TÉRMINOS DE REFERENCIA PARA LA CONTRATACIÓN DE SERVICIOS EXTERNOS PARA LA REALIZACIÓN DE UNA EVALUACIÓN EX ANTE DE UNA ORGANIZACIÓN NO GUBERNAMENTAL APLICANDO PARA SER SOCIO HUMANITARIO
TÉRMINOS DE REFERENCIA PARA LA CONTRATACIÓN DE SERVICIOS EXTERNOS PARA LA REALIZACIÓN DE UNA EVALUACIÓN EX ANTE DE UNA ORGANIZACIÓN NO GUBERNAMENTAL APLICANDO PARA SER SOCIO HUMANITARIO
DE FPA DE LA COMISIÓN EUROPEA (REPRESENTADA POR LA DG ECHO)
SOLICITUD PARA EL FPA 2021
Organización objeto de la evaluación | Asamblea de Cooperación por la Paz |
Dirección | Xxxxx xxx Xxxxxxxx 00, 00000, Xxxxxx |
País | España |
Fecha de publicación de la solicitud para los servicios externos | 31/01/2020 |
Ultima fecha para la recepción de ofertas | 16/02/2020 |
Periodo objeto de la evaluación | El año (período de 12 meses) que finaliza el día del inicio del trabajo de campo (procedimientos in situ) de la evaluación |
Fecha de inicio de la evaluación | 01/03/2020 |
Fecha de finalización de la evaluación | 30/05/2020 (fecha estimada de recepción del informe final de evaluación) |
TABLE OF CONTENTS
TERMS OF REFERENCE FOR THE AUDITORS 1
REQUIREMENTS FOR THE AUDITORS 3
INTRODUCTION
Desde el año de su creación en 1991, aunque ACPP no se constituyó como actor humanitario en sí, sino como actor de la cooperación internacional, el imperativo humanitario unido a la base de experiencia acumulada en zonas donde surgieron desastres, provocados por fenómenos naturales o por conflicto, como Republica Dominicana y Palestina, hicieron que la organización empezara a intervenir en estos contextos.
Como tal, las intervenciones en situaciones humanitarias y de emergencia han formado parte del trabajo de ACPP desde su creación en 1991, y vienen formalmente incluidas en los estatutos de la organización en 2004 cuando se incluye entre sus fines:
“Prestar asistencia económica, cultural, social, educativa, medioambiental, sanitaria y humanitaria a los colectivos étnicos o sociales que la soliciten en cualquier parte del mundo.”
ACPP cuenta con un Acuerdo Marco de Asociación (Framework Partnership Agreement, o FPA) con la Dirección General de la Unión Europea para la Protección Civil Europea y las Operaciones de Ayuda Humanitaria (DG ECHO), vigente para el periodo del 1 de enero de 2014 al 31 de diciembre de 2020.
El objeto de los presentes Términos de Referencia (TdR) es la contratación de servicios externos para la realización de una evaluación ex ante, para la renovación del FPA con DG ECHO para el siguiente periodo, empezando el 1 de enero de 2021.
Los TdR detallados a continuación están en inglés, pero cabe destacar que las ofertas enviadas por proveedores de servicios externos pueden presentarse en inglés o en castellano.
La calendarización del trabajo se encuentra en el apartado 4.5.1.
Los requisitos, plazo y forma de presentación de las ofertas se encuentran en el apartado 6.2.
TERMS OF REFERENCE FOR THE AUDITORS
The following are the terms of reference (‘ToR’) on which Asamblea de Cooperación por la Paz (hereinafter ACPP), Xxxxx xxx Xxxxxxxx 00, 00000, Xxxxxx, agrees to engage the Auditor to perform and report on an assessment of ACPP. These ToR are annexed to the Organisation's request for services. The ToR are for the use of the Auditor and the
1
Organisation.
In these ToR and in Annex A, which forms an integral part of these ToR, the following terms apply:
• 'Ex-ante assessment', 'assessment' or 'engagement' refers to this assurance engagement. The assessment covers two blocks of questions, namely 'Minimum requirements' and ' Additional suitability requirements'.
• ‘Assessment’ means a compliance audit to be carried out under ISAE 3000 as issued by the International Auditing and Assurance Standards Board (IAASB) of the International Federation of Accountants (IFAC) to provide reasonable assurance to DG ECHO on the NGO’s ability to comply with the requirements as detailed in Annex 3 Assessment Questionnaire, of Annex A Assessment Report.
