functions, and can provide useful information
in those areas to the external audit. Secondly, the internal audit is
more involved in knowing the entity, having access to information
which external audit cannot reach, therefore cooperation is im-
perative. By cooperating with the external audit, the internal audit
may improve its feld intervention methodologies, expand its test-
ing programs, and make use of the assurance the external audit
provides the audited entity.
Performing a quality audit implies the existence of an adequate
communication of both sides, and contributes to cooperation
strengthening and in time to achievement of mutual trust. In short,
achieving these principles requires:
permanent communication which may be the key to success;
professionalism and respect for the audited entities by com-
pletely eliminating overlays;
the existence of a desire to share the fndings;
efective cooperation, useful for both parts, and also for the
audited entity;
communication and exchange of information that will con-
tribute to a better organization of activities, and an exten-
sion of a higher work quality;
the need to increase mutual trust between the two audit
structures; and
the basic motto should be: cooperation and communica-
tion.
Based on these considerations, the internal audit should mini-
mize regularity audits and also should increasingly head towards
performing system audits, seeing that the external audit is more
interested on this type of missions (engagements) that can guide
their own work better. Moreover, system audit engagements are
more useful for the risk evaluation activity performed by the man-
agement and the internal auditors. Achieving these objectives im-
plies carrying out systematic work meetings for framing a coopera-
tion protocol between the two categories of auditors. Te external
audit should initiate this cooperation, considering the need for an
annual evaluation of public entities and the logic to start, in this
evaluation, from the fndings and recommendations of the internal
audit structure.
6.2. The terms of a possible cooperation protocol between the external and
internal audit in the public sector
Considering their common purpose, the two types of audit must
be in perfect complementarity, rejecting any kind of exclusivity. By
taking into account these realities, Romanias Court of Auditors, as
the supreme audit institution, and the Ministry of Public Finances
through CUHPIA , as a specialized central public administration
body that elaborates, leads and applies a unitary strategy in the inter-
nal audit feld, can work together closely to ensure the stability and
complementarity of the two audit systems and their components.
Tis cooperation could be transposed through a Protocol for
cooperation in the audit activity area, structured in several chap-
ters, mainly ruling the following (Ghita, Popescu, 2006, p. 366):
a. the methodological coordination in the public audit area in
Romania;
b. the coordination of internal audit activity plans within pub-
lic entities with the ones of the Court of Auditors;
c. assuring information exchange in the auditing process; and
d. achieving uniform professional training for the auditors.
Te joint methodological coordination in the public audit area
in Romania will lead to increasing the Court of Auditors confdence
in the quality of the internal audit activity, Court that can rely on
the internal auditors reports and use those as starting points in
their own activity. On the other hand, the internal audit structures
may redirect their own activities depending on the external audits
observations and opinions, thus avoiding the duplication of eforts
and resources allocated by the two audit institutions.
Te coordination of internal audit activity plans within public
entities with the ones of the Court of Auditors ims to prevent du-
plication of audit activities, but to complement each other by iden-
tifying and evaluating the resulted risks, so more extensive areas of
public sector systems can be audited.
Assuring information exchange in the auditing process de-
termines the need for mutual information concerning the actual
development of audit missions and particular observations within
audit reports. In the event that serious doubts regarding the exist-
ence of a bad management or fraud cases appear during the devel-
opment of audit missions, the internal and external audit structures
are required to inform each other about this matter, at the same
time following the independence principle.
Achieving uniform professional training for the auditors must
be done systematically, in order to efectively use the activity re-
sults of the other entity, to achieve the pre-established objectives.
In order to achieve specifc purposes, it is necessary to establish a
collaborative system regarding at least:
reciprocal invitations of both structures auditors to attend
organized courses, including the ones initiated by the Euro-
pean Union regarding controlling and protecting its fnan-
cial interests;
organizing debates, seminars on issues of common inter-
est regarding risk analysis, the use of audit instruments and
techniques, systems of implementing recommendations
and conclusions, and so on; and
mutual transmission of materials and information with a
novelty aspect from the audit area.
CUHPIA is opened to all concrete action projects for the de-
velopment of audit in Romania, and also for the alignment with
international requirements and standards, which will contribute to
a better communication between our institutions and national, re-
gional and international bodies.
Chapter 7.
Case Study - The Audit Mission THE AUDIT REGARDING THE
ADMINISTRATION OF ORGANIZATION MODEL PATRIMONY
(adapted from Tudorica, 2009)
The content of deeds and documents:
AUDITOR ASSIGNMENT/ PLANNING
INDEPENDENCE STATEMENT
OPENING CONFERENCE
PRELIMINARY SURVEY
AUDIT PROGRAM
FIELDWORK
RISK ASSESSMENT
ADVICE AND INFORMAL COMMUNICATIONS
AUDIT SUMMARY
THE PUBLIC INTERNAL AUDIT REPORT
DISCUSSION DRAFT
EXIT CONFERENCE
FORMAL DRAFT
FINAL REPORT
ACTION PLAN
CLIENT RESPONSE; CLIENT COMMENTS
WORKING PAPERS
AUDIT FOLLOW-UP; FOLLOW-UP REVIEW; FOLLOW-UP REPORT
I. INTRODUCTION
1.1 TYPE OF AUDIT: Regularity Audit, regarding the administration of
ORGANIZATION MODEL patrimony.
1.2. LEGAL BASIS:
Te audit anual plan of ORGANIZATION MODEL no.
XXX/ 10.12.2011;
Law no. 672 / 2002, regarding the public internal audit;
Te general regulations aproved by the O.P.F.M. no.38 /
2003;
O.P.F.M. no. 252 / 2004, Te Code regarding the ethical con-
duct of the internal auditor;
Specifc Methodological Regulations aproved by the Audit
Direction from within M.F.P. no. 46013/2010;
Law no. 82/1991, accounting law;
Law no. 213/1998, regarding public property and its legal
procedures;
G.O. 21/1992, republished, regarding consumers protec-
tion;
G.O.112/2000, regarding the removal from service, disposal
and recovery of tangible assets from the states public do-
main;
O.P.F.M. no. 1792/2002, Methodological norms regarding
the hiring costs, liquidation expenses, authorization and
payment of expenses of public institutions;
O.P.F.M. no. 1487/2003, regarding the evaluation and de-
preciation of fxed assets, from the public institutions pat-
rimony;
O.P.F.M. no. 1865/08.04.2011, regarding the closing of ac-
counts, preparation and submission of fnancial situations
to public instititutions by 31.12.2010;
O.P.F.M. no. 1917/2005, regarding the organization and
management of the public institutions accountancy and
their Accounting Plan;
O.E.F.M. no. 428/2007, specifcations regarding the inven-
tory of states public domain assets;
G.O. no. 81/2003, regarding the evaluarea and depreciation
of fxed assets from the public institutions patrimony;
G.D. no. 831/1997, printed forms catalogue, common for
the ecomony regarding the fnancial and accounting activi-
ties;
G.D. no. 1031/1999, regarding the entries in accountancy of
goods that make up the states public domain;
G.D. no. 1705/2006, on approving the centralized inventory
of the state goods from the public domain;
G.D. no. 1228/1990, on approving the methodology on con-
cession, rental and location management;
Law no. 219 / 1998, regarding the concession norms;
Law no. 13/1999, on registration and situation of the civil
conventions on services;
G.D. no. 925 / 2006 on approving the application norms of
the provisions related to the attribution of the contracts on
public acquisition from the G.D;
E.O.G. no.34 /19
th
April 2006 regarding the attribution of
the contracts on public acquisition, of the contracts on the
concession of public works.
1.3. IDENTIFICATION DATA ON THE PUBLIC INTERNAL AUDIT MISSION:
Service Order no. yyy / 16.03.2012, issued by ORGANIZA-
TION MODEL;
Public internal auditor from ORGANIZATION MODEL:
Vasilescu Andrei
Te audited entity: ORGANIZATION MODEL, Te f-
nancial-accounting Department;
Duration of the auditing action: 10.05.2012-10.06.2012;
Audited period: the year 2011.
1.4. THE IDENTIFICATION OF THE ACTIVITY THAT WAS AUDITED- SYNTHETIC
INFORMATION
Te undersigned, on the whole of the period meant for the re-
alization of the public internal audit mission, I have analyzed the
activities and the actions made by the personnel of the Financial-
Accounting Department, regarding the administration of the OR-
GANIZATION MODEL patrimony, with the objective of identify-
ing the legal and regularity conditions, as well as other provisions
related to the actual laws that might be efective and prejudicial to
the patrimony or to ORGANIZATION MODEL funds.
1.5. MANNER OF DEVELOPMENT OF PUBLIC INTERNAL AUDIT MISSION
1. THE EXAMINATION of all the working papers selected for
the audit mission, issued by the Financial-Accounting Department
in 2011, as follows:
For the objective: Property management:
Files for analytical and summary accounts in 2011;
Balance sheet for: January- December 2011; January 2012;
Files with fnancial-accounting documents from January-
December 2011; January 2012;
Decision to appoint inventory committees and sub-com-
mittees;
Inventory development plan;
Inventory fle;
Inventory register;
Accounting balance sheets;
Te register and the specifc framework of the operational
projects subjected to the proper fnancial-preventive control.
Preparing the questionnaire checklist, regarding:
Te legal character and the reality of the entrance and ex-
iting of the goods in (of) the patrimony of ORGANIZA-
TION MODEL;
Respect for the legal aspect regarding the provision, recep-
tion and release of the patromonial goods;
Respect for the legal provisions related to the usage of the
goods in the current activity developed in the institution;
Removal from service of goods that belong to the patrimony
(fxed assets and goods such as stocks).
2. THE FOLLOW-UP, represented the modality of checking
the procedures, related to:
Te objective: Te acquisition of public goods:
Te anual program of public goods acquisition;
Te memorandum regarding the determination of the esti-
mated value, without VAT, of the contracts of public goods
acquisition;
Te budget of ORGANIZATION MODEL, that can show
that the funds necessary for the execution of the acquisition
are ensured;
Te notice of intent;
Te standard documentation for elaborating and submis-
sion of ofer: general information, sheet data acquisition,
product specifcation, required forms, draf contract;
Te notice of participation: the Ofcial Romanian Journal,
part VI, public acquisitions, where they were published;
Minutes prepared by the evaluation committee, at the
opening of the tenders, signed by both committee mem-
bers as well as by the representatives of the bidders present
there, including, in a compulsory manner, all the required
elements provided by the rules in force on public procure-
ment;
Technical bids and price of economic operators;
Decision of the evaluation committee;
Te contract of public acquisition, concluded afer conduct-
ing the public procurement procedure;
Te graphic on the realization of the public acquisition.
Preparing the questionnaire for internal control, regarding:
Te procurement procedures that are known and applied by
the department personnel;
Fundamenting and elaborating the programme for public
good acquisition for 2012;
Te specifc written procedures and formalized to estmate
the public procurement contract value;
Preparation of design documentation and presentation of
the ofer;
Examination of bids and bid winner determination;
Conclusion of public goods acquisition contracts.
3. THE VERIFICATION/ REVIEW was one of the techniques
used for:
For the objective: Services:
Paper on the (technical and fnancial) capacity of ORGAN-
IZATION MODEL in order to carry out the respective ac-
tivities, without afecting the institutions main objective;
Te approval of P.F.M. to develop the activities mentioned
in the paper;
Firm orders, requests, etc., received from individuals and
legal entities;
Calculation of the provision of services;
Minutes for negotiating rates/tarifs for services;
Te contract for provision of services;
Document-summary on the contract implementation
of services (services, collection and transfer value of the
amounts according to the determined destination).
Te making-of the paper on the fnancial and technical ca-
pacity of ORGANIZATION MODEL in order to carry out
provision of services;
Te existence of the approval on P.F.M.s part in order to de-
velop the provision of services;
Te elaboration of the minutes regrading the negiciation of
tarifs for the services;
Te conclusion of the contracts for service provision;
Using the amounts derived from the equivalent value of ren-
dered services, as according to the determined destination.
4. THE VERIFICATION/REVIEW was one of the auditing
techniques used by the auditor to determine the ways of solving
the next documentary problems:
For the objective: Rental / concession of goods:
Te existence of the approval of the competent bodies re-
garding the goods given for rent;
Documentation on the organization and conduct of the
lease procedures;
Rental contracts;
Te amounts derived from rental property.
garding what property to rent;
Organizing and conducting the leases were made under the
documentation that was prepared in advance;
Conclusion of contracts for the rental property;
Usage of the sums from the property rental, according to the
determined destination.
II. SETTING OBJECTIVES
2.1. MANAGEMENT OF GOODS IN ORGANIZATION MODELS ADMINISTRATION.
Tere were collected and processed the information related to:
Physical and valuable size of the main categories of goods in
the administration of the institution;
Entries of goods (in separate accounts and corresponding
accounts for assets leased to third parties);
Legality and reality of entry and exit of goods from the ac-
counts and records of technical operations (putting into
use, distribution for use, repair, removal from service, the
downgrading, cracking, return through sale), and keeping
updated records;
Te efectiveness of internal control systems, highlighting
the correct and up to date property in the goods from the
public domain of the state;
Submission towards the the provisions in force related to
the supply, receipt and release of goods;
Submission towards the the provisions in force related to
the usage of goods in the current activity developed in OR-
GANIZATION MODEL;
Removal from service of patrimony goods in ORGANIZA-
TION MODEL;
Development and approval of a methodology for valuing
tangible fxed assets from the institutions patrimony;
Efectiveness of internal control on the assessment of goods
and completion of registration in accounting of the revalua-
tion results within the set time-limit;
Evaluation of assets at the entry in the patrimony (fxed as-
sets and capital stocks);
Evaluation of assets at the exit of the patrimony (fxed assets
and capital stocks);
Revaluation of fxed assets in the patrimony of ORGANI-
ZATION MODEL;
Conducting inventories;
Exploiting the results obtained afer the inventory of goods;
It has also been verifed and checked:
If for the goods covered by the last inventory, there is a valid
property title;
If the goods that are in the public domain are separated
from the goods in other legal regimes;
If there have been updated any changes made during the
inventory of public property goods of the goods (entry and
exit of goods, the change of the manager in the same minis-
try, the transfer of goods between ministries);
Efectiveness of internal control systems established to en-
sure complete and accurate inventory of goods in the public
domain of the state;
If the inventory of goods are transferred to P.F.M., with
changes made in the inventory of goods from public prop-
erty of the state;
If the inventory management of public goods the state is up-
dated and is presented on the website P.F.M.
2.2. PUBLIC PROCUREMENT OF GOODS
Tere were collected and processed information on:
Te annual programme on public procurement;
Note on the determination of the estimated value, excluding
the VAT, of the contracts for public acquisitions;
Te budget of ORGANIZATION MODEL, from which it
can be seen that there are ensured the necessary funds for
the execution of procurement;
Te notice of intent;
Te standard documentation for elaborating and submis-
sion of ofer: general information, sheet data acquisition,
product specifcation, required forms, draf contract;
Te notice of participation: the Ofcial Romanian Journal,
part VI, public acquisitions, where they were published;
Minutes prepared by the evaluation committee, at the open-
ing of the tenders, signed by both committee members as
well as by the representatives of the bidders present there,
including, in a compulsory manner, all the required ele-
ments provided by the rules in force on public procurement;
Te decision of the evaluation committee;
Te contract of public acquisition, concluded afer conduct-
ing the public procurement procedure;
Te graphic on the realization of the public acquisition.
2.3. SERVICES
Te paper on the (technical and fnancial) capacity of OR-
GANIZATION MODEL in order to carry out the respec-
tive activities, without afecting the institutions main objec-
tive;
in the paper;
legal entities;
2.4. RENTAL/CONCESSION OF GOODS
garding the goods given to rent;
Documentation on the organization and conduct of the
lease procedures;
Rental contracts;
III. DETERMINATION OF METHODOLOGIES
On the fndings made when conducting the audit on the ad-
ministration of the ORGANIZATION MODEL, there were used
specifc methods and techniques.
Tese were:
a. Te examination of all documents selected for audit, is-
sued in 2011 by Financial Accounting Ofce, in connection
with property management (assessment and reassessment
of goods; the carrying out of the inventory of goods that
belong to ORGANIZATION MODEL patrimony).
Questionnaire- checklist, regarding:
Te legal character and the reality of the entry and exit of the
goods in (of) the patrimony of ORGANIZATION MODEL ;
Respect for the legal aspect regarding the provision, recep-
tion and release of the patromonial goods;
Respect for the legal provisions related to the usage of the
goods in the current activity developed in the institution;
Removal from service of goods that belong to the patrimony
(fxed assets and goods such as stocks).
b. Te follow-up, reprezented the way of verifying the proce-
dures regarding public procurement (the anual program
of public goods acquisition; the value estimation of the
contracts of public procurement; the ensuring of the funds
necessary for the execution of the acquisition; the standard
documentation for elaborating and submission of ofer;
technical bids and prices; the conclusion and realization of
the public procurement contracts).
the procurement procedures that are known and applied by
the department personnel;
Fundamenting and elaborating the programme for public
good acquisition for 2012;
Te specifc written procedures and formalized to estmate
the public procurement contract value;
preparation of design documentation and presentation of
the ofer;
examination of bids and bid winner determination;
conclusion of public goods acquisition contracts.
c. Te verifcation/review was one of the techniques used for
services (technical and fnancial capacity to carry out activi-
ties; development of these activities; negotiating rates/tarifs
for services; conclusion of the contracts; services; collection
and transfer value of the amounts according to the deter-
mined destination).
Te making-of the paper on the fnancial and technical ca-
pacity of ORGANIZATION MODEL in order to carry out
provision of services;
Te existence of the approval on P.F.M.s part in order to de-
velop the provision of services;
Te elaboration of the minutes regrading the negiciation of
tarifs for the services;
Te conclusion of the contracts for service provision;
Using the amounts derived from the equivalent value of ren-
dered services, as according to the determined destination.
d. Te verifcation/review was one of the auditing techniques
used to determine rental / concession of goods (the ap-
proval of the competent bodies regarding the goods given
for rent; organization and development of the lease pro-
cedures; rental contracts; usage of amounts derived from
rental property).
garding what property to rent;
Organizing and conducting the leases were made under the
documentation that was prepared in advance;
Conclusion of contracts for the rental property;
Usage of the sums from the property rental, according to the
determined destination.
IV. THE AUDITORS FINDINGS, CONCLUSIONS AND RECOMMENDATIONS
4.1. POZITIVE FINDINGS
A. Te management of the goods in ORGANIZATION
MODEL administration.
a. According to data revealed in the last inventory in 2011, the
physical size and value of public goods of ORGANIZA-
TION MODEL, is as follows:
fxed assets: suma1;
tangible assets: suma2;
buildings: suma3;
furniture, ofce equipment, equipment for the protec-
tion of human and material values: suma4;
Technological equipment (machinery, equipment and
installation work): suma5;
Apparatus and installations for measuring, controlling
and regulating: suma6;
means of transport: suma7;
furniture, ofce equipment, equipment for the protec-
tion of human and material values and other fxed assets:
suma8;
running: suma9;
intangible assets: - running: suma10;
licenses: suma11;
Goods such as stocks: suma12;
b. Te accounting and technical-operational records for the
public goods of ORGANIZATION MODEL are properly
kept and updated by the staf of the Financial Accounting
Ofce, the personnel and by the subunits: UARZ and UF
based on accounting provisions of Law no. 82 / 1991, which
provides chronological and systematic recording, process-
ing, preservation and publication of information on eco-
nomic situation and the results obtained for its own needs,
and relations with third parties, and exercise the control
over the operations that were carried out economic and reli-
ability on the provided accounting data.
c. Te goods that belong in the instiutions andministration
are registered in the accounting system in distinct accounts.
Also, for the space within the institutionss buildings, which
are rented to third parties, the documents are registered in
corresponding accounts of fxed assets, distinct analytical
account, and the conclusion was made following the rules
of the Law no. 215 / 2001.
d. Te internal control regarding the correct evaluation and up-
dating of the goods from the public domain was exercised by
the persons established by the decisions of management of
ORGANIZATION MODEL, according to own objectives
and legal refementations, with the purpose of efciently, eco-
nomically and efectively administrate these funds.
e. Te removal from service of goods from the patrimony of
ORGANIZATION MODEL was conducted in accordance
with the legal provisions concerning the performance of the
duration of use and the actual state of wear. Methodologies
of removal from service are followed out (the downgrading)
of goods, evaluating them and centralizing data for recovery.
Currently, the institution has approved the downgrading of
property such as fxed assets and stock (inventory items),
and then afer the operation of downgrading will follow the
movement towards the disposal of materials and application
of legal proceedings of recovery of spare parts, assemblies,
subassemblies and of the waste that was produced.
f. At ORGANIZATION MODEL there was drafed and ap-
proved a methodology for valuing fxed assets belonging to
public and private domain of the state on the basis of the
provisions of Article 7 and Article 9 of Law no. 82/1991 on
accounting and paragraphs 19 and 54 of the Regulation Law
enforcement on the accounting system (GD no.704/1993).
g. Te fnancial-accounting ofce in the institution complies
with the general assessment of economic elements (at the
entrance to the patrimony, when inventory is made, at the
end of the fnancial year and when existing the patrimony)
included in the rules concerning the organization and the
management of the accounting department of public insti-
tutions, approved by O.P.F.M. no. 1917/2005, the provisions
of Article 5 of G.D. no. 1705/2006 for approving the inven-
tory management of public assets of the state (goods are in
inventory with the value of the used budgetary sources).
h. Fixed assets owned by ORGANIZATION MODEL were
evaluated in 2011, and the evaluation results were recorded
in the accounts of the institution, respecting the general
rules for the assessment of property items covered by leg-
islation.
i. At ORGANIZATION MODEL, the internal control estab-
lished by the management institution and the Financial Ac-
counting Ofce revealed that the assessment of the assets of
public and private state was conducted in good condition
and has been reviewing the results shown in the legal time
limit. In accordance with the provisions of Ordinance No.
81/2003, the institution conducted the revaluation of fxed
assets and the revaluation diferences were recorded in the
corresponding accounts, including: fund assets constituting
public state and the revaluation reserve.
j. In order to organize and conduct the inventory of goods,
from the administration of ORGANIZATION MODEL
there stood the provisions of O.P.F.M. no. 2861/2009 and
of the Order no. 428/2007. Financial Accounting Ofce has
planned to organize activities and conduct the inventory of
goods in the administration of the institution, as follows:
Te appointment of inventory committees and subcom-
mittees;
Making the inventory;
Exploiting the results obtained from goods inventory.
k. For goods in administration gathered in the last inventory
there is evidence of valid tenure held for ORGANIZA-
TION MODEL.
l. Tere are no situations in which the material assets, in the
administration of the institution, where there would be no
valid tenure.
m. In accordance with the provisions of Law nr. 213/1998 on
public property and its legal aspects thereof, are not cases in
which goods that are under administration to be diferenti-
ated from goods using other regimes of tenure, fact which
did not lead to the creation of lists for separate inventory.
n. Regarding the organization and the carrying out of the in-
ventory items, if the institution respected the model and
methodology established by the P.F.M. and other laws in
force.
o. In the inventory of property management, updated on
04.12.2011, no changes have occurred, consisting of: input
supply, output supply, and the change of the manager in the
same ministry, the transfer of goods between the ministries,
other changes.
p. Te examination of the data contained in the Annexes to the
inventory of property management since 2011 and compar-
ing them with those in Annexes 34 and 35b to the fnancial
year 2010, resulted in an increase value of 244,205 lei, rep-
resenting the work: Te fencing of the headquarters OR-
GANIZATION MODEL.
q. Tough the establishment of an efective system of internal
control was provided the organization and development of
a complete and accurate inventory of goods, under the ad-
ministration of ORGANIZATION MODEL, and recovery
and refection in proper accounting of inventory results.
r. ORGANIZATION MODEL forwards P.F.M. the situations
regarding the inventory of goods, as well as those throughout
which the institution solicits the efectuation of the chages
that came up in the inventory of goods in the property, in
order to encompass these goods in the centralized inventory.
B. Public property of goods.
a. Te department in charge with public procurement from
the institution has developed activities in relation with the
realization of the following documentations:
Te anual programme of public procurement;
Te note regarding the determination of the estimated
sum, without the VAT, of the public procurement con-
tracts;
ORGANIZATION MODELs budget, from which it re-
sults that there are ensured all the necessary funds for
the execution of the procurement;
Te note of intention;
Te standard documentation for elaborating and sub-
mission of ofer: general information, sheet data acqui-
sition, product specifcation, required forms, draf con-
tract;
Te notice of participation: the Ofcial Romanian Jour-
nal, part VI, public acquisitions, where they were pub-
lished;
b. By opening the ofers, the evaluation committee has devel-
oped the following activities:
Minutes prepared by the evaluation committee, at the
opening of the tenders, signed by both committee mem-
bers as well as by the representatives of the bidders pre-
sent there, including, in a compulsory manner, all the
required elements provided by the rules in force on pub-
lic procurement;
Te decision of the evaluation committee;
c. As a result of the public acquisition procedure, the legal rep-
resentatives of ORGANIZATION MODEL concluded the
public procurement contracts;
d. Te departments that were interested in developing the con-
tracts made the graphic of public acquisition contract in
2012.
C. Services
Te fnancial-accounting department of the institution organ-
ized and planned specifc activities regarding services, on the fol-
lowing matters:
Te paper on the (technical and fnancial) capacity of OR-
GANIZATION MODELin order to carry out the respective
activities, without afecting the institutions main objective;
in the paper;
legal entities;
D. Rental/concession of goods
Te personnel of ORGANIZATION MODEL with attributes
in rental/concession of goods has planned and developed activities
related to:
garding the goods given to rent;
Documentation on the organization and development of
the lease procedures;
Rental contracts;
4.2. FINDINGS WITH NEGATIVE ASPECTS
A
c
t
i
v
i
t
y
P
e
r
i
o
d
:

y
e
a
r

2
0
1
1
-
F
i
n
d
i
n
g
L
o
c
a
t
i
o
n
L
a
w

v
i
o
l
a
t
i
o
n

(
c
o
n
s
e
q
u
e
n
c
e
s
,

r
i
s
k
s
)
A
.
T
h
e

r
e
c
o
r
d
s

o
f

g
o
o
d
s

f
r
o
m

p
u
b
l
i
c

a
n
d

p
r
i
v
a
t
e

d
o
m
a
i
n

o
f

t
h
e

s
t
a
t
e
,

i
n

O
R
-
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L

a
d
m
i
n
i
s
t
r
a
t
i
o
n
.
a
)
T
h
e

r
e
c
o
r
d
s

a
n
d

e
n
t
r
y

i
n
t
o

s
e
r
v
i
c
e

o
f

a
s
s
e
t
s

l
i
k
e

f
x
e
d

a
s
s
e
t
s

a
n
d

s
t
o
c
k
s

-

i
n
v
e
n
t
o
r
y

i
t
e
m
s
,

h
a
s
n
t

b
e
e
n

m
a
d
e

w
i
t
h

r
e
c
o
r
d

a
n
d

d
i
s
t
r
i
b
u
t
i
o
n

s
p
e
c
i
f
c

d
o
c
u
m
e
n
t
s
:

-

F
o
r

f
x
e
d

a
s
s
e
t
s
:

S
h
e
e
t

o
f

t
h
e

f
x
e
d

a
s
s
e
t
,

M
o
v
e
m
e
n
t

b
i
l
l

o
f

f
x
e
d

a
s
s
e
t
s
.
-

F
i
l
e

-
A
p
r
i
l

F
.
F
.
2
5
/
2
6
.
0
2
.
;

F
.
F
.