• 'Auditor' refers to the audit firm contracted for performing this engagement and for submitting a report to the Organisation. 'Auditor' can refer to the person or persons conducting the assessment, i.e. the engagement partner or other members of the engagement team. The engagement partner is the partner or other person in the firm who is responsible for the engagement and its performance, and for the report that is issued on behalf of the firm, and who has the appropriate authority from a professional, legal or regulatory body.
• ‘Organisation’, refers to the Organisation subject to the ex-ante assessment.
• ‘Assessment Task Manager of the Organisation’ is a Manager of the Organisation, (e.g. Director, General Manager, Head of Finance and Accounting) appointed by the latter to manage and coordinate the assessment within the Organisation. S/he acts as the key contact for the Auditor, as indicated in the Assessment report’s Annex 1 Engagement context – Key information.
• 'Commission' refers to the European Commission, represented here by DG ECHO.
• 'FPA' refers to the Framework Partnership Agreement signed by DG ECHO and the Organisation in order to apply for EU funds in the humanitarian aid field.
• ‘Niche’ organisation means a non-profit-making autonomous non-governmental organisation providing specialised capabilities in support of humanitarian aid operations (e.g. map-making, mine-clearance, telecommunication, organisations offering specialised transport services, such as humanitarian air transport services). While the capabilities of ‘niche’ organisations would in principle be used to support the operations of other humanitarian organisations, ‘niche’ organisations may also act to assist directly people in need (e.g. humanitarian mine-clearance operations). The specific expertise of the ‘niche’ organisation needs to be its own; expertise offered by organisations other than the applicant organisation will not be considered for the purpose of assessing the technical capacity of the applicant organisation.
• ‘Programmatic Partner’ organisation means a non-profit-making autonomous non- governmental organisation with whom DG ECHO will establish a framework
2
partnership agreement under which innovative ways of working will be fostered. Programmatic partners holding a valid FPA will be selected at a later stage through a dedicated procedure.
• Annexes 1, 2, 3, 4A, 4B or 5 which are referred to in the text are the annexes to Annex A Assessment Report to the ToR. Those annexes should be filled in by the Auditor and form an integral part of the Assessment Report.
The Auditor must be an independent external auditor who is a registered member of a national accounting or auditing body or institution and who is authorised to conduct audits. By agreeing to these ToR, the Auditor confirms that s/he meets at least one of the following conditions:
• The Auditor and/or the firm is a member of a national accounting or auditing body or institution, which in turn is member of the International Federation of Accountants (IFAC).
• The Auditor and/or the firm is a member of a national accounting or auditing body or institution and, although this organisation is not member of the IFAC, the Auditor commits him/herself to undertake this engagement in accordance with the IFAC standards and ethics set out in these ToR.
• The Auditor and/or the firm is registered as a statutory auditor in the public register of a public oversight body in an EU Member State in accordance with the principles of public oversight set out in Directive 2006/43/EC of the European Parliament and of the Council (this applies to auditors and audit firms based in an EU Member State).
The Organisation is entitled to use its own statutory auditors to undertake the engagement.
The Auditor must be fully independent of the Organisation concerned and hence the internal auditor of an Organisation subject to assessment is not eligible to perform this Assessment.
The Auditor will carry out the engagement in accordance with ISAE 3000 – Assurance Engagements Other Than Audits or Reviews of Historical Financial Information (Revised) (ISAE 3000) issued by the IAASB.
In reporting under these ToR, the Auditor must confirm that they have complied with the requirements of the International Standard on Quality Control (ISQC1) issued by the IAASB.
3
In reporting under these ToR, the Auditor must also confirm that they have complied with the Code of the International Ethical Standards Board (IESBA) for Accountants of IFAC.
1.1. Qualifications, Experience and Team Composition
1.1.1. Qualifications and Experience
The Auditor will employ adequate staff with appropriate professional qualifications and suitable experience with IFAC standards, in particular ISAE 3000, and with experience in performing institutional or compliance audits and/or performing systems audits or equivalent engagements of entities comparable in size and complexity to the Organisation.
In addition, the engagement team as a whole should have:
• Experience with institutional or compliance audits and/or systems audits or equivalent engagements of development aid programmes and projects funded by national and/or international donors and institutions. It is desirable that the leader of the fieldwork team
i.e. either the manager (category 2) or the senior auditor (category 3) has experience with systems audits of EU funded external aid actions and/or institutional or compliance audits of organisations in the development aid sector.
• A very good command of either English or French, as the languages used by the Commission in its relations with FPA Partners, in addition to Spanish.
1.1.2. Team composition
The Commission distinguishes four categories of auditors as set out below. These categorisations and the specified criteria are to be considered indicative of the nature and type of experience required, as opposed to either definitive or exhaustive.
The team of auditors required for this assessment will be composed of a category 1 auditor who has the ultimate responsibility for the assessment and an engagement team which is composed of an appropriate mix of category 2 – 4 auditors. It is the responsibility of the Auditor to propose and use an engagement team which is composed of an appropriate mix of auditors for this engagement.
Category 1 – Audit Partner
An audit partner should be an experienced expert with a relevant professional qualification and have senior and managerial responsibilities in public audit practice. S/he will be authorised by the regulatory body of the audit firm to sign audit reports on statutory financial statements in accordance with the laws of the country in which the audit firm is registered.
4
S/he should be a member of a national accounting or auditing body or institution. S/he must have at least 12 years of professional experience as a professional auditor or accountant in public audit practice. Experience with working with the recipient countries of EU external aid will also be taken into account.
An audit partner, or another person in a position similar to that of a partner, is the person of the audit firm who is responsible for the engagement and its performance, and for the report that is issued on behalf of the firm.
Category 2 - Audit Manager
Audit managers should be experienced experts with a relevant university degree or professional qualification. They should have at least 6 years' experience as a professional auditor or accountant in public audit practice including relevant managerial experience of leading audit teams.
Category 3 – Senior Auditor
Senior auditors should be experts with a relevant university degree or professional qualification and at least 3 years professional experience in public audit practice.
Category 4 – Assistant Auditor
Assistant auditors should have a relevant university degree and at least 6 months professional experience in public audit practice.
1.1.3. Curricula Vitae (' CVs')
The Auditor will provide the Organisation with CVs of the partner or other person in the audit firm who is responsible for the Audit and for signing the report together with the CVs of the managers, senior auditors and assistant auditors proposed as part of the engagement team. CVs will include appropriate details on the type of engagements carried out by the staff indicating capability and capacity to undertake the audit as well as details on relevant specific experience. The Organisation will examine the CVs before it signs an order form or other applicable contractual document for this engagement and reserves the right to reject them if they are not considered suitable for the requirements of the engagement.
DG ECHO reserves the right to also request, review and validate the authenticity of these CVs at any point in time up to 4 years after the date upon which the completed Assessment Report is submitted to it for its review.
5
The Auditor is engaged to assess the systems in place and the controls, rules and procedures applied by the Organisation against the criteria set by the Commission. The Auditor will conclude on a series of questions, grouped into two blocks, pertaining to the minimum requirements (Block 1) and to additional suitability requirements (Block 2) of the candidate organisation to become an FPA partner. The assessment report disclosing the conclusions and scores awarded by the auditors form an integral part of the Organisation's application file. While this report will contribute to the assessment of the Organisation, DG ECHO retains the final decision on whether to award the FPA or not.
2.1. Objective
The objective of this assessment is to provide DG ECHO with independent reasonable assurance on the ability of the Organisation to fulfil the criteria and conditions for being awarded a FPA (or a provisional FPA, see section 3 below for the thresholds), and to express a conclusion on a reasonable assurance basis as to whether the Organisation:
• is an NGO entitled to receive EU funding in accordance with the Humanitarian Aid Regulation and with the specific conditions determined by the Commission on the basis thereof;
• is transparent and accountable when delivering aid;
• ensures that it complies with the humanitarian principles, observes the highest ethical standards and deploys adequate means to address irregularities, fraud, corruption and misconduct of any sort1;
• has a suitable operational capacity to design, implement and monitor EU-funded projects so as to meet relevant humanitarian needs by delivering aid in difficult circumstances;
• ensures compliance with relevant rules, regulations, standards and contractual obligations in the areas specified by DG ECHO; and
• has a sound internal control system based on international best practices and in line with the criteria set by DG ECHO.
Specific requirements may apply for niche organisations in some of the above-mentioned categories. Moreover, those organisations that would like to be considered for Programmatic Partnerships need to fulfil some additional requirements described in Annex 3 of the Assessment Report Template.