0
0
0
3
6
0
9
;
-
F
i
l
e
-

M
a
y

F
.
F
.
0
0
2
0
1
9
8
;
-
F
i
l
e
-
J
u
n
e

F
.
F
.
3
6
3
0
9
1
8
;
-
F
i
l
e
-
J
u
l
y

F
.
F
.
0
0
0
8
4
8
1
;
-
F
i
l
e

-
D
e
c
e
m
b
e
r

F
.
F
.
1
0
0
1
7
8
6
.
A
c
c
o
u
n
t
i
n
g

l
a
w

n
o
.

8
2
/
1
9
9
1
:

s
e
c
t
i
o
n

A
,

c
h
a
p
.
2
,

p
o
i
n
t
5
3
,

l
e
t
t
.
b
.

R
i
s
k
:

t
e
o
r
e
t
i
c
a
l
l
y

f
x
e
d

a
s
s
e
t
s

a
r
e

l
o
c
a
t
e
d

i
n

t
h
e

i
n
s
t
i
t
u
t
i
o
n
s

s
t
o
r
e
h
o
u
s
e
,

a
r
e

n
o
t

d
i
s
t
r
i
b
u
t
e
d

a
n
d
,

c
o
n
-
s
e
q
u
e
n
t
l
y

a

n
o
r
m
a
l

u
s
a
g
e

d
u
r
a
t
i
o
n

c
a
n
n
o
t

b
e

q
u
a
n
t
i
-
f
e
d
,

i
n

o
r
d
e
r

t
o

d
o
w
n
g
r
a
d
e

a
n
d

a
n
n
u
l

a
n
d
,

i
m
p
l
i
c
i
t
l
y

n
e
i
t
h
e
r

t
h
e

c
a
l
c
u
l
u
s

o
f

t
h
e

d
u
e

l
i
q
u
i
d
a
t
i
o
n

r
a
t
e
.
-

F
o
r

t
h
e

i
n
v
e
n
t
o
r
y

t
e
m
s
:

H
a
n
d
i
n
g

o
v
e
r

t
r
a
n
s
f
e
r

r
e
f
u
n
d

v
o
u
c
h
e
r
s
.
-

F
i
l
e
-

O
c
t
o
b
e
r
.
B
.
C
.
n
o
.
1
;

n
o
.
4
;

n
o
.
7

o
f

3
1
.
1
0
.
2
0
1
1
.
A
c
c
o
u
n
t
i
n
g

l
a
w

n
o
.

8
2
/
1
9
9
1
:

s
e
c
t
i
o
n

A
,

c
h
a
p
.
3
,

p
o
i
n
t
7
2
,

l
e
t
t
.
b
;
R
i
s
k
:

i
d
e
n
t
i
c
a
l
,

l
e
s
s

t
h
e

c
a
l
c
u
l
u
s

o
f

t
h
e

d
u
e

l
i
q
u
i
d
a
t
i
o
n

r
a
t
e
.
b
)

P
r
e
p
a
r
i
n
g

a
n
d

f
l
l
i
n
g

i
n

o
f

t
h
e

d
o
c
u
m
e
n
t
s
:

-

C
o
n
s
u
m
p
t
i
o
n

c
o
u
p
o
n
s

a
r
e

n
o
t

a
g
g
r
e
g
a
t
e
d

f
r
o
m

a
n

a
c
c
o
u
n
t
i
n
g

p
o
i
n
t

o
f

v
i
e
w
,

a
r
e

n
o
t

s
i
g
n
e
d

f
o
r

w
r
i
t
t
e
n

a
n
d

v
e
r
i
f
e
d
,

a
r
e

n
o
t

d
a
t
e
d

a
n
d

t
h
e

c
o
l
u
m
n

P
/
U

i
s

n
o
t

f
l
l
e
d
;

-

F
i
l
e
-

F
e
b
r
u
a
r
y
.

B
.
C
.
n
o
.
8
0
2
;
-

F
i
l
e
-

M
a
r
c
h
B
.
C
.
n
o
.
1
;
A
c
c
o
u
n
t
i
n
g

l
a
w
n
o
.
8
2
/

1
9
9
1
:

c
h
a
p
t
e
r

I
,

a
r
t
.
6
,

a
l
i
n
.
1
,
2
,
3
.
R
i
s
k
:

t
h
e

w
r
i
t
i
n
g

d
o
w
n

o
f

c
o
s
t
s

w
i
t
h

u
n
r
e
a
l

v
a
l
u
e

f
o
r

t
h
e

i
n
s
t
i
t
u
t
i
o
n
.
-

A
c
c
o
u
n
t
s

o
f

t
r
a
v
e
l

e
x
p
e
n
s
e
s
,

A
c
c
o
u
n
t
i
n
g

n
o
t
e
s
,

D
i
s
p
o
s
a
l

r
e
c
e
i
p
t
-

p
a
y
m
e
n
t

t
o
w
a
r
d
s

t
h
e

p
a
y

o
f
c
e
,

N
o
t
e
s

o
n

t
h
e

r
e
c
e
i
p
t

a
n
d

f
n
d
i
n
g

o
f

d
i
f
e
r
e
n
c
e
s
,

e
t
c
.

a
r
e

n
o
t

d
a
t
e
d

a
n
d

n
e
i
t
h
e
r

s
i
g
n
e
d

f
o
r

w
r
i
t
i
n
g

a
n
d

v
e
r
i
f
c
a
t
i
o
n
.

-

F
i
l
e
-

J
u
l
y
D
.
P
.
I
.
C
.
n
o
.
5
9
;
-

F
i
l
e
-

N
o
v
e
m
b
e
r
P
.
V
.

r
e
c
e
p
t
i
o
n
.
A
c
c
o
u
n
t
i
n
g

l
a
w
n
o
.

8
2
/
1
9
9
1
:

c
h
a
p
t
e
r

I
,

a
r
t
.
6
,

a
l
i
n
.
1
,
2
,
3
.
R
i
s
k
:

n
u
l
i
t
a
t
e
a

d
o
c
u
-
m
e
n
t
e
l
o
r

j
u
s
t
i
f
c
a
t
i
v
e
.
c
)

S
e
r
v
i
c
e
s

t
o

t
h
i
r
d

p
a
r
t
i
e
s

i
n

f
a
v
o
u
r

o
f

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L
:

-

C
o
m
p
a
n
i
e
s

p
r
o
v
i
d
i
n
g

s
e
r
v
i
c
e
s

o
r

w
o
r
k
s

d
o

n
o
t

p
r
e
p
a
r
e

e
s
t
i
m
a
t
e
s

o
r

j
o
b

c
o
s
t
i
n
g

t
h
a
t

a
t
t
e
s
t

t
h
e

q
u
a
n
t
i
t
y

o
f

i
t
e
m
s

p
l
a
c
e
d

i
n

w
o
r
k

a
n
d

q
u
a
l
i
t
y

(
e
n
s
u
r
i
n
g
)

t
h
e

w
o
r
k

a
n
d

s
e
r
v
i
c
e
s

p
e
r
f
o
r
m
e
d
.
-

F
i
l
e
-
F
e
b
r
u
a
r
y
F
.
F
.
8
8
0
9
1
3
4
;
-

F
i
l
e
-
A
u
g
u
s
t
F
.
F
.
0
7
2
0
0
9
0
.
-

O
.
P
.
F
.
M
.

1
7
9
2
/
2
0
0
2
,

c
h
a
p
t
e
r
s

2
,
3
.
,
4
.
(
l
i
q
u
i
d
a
t
i
o
n
,

a
n
d

a
u
t
h
o
r
i
z
i
n
g

p
a
y
m
e
n
t

o
f

e
x
p
e
n
s
e
s
)
;
-

O
.
G
.
2
1
/
1
9
9
2

(
L
a
w

3
6
3
/
2
0
0
7
)
,

p
t
.
7
,

a
l
i
n
.
3
.
R
i
s
k
:

m
a
t
e
r
i
a
l

a
n
d

f
n
a
n
c
i
a
l

d
a
m
a
g
e
s

b
r
o
u
g
h
t

t
o

t
h
e

i
n
s
t
i
t
u
t
i
o
n
.
A
c
t
i
v
i
t
y
P
e
r
i
o
d
:

y
e
a
r

2
0
1
1
-
F
i
n
d
i
n
g
L
o
c
a
t
i
o
n
L
a
w

v
i
o
l
a
t
i
o
n

(
c
o
n
s
e
q
u
e
n
c
e
s
,

r
i
s
k
s
)
d
)
T
h
e

d
e
c
r
e
a
s
e

i
n

e
x
p
e
n
d
a
b
l
e

g
o
o
d
s
:
-

A
u
t
o

p
a
r
t
s

a
r
e

n
o
t

r
e
m
o
v
e
d

n
o
r

p
l
a
c
e
d

i
n

(
f
r
o
m
)

t
h
e

a
u
t
o
m
o
b
i
l
e
s

c
o
m
p
l
e
t
e

s
c
h
e
m
e

u
s
i
n
g

t
h
e

J
o
b

c
o
s
t
i
n
g

o
r

t
h
e

E
s
t
i
m
a
t
e
s
,

e
v
e

t
h
o
u
g
h

t
h
e

r
a
p
i
t
m
e
n
t

i
s

d
o
n
e

b
y

t
h
e

d
r
i
v
e
r

h
i
m
s
e
l
f
;

t
h
e
r
e

a
r
e

s
u
b
t
r
a
c
t
e
d

b
y

c
o
m
s
u
m
p
t
i
o
n

v
o
u
c
h
e
r
s

t
h
e

a
u
t
o

p
a
r
t
s

o
f

g
r
e
a
t

v
a
l
u
e

a
n
d

t
h
a
t

c
a
n

b
e

r
e
c
o
n
d
i
t
i
o
n
e
d
.
E
x
a
m
p
l
e
:

c
r
a
n
k

s
h
a
s
t

f
o
r

D
a
c
i
a

a
u
t
o
m
o
b
i
l
e
;
-

F
i
l
e
-

M
a
r
c
h

B
.
C
.
n
o
.

8
5
,
8
6
;
-

F
i
l
e
-

A
p
r
i
l

D
.
P
.
I
.
C
.

2
8
;
-

F
i
l
e
-
J
u
n
e

D
.
P
.
I
.
C
.
4
7
-

F
i
l
e

-
J
u
l
y

B
.
C
.

1
0
1
.
-

A
c
c
o
u
n
t
i
n
g

l
a
w

n
o
.
8
2
/
1
9
9
1
:

s
e
c
t
i
o
n

A
,

p
o
i
n
t
7
0
;
-

G
.
D
.
8
3
1
/
1
9
9
7
,

C
a
t
a
l
o
g
u
e

o
f

t
h
e

t
y
p
e
d

f
o
r
m
s
.
R
i
s
k
:

m
a
t
e
r
i
a
l

a
n
d

f
n
a
n
c
i
a
l

d
a
m
a
g
e
s

b
r
o
u
g
h
t

t
o

t
h
e

i
n
s
t
i
t
u
t
i
o
n
.
-

S
u
b
t
r
a
c
t
e
d

f
r
o
m

t
h
e

a
c
c
o
u
n
t
s
,

w
r
o
n
g
l
y
,

w
i
t
h

i
n
v
e
n
t
o
r
y

o
b
j
e
c
t
s

w
i
t
h

c
o
n
s
u
m
p
t
i
o
n

v
o
u
c
h
e
r
s
.
-

F
i
l
e
-

F
e
b
r
u
a
r
y
.
B
.
C
.

1
0
,
1
1
,
1
2
;
-

F
i
l
e
-

O
c
t
o
b
e
r
B
.
C
.

n
o
.
1
,

4
,

7
.
-

A
c
c
o
u
n
t
i
n
g

l
a
w

n
o
.
8
2
/
1
9
9
1
:

-

G
.
D
.
8
3
1
/
1
9
9
7
,

C
a
t
a
l
o
g
u
e

o
f

t
h
e

t
y
p
e
d

f
o
r
m
s
.
R
i
s
k
s
:
-

n
o

m
a
t
e
r
i
a
l

l
i
a
b
i
l
i
t
y

i
s

c
r
e
a
t
e
d

f
o
r

t
h
o
s
e

w
h
o

u
s
e

t
h
e

g
o
o
d
s

s
u
c
h

a
s

i
t
e
m
s

o
f

i
n
v
e
n
t
o
r
y
;
-

t
h
e

a
p
p
r
o
p
r
i
a
t
i
o
n

o
f

s
e
v
e
r
a
l

g
o
o
d
s

f
o
r

p
e
r
s
o
n
a
l

r
e
a
s
o
n
s
;

-

m
a
t
e
r
i
a
l

a
n
d

f
n
a
n
c
i
a
l

d
a
m
a
g
e
s

b
r
o
u
g
h
t

t
o

t
h
e

i
n
s
t
i
t
u
t
i
o
n
.
e
)

F
o
r

t
h
e

r
e
c
e
p
t
i
o
n

o
f

g
o
o
d
s

a
n
d

s
e
r
v
i
c
e
s

p
u
r
c
h
a
s
e
d

f
o
r

o
w
n

n
e
e
d
s
,

e
n
t
e
r
e
d

i
n

o
n
e

i
n
s
t
i
t
u
t
i
o
n

t
h
e
r
e

i
s

n
o
t

p
r
e
p
a
r
e
d

t
h
e

d
o
c
u
m
e
n
t
a
t
i
o
n

r
e
q
u
i
r
e
d

b
y

l
e
g
i
s
l
a
t
i
o
n
.
E
x
a
m
p
l
e
:

M
i
n
u
t
e
s

o
f

r
e
c
e
p
t
i
o
n
,

p
e
n
t
r
u

f
x
e
d

a
s
s
e
t
s

a
n
d

R
e
c
e
p
t
i
o
n

n
o
t
e

a
n
d

f
n
d
i
n
g

o
f

d
i
f
e
r
e
n
c
e
s
,

f
o
r

a
s
s
e
t
s
,

o
t
h
e
r

t
h
a
n

f
x
e
d

a
s
s
e
t
s
.
-
F
i
l
e

A
p
r
i
l
F
.
F
.
9
8
1
0
0
2
7
;

9
8
1
0
0
2
8
;

9
8
1
0
0
0
7
;

0
0
0
3
0
0
4
;

0
0
0
3
2
5
0
;

0
0
0
3
0
0
5
;

0
0
0
3
4
2
0
;

0
0
0
3
2
2
0
.
-

F
i
l
e
-

M
a
y
F
.
F
.
0
0
0
3
6
0
9
.
-

O
.
P
.
F
.
M
.

1
7
9
2
/
2
0
0
2
,

c
h
a
p
t
e
r

2

(
e
x
p
e
n
s
e

l
i
q
u
i
d
a
t
i
o
n
)
;
-

G
.
D
.
8
3
1
/
1
9
9
7
,

C
a
t
a
l
o
g
u
e

f
o
r

t
y
p
e
d

f
o
r
m
s
;
R
i
s
k
:

e
n
t
r
y

i
n
t
o

t
h
e

i
n
s
t
i
t
u
t
i
o
n

o
f

p
r
o
p
e
r
t
y

g
o
o
d
s

w
h
i
c
h

d
o

n
o
t

m
e
e
t

t
h
e

c
o
n
d
i
t
i
o
n
s

o
f

q
u
a
l
i
t
y

a
n
d

q
u
a
n
t
i
t
y
.
A
c
t
i
v
i
t
y
P
e
r
i
o
d
:

y
e
a
r

2
0
1
1
-
F
i
n
d
i
n
g
L
o
c
a
t
i
o
n
L
a
w

v
i
o
l
a
t
i
o
n

(
c
o
n
s
e
q
u
e
n
c
e
s
,

r
i
s
k
s
)
B
.
T
h
e

r
e
c
o
r
d
s

o
f

g
o
o
d
s

f
r
o
m

p
u
b
l
i
c

a
n
d

p
r
i
v
a
t
e

d
o
m
a
i
n

o
f

t
h
e

s
t
a
t
e
,

i
n

O
R
-
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L

a
d
m
i
n
i
s
t
r
a
t
i
o
n
.
T
h
e
r
e

h
a
v
e
n
t

b
e
e
n

f
o
u
n
d

d
e
f
c
i
e
n
c
i
e
s

o
r

i
r
r
e
g
u
l
a
r
i
t
i
e
s
.
-
-
C
.
T
h
e

i
n
v
e
n
t
o
r
y

o
f

g
o
o
d
s

f
r
o
m

p
u
b
l
i
c

a
n
d

p
r
i
v
a
t
e

d
o
m
a
i
n

o
f

t
h
e

s
t
a
t
e
,

u
s
e
d

b
y

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L
T
h
e

i
n
v
e
n
t
o
r
y

o
f

g
o
o
d
s

f
r
o
m

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L
s

a
d
m
i
n
i
s
t
r
a
t
i
o
n

h
a
d

o
r
g
a
n
i
z
a
t
i
o
n
a
l

d
e
f
c
i
e
n
c
i
e
s
:

-

e
n
s
u
r
i
n
g

t
h
e

p
a
r
t
i
c
i
p
a
t
i
o
n

o
f

a
l
l

t
h
e

(
s
u
b
)
c
o
m
m
i
t
t
e
e
s

w
o
r
k
s

i
n

i
n
v
e
n
t
o
r
y
;
-

i
n

t
h
e

c
o
m
p
o
s
i
t
i
o
n

o
f

t
h
e

i
n
v
e
n
t
o
r
y

c
o
m
m
i
t
t
e
e

(
s
u
b
-
c
o
m
m
i
t
t
e
e
s
)

t
h
e
r
e

i
s

n
o

p
e
r
s
o
n

w
i
t
h

e
c
o
n
o
m
i
c

s
t
u
d
i
e
s
;
-

t
h
e

w
r
i
t
t
e
n

d
e
c
i
s
i
o
n

f
r
o
m

t
h
e

E
x
e
c
u
t
i
v
e

D
i
r
e
c
t
o
r

o
f

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L
,

t
o

b
e

p
a
r
t

o
f

t
h
e

i
n
v
e
n
t
o
r
y

c
o
m
-
m
i
t
t
e
e

a
s

c
h
a
i
r
m
a
n
.
I
n
v
e
n
t
o
r
y

f
l
e

f
r
o
m

2
0
1
1
.
-

A
c
c
o
u
n
t
i
n
g

L
a
w
N
o
.
8
2
/
1
9
9
1
:

a
r
t
.
8
,
9
,
1
0
.
-

O
.
P
.
F
.
M
.
1
7
5
3
/
2
0
0
4
,

r
e
g
a
r
d
i
n
g

t
h
e

o
r
g
a
n
i
z
a
-
t
i
o
n

a
n
d

e
f
e
c
t
u
a
t
i
o
n

o
f

t
h
e

i
n
v
e
n
t
o
r
y
;

p
c
t
.
n
r
.
6
,
7
,
8
,
9
,
1
1
,
1
7
,
1
8
,
4
7
,
5
2
,
5
4
.
R
i
s
k
s
:
-

t
h
e

u
n
r
e
a
l
i
z
a
t
i
o
n

o
f

t
h
e

i
n
v
e
n
t
o
r
y

a
s
s
e
t
s

w
i
t
h
i
n

t
h
e

p
e
r
i
o
d

f
x
e
d

b
y

t
h
e

d
e
c
i
s
i
o
n

o
f
c
e
r
;
-

I
n
c
o
m
p
a
t
i
b
i
l
i
t
y

c
o
m
i
n
g

a
l
o
n
g

t
o

t
h
e

d
e
c
i
s
i
o
n

t
o

a
p
p
o
i
n
t

t
h
e

E
x
e
c
u
t
i
v
e

D
i
r
e
c
t
o
r
,

a
s

C
h
a
i
r
m
a
n

o
f

t
h
e

B
o
a
r
d

o
f

i
n
v
e
n
t
o
r
y

a
n
d

t
h
e

h
e
a
d

o
f

t
h
e

i
n
s
t
i
t
u
t
i
o
n

(
s
e
c
o
n
d
a
r
y

o
r
d
i
n
a
t
e

c
r
e
d
i
t
s
)

i
e
:

t
h
e

p
e
r
s
o
n

m
a
k
i
n
g

t
h
e

i
n
v
e
n
t
o
r
y

c
a
n
n
o
t

s
i
m
u
l
t
a
n
e
o
u
s
l
y

a
p
p
r
o
v
e

t
h
e

r
e
s
u
l
t
s

o
f

t
h
i
s

o
p
e
r
a
t
i
o
n
.
4.3. CONCLUSIONS
Following the fndings on the record, assessment and inventory
of goods from the public and private domain of the state, given to
the administration of P.F.M. and ORGANIZATION MODEL , in
2011, were fnalized the following situations:
a. the accounts and the operational and technical records of
goods from the public and private domain of ORGANIZA-
TION MODEL are properly kept and updated by the staf
of the Financial- accounting ofce, respectively by the per-
sonnel and by subunits: U.A.R.Z. and U.F., in accordance
with the laws in force;
b. the fnancial -accounting ofce of the institution complies
with the general assessment of the property items (at inven-
tory afer the entry into the patrimony, at the end of the f-
nancial year and the exit of the assets from the patrimony)
included in the methodological Rules concerning the or-
ganization and the accounts of public institutions, approved
by O.P.F.M. no. 1917/2005, the provisions of Article 5 of
G.D. no. 1705/2006 for approving the centralized inventory
of public assets from the domain of the state (goods are in
inventory at the value of the budgetary used sources used);
c. At organizational and development inventory of public
and private goods in from the domain of the state in the
administration of ORGANIZATION MODEL were provi-
sions O.P.F.M. no. 1753 / 2004 and Order No. 428 / 2007.
Financial Accounting Ofce has planned activities for the
organization and running of goods in inventory manage-
ment institution, as follows:
Te appointment of committees and subcommittees in-
ventory;
Making an inventory;
Exploiting the results obtained goods inventory.
Regarding the organization and carrying out of the inventory
items, the institution respected the economic model and the meth-
odology established by the P.F.M.. as well as other laws in force.
d. Te accounting and fnancial department of the institution
organized, planned and conducted in an appropriate man-
ner, respecting the existing legislation on specifc services.
e. Activities related to the renting / concession supplies were
carried out according to the laws in the feld.
f. Te negative fndings shown in the table are related to:
Te legal way of using the assets of assets such as fxed
assets and stock-inventory items;
Preparing and fling documents;
Services of third parties to ORGANIZATION MODEL;
Decreased expendable materials;
Receipt of goods and services purchased for own needs.
As a consequence to these fndings there was prepared a Find-
ing and reporting form of the irregularities (for the produced ir-
regularities), based on Identifcation and analysis of the problem
sheet.
Tis draf public internal audit report has been prepared in 2
copies to the following destinations:
No copy. 1, is transmitted for analysis to the fnancial- ac-
counting department;
No copy. 2, to the public internal audit section of the public
of the ORGANIZATION MODEL.
4.4. RECOMMENDATIONS:
Te formulated recommendations are written down in the
document: Te synthesis of main fndings and recommendations
that are, which is attached to this public internal draf audit report.


T
H
E

S
Y
N
T
H
E
S
I
S

O
F

T
H
E

M
A
I
N

F
I
N
D
I
N
G
S

A
N
D

R
E
C
O
M
M
E
N
D
A
T
I
O
N
S

C
r
t
.
n
o
.
P
r
o
b
l
e
m
F
i
n
d
i
n
g
s
R
e
c
o
m
m
e
n
d
a
t
i
o
n
s
1
.
T
h
e

r
e
c
o
r
d
s

o
f

g
o
o
d
s

f
r
o
m

p
u
b
l
i
c

a
n
d

p
r
i
v
a
t
e

d
o
-
m
a
i
n

o
f

t
h
e

s
t
a
t
e
,

i
n

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L

a
d
m
i
n
i
s
-
t
r
a
t
i
o
n
.
a
)
T
h
e

r
e
c
o
r
d
s

a
n
d

e
n
t
r
y

i
n
t
o

s
e
r
v
i
c
e

o
f

a
s
s
e
t
s

l
i
k
e

f
x
e
d

a
s
s
e
t
s

a
n
d

s
t
o
c
k
s

-
i
n
v
e
n
t
o
r
y

i
t
e
m
s
,

h
a
s
n
t

b
e
e
n

m
a
d
e

w
i
t
h

r
e
c
o
r
d

a
n
d

d
i
s
t
r
i
b
u
t
i
o
n

s
p
e
c
i
f
c

d
o
c
u
m
e
n
t
s
:

-

F
o
r

f
x
e
d

a
s
s
e
t
s
:

S
h
e
e
t

o
f

t
h
e

f
x
e
d

a
s
s
e
t
,

M
o
v
e
m
e
n
t

b
i
l
l

o
f

f
x
e
d

a
s
s
e
t
s
.
-

F
o
r

t
h
e

i
n
v
e
n
t
o
r
y

t
e
m
s
:

H
a
n
d
i
n
g

o
v
e
r

t
r
a
n
s
f
e
r

r
e
f
u
n
d

v
o
u
c
h
e
r
s
.
-
T
h
e

s
t
u
d
y
i
n
g

o
f

t
h
e

l
e
g
i
s
l
a
t
i
o
n

i
n

f
o
r
c
e
,

w
h
i
c
h

g
o
v
e
r
n
s

t
h
i
s

i
s
s
u
e
;

-

F
o
r

f
x
e
d

a
s
s
e
t
s

s
u
c
h

a
s

f
x
e
d

a
s
s
e
t
s

a
n
d

s
t
o
c
k
s
,

w
h
i
c
h

e
n
t
e
r
e
d

t
h
e

u
n
i
t

i
n

2
0
1
1

t
h
e
r
e

w
i
l
l

b
e

m
a
d
e

n
o
t
e
s

o
n

d
o
c
u
-
m
e
n
t
s
,

s
p
e
c
i
f
c

a
c
t
s

o
f

d
i
s
t
r
i
b
u
t
i
o
n
.
b
)

P
r
e
p
a
r
i
n
g

a
n
d

f
l
l
i
n
g

i
n

o
f

t
h
e

d
o
c
u
m
e
n
t
s
:

-

C
o
n
s
u
m
p
t
i
o
n

c
o
u
p
o
n
s

a
r
e

n
o
t

a
g
g
r
e
g
a
t
e
d

f
r
o
m

a
n

a
c
c
o
u
n
t
i
n
g

p
o
i
n
t

o
f

v
i
e
w
,

a
r
e

n
o
t

s
i
g
n
e
d

f
o
r

w
r
i
t
t
e
n

a
n
d

v
e
r
i
f
e
d
,

a
r
e

n
o
t

d
a
t
e
d

a
n
d

t
h
e

c
o
l
u
m
n

P
/
U

i
s

n
o
t

f
l
l
e
d
;
-

A
c
c
o
u
n
t
s

o
f

t
r
a
v
e
l

e
x
p
e
n
s
e
s
,

A
c
c
o
u
n
t
i
n
g

n
o
t
e
s
,

D
i
s
p
o
s
a
l

r
e
c
e
i
p
t
-

p
a
y
m
e
n
t

t
o
w
a
r
d
s

t
h
e

p
a
y

o
f
c
e
,

N
o
t
e
s

o
n

t
h
e

r
e
c
e
i
p
t

a
n
d

f
n
d
i
n
g

o
f

d
i
f
e
r
e
n
c
e
s
,

e
t
c
.

a
r
e

n
o
t

d
a
t
e
d

a
n
d

n
e
i
t
h
e
r

s
i
g
n
e
d

f
o
r

w
r
i
t
i
n
g

a
n
d

v
e
r
i
f
c
a
t
i
o
n
.

-
T
h
e

s
t
u
d
y
i
n
g

o
f

t
h
e

l
e
g
i
s
l
a
t
i
o
n

i
n

f
o
r
c
e
,

w
h
i
c
h

g
o
v
e
r
n
s

t
h
i
s

i
s
s
u
e
;
-

A
d
d
r
e
s
s
i
n
g

t
h
e

o
b
s
e
r
v
e
d

d
y
s
f
u
n
c
t
i
o
n
s

(
t
h
e

s
i
g
n
a
t
u
r
e

f
o
r

d
r
a
f
t
e
d
,

r
e
v
i
e
w
e
d

a
n
d

a
p
p
r
o
v
e
d
)

a
n
d

t
h
e

a
n
n
e
x
a
t
i
o
n

t
o

t
h
e

m
a
n
a
g
e
m
e
n
t

d
o
c
u
m
e
n
t
s

o
f

t
h
e

f
o
r
m
s

t
h
a
t

w
e
r
e

i
s
s
u
e
d

i
n

2
0
1
1
.
c
)

S
e
r
v
i
c
e
s

t
o

t
h
i
r
d

p
a
r
t
i
e
s

i
n

f
a
v
o
u
r

o
f

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L
:

-

C
o
m
p
a
n
i
e
s

p
r
o
v
i
d
i
n
g

s
e
r
v
i
c
e
s

o
r

w
o
r
k
s

d
o

n
o
t

p
r
e
p
a
r
e

e
s
t
i
m
a
t
e
s

o
r

j
o
b

c
o
s
t
i
n
g

t
h
a
t

a
t
t
e
s
t

t
h
e

q
u
a
n
t
i
t
y

o
f

i
t
e
m
s

p
l
a
c
e
d

i
n

w
o
r
k

a
n
d

q
u
a
l
i
t
y

(
e
n
s
u
r
-
i
n
g
)

t
h
e

w
o
r
k

a
n
d

s
e
r
v
i
c
e
s

p
e
r
f
o
r
m
e
d
.
-
T
h
e

s
t
u
d
y

o
f

t
h
e

l
e
g
i
s
l
a
t
i
o
n

o
n

t
h
e

o
b
l
i
g
a
t
i
o
n
s

o
f

t
h
e

b
u
d
g
e
t
a
r
y

p
u
b
l
i
c

i
n
s
t
i
t
u
t
i
o
n

i
n

c
o
n
n
e
c
t
i
o
n

w
i
t
h

t
h
e

r
e
c
e
i
p
t

o
f

g
o
o
d
s

a
n
d

t
h
e

w
o
r
k

p
e
r
f
o
r
m
e
d

b
y

c
o
m
p
a
n
i
e
s

i
n

t
h
e

f
e
l
d
;

-
T
h
e

r
e
g
u
l
a
t
i
o
n

i
n

2
0
1
2

o
f

s
i
m
i
l
a
r

s
i
t
u
a
t
i
o
n
s
,

w
h
i
c
h

w
i
l
l

b
e

c
r
e
a
t
e
d
.
d
)
T
h
e

d
e
c
r
e
a
s
e

i
n

e
x
p
e
n
d
a
b
l
e

g
o
o
d
s
:
-

A
u
t
o

p
a
r
t
s

a
r
e

n
o
t

r
e
m
o
v
e
d

n
o
r

p
l
a
c
e
d

i
n

(
f
r
o
m
)

t
h
e

a
u
t
o
m
o
b
i
l
e
s

c
o
m
p
l
e
t
e

s
c
h
e
m
e

u
s
i
n
g

t
h
e

J
o
b

c
o
s
t
i
n
g

o
r

t
h
e

E
s
t
i
m
a
t
e
s
,

e
v
e

t
h
o
u
g
h

t
h
e

r
a
p
i
t
m
e
n
t

i
s

d
o
n
e

b
y

t
h
e

d
r
i
v
e
r

h
i
m
s
e
l
f
;

t
h
e
r
e

a
r
e

s
u
b
t
r
a
c
t
e
d

b
y

c
o
m
s
u
m
p
t
i
o
n

v
o
u
c
h
e
r
s

t
h
e

a
u
t
o

p
a
r
t
s

o
f

g
r
e
a
t

v
a
l
u
e

a
n
d

t
h
a
t

c
a
n

b
e

r
e
c
o
n
d
i
t
i
o
n
e
d
.
E
x
a
m
p
l
e
:

c
r
a
n
k

s
h
a
s
t

f
o
r

D
a
c
i
a

a
u
t
o
m
o
b
i
l
e
;
-
S
u
b
t
r
a
c
t
e
d

f
r
o
m

t
h
e

a
c
c
o
u
n
t
s
,

w
r
o
n
g
l
y
,

w
i
t
h

i
n
v
e
n
t
o
r
y

o
b
j
e
c
t
s

w
i
t
h

c
o
n
s
u
m
p
t
i
o
n

v
o
u
c
h
e
r
s
.
-
T
h
e

p
e
r
s
o
n
n
e
l

h
a
v
i
n
g

r
e
s
p
o
n
s
i
b
i
l
i
t
i
e
s

i
n

t
h
e

f
n
a
n
c
i
a
l
-
a
c
c
o
u
n
t
i
n
g

d
o
m
a
i
n

w
i
l
l

s
t
u
d
y

a
n
d

a
p
p
l
y

t
h
e

p
r
o
v
i
s
i
o
n
s

o
f

t
h
e

l
e
g
i
s
l
a
t
i
v
e

d
o
c
u
m
e
n
t
s

t
h
a
t

r
e
g
u
l
a
t
e

t
h
e
s
e

s
i
t
u
a
t
i
o
n
s
;
-

S
t
a
r
t
i
n
g

w
i
t
h

2
0
1
2
,

t
h
e

f
n
a
n
c
i
a
l
-
a
c
c
o
u
n
t
i
n
g

o
f
c
e

w
i
l
l

s
e
e
k

t
h
a
t

t
h
e
s
e

c
a
u
s
e
s

a
r
e

s
o
l
u
t
i
o
n
e
d

a
c
c
o
r
d
i
n
g

t
o

t
h
e

p
r
o
v
i
-
s
i
o
n
s

o
f

t
h
e

l
a
w
s

i
n

f
o
r
c
e
.
C
r
t
.
n
o
.
P
r
o
b
l
e
m
F
i
n
d
i
n
g
s
R
e
c
o
m
m
e
n
d
a
t
i
o
n
s
e
)

F
o
r

t
h
e

r
e
c
e
p
t
i
o
n

o
f

g
o
o
d
s

a
n
d

s
e
r
v
i
c
e
s

p
u
r
c
h
a
s
e
d

f
o
r

o
w
n

n
e
e
d
s
,

e
n
t
e
r
e
d

i
n

o
n
e

i
n
s
t
i
t
u
t
i
o
n

t
h
e
r
e

i
s

n
o
t

p
r
e
p
a
r
e
d

t
h
e

d
o
c
u
m
e
n
t
a
t
i
o
n

r
e
q
u
i
r
e
d

b
y

l
e
g
i
s
l
a
t
i
o
n
.
E
x
a
m
p
l
e
:

M
i
n
u
t
e
s

o
f

r
e
c
e
p
t
i
o
n
,

p
e
n
t
r
u

f
x
e
d

a
s
s
e
t
s

a
n
d

R
e
c
e
p
t
i
o
n

n
o
t
e

a
n
d

f
n
d
i
n
g

o
f

d
i
f
e
r
e
n
c
e
s
,

f
o
r

a
s
s
e
t
s
,

o
t
h
e
r

t
h
a
n

f
x
e
d

a
s
s
e
t
s
.
-
T
h
e

s
t
u
d
y
i
n
g

o
f

t
h
e

l
e
g
i
s
l
a
t
i
o
n

i
n

f
o
r
c
e
,

w
h
i
c
h

g
o
v
e
r
n
s

t
h
i
s

i
s
s
u
e
;
-

F
o
r

f
x
e
d

a
s
s
e
t
s

s
u
c
h

a
s

f
x
e
d

a
s
s
e
t
s

a
n
d

s
t
o
c
k
s
,

w
h
i
c
h

e
n
t
e
r
e
d

t
h
e

u
n
i
t

i
n

2
0
1
1

t
h
e
r
e

w
i
l
l

b
e

m
a
d
e

n
o
t
e
s

o
n

d
o
c
u
m
e
n
t
s
,

s
p
e
c
i
f
c

a
c
t
s

o
f

d
i
s
t
r
i
b
u
t
i
o
n
.
2
.
T
h
e

i
n
v
e
n
t
o
r
y

o
f

g
o
o
d
s

f
r
o
m

p
u
b
l
i
c

a
n
d

p
r
i
v
a
t
e

d
o
m
a
i
n

o
f

t
h
e

s
t
a
t
e
,
u
s
e
d

b
y

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L
.
T
h
e

i
n
v
e
n
t
o
r
y

o
f

g
o
o
d
s

f
r
o
m

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L
s

a
d
m
i
n
i
s
t
r
a
t
i
o
n

h
a
d

o
r
g
a
n
i
z
a
t
i
o
n
a
l

d
e
f
c
i
e
n
c
i
e
s
:

-

e
n
s
u
r
i
n
g

t
h
e

p
a
r
t
i
c
i
p
a
t
i
o
n

o
f

a
l
l

t
h
e

(
s
u
b
)
c
o
m
m
i
t
t
e
e
s

w
o
r
k
s

i
n

i
n
v
e
n
-
t
o
r
y
;
-

i
n

t
h
e

c
o
m
p
o
s
i
t
i
o
n

o
f

t
h
e

i
n
v
e
n
t
o
r
y

c
o
m
m
i
t
t
e
e

(
s
u
b
c
o
m
m
i
t
t
e
e
s
)

t
h
e
r
e

i
s

n
o

p
e
r
s
o
n

w
i
t
h

e
c
o
n
o
m
i
c

s
t
u
d
i
e
s
;
-

t
h
e

w
r
i
t
t
e
n

d
e
c
i
s
i
o
n

f
r
o
m

t
h
e

E
x
e
c
u
t
i
v
e

D
i
r
e
c
t
o
r

o
f

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L
,

t
o

b
e

p
a
r
t

o
f

t
h
e

i
n
v
e
n
t
o
r
y

c
o
m
m
i
t
t
e
e

a
s

c
h
a
i
r
m
a
n
.
-
T
h
e

p
e
r
s
o
n
n
e
l

t
h
a
t

w
i
l
l

b
e

n
a
m
e
d

f
o
r

r
e
a
l
i
z
i
n
g

t
h
e

i
n
v
e
n
t
o
r
y

o
f

g
o
o
d
s

f
r
o
m

t
h
e

p
a
t
r
i
m
o
n
y

o
f

O
R
G
A
N
I
Z
A
-
T
I
O
N

M
O
D
E
L

w
i
l
l

s
t
u
d
y

a
n
d

a
p
p
l
y

t
h
e

p
r
o
v
i
s
i
o
n
s

o
f

t
h
e

l
e
g
i
s
l
a
t
i
v
e

d
o
c
u
m
e
n
t
s

t
h
a
t

r
e
g
u
l
a
t
e

t
h
e
s
e

s
i
t
u
a
t
i
o
n
s
;

-

A
s

p
a
r
t

o
f

t
h
e

f
u
t
u
r
e

i
n
v
e
n
t
o
r
y

c
o
m
m
i
t
t
e
e

i
t

w
i
l
l

b
e

n
a
m
e
d

a

p
e
r
s
o
n

h
a
v
i
n
g

e
c
o
n
o
m
i
c

s
t
u
d
i
e
s
;
-
T
h
e

i
n
s
t
i
t
u
t
i
o
n
s

s
e
c
o
n
d
a
r
y

c
r
e
d
i
t

o
f
c
e
r

w
i
l
l

d
e
c
i
d
e

u
p
o
n

t
h
e

i
n
v
e
n
t
o
r
y
s

r
e
s
u
l
t
s
.
D
r
a
w
n

b
y
,

P
u
b
l
i
c

i
n
t
e
r
n
a
l

a
u
d
i
t
o
r

V
a
s
i
l
e
s
c
u

A
n
d
r
e
i

Te public internal auditor has the obligation to inform
C.U.H.P.I.A. and the director of the Audit Direction of P.F.M. about
the recommendations with no notifcation from the leader of OR-
GANIZATION MODEL, accompanied by the relevant documen-
tation.
Te report on public internal audit completed, together with
its attachments will be submitted for approval to the leader of
ORGANIZATION MODEL. Te follow-up of the approval of
the recommendations contained in the report, they will be sent
to the audited microstructures, which should inform in a written
form the public internal auditor about the way the recommenda-
tions are to be implemented, developing in this regard, and an
action plan with a timetable for achieving the recommendations.
Te public internal auditor prepares the tracking sheet in or-
der to track the recommendations to see if the purpose and objec-
tives of public internal audit mission have been properly formulated.
Te follow-up of the recommendations by the public inter-
nal auditor of ORGANIZATION MODEL is a process that es-
tablishes the adequacy, efectiveness and appropriateness of actions
taken by the management of the audited microstructure based on
recommendations from the public internal audit.
O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L

C
o
p
y

n
o
.
T
e

P
u
b
l
i
c

I
n
t
e
r
n
a
l

A
u
d
i
t

D
e
p
a
r
t
m
e
n
t
N
o
.

x
x

/

1
0
.
0
6
.
2
0
1
2

S
H
E
E
T

O
F

F
O
L
L
O
W
-
U
P

O
F

T
H
E

R
E
C
O
M
M
E
N
D
A
T
I
O
N
S
A
u
d
i
t
e
d

s
t
r
u
c
t
u
r
e
:

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L
O
f
c
e
:

F
i
n
a
n
c
i
a
l
-
A
c
c
o
u
n
t
i
n
g
E
n
d

o
f

t
h
e

m
o
n
t
h
T
h
e

p
l
a
c
e

w
h
e
r
e

a
r
e

f
l
e
d

u
p

t
h
e

d
o
c
u
m
e
n
t
s

t
h
a
t

h
a
v
e

b
e
e
n

m
e
n
t
i
o
n
e
d

i
n

t
h
e

c
h
a
p
t
e
r

N
e
g
a
t
i
v
e

a
s
p
e
c
t

f
n
d
i
n
g
s

f
r
o
m

t
h
e

p
u
b
l
i
c

i
n
t
e
r
n
a
l

a
u
d
i
t

r
e
p
o
r
t

o
f

t
h
e

p
r
e
s
e
n
t

m
i
s
s
i
o
n
.

E
x
a
m
p
l
e
s
.
O
f
c
e
:

F
i
n
a
n
c
i
a
l
-
A
c
c
o
u
n
t
i
n
g
A
u
d
i
t

m
i
s
s
i
o
n
:

r
e
g
u
l
a
r
i
t
y

a
u
d
i
t
:
T
h
e

A
u
d
i
t

o
n

t
h
e

A
d
m
i
n
i
s
t
r
a
t
i
o
n

o
f

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L

P
a
t
r
i
m
o
n
y
P
u
b
l
i
c

i
n
t
e
r
n
a
l

a
u
d
i
t

r
e
p
o
r
t

n
o
.
1
N
o
.
F
i
n
d
i
n
g
s

R
e
c
o
m
m
e
n
d
a
t
i
o
n
I
m
p
l
e
-
m
e
n
t
e
d
P
a
r
t
i
a
l
l
y

i
m
-
p
l
e
m
e
n
t
e
d
N
o
t

i
m
p
l
e
-
m
e
n
t
e
d
P
l
a
n
n
e
d

d
a
t
e
/
I
m
p
l
e
m
e
n
t
a
t
i
o
n

d
a
t
e
1
.
T
h
e

e
n
t
r
y

i
n
t
o

s
e
r
v
i
c
e

o
f

a
s
s
e
t
s

l
i
k
e

f
x
e
d

a
s
s
e
t
s

a
n
d

s
t
o
c
k
s

-
i
n
v
e
n
t
o
r
y

i
t
e
m
s
,

h
a
s
n
t

b
e
e
n

m
a
d
e

w
i
t
h

d
i
s
t
r
i
b
u
t
i
o
n

s
p
e
c
i
f
c

d
o
c
u
m
e
n
t
s
:

-

F
o
r

f
x
e
d

a
s
s
e
t
s
:

S
h
e
e
t

o
f

t
h
e

f
x
e
d

a
s
s
e
t
,

M
o
v
e
m
e
n
t

b
i
l
l

o
f

f
x
e
d

a
s
s
e
t
s
.
-

F
o
r

t
h
e

i
n
v
e
n
t
o
r
y

t
e
m
s
:

H
a
n
d
-
i
n
g

o
v
e
r

t
r
a
n
s
f
e
r

r
e
f
u
n
d

v
o
u
c
h
e
r
s
.
-
T
h
e

s
t
u
d
y
i
n
g

o
f

t
h
e

l
e
g
i
s
l
a
t
i
o
n

i
n

f
o
r
c
e
,

w
h
i
c
h

g
o
v
e
r
n
s

t
h
i
s

i
s
s
u
e
;

-

F
o
r

f
x
e
d

a
s
s
e
t
s

s
u
c
h

a
s

f
x
e
d

a
s
s
e
t
s

a
n
d

s
t
o
c
k
s
,

w
h
i
c
h

e
n
-
t
e
r
e
d

t
h
e

u
n
i
t

i
n

2
0
1
1

t
h
e
r
e

w
i
l
l

b
e

m
a
d
e

n
o
t
e
s

o
n

d
o
c
u
m
e
n
t
s
,

s
p
e
c
i
f
c

a
c
t
s

o
f

d
i
s
t
r
i
b
u
t
i
o
n
.
-
-
X
3
0
.
0
8
.
2
0
1
2
.
-

F
i
l
e
-
A
p
r
.

2
0
1
1

F
.
F
.
2
5
/
2
6
.
0
2
.
;

F
.
F
.

0
0
0
3
6
0
9
;
-

F
i
l
e
-

M
a
y

2
0
1
1

F
.
F
.
0
0
2
0
1
9
8
;
-

F
i
l
e
-
J
u
n
e

2
0
1
1
F
.
F
.
3
6
3
0
9
1
8
;
-

F
i
l
e
-
J
u
l
y

2
0
1
1
F
.
F
.
0
0
0
8
4
8
1
;
-

F
i
l
e

-
D
e
c
.

2
0
1
1
F
.
F
.
1
0
0
1
7
8
6
.

-

F
i
l
e
-

O
c
t
.

2
0
1
1
B
.
C
.
n
o
.
1
;
4
;
7
.

2
.
P
r
e
p
a
r
i
n
g

a
n
d

f
l
l
i
n
g

i
n

o
f

t
h
e

d
o
c
u
m
e
n
t
s
:

-

C
o
n
s
u
m
p
t
i
o
n

c
o
u
p
o
n
s

a
r
e

n
o
t

a
g
g
r
e
g
a
t
e
d

f
r
o
m

a
n

a
c
c
o
u
n
t
i
n
g

p
o
i
n
t

o
f

v
i
e
w
,

a
r
e

n
o
t

s
i
g
n
e
d

f
o
r

w
r
i
t
t
e
n

a
n
d

v
e
r
i
f
e
d
,

a
r
e

n
o
t

d
a
t
e
d

a
n
d

t
h
e

c
o
l
u
m
n

P
/
U

i
s

n
o
t

f
l
l
e
d
;
-

A
c
c
o
u
n
t
s

o
f

t
r
a
v
e
l

e
x
p
e
n
s
e
s
,

A
c
c
o
u
n
t
i
n
g

n
o
t
e
s
,

D
i
s
p
o
s
a
l

r
e
-
c
e
i
p
t
-

p
a
y
m
e
n
t

t
o
w
a
r
d
s

t
h
e

p
a
y

o
f
c
e
,

N
o
t
e
s

o
n

t
h
e

r
e
c
e
i
p
t

a
n
d

f
n
d
i
n
g

o
f

d
i
f
e
r
e
n
c
e
s
,

e
t
c
.

a
r
e

n
o
t

d
a
t
e
d

a
n
d

n
e
i
t
h
e
r

s
i
g
n
e
d

f
o
r

w
r
i
t
i
n
g

a
n
d

v
e
r
i
f
c
a
t
i
o
n
.
-
T
h
e

s
t
u
d
y
i
n
g

o
f

t
h
e

l
e
g
i
s
l
a
t
i
o
n

i
n

f
o
r
c
e
,

w
h
i
c
h

g
o
v
e
r
n
s

t
h
i
s

i
s
s
u
e
;
-

A
d
d
r
e
s
s
i
n
g

t
h
e

o
b
s
e
r
v
e
d

d
y
s
f
u
n
c
t
i
o
n
s

(
t
h
e

s
i
g
n
a
t
u
r
e

f
o
r

d
r
a
f
t
e
d
,

r
e
v
i
e
w
e
d

a
n
d

a
p
p
r
o
v
e
d
)

a
n
d

t
h
e

a
n
n
e
x
a
t
i
o
n

t
o

t
h
e

m
a
n
a
g
e
m
e
n
t

d
o
c
u
m
e
n
t
s

o
f

t
h
e

f
o
r
m
s

t
h
a
t

w
e
r
e

i
s
s
u
e
d

i
n

2
0
1
1
.
-
-
X
3
0
.
0
8
.
2
0
1
2
.
-

F
i
l
e
-

F
e
b
r
.

2
0
1
1

B
.
C
.
n
o
.
8
0
2
;
-

F
i
l
e
-

M
a
r
c
h
.

2
0
1
1
B
.
C
.
1
;

-

F
i
l
e
-

J
u
l
y

2
0
1
1
D
.
P
.
I
.
C
.
n
o
.
5
9
;
-

F
i
l
e
-

N
o
v
.

2
0
1
1
P
.
V
.

r
e
c
e
p
t
i
o
n
.
3
.
S
e
r
v
i
c
e
s

t
o

t
h
i
r
d

p
a
r
t
i
e
s

i
n

f
a
v
o
u
r

o
f

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L
:

-

C
o
m
p
a
n
i
e
s

p
r
o
v
i
d
i
n
g

s
e
r
v
i
c
e
s

o
r

w
o
r
k
s

d
o

n
o
t

p
r
e
p
a
r
e

e
s
t
i
-
m
a
t
e
s

o
r

j
o
b

c
o
s
t
i
n
g

t
h
a
t

a
t
t
e
s
t

t
h
e

q
u
a
n
t
i
t
y

o
f

i
t
e
m
s

p
l
a
c
e
d

i
n

w
o
r
k

a
n
d

q
u
a
l
i
t
y

(
e
n
s
u
r
i
n
g
)

t
h
e

w
o
r
k

a
n
d

s
e
r
v
i
c
e
s

p
e
r
f
o
r
m
e
d
.
-
T
h
e

s
t
u
d
y

o
f

t
h
e

l
e
g
i
s
l
a
t
i
o
n

o
n

t
h
e

o
b
l
i
g
a
t
i
o
n
s

o
f

t
h
e

b
u
d
g
e
t
a
r
y

p
u
b
l
i
c

i
n
s
t
i
t
u
t
i
o
n

i
n

c
o
n
n
e
c
t
i
o
n

w
i
t
h

t
h
e

r
e
c
e
i
p
t

o
f

g
o
o
d
s

a
n
d

t
h
e

w
o
r
k

p
e
r
f
o
r
m
e
d

b
y

c
o
m
p
a
n
i
e
s

i
n

t
h
e

f
e
l
d
;

-
T
h
e

r
e
g
u
l
a
t
i
o
n

i
n

2
0
1
2

o
f

s
i
m
i
l
a
r

s
i
t
u
a
t
i
o
n
s
,

w
h
i
c
h

w
i
l
l

b
e

c
r
e
a
t
e
d
.
-
-
X
P
e
r
m
a
n
e
n
t
l
y

s
t
a
r
t
i
n
g

w
i
t
h

2
0
1
2
.
-

F
i
l
e
-

F
e
b
r
.

2
0
1
1
F
.
F
.
8
8
0
9
1
3
4
;
-

F
i
l
e
-

A
u
g
.

2
0
1
1
F
.
F
.
0
7
2
0
0
9
0
.
4
.
T
h
e

d
e
c
r
e
a
s
e

i
n

e
x
p
e
n
d
a
b
l
e

g
o
o
d
s
:
-

A
u
t
o

p
a
r
t
s

a
r
e

n
o
t

r
e
m
o
v
e
d

n
o
r

p
l
a
c
e
d

i
n

(
f
r
o
m
)

t
h
e

a
u
t
o
m
o
b
i
l
e
s

c
o
m
p
l
e
t
e

s
c
h
e
m
e

u
s
i
n
g

t
h
e

J
o
b

c
o
s
t
i
n
g

o
r

t
h
e

E
s
t
i
m
a
t
e
s
,

e
v
e

t
h
o
u
g
h

t
h
e

r
a
p
i
t
m
e
n
t

i
s

d
o
n
e

b
y

t
h
e

d
r
i
v
e
r

h
i
m
s
e
l
f
;

t
h
e
r
e

a
r
e

s
u
b
t
r
a
c
t
e
d

b
y

c
o
m
s
u
m
p
t
i
o
n

v
o
u
c
h
e
r
s

t
h
e

a
u
t
o

p
a
r
t
s

o
f

g
r
e
a
t

v
a
l
u
e

a
n
d

t
h
a
t

c
a
n

b
e

r
e
c
o
n
d
i
t
i
o
n
e
d
.
-
S
u
b
t
r
a
c
t
e
d

f
r
o
m

t
h
e

a
c
c
o
u
n
t
s
,

w
r
o
n
g
l
y
,

w
i
t
h

i
n
v
e
n
t
o
r
y

o
b
j
e
c
t
s

w
i
t
h

c
o
n
s
u
m
p
t
i
o
n

v
o
u
c
h
e
r
s
.
-
T
h
e

p
e
r
s
o
n
n
e
l

h
a
v
i
n
g

r
e
s
p
o
n
s
i
b
i
l
i
t
i
e
s

i
n

t
h
e

f
n
a
n
c
i
a
l
-
a
c
c
o
u
n
t
i
n
g

d
o
m
a
i
n

w
i
l
l

s
t
u
d
y

a
n
d

a
p
p
l
y

t
h
e

p
r
o
v
i
s
i
o
n
s

o
f

t
h
e

l
e
g
i
s
l
a
t
i
v
e

d
o
c
u
m
e
n
t
s

t
h
a
t

r
e
g
u
l
a
t
e

t
h
e
s
e

s
i
t
u
a
t
i
o
n
s
;
-

S
t
a
r
t
i
n
g

w
i
t
h

2
0
1
2
,

t
h
e

f
n
a
n
c
i
a
l
-
a
c
c
o
u
n
t
i
n
g

o
f
c
e

w
i
l
l

s
e
e
k

t
h
a
t

t
h
e
s
e

c
a
u
s
e
s

a
r
e

s
o
l
u
t
i
o
n
e
d

a
c
c
o
r
d
i
n
g

t
o

t
h
e

p
r
o
v
i
s
i
o
n
s

o
f

t
h
e

l
a
w
s

i
n

f
o
r
c
e
.
-
-
X
P
e
r
m
a
n
e
n
t
l
y

s
t
a
r
t
i
n
g

w
i
t
h

2
0
1
2
.
-

F
i
l
e
-

M
a
r
c
h
.

2
0
1
1
B
.
C
.
n
o
.
8
5
;
n
o
.
8
6
;
-

F
i
l
e
-

A
p
r
.

2
0
1
1
D
.
P
.
I
.
C
.
n
o
.

2
8
;
-

F
i
l
e

-
J
u
n
e

2
0
1
1
D
.
P
.
I
.
C
.
n
o
.
4
7
;
-

F
i
l
e
-
J
u
l
y

2
0
1
1
B
.
C
.
n
o
.

1
0
1
.
5
.
F
o
r

t
h
e

r
e
c
e
p
t
i
o
n

o
f

g
o
o
d
s

a
n
d

s
e
r
v
i
c
e
s

p
u
r
c
h
a
s
e
d

f
o
r

o
w
n

n
e
e
d
s
,

e
n
t
e
r
e
d

i
n

o
n
e

i
n
s
t
i
t
u
t
i
o
n

t
h
e
r
e

i
s

n
o
t

p
r
e
p
a
r
e
d

t
h
e

d
o
c
u
m
e
n
t
a
t
i
o
n

r
e
q
u
i
r
e
d

b
y

l
e
g
i
s
l
a
t
i
o
n
.
E
x
a
m
p
l
e
:

M
i
n
u
t
e
s

o
f

r
e
c
e
p
-
t
i
o
n
,

p
e
n
t
r
u

f
x
e
d

a
s
s
e
t
s

a
n
d

R
e
c
e
p
t
i
o
n

n
o
t
e

a
n
d

f
n
d
i
n
g

o
f

d
i
f
e
r
e
n
c
e
s
,

f
o
r

a
s
s
e
t
s
,

o
t
h
e
r

t
h
a
n

f
x
e
d

a
s
s
e
t
s
.
-
T
h
e

s
t
u
d
y
i
n
g

o
f

t
h
e

l
e
g
i
s
l
a
t
i
o
n

i
n

f
o
r
c
e
,

w
h
i
c
h

g
o
v
e
r
n
s

t
h
i
s

i
s
s
u
e
;
-

F
o
r

f
x
e
d

a
s
s
e
t
s

s
u
c
h

a
s

f
x
e
d

a
s
s
e
t
s

a
n
d

s
t
o
c
k
s
,

w
h
i
c
h

e
n
-
t
e
r
e
d

t
h
e

u
n
i
t

i
n

2
0
1
1

t
h
e
r
e

w
i
l
l

b
e

m
a
d
e

n
o
t
e
s

o
n

d
o
c
u
m
e
n
t
s
,

s
p
e
c
i
f
c

a
c
t
s

o
f

d
i
s
t
r
i
b
u
t
i
o
n
.
-
-
X
3
0
.
0
8
.
2
0
1
2
.
-

F
i
l
e
-
A
p
r
.

2
0
1
1
F
.
F
.
9
8
1
0
0
2
7
;
9
8
1
0
0
2
8
;

9
8
1
0
0
1
1
;

0
0
0
3
0
0
4
;

0
0
0
3
2
5
0
;

0
0
0
3
0
0
5
;
0
0
0
3
4
2
0
;

0
0
0
3
2
2
0
.
-

F
i
l
e
-

M
a
y

2
0
1
1
F
.
F
.
0
0
0
3
6
0
9
.
ORGANIZATION MODEL Copy no..
Public Internal Audit Department
No. xx / 11.06.2012
To: Te fnancial-Accounting Ofce
Esteemed Madam,
We bring to your attention that the recommendations contained
in the public internal audit report number xx / 10.06.2012 were ap-
proved by the Executive Director of ORGANIZATION MODEL.
According to O.P.F.M. no. 38 / 2003, paragraph 11, you aim to
apply the recommendations listed in the public internal audit re-
port, and certainly within the time limits set by you and me in-
formed on how to implement them.
Also, under O.P.F.M. no. 38 / 2003, paragraph 11.1., the fnan-
cial-accounting ofces responsibility in applying the recommenda-
tions consists of:
Developing an action plan, together with a timetable for
achieving it;
Te establishment of the persons responsible for each rec-
ommendation;
Implementation of recommendations;
Communicating on a regular basis on the progress of the
action stages;
Evaluation results.
Yours faithfully, Public internal auditor,
Vasilescu Andrei
6
.
T
h
e

i
n
v
e
n
t
o
r
y

o
f

g
o
o
d
s

f
r
o
m

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L
s

a
d
-
m
i
n
i
s
t
r
a
t
i
o
n

h
a
d

o
r
g
a
n
i
z
a
t
i
o
n
a
l

d
e
f
c
i
e
n
c
i
e
s
:

-

e
n
s
u
r
i
n
g

t
h
e

p
a
r
t
i
c
i
p
a
t
i
o
n

o
f

a
l
l

t
h
e

(
s
u
b
)
c
o
m
m
i
t
t
e
e
s

w
o
r
k
s

i
n

i
n
v
e
n
t
o
r
y
;
-

i
n

t
h
e

c
o
m
p
o
s
i
t
i
o
n

o
f

t
h
e

i
n
v
e
n
t
o
r
y

c
o
m
m
i
t
t
e
e

(
s
u
b
c
o
m
-
m
i
t
t
e
e
s
)

t
h
e
r
e

i
s

n
o

p
e
r
s
o
n

w
i
t
h

e
c
o
n
o
m
i
c

s
t
u
d
i
e
s
;
-

t
h
e

w
r
i
t
t
e
n

d
e
c
i
s
i
o
n

f
r
o
m

t
h
e

E
x
e
c
u
t
i
v
e

D
i
r
e
c
t
o
r

o
f

O
R
G
A
N
I
-
Z
A
T
I
O
N

M
O
D
E
L

,

t
o

b
e

p
a
r
t

o
f

t
h
e

i
n
v
e
n
t
o
r
y

c
o
m
m
i
t
t
e
e

a
s

c
h
a
i
r
m
a
n
.

-
T
h
e

p
e
r
s
o
n
n
e
l

t
h
a
t

w
i
l
l

b
e

n
a
m
e
d

f
o
r

r
e
a
l
i
z
i
n
g

t
h
e

i
n
v
e
n
t
o
r
y

o
f

g
o
o
d
s

f
r
o
m

t
h
e

p
a
t
r
i
m
o
n
y

o
f

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L

w
i
l
l

s
t
u
d
y

a
n
d

a
p
p
l
y

t
h
e

p
r
o
v
i
s
i
o
n
s

o
f

t
h
e

l
e
g
i
s
l
a
t
i
v
e

d
o
c
u
m
e
n
t
s

t
h
a
t

r
e
g
u
l
a
t
e

t
h
e
s
e

s
i
t
u
a
t
i
o
n
s
;

-

A
s

p
a
r
t

o
f

t
h
e

f
u
t
u
r
e

i
n
v
e
n
t
o
r
y

c
o
m
m
i
t
t
e
e

i
t

w
i
l
l

b
e

n
a
m
e
d

a

p
e
r
s
o
n

h
a
v
i
n
g

e
c
o
n
o
m
i
c

s
t
u
d
i
e
s
;
-
T
h
e

i
n
s
t
i
t
u
t
i
o
n
s

s
e
c
o
n
d
a
r
y

c
r
e
d
i
t

o
f
c
e
r

w
i
l
l

d
e
c
i
d
e

u
p
o
n

t
h
e

i
n
v
e
n
t
o
r
y
s

r
e
s
u
l
t
s
.
-
-
X
P
e
r
m
a
n
e
n
t
l
y

s
t
a
r
t
i
n
g

w
i
t
h

2
0
1
2
.
I
n
v
e
n
t
o
r
y

f
l
e

f
r
o
m

2
0
1
1
.
D
r
a
w
n

b
y
,

P
u
b
l
i
c

i
n
t
e
r
n
a
l

a
u
d
i
t
o
r

V
a
s
i
l
e
s
c
u

A
n
d
r
e
i

ORGANIZATION MODEL Copy no..
Financial-Accounting
Ofce
No. xx / 12.06.2012
To: Te public internal audit department
Esteemed Sir,
As a consequence to your document no. xx / 11.06.2012, regard-
ing the way of implementing of the recommendations formulated
with the opportunity of efectuating the public internal audit mis-
sion, I want to communicate you that your fnancial-accounting of-
fce has developed an Action Plan, together with a Timetable for
achieving it, as follows:
ACTION PLAN
C
r
t
.
n
o
.
O
b
j
e
c
t
i
v
e
F
i
n
d
i
n
g
T
h
e

f
o
r
m
u
l
a
t
e
d

r
e
c
o
m
m
e
n
d
a
t
i
o
n
T
h
e

p
e
r
s
o
n

i
n

c
h
a
r
g
e

o
f

t
h
e

a
p
p
l
i
c
a
t
i
o
n

o
f

t
h
e

r
e
c
o
m
-
m
e
n
d
a
t
i
o
n
S
t
a
g
e
s

i
n

t
h
e

p
r
o
g
r
e
s
s

t
h
a
t

w
a
s

r
e
g
i
s
t
e
r
e
d
T
h
e

e
v
a
l
u
a
t
i
o
n

o
f

t
h
e

r
e
s
u
l
t
s
T
h
e

c
o
m
m
u
n
i
c
a
t
i
o
n
3
0
.
0
9
.
2
0
1
2
P
e
r
m
a
-
n
e
n
t
l
y
O
t
h
e
r

d
a
t
e
s
1
.
T
h
e

r
e
c
o
r
d
s

o
f

g
o
o
d
s

f
r
o
m

p
u
b
l
i
c

a
n
d

p
r
i
v
a
t
e

d
o
-
m
a
i
n

o
f

t
h
e

s
t
a
t
e
,

i
n

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L

a
d
m
i
n
i
s
-
t
r
a
t
i
o
n
.
T
h
e

r
e
c
o
r
d
s

a
n
d

e
n
t
r
y

i
n
t
o

s
e
r
v
i
c
e

o
f

a
s
s
e
t
s

l
i
k
e

f
x
e
d

a
s
s
e
t
s

a
n
d

s
t
o
c
k
s

-
i
n
v
e
n
t
o
r
y

i
t
e
m
s
,

h
a
s
n
t

b
e
e
n

m
a
d
e

w
i
t
h

r
e
c
o
r
d

a
n
d

d
i
s
t
r
i
b
u
t
i
o
n

s
p
e
c
i
f
c

d
o
c
u
m
e
n
t
s
:

-

F
o
r

f
x
e
d

a
s
s
e
t
s
:

S
h
e
e
t

o
f

t
h
e

f
x
e
d

a
s
s
e
t
,

M
o
v
e
m
e
n
t

b
i
l
l

o
f

f
x
e
d

a
s
s
e
t
s
.
-

F
o
r

t
h
e

i
n
v
e
n
t
o
r
y

t
e
m
s
:

H
a
n
d
i
n
g

o
v
e
r

t
r
a
n
s
f
e
r

r
e
f
u
n
d

v
o
u
c
h
e
r
s
.
-
T
h
e

s
t
u
d
y
i
n
g

o
f

t
h
e

l
e
g
i
s
l
a
t
i
o
n

i
n

f
o
r
c
e
,

w
h
i
c
h

g
o
v
e
r
n
s

t
h
i
s

i
s
s
u
e
;

-

F
o
r

f
x
e
d

a
s
s
e
t
s

s
u
c
h

a
s

f
x
e
d

a
s
s
e
t
s

a
n
d

s
t
o
c
k
s
,

w
h
i
c
h

e
n
t
e
r
e
d

t
h
e

u
n
i
t

i
n

2
0
1
2

t
h
e
r
e

w
i
l
l

b
e

m
a
d
e

n
o
t
e
s

o
n

d
o
c
u
m
e
n
t
s
,

s
p
e
c
i
f
c

a
c
t
s

o
f

d
i
s
t
r
i
b
u
-
t
i
o
n
.
M
a
r
i
a
n

A
n
d
r
e
e
a
X
A
c
c
o
r
d
i
n
g
l
y
P
r
e
p
a
r
i
n
g

a
n
d

f
l
l
i
n
g

i
n

o
f

t
h
e

d
o
c
u
-
m
e
n
t
s
:

-

C
o
n
s
u
m
p
t
i
o
n

c
o
u
p
o
n
s

a
r
e

n
o
t

a
g
g
r
e
g
a
t
e
d

f
r
o
m

a
n

a
c
c
o
u
n
t
i
n
g

p
o
i
n
t

o
f

v
i
e
w
,

a
r
e

n
o
t

s
i
g
n
e
d

f
o
r

w
r
i
t
t
e
n

a
n
d

v
e
r
i
f
e
d
,

a
r
e

n
o
t

d
a
t
e
d

a
n
d

t
h
e

c
o
l
u
m
n

P
/
U

i
s

n
o
t

f
l
l
e
d
;
-

A
c
c
o
u
n
t
s

o
f

t
r
a
v
e
l

e
x
p
e
n
s
e
s
,

A
c
c
o
u
n
t
-
i
n
g

n
o
t
e
s
,

D
i
s
p
o
s
a
l

r
e
c
e
i
p
t
-

p
a
y
m
e
n
t

t
o
w
a
r
d
s

t
h
e

p
a
y

o
f
c
e
,

N
o
t
e
s

o
n

t
h
e

r
e
c
e
i
p
t

a
n
d

f
n
d
i
n
g

o
f

d
i
f
e
r
e
n
c
e
s
,

e
t
c
.

a
r
e

n
o
t

d
a
t
e
d

a
n
d

n
e
i
t
h
e
r

s
i
g
n
e
d

f
o
r

w
r
i
t
i
n
g

a
n
d

v
e
r
i
f
c
a
t
i
o
n
.
-
T
h
e

s
t
u
d
y
i
n
g

o
f

t
h
e

l
e
g
i
s
l
a
t
i
o
n

i
n

f
o
r
c
e
,

w
h
i
c
h

g
o
v
e
r
n
s

t
h
i
s

i
s
s
u
e
;
-

A
d
d
r
e
s
s
i
n
g

t
h
e

o
b
s
e
r
v
e
d

d
y
s
f
u
n
c
-
t
i
o
n
s

(
t
h
e

s
i
g
n
a
t
u
r
e

f
o
r

d
r
a
f
t
e
d
,

r
e
v
i
e
w
e
d

a
n
d

a
p
p
r
o
v
e
d
)

a
n
d

t
h
e

a
n
n
e
x
a
t
i
o
n

t
o

t
h
e

m
a
n
a
g
e
m
e
n
t

d
o
c
u
-
m
e
n
t
s

o
f

t
h
e

f
o
r
m
s

t
h
a
t

w
e
r
e

i
s
s
u
e
d

i
n

2
0
1
1
.
P
o
p
e
s
c
u

L
i
a
n
a
X
A
c
c
o
r
d
i
n
g
l
y
S
e
r
v
i
c
e
s

t
o

t
h
i
r
d

p
a
r
t
i
e
s

i
n

f
a
v
o
u
r

o
f

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L
:

-

C
o
m
p
a
n
i
e
s

p
r
o
v
i
d
i
n
g

s
e
r
v
i
c
e
s

o
r

w
o
r
k
s

d
o

n
o
t

p
r
e
p
a
r
e

e
s
t
i
m
a
t
e
s

o
r

j
o
b

c
o
s
t
i
n
g

t
h
a
t

a
t
t
e
s
t

t
h
e

q
u
a
n
t
i
t
y

o
f

i
t
e
m
s

p
l
a
c
e
d

i
n

w
o
r
k

a
n
d

q
u
a
l
i
t
y

(
e
n
s
u
r
i
n
g
)

t
h
e

w
o
r
k

a
n
d

s
e
r
v
i
c
e
s

p
e
r
f
o
r
m
e
d
.
-
T
h
e

s
t
u
d
y

o
f

t
h
e

l
e
g
i
s
l
a
t
i
o
n

o
n

t
h
e

o
b
l
i
g
a
t
i
o
n
s

o
f

t
h
e

b
u
d
g
e
t
a
r
y

p
u
b
l
i
c

i
n
-
s
t
i
t
u
t
i
o
n

i
n

c
o
n
n
e
c
t
i
o
n

w
i
t
h

t
h
e

r
e
c
e
i
p
t

o
f

g
o
o
d
s

a
n
d

t
h
e

w
o
r
k

p
e
r
f
o
r
m
e
d

b
y

c
o
m
p
a
n
i
e
s

i
n

t
h
e

f
e
l
d
;

-
T
h
e

r
e
g
u
l
a
t
i
o
n

i
n

2
0
0
8

o
f

s
i
m
i
l
a
r

s
i
t
u
-
a
t
i
o
n
s
,

w
h
i
c
h

w
i
l
l

b
e

c
r
e
a
t
e
d
.
S
o
a
r
e

G
a
b
r
i
e
l
X
A
c
c
o
r
d
i
n
g
l
y
T
h
e

d
e
c
r
e
a
s
e

i
n

e
x
p
e
n
d
a
b
l
e

g
o
o
d
s
:
-

A
u
t
o

p
a
r
t
s

a
r
e

n
o
t

r
e
m
o
v
e
d

n
o
r

p
l
a
c
e
d

i
n

(
f
r
o
m
)

t
h
e

a
u
t
o
m
o
b
i
l
e
s

c
o
m
p
l
e
t
e

s
c
h
e
m
e

u
s
i
n
g

t
h
e

J
o
b

c
o
s
t
i
n
g

o
r

t
h
e

E
s
t
i
m
a
t
e
s
,

e
v
e

t
h
o
u
g
h

t
h
e

r
a
p
i
t
-
m
e
n
t

i
s

d
o
n
e

b
y

t
h
e

d
r
i
v
e
r

h
i
m
s
e
l
f
;

t
h
e
r
e

a
r
e

s
u
b
t
r
a
c
t
e
d

b
y

c
o
m
s
u
m
p
t
i
o
n

v
o
u
c
h
e
r
s

t
h
e

a
u
t
o

p
a
r
t
s

o
f

g
r
e
a
t

v
a
l
u
e

a
n
d

t
h
a
t

c
a
n

b
e

r
e
c
o
n
d
i
t
i
o
n
e
d
.
-
S
u
b
t
r
a
c
t
e
d

f
r
o
m

t
h
e

a
c
c
o
u
n
t
s
,

w
r
o
n
g
l
y
,

w
i
t
h

i
n
v
e
n
t
o
r
y

o
b
j
e
c
t
s

w
i
t
h

c
o
n
s
u
m
p
t
i
o
n

v
o
u
c
h
e
r
s
.
-
T
h
e

p
e
r
s
o
n
n
e
l

h
a
v
i
n
g

r
e
s
p
o
n
s
i
b
i
l
i
t
i
e
s

i
n

t
h
e

f
n
a
n
c
i
a
l
-
a
c
c
o
u
n
t
i
n
g

d
o
m
a
i
n

w
i
l
l

s
t
u
d
y

a
n
d

a
p
p
l
y

t
h
e

p
r
o
v
i
s
i
o
n
s

o
f

t
h
e

l
e
g
i
s
l
a
t
i
v
e

d
o
c
u
m
e
n
t
s

t
h
a
t

r
e
g
u
l
a
t
e

t
h
e
s
e

s
i
t
u
a
t
i
o
n
s
;
-

S
t
a
r
t
i
n
g

w
i
t
h

2
0
0
8
,

t
h
e

f
n
a
n
c
i
a
l
-
a
c
c
o
u
n
t
i
n
g

o
f
c
e

w
i
l
l

s
e
e
k

t
h
a
t

t
h
e
s
e

c
a
u
s
e
s

a
r
e

s
o
l
u
t
i
o
n
e
d

a
c
c
o
r
d
i
n
g

t
o

t
h
e

p
r
o
v
i
s
i
o
n
s

o
f

t
h
e

l
a
w
s

i
n

f
o
r
c
e
.
S
o
a
r
e

G
a
b
r
i
e
l
X
A
c
c
o
r
d
i
n
g
l
y
F
o
r

t
h
e

r
e
c
e
p
t
i
o
n

o
f

g
o
o
d
s

a
n
d

s
e
r
v
i
c
e
s

p
u
r
c
h
a
s
e
d

f
o
r

o
w
n

n
e
e
d
s
,

e
n
t
e
r
e
d

i
n

o
n
e

i
n
s
t
i
t
u
t
i
o
n

t
h
e
r
e

i
s

n
o
t

p
r
e
p
a
r
e
d

t
h
e

d
o
c
u
m
e
n
t
a
t
i
o
n

r
e
q
u
i
r
e
d

b
y

l
e
g
i
s
l
a
t
i
o
n
.
E
x
a
m
p
l
e
:

M
i
n
u
t
e
s

o
f

r
e
c
e
p
t
i
o
n
,

p
e
n
t
r
u

f
x
e
d

a
s
s
e
t
s

a
n
d

R
e
c
e
p
t
i
o
n

n
o
t
e

a
n
d

f
n
d
i
n
g

o
f

d
i
f
e
r
e
n
c
e
s
,

f
o
r

a
s
s
e
t
s
,

o
t
h
e
r

t
h
a
n

f
x
e
d

a
s
s
e
t
s
.
-
T
h
e

s
t
u
d
y
i
n
g

o
f

t
h
e

l
e
g
i
s
l
a
t
i
o
n

i
n

f
o
r
c
e
,

w
h
i
c
h

g
o
v
e
r
n
s

t
h
i
s

i
s
s
u
e
;
-

F
o
r

f
x
e
d

a
s
s
e
t
s

s
u
c
h

a
s

f
x
e
d

a
s
s
e
t
s

a
n
d

s
t
o
c
k
s
,

w
h
i
c
h

e
n
t
e
r
e
d

t
h
e

u
n
i
t

i
n

2
0
1
1

t
h
e
r
e

w
i
l
l

b
e

m
a
d
e

n
o
t
e
s

o
n

d
o
c
u
m
e
n
t
s
,

s
p
e
c
i
f
c

a
c
t
s

o
f

d
i
s
t
r
i
b
u
-
t
i
o
n
.
P
o
p
e
s
c
u

L
i
a
n
a
A
n
d
M
a
r
i
a
n

A
n
d
r
e
e
a
X
A
c
c
o
r
d
i
n
g
l
y
2
.
T
h
e

i
n
v
e
n
t
o
r
y

o
f

g
o
o
d
s

f
r
o
m

t
h
e

p
u
b
l
i
c

a
n
d

p
r
i
v
a
t
e

d
o
m
a
i
n

o
f

t
h
e

s
t
a
t
e

u
s
e
d

b
y
O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L
T
h
e

i
n
v
e
n
t
o
r
y

o
f

g
o
o
d
s

f
r
o
m

O
R
G
A
N
I
-
Z
A
T
I
O
N

M
O
D
E
L
s

a
d
m
i
n
i
s
t
r
a
t
i
o
n

h
a
d

o
r
g
a
n
i
z
a
t
i
o
n
a
l

d
e
f
c
i
e
n
c
i
e
s
:

-

e
n
s
u
r
i
n
g

t
h
e

p
a
r
t
i
c
i
p
a
t
i
o
n

o
f

a
l
l

t
h
e

(
s
u
b
)
c
o
m
m
i
t
t
e
e
s

w
o
r
k
s

i
n

i
n
v
e
n
t
o
r
y
;
-

i
n

t
h
e

c
o
m
p
o
s
i
t
i
o
n

o
f

t
h
e

i
n
v
e
n
t
o
r
y

c
o
m
m
i
t
t
e
e

(
s
u
b
c
o
m
m
i
t
t
e
e
s
)

t
h
e
r
e

i
s

n
o

p
e
r
s
o
n

w
i
t
h

e
c
o
n
o
m
i
c

s
t
u
d
i
e
s
;
-

t
h
e

w
r
i
t
t
e
n

d
e
c
i
s
i
o
n

f
r
o
m

t
h
e

E
x
e
c
u
-
t
i
v
e

D
i
r
e
c
t
o
r

o
f

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L
,

t
o

b
e

p
a
r
t

o
f

t
h
e

i
n
v
e
n
t
o
r
y

c
o
m
m
i
t
t
e
e

a
s

c
h
a
i
r
m
a
n
.
-
T
h
e

p
e
r
s
o
n
n
e
l

t
h
a
t

w
i
l
l

b
e

n
a
m
e
d

f
o
r

r
e
a
l
i
z
i
n
g

t
h
e

i
n
v
e
n
t
o
r
y

o
f

g
o
o
d
s

f
r
o
m

t
h
e

p
a
t
r
i
m
o
n
y

o
f

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L
:
w
i
l
l

s
t
u
d
y

a
n
d

a
p
p
l
y

t
h
e

p
r
o
v
i
-
s
i
o
n
s

o
f

t
h
e

l
e
g
i
s
l
a
t
i
v
e

d
o
c
u
m
e
n
t
s

t
h
a
t

r
e
g
u
l
a
t
e

t
h
e
s
e

s
i
t
u
a
t
i
o
n
s
;

-

A
s

p
a
r
t

o
f

t
h
e

f
u
t
u
r
e

i
n
v
e
n
t
o
r
y

c
o
m
m
i
t
t
e
e

i
t

w
i
l
l

b
e

n
a
m
e
d

a

p
e
r
s
o
n

h
a
v
i
n
g

e
c
o
n
o
m
i
c

s
t
u
d
i
e
s
;
-
T
h
e

i
n
s
t
i
t
u
t
i
o
n
s

s
e
c
o
n
d
a
r
y

c
r
e
d
i
t

o
f
c
e
r

w
i
l
l

d
e
c
i
d
e

u
p
o
n

t
h
e

i
n
v
e
n
t
o
r
y
s

r
e
s
u
l
t
s
.
V
l
a
d

L
e
o
n
X
A
c
c
o
r
d
i
n
g
l
y
T
I
M
E
T
A
B
L
E

F
O
R

A
C
H
I
E
V
I
N
G

T
H
E

A
C
T
I
O
N

P
L
A
N

C
r
t

n
o
.
O
b
j
e
c
t
i
v
e
F
i
n
d
i
n
g
T
h
e

f
o
r
m
u
l
a
t
e
d

r
e
c
o
m
m
e
n
d
a
t
i
o
n
I
m
p
l
e
m
e
n
t
a
t
i
o
n

o
f

r
e
c
o
m
m
e
n
d
a
t
i
o
n
O
b
s
e
r
-
v
a
t
i
o
n
s
A
p
p
l
i
c
a
t
i
o
n

d
a
t
e
3
0
.

0
9
.

2
0
1
2
P
e
r
m
a
-
n
e
n
t
l
y
O
t
h
e
r

d
a
t
e
s
1
.
T
h
e

r
e
c
o
r
d
s

o
f

g
o
o
d
s

f
r
o
m

p
u
b
l
i
c

a
n
d

p
r
i
v
a
t
e

d
o
m
a
i
n

o
f

t
h
e

s
t
a
t
e
,

i
n

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L
:

a
d
m
i
n
i
s
t
r
a
t
i
o
n
.
T
h
e

r
e
c
o
r
d
s

a
n
d

e
n
t
r
y

i
n
t
o

s
e
r
v
i
c
e

o
f

a
s
s
e
t
s

l
i
k
e

f
x
e
d

a
s
s
e
t
s

a
n
d

s
t
o
c
k
s

-
i
n
v
e
n
t
o
r
y

i
t
e
m
s
,

h
a
s
n
t

b
e
e
n

m
a
d
e

w
i
t
h

r
e
c
o
r
d

a
n
d

d
i
s
t
r
i
b
u
t
i
o
n

s
p
e
c
i
f
c

d
o
c
u
m
e
n
t
s
:

-

F
o
r

f
x
e
d

a
s
s
e
t
s
:

S
h
e
e
t

o
f

t
h
e

f
x
e
d

a
s
s
e
t
,

M
o
v
e
-
m
e
n
t

b
i
l
l

o
f

f
x
e
d

a
s
s
e
t
s
.
-

F
o
r

t
h
e

i
n
v
e
n
t
o
r
y

t
e
m
s
:

H
a
n
d
i
n
g

o
v
e
r

t
r
a
n
s
f
e
r

r
e
f
u
n
d

v
o
u
c
h
e
r
s
.
-
T
h
e

s
t
u
d
y
i
n
g

o
f

t
h
e

l
e
g
i
s
l
a
t
i
o
n

i
n

f
o
r
c
e
,

w
h
i
c
h

g
o
v
e
r
n
s

t
h
i
s

i
s
s
u
e
;

-

F
o
r

f
x
e
d

a
s
s
e
t
s

s
u
c
h

a
s

f
x
e
d

a
s
s
e
t
s

a
n
d

s
t
o
c
k
s
,

w
h
i
c
h

e
n
t
e
r
e
d

t
h
e

u
n
i
t

i
n

2
0
1
1

t
h
e
r
e

w
i
l
l

b
e

m
a
d
e

n
o
t
e
s

o
n

d
o
c
u
m
e
n
t
s
,

s
p
e
c
i
f
c

a
c
t
s

o
f

d
i
s
t
r
i
b
u
t
i
o
n
.
X
P
r
e
p
a
r
i
n
g

a
n
d

f
l
l
i
n
g

i
n

o
f

t
h
e

d
o
c
u
m
e
n
t
s
:

-

C
o
n
s
u
m
p
t
i
o
n

c
o
u
p
o
n
s

a
r
e

n
o
t

a
g
g
r
e
g
a
t
e
d

f
r
o
m

a
n

a
c
c
o
u
n
t
i
n
g

p
o
i
n
t

o
f

v
i
e
w
,

a
r
e

n
o
t

s
i
g
n
e
d

f
o
r

w
r
i
t
t
e
n

a
n
d

v
e
r
i
f
e
d
,

a
r
e

n
o
t

d
a
t
e
d

a
n
d

t
h
e

c
o
l
u
m
n

P
/
U

i
s

n
o
t

f
l
l
e
d
;
-

A
c
c
o
u
n
t
s

o
f

t
r
a
v
e
l

e
x
p
e
n
s
e
s
,

A
c
c
o
u
n
t
i
n
g

n
o
t
e
s
,

D
i
s
p
o
s
a
l

r
e
c
e
i
p
t
-

p
a
y
m
e
n
t

t
o
w
a
r
d
s

t
h
e

p
a
y

o
f
c
e
,

N
o
t
e
s

o
n

t
h
e

r
e
c
e
i
p
t

a
n
d

f
n
d
i
n
g

o
f

d
i
f
e
r
e
n
c
e
s
,

e
t
c
.

a
r
e

n
o
t

d
a
t
e
d

a
n
d

n
e
i
t
h
e
r

s
i
g
n
e
d

f
o
r

w
r
i
t
i
n
g

a
n
d

v
e
r
i
f
c
a
t
i
o
n
.
-
T
h
e

s
t
u
d
y
i
n
g

o
f

t
h
e

l
e
g
i
s
l
a
t
i
o
n

i
n

f
o
r
c
e
,

w
h
i
c
h

g
o
v
e
r
n
s

t
h
i
s

i
s
s
u
e
;
-

A
d
d
r
e
s
s
i
n
g

t
h
e

o
b
s
e
r
v
e
d

d
y
s
f
u
n
c
-
t
i
o
n
s

(
t
h
e

s
i
g
n
a
t
u
r
e

f
o
r

d
r
a
f
t
e
d
,

r
e
v
i
e
w
e
d

a
n
d

a
p
p
r
o
v
e
d
)

a
n
d

t
h
e

a
n
n
e
x
a
t
i
o
n

t
o

t
h
e

m
a
n
a
g
e
m
e
n
t

d
o
c
u
m
e
n
t
s

o
f

t
h
e

f
o
r
m
s

t
h
a
t

w
e
r
e

i
s
s
u
e
d

i
n

2
0
1
1
.
X
S
e
r
v
i
c
e
s

t
o

t
h
i
r
d

p
a
r
t
i
e
s

i
n

f
a
v
o
u
r

o
f

O
R
G
A
N
I
Z
A
-
T
I
O
N

M
O
D
E
L
:

-

C
o
m
p
a
n
i
e
s

p
r
o
v
i
d
i
n
g

s
e
r
v
i
c
e
s

o
r

w
o
r
k
s

d
o

n
o
t

p
r
e
p
a
r
e

e
s
t
i
m
a
t
e
s

o
r

j
o
b

c
o
s
t
i
n
g

t
h
a
t

a
t
t
e
s
t

t
h
e

q
u
a
n
t
i
t
y

o
f

i
t
e
m
s

p
l
a
c
e
d

i
n

w
o
r
k

a
n
d

q
u
a
l
i
t
y

(
e
n
s
u
r
i
n
g
)

t
h
e

w
o
r
k

a
n
d

s
e
r
v
i
c
e
s

p
e
r
f
o
r
m
e
d
.
-
T
h
e

s
t
u
d
y

o
f

t
h
e

l
e
g
i
s
l
a
t
i
o
n

o
n

t
h
e

o
b
l
i
g
a
t
i
o
n
s

o
f

t
h
e

b
u
d
g
e
t
a
r
y

p
u
b
l
i
c

i
n
s
t
i
t
u
t
i
o
n

i
n

c
o
n
n
e
c
t
i
o
n

w
i
t
h

t
h
e

r
e
c
e
i
p
t

o
f

g
o
o
d
s

a
n
d

t
h
e

w
o
r
k

p
e
r
-
f
o
r
m
e
d

b
y

c
o
m
p
a
n
i
e
s

i
n

t
h
e

f
e
l
d
;

-
T
h
e

r
e
g
u
l
a
t
i
o
n

i
n

2
0
1
2

o
f

s
i
m
i
l
a
r

s
i
t
u
a
t
i
o
n
s
,

w
h
i
c
h

w
i
l
l

b
e

c
r
e
a
t
e
d
.
X
T
h
e

d
e
c
r
e
a
s
e

i
n

e
x
p
e
n
d
a
b
l
e

g
o
o
d
s
:
-

A
u
t
o

p
a
r
t
s

a
r
e

n
o
t

r
e
m
o
v
e
d

n
o
r

p
l
a
c
e
d

i
n

(
f
r
o
m
)

t
h
e

a
u
t
o
m
o
b
i
l
e
s

c
o
m
p
l
e
t
e

s
c
h
e
m
e

u
s
i
n
g

t
h
e

J
o
b

c
o
s
t
i
n
g

o
r

t
h
e

E
s
t
i
m
a
t
e
s
,

e
v
e

t
h
o
u
g
h

t
h
e

r
a
p
i
t
m
e
n
t

i
s

d
o
n
e

b
y

t
h
e

d
r
i
v
e
r

h
i
m
s
e
l
f
;

t
h
e
r
e

a
r
e

s
u
b
t
r
a
c
t
e
d

b
y

c
o
m
s
u
m
p
t
i
o
n

v
o
u
c
h
e
r
s

t
h
e

a
u
t
o

p
a
r
t
s

o
f

g
r
e
a
t

v
a
l
u
e

a
n
d

t
h
a
t

c
a
n

b
e

r
e
c
o
n
d
i
t
i
o
n
e
d
.
-
S
u
b
t
r
a
c
t
e
d

f
r
o
m

t
h
e

a
c
c
o
u
n
t
s
,

w
r
o
n
g
l
y
,

w
i
t
h

i
n
v
e
n
t
o
r
y

o
b
j
e
c
t
s

w
i
t
h

c
o
n
s
u
m
p
t
i
o
n

v
o
u
c
h
e
r
s
.
-
T
h
e

p
e
r
s
o
n
n
e
l

h
a
v
i
n
g

r
e
s
p
o
n
s
i
-
b
i
l
i
t
i
e
s

i
n

t
h
e

f
n
a
n
c
i
a
l
-
a
c
c
o
u
n
t
i
n
g

d
o
m
a
i
n

w
i
l
l

s
t
u
d
y

a
n
d

a
p
p
l
y

t
h
e

p
r
o
v
i
s
i
o
n
s

o
f

t
h
e

l
e
g
i
s
l
a
t
i
v
e

d
o
c
u
m
e
n
t
s

t
h
a
t

r
e
g
u
l
a
t
e

t
h
e
s
e

s
i
t
u
a
t
i
o
n
s
;
-

S
t
a
r
t
i
n
g

w
i
t
h

2
0
1
2
,

t
h
e

f
n
a
n
c
i
a
l
-
a
c
c
o
u
n
t
i
n
g

o
f
c
e

w
i
l
l

s
e
e
k

t
h
a
t

t
h
e
s
e

c
a
u
s
e
s

a
r
e

s
o
l
u
t
i
o
n
e
d

a
c
c
o
r
d
i
n
g

t
o

t
h
e

p
r
o
v
i
s
i
o
n
s

o
f

t
h
e

l
a
w
s

i
n

f
o
r
c
e
.
X
F
o
r

t
h
e

r
e
c
e
p
t
i
o
n

o
f

g
o
o
d
s

a
n
d

s
e
r
v
i
c
e
s

p
u
r
c
h
a
s
e
d

f
o
r

o
w
n

n
e
e
d
s
,

e
n
t
e
r
e
d

i
n

o
n
e

i
n
s
t
i
t
u
t
i
o
n

t
h
e
r
e

i
s

n
o
t

p
r
e
p
a
r
e
d

t
h
e

d
o
c
u
m
e
n
t
a
t
i
o
n

r
e
q
u
i
r
e
d

b
y

l
e
g
i
s
l
a
t
i
o
n
.
E
x
a
m
p
l
e
:

M
i
n
u
t
e
s

o
f

r
e
c
e
p
t
i
o
n
,

p
e
n
t
r
u

f
x
e
d

a
s
s
e
t
s

a
n
d

R
e
c
e
p
t
i
o
n

n
o
t
e

a
n
d

f
n
d
i
n
g

o
f

d
i
f
e
r
e
n
c
e
s
,

f
o
r

a
s
s
e
t
s
,

o
t
h
e
r

t
h
a
n

f
x
e
d

a
s
s
e
t
s
.
-
T
h
e

s
t
u
d
y
i
n
g

o
f

t
h
e

l
e
g
i
s
l
a
t
i
o
n

i
n

f
o
r
c
e
,

w
h
i
c
h

g
o
v
e
r
n
s

t
h
i
s

i
s
s
u
e
;
-

F
o
r

f
x
e
d

a
s
s
e
t
s

s
u
c
h

a
s

f
x
e
d

a
s
s
e
t
s

a
n
d

s
t
o
c
k
s
,

w
h
i
c
h

e
n
t
e
r
e
d

t
h
e

u
n
i
t

i
n

2
0
1
1

t
h
e
r
e

w
i
l
l

b
e

m
a
d
e

n
o
t
e
s

o
n

d
o
c
u
m
e
n
t
s
,

s
p
e
c
i
f
c

a
c
t
s

o
f

d
i
s
t
r
i
b
u
t
i
o
n
.
X
2
.
T
h
e

i
n
v
e
n
t
o
r
y

o
f

g
o
o
d
s

f
r
o
m

t
h
e

p
u
b
l
i
c

a
n
d

p
r
i
v
a
t
e

d
o
m
a
i
n

o
f

t
h
e

s
t
a
t
e

u
s
e
d

b
y
O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L
T
h
e

i
n
v
e
n
t
o
r
y

o
f

g
o
o
d
s

f
r
o
m

D
.
A
.
D
.
R
.

S
I
B
I
U
s

a
d
m
i
n
i
s
t
r
a
t
i
o
n

h
a
d

o
r
g
a
n
i
z
a
t
i
o
n
a
l

d
e
f
c
i
e
n
c
i
e
s
:

-

e
n
s
u
r
i
n
g

t
h
e

p
a
r
t
i
c
i
p
a
t
i
o
n

o
f

a
l
l

t
h
e

(
s
u
b
)
c
o
m
-
m
i
t
t
e
e
s

w
o
r
k
s

i
n

i
n
v
e
n
t
o
r
y
;
-

i
n

t
h
e

c
o
m
p
o
s
i
t
i
o
n

o
f

t
h
e

i
n
v
e
n
t
o
r
y

c
o
m
m
i
t
-
t
e
e

(
s
u
b
c
o
m
m
i
t
t
e
e
s
)

t
h
e
r
e

i
s

n
o

p
e
r
s
o
n

w
i
t
h

e
c
o
n
o
m
i
c

s
t
u
d
i
e
s
;
-

t
h
e

w
r
i
t
t
e
n

d
e
c
i
s
i
o
n

f
r
o
m

t
h
e

E
x
e
c
u
t
i
v
e

D
i
r
e
c
t
o
r

o
f

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L
,

t
o

b
e

p
a
r
t

o
f

t
h
e

i
n
v
e
n
-
t
o
r
y

c
o
m
m
i
t
t
e
e

a
s

c
h
a
i
r
m
a
n
.
-
T
h
e

p
e
r
s
o
n
n
e
l

t
h
a
t

w
i
l
l

b
e

n
a
m
e
d

f
o
r

r
e
a
l
i
z
i
n
g

t
h
e

i
n
v
e
n
t
o
r
y

o
f

g
o
o
d
s

f
r
o
m

t
h
e

p
a
t
r
i
m
o
n
y

o
f

O
R
G
A
N
I
Z
A
-
T
I
O
N

M
O
D
E
L

w
i
l
l

s
t
u
d
y

a
n
d

a
p
p
l
y

t
h
e

p
r
o
v
i
s
i
o
n
s

o
f

t
h
e

l
e
g
i
s
l
a
t
i
v
e

d
o
c
u
m
e
n
t
s

t
h
a
t

r
e
g
u
l
a
t
e

t
h
e
s
e

s
i
t
u
a
t
i
o
n
s
;

-

A
s

p
a
r
t

o
f

t
h
e

f
u
t
u
r
e

i
n
v
e
n
t
o
r
y

c
o
m
m
i
t
t
e
e

i
t

w
i
l
l

b
e

n
a
m
e
d

a

p
e
r
-
s
o
n

h
a
v
i
n
g

e
c
o
n
o
m
i
c

s
t
u
d
i
e
s
;
-
T
h
e

i
n
s
t
i
t
u
t
i
o
n
s

s
e
c
o
n
d
a
r
y

c
r
e
d
i
t

o
f
c
e
r

w
i
l
l

d
e
c
i
d
e

u
p
o
n

t
h
e

i
n
v
e
n
-
t
o
r
y
s

r
e
s
u
l
t
s
.
X

V
i
c
e
-
E
c
o
n
o
m
i
c

E
x
e
c
u
t
i
v
e

D
i
r
e
c
t
o
r

V
l
a
d

L
e
o
n

T
e

p
u
b
l
i
c

i
n
t
e
r
n
a
l

a
u
d
i
t
o
r

o
f

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L

v
e
r
i
f
e
s

a
n
d

r
e
p
o
r
t
s

t
o

C
.
U
.
H
.
P
.
I
.
A
.

o
r

t
h
e

D
i
r
e
c
t
o
-
r
a
t
e

o
f

A
u
d
i
t

f
r
o
m

P
.
F
.
M
.

a
b
o
u
t

t
h
e

p
r
o
g
r
e
s
s

i
n

i
m
p
l
e
m
e
n
t
i
n
g

t
h
e

r
e
c
o
m
m
e
n
d
a
t
i
o
n
s
.
ORGANIZATION MODEL, Copy no..
Financial-Accounting
Department
No. xx / 13.06.2012
To: P.F.M. BUCHAREST
DIRECTORATE OF AUDIT

Afer conducting the mission of public internal audit on Man-
agement of the patrimony in ORGANIZATION MODEL, I report
the stage of the progress in implementing the recommendations.
Te situation is shown in the following table:
T
h
e

d
e
c
r
e
a
s
e

i
n

e
x
p
e
n
d
a
b
l
e

g
o
o
d
s
:
-

A
u
t
o

p
a
r
t
s

a
r
e

n
o
t

r
e
m
o
v
e
d

n
o
r

p
l
a
c
e
d

i
n

(
f
r
o
m
)

t
h
e

a
u
t
o
m
o
b
i
l
e
s

c
o
m
p
l
e
t
e

s
c
h
e
m
e

u
s
i
n
g

t
h
e

J
o
b

c
o
s
t
i
n
g

o
r

t
h
e

E
s
t
i
m
a
t
e
s
,

e
v
e

t
h
o
u
g
h

t
h
e

r
a
p
i
t
m
e
n
t

i
s

d
o
n
e

b
y

t
h
e

d
r
i
v
e
r

h
i
m
s
e
l
f
;

t
h
e
r
e

a
r
e

s
u
b
t
r
a
c
t
e
d

b
y

c
o
m
s
u
m
p
-
t
i
o
n

v
o
u
c
h
e
r
s

t
h
e

a
u
t
o

p
a
r
t
s

o
f

g
r
e
a
t

v
a
l
u
e

a
n
d

t
h
a
t

c
a
n

b
e

r
e
c
o
n
d
i
t
i
o
n
e
d
.
-
S
u
b
t
r
a
c
t
e
d

f
r
o
m

t
h
e

a
c
c
o
u
n
t
s
,

w
r
o
n
g
l
y
,

w
i
t
h

i
n
v
e
n
-
t
o
r
y

o
b
j
e
c
t
s

w
i
t
h

c
o
n
s
u
m
p
t
i
o
n

v
o
u
c
h
e
r
s
.
-
T
h
e

p
e
r
s
o
n
n
e
l

h
a
v
i
n
g

r
e
s
p
o
n
s
i
-
b
i
l
i
t
i
e
s

i
n

t
h
e

f
n
a
n
c
i
a
l
-
a
c
c
o
u
n
t
i
n
g

d
o
m
a
i
n

w
i
l
l

s
t
u
d
y

a
n
d

a
p
p
l
y

t
h
e

p
r
o
-
v
i
s
i
o
n
s

o
f

t
h
e

l
e
g
i
s
l
a
t
i
v
e

d
o
c
u
m
e
n
t
s

t
h
a
t

r
e
g
u
l
a
t
e

t
h
e
s
e

s
i
t
u
a
t
i
o
n
s
;
-

S
t
a
r
t
i
n
g

w
i
t
h

2
0
1
2
,

t
h
e

f
n
a
n
c
i
a
l
-
a
c
c
o
u
n
t
i
n
g

o
f
c
e

w
i
l
l

s
e
e
k

t
h
a
t

t
h
e
s
e

c
a
u
s
e
s

a
r
e

s
o
l
u
t
i
o
n
e
d

a
c
c
o
r
d
i
n
g

t
o

t
h
e

p
r
o
v
i
s
i
o
n
s

o
f

t
h
e

l
a
w
s

i
n

f
o
r
c
e
.
X
F
o
r

t
h
e

r
e
c
e
p
t
i
o
n

o
f

g
o
o
d
s

a
n
d

s
e
r
v
i
c
e
s

p
u
r
c
h
a
s
e
d

f
o
r

o
w
n

n
e
e
d
s
,

e
n
t
e
r
e
d

i
n

o
n
e

i
n
s
t
i
t
u
t
i
o
n

t
h
e
r
e

i
s

n
o
t

p
r
e
p
a
r
e
d

t
h
e

d
o
c
u
m
e
n
t
a
t
i
o
n

r
e
q
u
i
r
e
d

b
y

l
e
g
i
s
l
a
t
i
o
n
.
E
x
a
m
p
l
e
:

M
i
n
u
t
e
s

o
f

r
e
c
e
p
t
i
o
n
,

p
e
n
t
r
u

f
x
e
d

a
s
s
e
t
s

a
n
d

R
e
c
e
p
t
i
o
n

n
o
t
e

a
n
d

f
n
d
i
n
g

o
f

d
i
f
e
r
e
n
c
e
s
,

f
o
r

a
s
s
e
t
s
,

o
t
h
e
r

t
h
a
n

f
x
e
d

a
s
s
e
t
s
.
-
T
h
e

s
t
u
d
y
i
n
g

o
f

t
h
e

l
e
g
i
s
l
a
t
i
o
n

i
n

f
o
r
c
e
,

w
h
i
c
h

g
o
v
e
r
n
s

t
h
i
s

i
s
s
u
e
;
-

F
o
r

f
x
e
d

a
s
s
e
t
s

s
u
c
h

a
s

f
x
e
d

a
s
s
e
t
s

a
n
d

s
t
o
c
k
s
,

w
h
i
c
h

e
n
t
e
r
e
d

t
h
e

u
n
i
t

i
n

2
0
1
1

t
h
e
r
e

w
i
l
l

b
e

m
a
d
e

n
o
t
e
s

o
n

d
o
c
u
m
e
n
t
s
,

s
p
e
c
i
f
c

a
c
t
s

o
f

d
i
s
t
r
i
b
u
t
i
o
n
.
X
2
.
T
h
e

i
n
v
e
n
t
o
r
y

o
f

g
o
o
d
s

f
r
o
m

t
h
e

p
u
b
l
i
c

a
n
d

p
r
i
v
a
t
e

d
o
m
a
i
n

o
f

t
h
e

s
t
a
t
e

u
s
e
d

b
y
O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L
T
h
e

i
n
v
e
n
t
o
r
y

o
f

g
o
o
d
s

f
r
o
m

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L
s

a
d
m
i
n
i
s
t
r
a
t
i
o
n

h
a
d

o
r
g
a
n
i
z
a
t
i
o
n
a
l

d
e
f
c
i
e
n
c
i
e
s
:

-

e
n
s
u
r
i
n
g

t
h
e

p
a
r
t
i
c
i
p
a
t
i
o
n

o
f

a
l
l

t
h
e

(
s
u
b
)
c
o
m
m
i
t
-
t
e
e
s

w
o
r
k
s

i
n

i
n
v
e
n
t
o
r
y
;
-

i
n

t
h
e

c
o
m
p
o
s
i
t
i
o
n

o
f

t
h
e

i
n
v
e
n
t
o
r
y

c
o
m
m
i
t
t
e
e

(
s
u
b
c
o
m
m
i
t
t
e
e
s
)

t
h
e
r
e

i
s

n
o

p
e
r
s
o
n

w
i
t
h

e
c
o
n
o
m
i
c

s
t
u
d
i
e
s
;
-

t
h
e

w
r
i
t
t
e
n

d
e
c
i
s
i
o
n

f
r
o
m

t
h
e

E
x
e
c
u
t
i
v
e

D
i
r
e
c
t
o
r

o
f

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L
,

t
o

b
e

p
a
r
t

o
f

t
h
e

i
n
v
e
n
t
o
r
y

c
o
m
m
i
t
t
e
e

a
s

c
h
a
i
r
m
a
n
.
-
T
h
e

p
e
r
s
o
n
n
e
l

t
h
a
t

w
i
l
l

b
e

n
a
m
e
d

f
o
r

r
e
a
l
i
z
i
n
g

t
h
e

i
n
v
e
n
t
o
r
y

o
f

g
o
o
d
s

f
r
o
m

t
h
e

p
a
t
r
i
m
o
n
y

o
f

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L

w
i
l
l

s
t
u
d
y

a
n
d

a
p
p
l
y

t
h
e

p
r
o
v
i
-
s
i
o
n
s

o
f

t
h
e

l
e
g
i
s
l
a
t
i
v
e

d
o
c
u
m
e
n
t
s

t
h
a
t

r
e
g
u
l
a
t
e

t
h
e
s
e

s
i
t
u
a
t
i
o
n
s
;

-

A
s

p
a
r
t

o
f

t
h
e

f
u
t
u
r
e

i
n
v
e
n
t
o
r
y

c
o
m
m
i
t
t
e
e

i
t

w
i
l
l

b
e

n
a
m
e
d

a

p
e
r
s
o
n

h
a
v
i
n
g

e
c
o
n
o
m
i
c

s
t
u
d
i
e
s
;
-
T
h
e
i
n
s
t
i
t
u
t
i
o
n
s
s
e
c
o
n
d
a
r
y
c
r
e
d
i
t
o
f
c
e
r

w
i
l
l
d
e
c
i
d
e
u
p
o
n
t
h
e
i
n
v
e
n
t
o
r
y
s
r
e
s
u
l
t
s
.
X

P
u
b
l
i
c

i
n
t
e
r
n
a
l

a
u
d
i
t
o
r

f
r
o
m

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L

V
a
s
i
l
e
s
c
u

A
n
d
r
e
i
C
t

n
o
.
O
b
j
e
c
t
i
v
e
F
i
n
d
i
n
g
F
o
r
m
u
l
a
t
e
d

r
e
c
o
m
m
e
n
d
a
t
i
o
n
I
m
p
l
e
m
n
a
t
i
n
g

t
h
e

r
e
c
o
m
-
m
e
n
d
a
t
i
o
n
O
b
s
e
r
-
v
a
t
i
o
n
s
A
p
p
l
i
c
a
t
i
o
n

d
a
t
e
3
0
.

0
9
.

2
0
1
2
P
e
r
m
a
-
n
e
n
t
l
y
O
t
h
e
r

d
a
t
e
s
1
.
T
h
e

r
e
c
o
r
d
s

o
f

g
o
o
d
s

f
r
o
m

p
u
b
l
i
c

a
n
d

p
r
i
v
a
t
e

d
o
-
m
a
i
n

o
f

t
h
e

s
t
a
t
e
,

i
n

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L

a
d
m
i
n
i
s
-
t
r
a
t
i
o
n
.
T
h
e

r
e
c
o
r
d
s

a
n
d

e
n
t
r
y

i
n
t
o

s
e
r
v
i
c
e

o
f

a
s
s
e
t
s

l
i
k
e

f
x
e
d

a
s
s
e
t
s

a
n
d

s
t
o
c
k
s

-
i
n
v
e
n
t
o
r
y

i
t
e
m
s
,

h
a
s
n
t

b
e
e
n

m
a
d
e

w
i
t
h

r
e
c
o
r
d

a
n
d

d
i
s
t
r
i
b
u
t
i
o
n

s
p
e
c
i
f
c

d
o
c
u
m
e
n
t
s
:

-

F
o
r

f
x
e
d

a
s
s
e
t
s
:

S
h
e
e
t

o
f

t
h
e

f
x
e
d

a
s
s
e
t
,

M
o
v
e
m
e
n
t

b
i
l
l

o
f

f
x
e
d

a
s
s
e
t
s
.
-

F
o
r

t
h
e

i
n
v
e
n
t
o
r
y

t
e
m
s
:

H
a
n
d
i
n
g

o
v
e
r

t
r
a
n
s
f
e
r

r
e
f
u
n
d

v
o
u
c
h
e
r
s
.
-
T
h
e

s
t
u
d
y
i
n
g

o
f

t
h
e

l
e
g
i
s
l
a
t
i
o
n

i
n

f
o
r
c
e
,

w
h
i
c
h

g
o
v
e
r
n
s

t
h
i
s

i
s
s
u
e
;

-

F
o
r

f
x
e
d

a
s
s
e
t
s

s
u
c
h

a
s

f
x
e
d

a
s
s
e
t
s

a
n
d

s
t
o
c
k
s
,

w
h
i
c
h

e
n
t
e
r
e
d

t
h
e

u
n
i
t

i
n

2
0
1
1

t
h
e
r
e

w
i
l
l

b
e

m
a
d
e

n
o
t
e
s

o
n

d
o
c
u
m
e
n
t
s
,

s
p
e
c
i
f
c

a
c
t
s

o
f

d
i
s
t
r
i
b
u
-
t
i
o
n
.
X
P
r
e
p
a
r
i
n
g

a
n
d

f
l
l
i
n
g

i
n

o
f

t
h
e

d
o
c
u
m
e
n
t
s
:

-

C
o
n
s
u
m
p
t
i
o
n

c
o
u
p
o
n
s

a
r
e

n
o
t

a
g
g
r
e
g
a
t
e
d

f
r
o
m

a
n

a
c
c
o
u
n
t
i
n
g

p
o
i
n
t

o
f

v
i
e
w
,

a
r
e

n
o
t

s
i
g
n
e
d

f
o
r

w
r
i
t
t
e
n

a
n
d

v
e
r
i
f
e
d
,

a
r
e

n
o
t

d
a
t
e
d

a
n
d

t
h
e

c
o
l
u
m
n

P
/
U

i
s

n
o
t

f
l
l
e
d
;
-

A
c
c
o
u
n
t
s

o
f

t
r
a
v
e
l

e
x
p
e
n
s
e
s
,

A
c
c
o
u
n
t
i
n
g

n
o
t
e
s
,

D
i
s
-
p
o
s
a
l

r
e
c
e
i
p
t
-

p
a
y
m
e
n
t

t
o
w
a
r
d
s

t
h
e

p
a
y

o
f
c
e
,

N
o
t
e
s

o
n

t
h
e

r
e
c
e
i
p
t

a
n
d

f
n
d
i
n
g

o
f

d
i
f
e
r
e
n
c
e
s
,

e
t
c
.

a
r
e

n
o
t

d
a
t
e
d

a
n
d

n
e
i
t
h
e
r

s
i
g
n
e
d

f
o
r

w
r
i
t
i
n
g

a
n
d

v
e
r
i
f
c
a
t
i
o
n
.
-
T
h
e

s
t
u
d
y
i
n
g

o
f

t
h
e

l
e
g
i
s
l
a
t
i
o
n

i
n

f
o
r
c
e
,

w
h
i
c
h

g
o
v
e
r
n
s

t
h
i
s

i
s
s
u
e
;
-

A
d
d
r
e
s
s
i
n
g

t
h
e

o
b
s
e
r
v
e
d

d
y
s
f
u
n
c
-
t
i
o
n
s

(
t
h
e

s
i
g
n
a
t
u
r
e

f
o
r

d
r
a
f
t
e
d
,

r
e
v
i
e
w
e
d

a
n
d

a
p
p
r
o
v
e
d
)

a
n
d

t
h
e

a
n
n
e
x
a
t
i
o
n

t
o

t
h
e

m
a
n
a
g
e
m
e
n
t

d
o
c
u
m
e
n
t
s

o
f

t
h
e

f
o
r
m
s

t
h
a
t

w
e
r
e

i
s
s
u
e
d

i
n

2
0
1
1
.
X
S
e
r
v
i
c
e
s

t
o

t
h
i
r
d

p
a
r
t
i
e
s

i
n

f
a
v
o
u
r

o
f

O
R
G
A
N
I
Z
A
T
I
O
N

M
O
D
E
L
:

-

C
o
m
p
a
n
i
e
s

p
r
o
v
i
d
i
n
g

s
e
r
v
i
c
e
s

o
r

w
o
r
k
s

d
o

n
o
t

p
r
e
-
p
a
r
e

e
s
t
i
m
a
t
e
s

o
r

j
o
b

c
o
s
t
i
n
g

t
h
a
t

a
t
t
e
s
t

t
h
e

q
u
a
n
t
i
t
y

o
f

i
t
e
m
s

p
l
a
c
e
d

i
n

w
o
r
k

a
n
d

q
u
a
l
i
t
y

(
e
n
s
u
r
i
n
g
)

t
h
e

w
o
r
k

a
n
d

s
e
r
v
i
c
e
s

p
e
r
f
o
r
m
e
d
.
-
T
h
e

s
t
u
d
y

o
f

t
h
e

l
e
g
i
s
l
a
t
i
o
n

o
n

t
h
e

o
b
l
i
g
a
t
i
o
n
s

o
f

t
h
e

b
u
d
g
e
t
a
r
y

p
u
b
l
i
c

i
n
s
t
i
t
u
t
i
o
n

i
n

c
o
n
n
e
c
t
i
o
n

w
i
t
h

t
h
e

r
e
c
e
i
p
t

o
f

g
o
o
d
s

a
n
d

t
h
e

w
o
r
k

p
e
r
-
f
o
r
m
e
d

b
y

c
o
m
p
a
n
i
e
s

i
n

t
h
e

f
e
l
d
;

-
T
h
e

r
e
g
u
l
a
t
i
o
n

i
n

2
0
1
2

o
f

s
i
m
i
l
a
r

s
i
t
u
a
t
i
o
n
s
,

w
h
i
c
h

w
i
l
l

b
e

c
r
e
a
t
e
d
.
X
ANNEX
CODE OF ETHICS
Introduction to the Code of Ethics
Te purpose of Te Institutes Code of Ethics is to promote an
ethical culture in the profession of internal auditing.
Internal auditing is an independent, objective assurance and
consulting activity designed to add value and improve an organiza-
tions operations. It helps an organization accomplish its objectives by
bringing a systematic, disciplined approach to evaluate and improve
the efectiveness of risk management, control, and governance pro-
cesses.
A code of ethics is necessary and appropriate for the profession
of internal auditing, founded as it is on the trust placed in its objec-
tive assurance about governance, risk management, and control.
Te Institutes Code of Ethics extends beyond the Defnition of
Internal Auditing to include two essential components:
1. Principles that are relevant to the profession and practice of
internal auditing.
2. Rules of Conduct that describe behavior norms expected of
internal auditors. Tese rules are an aid to interpreting the
Principles into practical applications and are intended to
guide the ethical conduct of internal auditors.
Internal auditors refers to Institute members, recipients of or
candidates for IIA professional certifcations, and those who per-
form internal audit services within the Defnition of Internal Au-
diting.
Applicability and Enforcement of the Code of Ethics
Tis Code of Ethics applies to both entities and individuals that
perform internal audit services.
For IIA members and recipients of or candidates for IIA profes-
sional certifcations, breaches of the Code of Ethics will be evalu-
ated and administered according to Te Institutes Bylaws and Ad-
ministrative Directives. Te fact that a particular conduct is not
mentioned in the Rules of Conduct does not prevent it from being
unacceptable or discreditable, and therefore, the member, certifca-
tion holder, or candidate can be liable for disciplinary action.
Principles
Internal auditors are expected to apply and uphold the follow-
ing principles:
1. Integrity
Te integrity of internal auditors establishes trust and thus pro-
vides the basis for reliance on their judgment.
2. Objectivity
Internal auditors exhibit the highest level of professional ob-
jectivity in gathering, evaluating, and communicating information
about the activity or process being examined. Internal auditors
make a balanced assessment of all the relevant circumstances and
are not unduly infuenced by their own interests or by others in
forming judgments
3. Condentiality
Internal auditors respect the value and ownership of informa-
tion they receive and do not disclose information without appro-
priate authority unless there is a legal or professional obligation to
do so.
4. Competency
Internal auditors apply the knowledge, skills, and experience
needed in the performance of internal audit services.
Rules of Conduct
1. Integrity
Internal auditors:
1.1. Shall perform their work with honesty, diligence, and re-
sponsibility.
1.2. Shall observe the law and make disclosures expected by the
law and the profession.
1.3. Shall not knowingly be a party to any illegal activity, or en-
gage in acts that are discreditable to the profession of internal au-
diting or to the organization.
1.4. Shall respect and contribute to the legitimate and ethical
objectives of the organization.
2. Objectivity
Internal auditors:
2.1. Shall not participate in any activity or relationship that may
impair or be presumed to impair their unbiased assessment. Tis
participation includes those activities or relationships that may be
in confict with the interests of the organization.
2.2. Shall not accept anything that may impair or be presumed
to impair their professional judgment.
2.3. Shall disclose all material facts known to them that, if not
disclosed, may distort the reporting of activities under review.
3. Condentiality
Internal auditors:
3.1. Shall be prudent in the use and protection of information
acquired in the course of their duties.
3.2. Shall not use information for any personal gain or in any
manner that would be contrary to the law or detrimental to the
legitimate and ethical objectives of the organization.
4. Competency
Internal auditors:
4.1. Shall engage only in those services for which they have the
necessary knowledge, skills, and experience.
4.2. Shall perform internal audit services in accordance with the In-
ternational Standards for the Professional Practice of Internal Auditing.
4.3. Shall continually improve their profciency and the efec-
tiveness and quality of their services.
INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL
AUDITING (STANDARDS)
Introduction to the International Standards
Internal auditing is conducted in diverse legal and cultural
environments; within organizations that vary in purpose, size,
complexity, and structure; and by persons within or outside the
organization. While diferences may afect the practice of internal
auditing in each environment, conformance with Te IIAs Inter-
national Standards for the Professional Practice of Internal Auditing
(Standards) is essential in meeting the responsibilities of internal
auditors and the internal audit activity.
If internal auditors or the internal audit activity is prohibited
by law or regulation from conformance with certain parts of the
Standards, conformance with all other parts of the Standards and
appropriate disclosures are needed.
If the Standards are used in conjunction with standards issued
by other authoritative bodies, internal audit communications may
also cite the use of other standards, as appropriate. In such a case,
if inconsistencies exist between the Standards and other standards,
internal auditors and the internal audit activity must conform with
the Standards, and may conform with the other standards if they
are more restrictive.
Te purpose of the Standards is to:
1. Delineate basic principles that represent the practice of in-
ternal auditing.
2. Provide a framework for performing and promoting a broad
range of value-added internal auditing.
3. Establish the basis for the evaluation of internal audit per-
formance.
4. Foster improved organizational processes and operations.
Te Standards are principles-focused, mandatory requirements
consisting of:
Statements of basic requirements for the professional prac-
tice of internal auditing and for evaluating the efectiveness
of performance, which are internationally applicable at or-
ganizational and individual levels.
Interpretations, which clarify terms or concepts within the
Statements.
Te Standards employ terms that have been given specifc mean-
ings that are included in the Glossary. Specifcally, the Standards
use the word must to specify an unconditional requirement and
the word should where conformance is expected unless, when
applying professional judgment, circumstances justify deviation.
It is necessary to consider the Statements and their Interpreta-
tions as well as the specifc meanings from the Glossary to under-
stand and apply the Standards correctly.
Te structure of the Standards is divided between Attribute
and Performance Standards. Attribute Standards address the at-
tributes of organizations and individuals performing internal
auditing. Te Performance Standards describe the nature of in-
ternal auditing and provide quality criteria against which the per-
formance of these services can be measured. Te Attribute and
Performance Standards are also provided to apply to all internal
audit services.
Implementation Standards are also provided to expand upon
the Attribute and Performance standards, by providing the require-
ments applicable to assurance (A) or consulting (C) activities.
Assurance services involve the internal auditors objective as-
sessment of evidence to provide an independent opinion or con-
clusions regarding an entity, operation, function, process, system,
or other subject matter. Te nature and scope of the assurance en-
gagement are determined by the internal auditor. Tere are gener-
ally three parties involved in assurance services: (1) the person or
group directly involved with the entity, operation, function, pro-
cess, system, or other subject matter the process owner, (2) the
person or group making the assessment the internal auditor, and
(3) the person or group using the assessment the user.
Consulting services are advisory in nature, and are generally
performed at the specifc request of an engagement client. Te na-
ture and scope of the consulting engagement are subject to agree-
ment with the engagement client. Consulting services generally in-
volve two parties: (1) the person or group ofering the advice the
internal auditor, and (2) the person or group seeking and receiving
the advice the engagement client. When performing consulting
services the internal auditor should maintain objectivity and not
assume management responsibility.
Te review and development of the Standards is an ongoing
process. Te Internal Audit Standards Board engages in extensive
consultation and discussion prior to issuing the Standards. Tis
includes worldwide solicitation for public comment through the
exposure draf process. All exposure drafs are posted on Te IIAs
Web site as well as being distributed to all IIA institutes.
Attribute Standards
1000 Purpose, Authority, and Responsibility
Te purpose, authority, and responsibility of the internal audit
activity must be formally defned in an internal audit charter, con-
sistent with the Defnition of Internal Auditing, the Code of Ethics,
and the Standards. Te chief audit executive must periodically re-
view the internal audit charter and present it to senior management
and the board for approval.
Interpretation:
Te internal audit charter is a formal document that defnes the in-
ternal audit activitys purpose, authority, and responsibility. Te inter-
nal audit charter establishes the internal audit activitys position within
the organization, including the nature of the chief audit executives
functional reporting relationship with the board; authorizes access to
records, personnel, and physical properties relevant to the performance
of engagements; and defnes the scope of internal audit activities. Final
approval of the internal audit charter resides with the board.
1000.A1 Te nature of assurance services provided to the or-
ganization must be defned in the internal audit charter. If assur-
ances are to be provided to parties outside the organization, the
nature of these assurances must also be defned in the internal au-
dit charter.
1000.C1 Te nature of consulting services must be defned in
the internal audit charter.
1010 Recognition of the Defnition of Internal Auditing, the
Code of Ethics, and the Standards in the Internal Audit Charter
Te mandatory nature of the Defnition of Internal Auditing,
the Code of Ethics, and the Standards must be recognized in the
internal audit charter. Te chief audit executive should discuss the
Defnition of Internal Auditing, the Code of Ethics, and the Stand-
ards with senior management and the board.
1100 Independence and Objectivity
Te internal audit activity must be independent, and internal
auditors must be objective in performing their work.
Interpretation:
Independence is the freedom from conditions that threaten the
ability of the internal audit activity to carry out internal audit re-
sponsibilities in an unbiased manner. To achieve the degree of in-
dependence necessary to efectively carry out the responsibilities of
the internal audit activity, the chief audit executive has direct and
unrestricted access to senior management and the board. Tis can
be achieved through a dual-reporting relationship. Treats to inde-
pendence must be managed at the individual auditor, engagement,
functional, and organizational levels.
Objectivity is an unbiased mental attitude that allows internal
auditors to perform engagements in such a manner that they be-
lieve in their work product and that no quality compromises are
made.Objectivity requires that internal auditors do not subordinate
their judgment on audit matters to others. Treats to objectivity must
be managed at the individual auditor, engagement, functional, and
organizational levels.
1110 Organizational Independence
Te chief audit executive must report to a level within the organi-
zation that allows the internal audit activity to fulfll its responsibili-
ties. Te chief audit executive must confrm to the board, at least an-
nually, the organizational independence of the internal audit activity.
Interpretation:
Organizational independence is efectively achieved when the
chief audit executive reports functionally to the board. Examples of
functional reporting to the board involve the board:
Approving the internal audit charter;
Approving the risk based internal audit plan;
Receiving communications from the chief audit executive on
the internal audit activitys performance relative to its plan
and other matters;
Approving decisions regarding the appointment and removal
of the chief audit executive; and
Making appropriate inquiries of management and the chief
audit executive to determine whether there are inappropri-
ate scope or resource limitations.
1110. A1 Te internal audit activity must be free from inter-
ference in determining the scope of internal auditing, performing
work, and communicating results.
1111 Direct Interaction with the Board
Te chief audit executive must communicate and interact di-
rectly with the board.
1120 Individual Objectivity
Internal auditors must have an impartial, unbiased attitude and
avoid any confict of interest.
Interpretation:
Confict of interest is a situation in which an internal auditor,
who is in a position of trust, has a competing professional or personal
interest. Such competing interests can make it difcult to fulfll his or
her duties impartially. A confict of interest exists even if no unethical
or improper act results. A confict of interest can create an appear-
ance of impropriety that can undermine confdence in the internal
auditor, the internal audit activity, and the profession. A confict of
interest could impair an individuals ability to perform his or her du-
ties and responsibilities objectively.
1130 Impairment to Independence or Objectivity
If independence or objectivity is impaired in fact or appearance,
the details of the impairment must be disclosed to appropriate par-
ties. Te nature of the disclosure will depend upon the impairment.
Interpretation:
Impairment to organizational independence and individual ob-
jectivity may include, but is not limited to, personal confict of inter-
est, scope limitations, restrictions on access to records, personnel, and
properties, and resource limitations, such as funding.
Te determination of appropriate parties to which the details
of an impairment to independence or objectivity must be disclosed
is dependent upon the expectations of the internal audit activitys
and the chief audit executives responsibilities to senior manage-
ment and the board as described in the internal audit charter, as
well as the nature of the impairment.
1130.A1 Internal auditors must refrain from assessing spe-
cifc operations for which they were previously responsible. Ob-
jectivity is presumed to be impaired if an internal auditor provides
assurance services for an activity for which the internal auditor had
responsibility within the previous year.
1130.A2 Assurance engagements for functions over which
the chief audit executive has responsibility must be overseen by a
party outside the internal audit activity.
1130.C1 Internal auditors may provide consulting services
relating to operations for which they had previous responsibilities.
1130.C2 If internal auditors have potential impairments to
independence or objectivity relating to proposed consulting ser-
vices, disclosure must be made to the engagement client prior to
accepting the engagement.
1200 Prociency and Due Professional Care
Engagements must be performed with profciency and due pro-
fessional care.
1210 Prociency
Internal auditors must possess the knowledge, skills, and other
competencies needed to perform their individual responsibilities.
Te internal audit activity collectively must possess or obtain the
knowledge, skills, and other competencies needed to perform its
responsibilities.
Interpretation:
Knowledge, skills, and other competencies is a collective term that
refers to the professional profciency required of internal auditors to
efectively carry out their professional responsibilities. Internal audi-
tors are encouraged to demonstrate their profciency by obtaining
appropriate professional certifcations and qualifcations, such as the
Certifed Internal Auditor designation and other designations ofered
by Te Institute of Internal Auditors and other appropriate profes-
sional organizations.
1210.A1 Te chief audit executive must obtain competent
advice and assistance if the internal auditors lack the knowledge,
skills, or other competencies needed to perform all or part of the
engagement.
1210.A2 Internal auditors must have sufcient knowledge to
evaluate the risk of fraud and the manner in which it is managed
by the organization, but are not expected to have the expertise of a
person whose primary responsibility is detecting and investigating
fraud.
1210.A3 Internal auditors must have sufcient knowledge of
key information technology risks and controls and available tech-
nology-based audit techniques to perform their assigned work.
However, not all internal auditors are expected to have the exper-
tise of an internal auditor whose primary responsibility is informa-
tion technology auditing.
1210.C1 Te chief audit executive must decline the consult-
ing engagement or obtain competent advice and assistance if the
internal auditors lack the knowledge, skills, or other competencies
needed to perform all or part of the engagement.
1220 Due Professional Care
Internal auditors must apply the care and skill expected of a rea-
sonably prudent and competent internal auditor. Due professional
care does not imply infallibility.
1220.A1 Internal auditors must exercise due professional
care by considering the:
Extent of work needed to achieve the engagements objec-
tives;
Relative complexity, materiality, or signifcance of matters to
which assurance procedures are applied;
Adequacy and efectiveness of governance, risk manage-
ment, and control processes;
Probability of signifcant errors, fraud, or noncompliance;
and
Cost of assurance in relation to potential benefts.
1220.A2 In exercising due professional care internal auditors
must consider the use of technology-based audit and other data
analysis techniques.
1220.A3 Internal auditors must be alert to the signifcant
risks that might afect objectives, operations, or resources. How-
ever, assurance procedures alone, even when performed with due
professional care, do not guarantee that all signifcant risks will be
identifed.
1220.C1 Internal auditors must exercise due professional care
during a consulting engagement by considering the:
Needs and expectations of clients, including the nature, tim-
ing, and communication of engagement results;
Relative complexity and extent of work needed to achieve
the engagements objectives; and
Cost of the consulting engagement in relation to potential
benefts.
1230 Continuing Professional Development
Internal auditors must enhance their knowledge, skills, and
other competencies through continuing professional development.
1300 Quality Assurance and Improvement Program
Te chief audit executive must develop and maintain a quality
assurance and improvement program that covers all aspects of the
internal audit activity.
Interpretation:
A quality assurance and improvement program is designed to en-
able an evaluation of the internal audit activitys conformance with
the Defnition of Internal Auditing and the Standards and an evalu-
ation of whether internal auditors apply the Code of Ethics. Te pro-
gram also assesses the efciency and efectiveness of the internal audit
activity and identifes opportunities for improvement.
1310 Requirements of the Quality Assurance and Improvement Program
Te quality assurance and improvement program must include
both internal and external assessments.
1311 Internal Assessments
Internal assessments must include:
Ongoing monitoring of the performance of the internal au-
dit activity; and
Periodic reviews performed through self-assessment or
by other persons within the organization with sufcient
knowledge of internal audit practices.
Interpretation:
Ongoing monitoring is an integral part of the day-to-day super-
vision, review, and measurement of the internal audit activity. On-
going monitoring is incorporated into the routine policies and prac-
tices used to manage the internal audit activity and uses processes,
tools, and information considered necessary to evaluate conformance
with the Defnition of Internal Auditing, the Code of Ethics, and the
Standards.
Periodic reviews are assessments conducted to evaluate conform-
ance with the Defnition of Internal Auditing, the Code of Ethics, and
the Standards.
Sufcient knowledge of internal audit practices requires at least
an understanding of all elements of the International Professional
Practices Framework.
1312 External Assessments
External assessments must be conducted at least once every fve
years by a qualifed, independent reviewer or review team from
outside the organization. Te chief audit executive must discuss
with the board:
Te need for more frequent external assessments; and
Te qualifcations and independence of the external re-
viewer or review team, including any potential confict of
interest.
Interpretation:
A qualifed reviewer or review team demonstrates competence in
two areas: the professional practice of internal auditing and the ex-
ternal assessment process. Competence can be demonstrated through
a mixture of experience and theoretical learning. Experience gained
in organizations of similar size, complexity, sector or industry, and
technical issues is more valuable than less relevant experience. In the
case of a review team, not all members of the team need to have all
the competencies; it is the team as a whole that is qualifed. Te chief
audit executive uses professional judgment when assessing whether
a reviewer or review team demonstrates sufcient competence to be
qualifed.
An independent reviewer or review team means not having ei-
ther a real or an apparent confict of interest and not being a part of,
or under the control of, the organization to which the internal audit
activity belongs.
1320 Reporting on the Quality Assurance and Improvement Program
Te chief audit executive must communicate the results of the
quality assurance and improvement program to senior manage-
ment and the board.
Interpretation:
Te form, content, and frequency of communicating the results
of the quality assurance and improvement program is established
through discussions with senior management and the board and
considers the responsibilities of the internal audit activity and chief
audit executive as contained in the internal audit charter. To dem-
onstrate conformance with the Defnition of Internal Auditing, the
Code of Ethics, and the Standards, the results of external and periodic
internal assessments are communicated upon completion of such as-
sessments and the results of ongoing monitoring are communicated
at least annually. Te results include the reviewers or review teams
assessment with respect to the degree of conformance.
1321 Use of Conforms with the International Standards for the
Professional Practice of Internal Auditing
Te chief audit executive may state that the internal audit activ-
ity conforms with the International Standards for the Professional
Practice of Internal Auditing only if the results of the quality assur-
ance and improvement program support this statement.
Interpretation:
Te internal audit activity conforms with the Standards when it
achieves the outcomes described in the Defnition of Internal Auditing,
Code of Ethics, and Standards. Te results of the quality assurance and
improvement program include the results of both internal and external
assessments. All internal audit activities will have the results of internal
assessments. Internal audit activities in existence for at least fve years
will also have the results of external assessments.
1322 Disclosure of Nonconformance
When nonconformance with the Defnition of Internal Audit-
ing, the Code of Ethics, or the Standards impacts the overall scope
or operation of the internal audit activity, the chief audit executive
must disclose the nonconformance and the impact to senior man-
agement and the board.
Performance Standards
2000 Managing the Internal Audit Activity
Te chief audit executive must efectively manage the internal
audit activity to ensure it adds value to the organization.
Interpretation:
Te internal audit activity is efectively managed when:
Te results of the internal audit activitys work achieve the pur-
pose and responsibility included in the internal audit charter;
Te internal audit activity conforms with the Defnition of
Internal Auditing and the Standards; and
Te individuals who are part of the internal audit activity
demonstrate conformance with the Code of Ethics and the
Standards.
and contributes to the efectiveness and efciency of governance, risk
management, and control processes.
2010 Planning
Te chief audit executive must establish risk-based plans to de-
termine the priorities of the internal audit activity, consistent with
the organizations goals.
Interpretation:
Te chief audit executive is responsible for developing a risk-based
plan. Te chief audit executive takes into account the organizations
risk management framework, including using risk appetite levels set
by management for the diferent activities or parts of the organiza-
tion. If a framework does not exist, the chief audit executive uses his/
her own judgment of risks afer consultation with senior manage-
ment and the board.
2010.A1 Te internal audit activitys plan of engagements
must be based on a documented risk assessment, undertaken at
least annually. Te input of senior management and the board must
be considered in this process.
2010.A2 Te chief audit executive must identify and consid-
er the expectations of senior management, the board, and other
stakeholders for internal audit opinions and other conclusions.
2010.C1 Te chief audit executive should consider accepting
proposed consulting engagements based on the engagements po-
tential to improve management of risks, add value, and improve the
organizations operations. Accepted engagements must be included
in the plan.
2020 Communication and Approval
Te chief audit executive must communicate the internal au-
dit activitys plans and resource requirements, including signifcant
interim changes, to senior management and the board for review
and approval. Te chief audit executive must also communicate the
impact of resource limitations.
2030 Resource Management
Te chief audit executive must ensure that internal audit re-
sources are appropriate, sufcient, and efectively deployed to
achieve the approved plan.
Interpretation:
Appropriate refers to the mix of knowledge, skills, and other com-
petencies needed to perform the plan. Sufcient refers to the quantity
of resources needed to accomplish the plan. Resources are efectively
deployed when they are used in a way that optimizes the achievement
of the approved plan.
2040 Policies and Procedures
Te chief audit executive must establish policies and proce-
dures to guide the internal audit activity.
Interpretation:
Te form and content of policies and procedures are dependent
upon the size and structure of the internal audit activity and the com-
plexity of its work.
2050 Coordination
Te chief audit executive should share information and coordi-
nate activities with other internal and external providers of assur-
ance and consulting services to ensure proper coverage and mini-
mize duplication of eforts.
2060 Reporting to Senior Management and the Board
Te chief audit executive must report periodically to senior
management and the board on the internal audit activitys purpose,
authority, responsibility, and performance relative to its plan. Re-
porting must also include signifcant risk exposures and control is-
sues, including fraud risks, governance issues, and other matters
needed or requested by senior management and the board.
Interpretation:
Te frequency and content of reporting are determined in discus-
sion with senior management and the board and depend on the im-
portance of the information to be communicated and the urgency of
the related actions to be taken by senior management or the board.
2070 External Service Provider and Organizational Responsibility for
Internal Auditing
When an external service provider serves as the internal audit
activity, the provider must make the organization aware that the
organization has the responsibility for maintaining an efective in-
ternal audit activity.
Interpretation
Tis responsibility is demonstrated through the quality assurance
and improvement program which assesses conformance with the Def-
inition of Internal Auditing, the Code of Ethics, and the Standards.
2100 Nature of Work
Te internal audit activity must evaluate and contribute to the
improvement of governance, risk management, and control pro-
cesses using a systematic and disciplined approach.
2110 Governance
Te internal audit activity must assess and make appropriate
recommendations for improving the governance process in its ac-
complishment of the following objectives:
Promoting appropriate ethics and values within the organi-
zation;
Ensuring efective organizational performance manage-
ment and accountability;
Communicating risk and control information to appropri-
ate areas of the organization; and
Coordinating the activities of and communicating informa-
tion among the board, external and internal auditors, and
management.
2110.A1 Te internal audit activity must evaluate the design,
implementation, and efectiveness of the organizations ethics-re-
lated objectives, programs, and activities.
2110.A2 Te internal audit activity must assess whether the
information technology governance of the organization supports
the organizations strategies and objectives.
2120 Risk Management
Te internal audit activity must evaluate the efectiveness and
contribute to the improvement of risk management processes.
Interpretation:
Determining whether risk management processes are efective is a
judgment resulting from the internal auditors assessment that:
Organizational objectives support and align with the or-
ganizations mission;
Signifcant risks are identifed and assessed;
Appropriate risk responses are selected that align risks with
the organizations risk appetite; and
Relevant risk information is captured and communicated
in a timely manner across the organization, enabling staf,
management, and the board to carry out their responsibili-
ties.
Te internal audit activity may gather the information to sup-
port this assessment during multiple engagements. Te results of
these engagements, when viewed together, provide an understand-
ing of the organizations risk management processes and their ef-
fectiveness.
Risk management processes are monitored through ongoing
management activities, separate evaluations, or both.
2120.A1 Te internal audit activity must evaluate risk expo-
sures relating to the organizations governance, operations, and in-
formation systems regarding the:
Reliability and integrity of fnancial and operational infor-
mation;
Efectiveness and efciency of operations and programs;
Safeguarding of assets; and
Compliance with laws, regulations, policies, procedures,
and contracts.
2120.A2 Te internal audit activity must evaluate the poten-
tial for the occurrence of fraud and how the organization manages
fraud risk.
2120.C1 During consulting engagements, internal auditors
must address risk consistent with the engagements objectives and
be alert to the existence of other signifcant risks.
2120.C2 Internal auditors must incorporate knowledge of
risks gained from consulting engagements into their evaluation of
the organizations risk management processes.
2120.C3 When assisting management in establishing or im-
proving risk management processes, internal auditors must refrain
from assuming any management responsibility by actually manag-
ing risks.
2130 Control
Te internal audit activity must assist the organization in main-
taining efective controls by evaluating their efectiveness and ef-
fciency and by promoting continuous improvement.
2130.A1 Te internal audit activity must evaluate the adequa-
cy and efectiveness of controls in responding to risks within the
organizations governance, operations, and information systems
regarding the:
Reliability and integrity of fnancial and operational infor-
mation;
Efectiveness and efciency of operations and programs;
Safeguarding of assets; and
Compliance with laws, regulations, policies, procedures,
and contracts.
2130.C1 Internal auditors must incorporate knowledge of
controls gained from consulting engagements into evaluation of
the organizations control processes.
2200 Engagement Planning
Internal auditors must develop and document a plan for each
engagement, including the engagements objectives, scope, timing,
and resource allocations.
2201 Planning Considerations
In planning the engagement, internal auditors must consider:
Te objectives of the activity being reviewed and the means
by which the activity controls its performance;
Te signifcant risks to the activity, its objectives, resources,
and operations and the means by which the potential im-
pact of risk is kept to an acceptable level;
Te adequacy and efectiveness of the activitys risk manage-
ment and control processes compared to a relevant control
framework or model; and
Te opportunities for making signifcant improvements to
the activitys risk management and control processes.
2201.A1 When planning an engagement for parties outside
the organization, internal auditors must establish a written under-
standing with them about objectives, scope, respective responsibil-
ities, and other expectations, including restrictions on distribution
of the results of the engagement and access to engagement records.
2201.C1 Internal auditors must establish an understanding
with consulting engagement clients about objectives, scope, re-
spective responsibilities, and other client expectations. For signif-
cant engagements, this understanding must be documented.
2210 Engagement Objectives
Objectives must be established for each engagement.
2210.A1 Internal auditors must conduct a preliminary assess-
ment of the risks relevant to the activity under review. Engagement
objectives must refect the results of this assessment.
2210.A2 Internal auditors must consider the probability of
signifcant errors, fraud, noncompliance, and other exposures
when developing the engagement objectives.
2210.A3 Adequate criteria are needed to evaluate controls.
Internal auditors must ascertain the extent to which management
has established adequate criteria to determine whether objectives
and goals have been accomplished. If adequate, internal auditors
must use such criteria in their evaluation. If inadequate, internal
auditors must work with management to develop appropriate eval-
uation criteria.
2210.C1 Consulting engagement objectives must address
governance, risk management, and control processes to the extent
agreed upon with the client.
2210.C2 Consulting engagement objectives must be consist-
ent with the organizations values, strategies, and objectives.
2220 Engagement Scope
Te established scope must be sufcient to satisfy the objectives
of the engagement.
2220.A1 Te scope of the engagement must include consid-
eration of relevant systems, records, personnel, and physical prop-
erties, including those under the control of third parties.
2220.A2 If signifcant consulting opportunities arise during
an assurance engagement, a specifc written understanding as to
the objectives, scope, respective responsibilities, and other expecta-
tions should be reached and the results of the consulting engage-
ment communicated in accordance with consulting standards.
2220.C1 In performing consulting engagements, internal au-
ditors must ensure that the scope of the engagement is sufcient
to address the agreed-upon objectives. If internal auditors develop
reservations about the scope during the engagement, these reser-
vations must be discussed with the client to determine whether to
continue with the engagement.
2220.C2 During consulting engagements, internal auditors
must address controls consistent with the engagements objectives
and be alert to signifcant control issues.
2230 Engagement Resource Allocation
Internal auditors must determine appropriate and sufcient re-
sources to achieve engagement objectives based on an evaluation
of the nature and complexity of each engagement, time constraints,
and available resources.
2240 Engagement Work Program
Internal auditors must develop and document work programs
that achieve the engagement objectives.
2240.A1 Work programs must include the procedures for
identifying, analyzing, evaluating, and documenting information
during the engagement. Te work program must be approved prior
to its implementation, and any adjustments approved promptly.
2240.C1 Work programs for consulting engagements may
vary in form and content depending upon the nature of the en-
gagement.
2300 Performing the Engagement
Internal auditors must identify, analyze, evaluate, and docu-
ment sufcient information to achieve the engagements objectives.
2310 Identifying Information
Internal auditors must identify sufcient, reliable, relevant, and
useful information to achieve the engagements objectives.
Interpretation:
Sufcient information is factual, adequate, and convincing so
that a prudent, informed person would reach the same conclusions
as the auditor. Reliable information is the best attainable information
through the use of appropriate engagement techniques. Relevant in-
formation supports engagement observations and recommendations
and is consistent with the objectives for the engagement. Useful infor-
mation helps the organization meet its goals.
2320 Analysis and Evaluation
Internal auditors must base conclusions and engagement re-
sults on appropriate analyses and evaluations.
2330 Documenting Information
Internal auditors must document relevant information to sup-
port the conclusions and engagement results.
2330.A1 Te chief audit executive must control access to en-
gagement records. Te chief audit executive must obtain the ap-
proval of senior management and/or legal counsel prior to releas-
ing such records to external parties, as appropriate.
2330.A2 Te chief audit executive must develop retention
requirements for engagement records, regardless of the medium
in which each record is stored. Tese retention requirements must
be consistent with the organizations guidelines and any pertinent
regulatory or other requirements.
2330.C1 Te chief audit executive must develop policies
governing the custody and retention of consulting engagement re-
cords, as well as their release to internal and external parties. Tese
policies must be consistent with the organizations guidelines and
any pertinent regulatory or other requirements.
2340 Engagement Supervision
Engagements must be properly supervised to ensure objectives
are achieved, quality is assured, and staf is developed.
Interpretation:
Te extent of supervision required will depend on the profciency
and experience of internal auditors and the complexity of the engage-
ment. Te chief audit executive has overall responsibility for supervis-
ing the engagement, whether performed by or for the internal audit
activity, but may designate appropriately experienced members of the
internal audit activity to perform the review. Appropriate evidence of
supervision is documented and retained.
2400 Communicating Results
Internal auditors must communicate the results of engagements.
2410 Criteria for Communicating
Communications must include the engagements objectives and
scope as well as applicable conclusions, recommendations, and ac-
tion plans.
2410.A1 - Final communication of engagement results must,
where appropriate, contain the internal auditors opinion and/or
conclusions. When issued, an opinion or conclusion must take ac-
count of the expectations of senior management, the board, and
other stakeholders and must be supported by sufcient, reliable,
relevant, and useful information.
Interpretation:
Opinions at the engagement level may be ratings, conclusions, or
other descriptions of the results. Such an engagement may be in rela-
tion to controls around a specifc process, risk, or business unit. Te
formulation of such opinions requires consideration of the engage-
ment results and their signifcance.
2410.A2 Internal auditors are encouraged to acknowledge
satisfactory performance in engagement communications.
2410.A3 When releasing engagement results to parties out-
side the organization, the communication must include limitations
on distribution and use of the results.
2410.C1 Communication of the progress and results of con-
sulting engagements will vary in form and content depending upon
the nature of the engagement and the needs of the client.
2420 Quality of Communications
Communications must be accurate, objective, clear, concise,
constructive, complete, and timely.
Interpretation:
Accurate communications are free from errors and distortions
and are faithful to the underlying facts. Objective communications
are fair, impartial, and unbiased and are the result of a fair-mind-
ed and balanced assessment of all relevant facts and circumstances.
Clear communications are easily understood and logical, avoiding
unnecessary technical language and providing all signifcant and
relevant information. Concise communications are to the point and
avoid unnecessary elaboration, superfuous detail, redundancy, and
wordiness. Constructive communications are helpful to the engage-
ment client and the organization and lead to improvements where
needed. Complete communications lack nothing that is essential to
the target audience and include all signifcant and relevant informa-
tion and observations to support recommendations and conclusions.
Timely communications are opportune and expedient, depending on
the signifcance of the issue, allowing management to take appropri-
ate corrective action.
2421 Errors and Omissions
If a fnal communication contains a signifcant error or omis-
sion, the chief audit executive must communicate corrected infor-
mation to all parties who received the original communication.
2430 Use of Conducted in Conformance with the International Standards
for the Professional Practice of Internal Auditing
Internal auditors may report that their engagements are con-
ducted in conformance with the International Standards for the
Professional Practice of Internal Auditing, only if the results of the
quality assurance and improvement program support the state-
ment.
2431 Engagement Disclosure of Nonconformance
When nonconformance with the Defnition of Internal Audit-
ing, the Code of Ethics or the Standards impacts a specifc engage-
ment, communication of the results must disclose the:
Principle or rule of conduct of the Code of Ethics or
Standard(s) with which full conformance was not achieved;
Reason(s) for nonconformance; and
Impact of nonconformance on the engagement and the
communicated engagement results.
2440 Disseminating Results
Te chief audit executive must communicate results to the ap-
propriate parties.
Interpretation:
Te chief audit executive or designee reviews and approves the
fnal engagement communication before issuance and decides to
whom and how it will be disseminated
2440.A1 Te chief audit executive is responsible for commu-
nicating the fnal results to parties who can ensure that the results
are given due consideration.
2440.A2 If not otherwise mandated by legal, statutory, or reg-
ulatory requirements, prior to releasing results to parties outside
the organization the chief audit executive must:
Assess the potential risk to the organization;
Consult with senior management and/or legal counsel as
appropriate; and
Control dissemination by restricting the use of the results.
2440.C1 Te chief audit executive is responsible for commu-
nicating the fnal results of consulting engagements to clients.
2440.C2 During consulting engagements, governance, risk
management, and control issues may be identifed. Whenever these
issues are signifcant to the organization, they must be communi-
cated to senior management and the board.
2450 Overall Opinions
When an overall opinion is issued, it must take into account the
expectations of senior management, the board, and other stake-
holders and must be supported by sufcient, reliable, relevant, and
useful information.
Interpretation:
Te communication will identify:
Te scope, including the time period to which the opinion per-
tains;
Scope limitations;
Consideration of all related projects including the reliance on
other assurance providers;
Te risk or control framework or other criteria used as a basis
for the overall opinion; and
Te overall opinion, judgment, or conclusion reached.
Te reasons for an unfavorable overall opinion must be stated.
2500 Monitoring Progress
Te chief audit executive must establish and maintain a system
to monitor the disposition of results communicated to management.
2500.A1 Te chief audit executive must establish a follow-up
process to monitor and ensure that management actions have been
efectively implemented or that senior management has accepted
the risk of not taking action.
2500.C1 Te internal audit activity must monitor the disposi-
tion of results of consulting engagements to the extent agreed upon
with the client.
2600 Resolution of Senior Managements Acceptance of Risks
When the chief audit executive believes that senior manage-
ment has accepted a level of residual risk that may be unacceptable
to the organization, the chief audit executive must discuss the mat-
ter with senior management. If the decision regarding residual risk
is not resolved, the chief audit executive must report the matter to
the board for resolution.
Glossary
Add Value
and contributes to the efectiveness and efciency of governance,
risk management, and control processes.
Adequate Control
Present if management has planned and organized (designed) in
a manner that provides reasonable assurance that the organizations
risks have been managed efectively and that the organizations goals
and objectives will be achieved efciently and economically.
Assurance Services
An objective examination of evidence for the purpose of pro-
viding an independent assessment on governance, risk manage-
ment, and control processes for the organization. Examples may
include fnancial, performance, compliance, system security, and
due diligence engagements.
Board
A board is an organizations governing body, such as a board of
directors, supervisory board, head of an agency or legislative body,
board of governors or trustees of a nonproft organization, or any
other designated body of the organization, including the audit com-
mittee to whom the chief audit executive may functionally report.
Charter
Te internal audit charter is a formal document that defnes the
internal audit activitys purpose, authority, and responsibility. Te
internal audit charter establishes the internal audit activitys posi-
tion within the organization; authorizes access to records, person-
nel, and physical properties relevant to the performance of engage-
ments; and defnes the scope of internal audit activities.
Chief Audit Executive
Chief audit executive describes a person in a senior position re-
sponsible for efectively managing the internal audit activity in ac-
cordance with the internal audit charter and the Defnition of Inter-
nal Auditing, the Code of Ethics, and the Standards. Te chief audit
executive or others reporting to the chief audit executive will have
appropriate professional certifcations and qualifcations. Te specif-
ic job title of the chief audit executive may vary across organizations.
Code of Ethics
Te Code of Ethics of Te Institute of Internal Auditors (IIA)
are Principles relevant to the profession and practice of internal
auditing, and Rules of Conduct that describe behavior expected of
internal auditors. Te Code of Ethics applies to both parties and
entities that provide internal audit services. Te purpose of the
Code of Ethics is to promote an ethical culture in the global profes-
sion of internal auditing.
Compliance
Adherence to policies, plans, procedures, laws, regulations,
contracts, or other requirements.
Conict of Interest
Any relationship that is, or appears to be, not in the best inter-
est of the organization. A confict of interest would prejudice an
individuals ability to perform his or her duties and responsibilities
objectively.
Consulting Services
Advisory and related client service activities, the nature and scope
of which are agreed with the client, are intended to add value and im-
prove an organizations governance, risk management, and control
processes without the internal auditor assuming management respon-
sibility. Examples include counsel, advice, facilitation, and training.
Control
Any action taken by management, the board, and other parties
to manage risk and increase the likelihood that established objec-
tives and goals will be achieved. Management plans, organizes, and
directs the performance of sufcient actions to provide reasonable
assurance that objectives and goals will be achieved.
Control Environment
Te attitude and actions of the board and management regard-
ing the importance of control within the organization. Te control
environment provides the discipline and structure for the achieve-
ment of the primary objectives of the system of internal control.
Te control environment includes the following elements:
Integrity and ethical values.
Managements philosophy and operating style.
Organizational structure.
Assignment of authority and responsibility.
Human resource policies and practices.
Competence of personnel.
Control Processes
Te policies, procedures, and activities that are part of a control
framework, designed to ensure that risks are contained within the
risk tolerances established by the risk management process.
Engagement
A specifc internal audit assignment, task, or review activity,
such as an internal audit, control self-assessment review, fraud ex-
amination, or consultancy. An engagement may include multiple
tasks or activities designed to accomplish a specifc set of related
objectives.
Engagement Objectives
Broad statements developed by internal auditors that defne in-
tended engagement accomplishments.
Engagement Work Program
A document that lists the procedures to be followed during an
engagement, designed to achieve the engagement plan.
External Service Provider
A person or frm outside of the organization that has special
knowledge, skill, and experience in a particular discipline.
Fraud
Any illegal act characterized by deceit, concealment, or violation
of trust. Tese acts are not dependent upon the threat of violence or
physical force. Frauds are perpetrated by parties and organizations
to obtain money, property, or services; to avoid payment or loss of
services; or to secure personal or business advantage.
Governance
Te combination of processes and structures implemented by
the board to inform, direct, manage, and monitor the activities of
the organization toward the achievement of its objectives.
Impairment
Impairment to organizational independence and individual
objectivity may include personal confict of interest, scope limita-
tions, restrictions on access to records, personnel, and properties,
and resource limitations (funding).
Independence
Te freedom from conditions that threaten the ability of the in-
ternal audit activity to carry out internal audit responsibilities in an
unbiased manner.
Information Technology Controls
Controls that support business management and governance
as well as provide general and technical controls over information
technology infrastructures such as applications, information, in-
frastructure, and people.
Information Technology Governance
Consists of the leadership, organizational structures, and pro-
cesses that ensure that the enterprises information technology sup-
ports the organizations strategies and objectives.
Internal Audit Activity
A department, division, team of consultants, or other
practitioner(s) that provides independent, objective assurance and
consulting services designed to add value and improve an organi-
zations operations. Te internal audit activity helps an organiza-
tion accomplish its objectives by bringing a systematic, disciplined
approach to evaluate and improve the efectiveness of governance,
risk management and control processes.
International Professional Practices Framework
Te conceptual framework that organizes the authoritative
guidance promulgated by Te IIA. Authoritative Guidance is com-
prised of two categories (1) mandatory and (2) strongly recom-
mended.
Must
Te Standards use the word must to specify an unconditional
requirement.
Objectivity
An unbiased mental attitude that allows internal auditors to
perform engagements in such a manner that they believe in their
work product and that no quality compromises are made. Objec-
tivity requires that internal auditors do not subordinate their judg-
ment on audit matters to others.
Residual Risk
Te risk remaining afer management takes action to reduce the
impact and likelihood of an adverse event, including control activi-
ties in responding to a risk.
Risk
Te possibility of an event occurring that will have an impact
on the achievement of objectives. Risk is measured in terms of im-
pact and likelihood.
Risk Appetite
Te level of risk that an organization is willing to accept.
Risk Management
A process to identify, assess, manage, and control potential
events or situations to provide reasonable assurance regarding the
achievement of the organizations objectives.
Should
Te Standards use the word should where conformance is
expected unless, when applying professional judgment, circum-
stances justify deviation.
Signicance
Te relative importance of a matter within the context in which
it is being considered, including quantitative and qualitative fac-
tors, such as magnitude, nature, efect, relevance, and impact. Pro-
fessional judgment assists internal auditors when evaluating the
signifcance of matters within the context of the relevant objectives.
Standard
A professional pronouncement promulgated by the Internal
Audit Standards Board that delineates the requirements for per-
forming a broad range of internal audit activities, and for evaluat-
ing internal audit performance.
Technology-based Audit Techniques
Any automated audit tool, such as generalized audit sofware,
test data generators, computerized audit programs, specialized au-
dit utilities, and computer-assisted audit techniques (CAATs).
Bibliography:
1. Arens, A., Loebbecke, J., 2003, Audit-o abordare integrata,
Editura Arc, Bucuresti.
2. Asociatia Auditorilor Interni din Romania (AAIR), 2009,
Standardele Internaionale de Practic Profesional a Auditului
Intern, [online] available at webpage, http://www.aair.ro/index.
php?option=com_content&view=article&id=33&Itemid=57&
lang=ro, downloaded at 5.03.2012.
3. Asociatia Auditorilor Interni din Romania (AAIR), 2012,
Statutul AAIR, [online] available at webpage http://www.
aair.ro/fsiere/statut_act_const/statut.pdf, downloaded at
02.04.2012.
4. Boulescu, M., Ghi, M., Mare, V., 2001, Fundamentele auditu-
lui, Editura Didactic i Pedagogic, Bucureti.
5. Boulescu, M., Ghi, M., Mare, V., 2003, Controlul fscal i
auditul fnanciar-fscal, Editura CECCAR, Bucureti.
6. Collins, L., Valin, G., 1996, Audit et control intern, Principes,
Objectifs et Practiques, Editura Daltoz.
7. Comisia Europeana, (CE), 2011, Carte verde - Cadrul de guver-
nanta corporativa al UE, COM(2011) 164 fnal, [online] availa-
ble at webpage http://ec.europa.eu/internal_market/company/
docs/modern/com2011-164_ro.pdf#page=2, downloaded at
08.04.2012.
8. Consiliul National de Formare Profesionala a Adultilor (CNF-
PA), 2010, Standarde ocupationale, [online] available at web-
page http://so.cnfpa.ro/so/r/Auditor.intern.public.pdf, down-
loaded at 28.03.2012.
9. Cosserat, G., W., 2000, Modern auditing, Editura John
Wiley&sons, New York.
10. European Corporate Governance Institute (ECGI), Cadbury Re-
port- Report of the Committee on the Financial Aspects of Corpo-
rate Governance, [online] available at webpage http://www.ecgi.
org/codes/documents/cadbury.pdf, downloaded at 09.04.2012.
11. Ghi, M., Mare, V., 2002, Auditul performanei fnanelor pub-
lice, Editura CECCAR, Bucureti.
12. Ghi, M., Sprncean, M., 2004, Auditul intern al instituiilor
publice, Editura Tribuna Economic, Bucureti.
13. Ghi, E., 2007, Internal public audit, Sitech Publishing House,
Craiova.
14. Ghi, M., Auditul intern, 2005, Editura Economic, Bucureti.
15. Ghi, M., Sprncean, M., 2006, Auditul intern al instituiilor
publice, Editura Tribuna Economic, Bucureti.
16. Ghi, M., Nicolae, C., 2006, Ghid practic privind activitatea de
achiziii publice, elaborat de Unitatea Central pentru Armo-
nizarea Auditului Public Intern, Ministerul Finanelor Publice,
Bucureti.
17. Ghita, M., Popescu, M., 2006, Auditul intern al institutiilor pub-
lice: teorie si practica, Editura CECCAR, Bucuresti.
18. Gisberto-Chitu, A. si colectiv, 2005, Studii de caz privind
auditul public intern, Editura CECCAR, Bucuresti.
19. Gray, M., 2000, Te audit process: principles, practice and cases,
Editura Business Press.
20. Grifths, D., 2006, Risk Based Internal Auditing (RBIA). Tree
views on Implementation, [online] available at webpage http://
www.internalaudit.biz/files/implementation/Implement-
ing%20RBIA%20v1.1.pdf, downloaded at 6.04.2012.
21. Grifths, D., 2006a, Risk Based Internal Auditing (RBIA. An In-
troduction, [online] available at webpage http://www.internal-
audit.biz/fles/introduction/Internalauditv2_0_3.pdf, down-
loaded at 6.04.2012.
22. Macarie, F., C., 2008, Auditul public intern-suport in procesul
decizional, RTSA, nr. 2(22)/2008, pp. 34-43.
23. Macarie, F., C., 2011, Consideraii privind starea actual i vii-
torul auditului public intern n Romnia, Audit fnanciar, nr.
5-2011, pp. 26-32.
24. Mares, G. si colectiv, 2007, Practica auditului intern privind
fondurile publice nationale si ale Uniunii Europene, Editura
Contaplus, Ploiesti.
25. Ministerul Finantelor Publice (MFP), 2012, Ghiduri practice
pentru audit public intern, [online] available at webpage http://
www.mfnante.ro/audit.html?pagina=domenii, downloaded at
28.03.2012.
26. Institut Franais de lAudit et du Contrle Internes (IFACI), R-
frentiel international de laudit interne, 2011, [online] available
at webpage http://www.ifaci.com/Bibliotheque/Bibliotheque-
en-ligne-telecharger-la-documentation-professionnelle/Refer-
entiel-international-de-l-audit-interne-149.html, downloaded
at 03.04.2012.
27. Institut Franais de lAudit et du Contrle Internes (IFACI),
Pratice Advisory, [online] available at webpage http://www.
ifaci.com/Bibliotheque/Bibliotheque-en-ligne-telecharger-la-
documentation-professionnelle/Referentiel-international-de-
l-audit-interne/modalites-pratiques-application-210.html ,
downloaded at 03.04.2012.
28. Oprean, I., Popa, I., E., Lenghel, R., D., 2007, Procedurile audit-
ului i ale controlului fnanciar, Editura Risoprint, Cluj-Napoca.
29. Organisation for Economic Co-operation and Development
(OECD), 1994, Performance management in government: per-
formance measurement and results oriented Management, Paris,
PUMA/OCSE, [online] available at webpage http://www.oecd.
org/dataoecd/11/61/38134037.pdf, downloaded at 03.04.2012.
30. Organisation for Economic Co-operation and Development
(OECD), 2004, Principles of Corporate Governance, [online]
available at webpage http://www.ecgi.org/codes/documents/
principles_en_fnal.pdf, downloaded at 09.04.2012.
31. Pollit, Ch., Bouckaert, G., 2004, Reforma managementului pub-
lic. Analiza comparata, Editura Epigraf, Chisinau.
32. Renard, J., 2002, Teoria i practica auditului intern, Ediia a IV-a,
traducere din limba francez realizat de Ministerul Finanelor
Publice n cadrul unui proiect fnanat de PHARE, Bucureti.
33. Te Institute of Internal Auditors (IIA), 2007, Te International
Professional Practices Framework (IPPF), [online] available at
webpage http://www.theiia.org/guidance/standards-and-guid-
ance/ippf/, downloaded at 26.03.2012
34. Te Institute of Internal Auditors (IIA), 2012, Practice Guides
(PG), [online] available at webpage http://www.theiia.org/
guidance/standards-and-guidance/ippf/practice-guides/,
downloaded at 03.04.2012.
35. Tudorica, A., 2009, Masters Tesis Te relationship between
internal auditing and management, FSPAC, Cluj-Napoca.
36. *** Hotararea Guvernului nr. 235/2003 pentru aprobarea Nor-
melor privind modul de nominalizare a membrilor Comitetu-
lui pentru Audit Public Intern, publicata in Monitorul Ofcial
al Romaniei, Partea I, nr. 162 din 13 martie 2003.
37. *** Legea nr. 672/2002 privind auditul public intern, Monitorul
Ofcial al Romniei nr. 953/2002, actualizat i republicat n
Monitorul Ofcial al Romniei nr. 953 din 24 decembrie 2002.
38. *** Legea nr. 133/2002 pentru aprobarea OUG nr. 75/1999,
republicat, privind activitatea de audit fnanciar, Monitorul
Ofcial al Romniei nr. 598/2003.
39. *** OG nr. 37/2004 pentru modifcarea i completarea
reglementrilor privind auditul intern, Monitorul Ofcial al
Romniei nr. 91/2004.
40. *** OMFP nr. 38/2003 pentru aprobarea Normelor generale
privind exercitarea activitii de audit public intern, Monitorul
Ofcial al Romniei nr. 130 bis/2003.
41. *** OMFP nr. 423/2004 pentru modifcarea i completarea
Normelor generale privind exercitarea activitii de audit pub-
lic intern, aprobate prin OMFP nr. 38/2003.
42. *** OMFP nr. 252/2004 pentru aprobarea Codului privind con-
duita etic a auditorului intern, Monitorul Ofcial al Romniei
nr. 128/2004.
43. *** OMFP nr. 768/2003 privind delegarea de competen a
unor atribuii ale UCAAPI n competena serviciilor de control
i audit intern al DGFP judeene i a municipiului Bucureti.
44. *** OMFP nr. 769/2003 pentru aprobarea procedurii de avizare
a numirii/destituirii eflor Compartimentelor de Audit public
intern din entitile publice.
45. *** OMFP nr. 1.702/2005 pentru aprobarea normelor privind
organizarea i exercitarea activitii de consiliere, Monitorul
Ofcial al Romniei nr. 154/17.02.2006.
46. www.auditnet.org
47. www.iia.org.uk
48. www.cafr.ro
49. www.e-contabilitate.ro
50. www.aair.ro
51. www.eciia.org
52. www.theiia.org
53. www.ifaci.com

Auditing in Public Institutions Suport de Curs

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Auditing in Public Institutions Suport de Curs

Încărcat de

Drepturi de autor:

Formate disponibile

Aceast carte a fost realizat n cadrul Activitii nr.

S-ar putea să vă placă și