2.2. Scope
2.2.1. Location and period covered by the Assessment
This Assessment will be performed at the Organisation’s premises. The Auditor should confirm the location(s) for the assessment with the Organisation prior to the start of the fieldwork and ensure that relevant supporting documents as well as key staff will be available during the assessment.
6
The period to be covered by the assessment should normally be the year (12 months period) ending on the day of the start of the fieldwork of the assessment i.e. the day on which the Auditor effectively starts the on-site assessment procedures and tests at the location decided between the Organisation and the Auditor.
2.2.2. Engagement context
The annexes referred to below are the annexes of the Assessment Report (Annex A). The Auditor must obtain a preliminary understanding of the engagement context on the basis of Annex 1 Engagement Context – Key Information. This understanding must be fully reflected in the engagement letter between the Auditor and Organisation. The understanding must be sufficient for the Auditor to submit a meaningful offer to the Organisation. The Auditor must take into account the specific engagement circumstances and apply professional judgment throughout the assessment process.
The Auditor shall design, plan and perform the assessment procedures in order to gather sufficient evidence to provide the scores and replies to Annex 3 Assessment Questionnaire. It shall do so by taking into account the criteria that DG ECHO deems essential or important for the Organisation subject to assessment to comply with.
The completed Annex 3 Assessment Questionnaire is an essential source of assessment information and evidence for the Auditor. However, it is by no means the only source for the Auditor to plan and perform assessment procedures, to draw conclusions on the questions as well as to establish the related scores. The Auditor may also add additional criteria if s/he considers that this is necessary to arrive at an informed conclusion. The Auditor remains fully responsible at all times to design, plan and perform the assessment procedures he/she deems necessary. Any additional criteria or testing should be described in Annex 5 Approach and Criteria.
The Auditor uses the information in the Annex 3 Assessment Questionnaire and the results of the assessment procedures to complete Annex 2 Overview of Scores and Replies and to draw a conclusion for each block subject to assessment.
Annexes 4A and 4B Specific description - Accountability provide a detailed description and assessment by the Auditor of several elements either i) when the organisation is a member of a family, network or federation of international non-profit non-governmental organisations (Annex 4A); or ii) when the funds are systematically implemented by one or several non- profit non-governmental organisations not covered by any of the situations referred to in Annex 4A (such as, in particular, organisations established in the country of intervention or another developing country) (Annex 4B).
2.2.3. Limitations in the scope
7
The Auditor will identify any limitations in the scope of work prior to the review commencing and work with the Organisation to eliminate these or to assess how the assessment can be continued.
Any limitations of scope that remain must be detailed in the final report of the Auditor and will form part of DG ECHO’s assessment of the Organisation.
Block 1 and 2 – Overall rating and outcome of the ex-ante assessment
The replies and scores are displayed in Annex 2 Overview of Scores and Replies. The rating and outcome for the various cases are as follows:
OVERALL RATING | |
BLOCK 1 – MINIMUM REQUIREMENTS: YES / NO | |
BLOCK 2 – ADDITIONAL SUITABILITY REQUIREMENTS: …/10 | |
OUTCOME OF THE ASSESSMENT | |
A. ACCEPTABLE | |
FPA Partner | => Block 1 – Minimum requirements: reply = YES => Block 2 – Additional suitability requirements: score ≥ 6/10 and ≥ 4/10 for each question. |
Programmatic Partnership | => Block 1 – Minimum requirements: reply = YES => Block 2 – Additional suitability requirements: score ≥ 7/10 and ≥ 4/10 for each question. |
B. ACCEPTABLE as a provisional Partner with an Action Plan | |
FPA Partner | => Block 1 – Minimum requirements: reply = YES => Block 2 – Additional suitability requirements: 5/10 ≤ score < 6/10 and ≥ 4/10 for each question In such cases, a follow-up within a year of the signature of the FPA by provisional partner's auditors will have to be performed. Re-assessment of those questions with a score greater than 4 and below 6 and recalculation of the average score of the Additional suitability requirements block. If the assessment report provided by the provisional partner leads to an overall rating of Acceptable (A), then status is changed to regular FPA partner. The organisation will be systematically included in DG ECHO's Audit Plan and audited by DG ECHO auditors during the first year of FPA. If the new assessment report provided by the provisional partner shows that recommendations have not been fully implemented and the new Additional suitability requirements score is below 6/10, the FPA is suspended or terminated. |
Programmatic Partnership | Not applicable |
C. INELIGIBLE / REJECTED | |
8
FPA Partner | 1. Block 1 – Minimum requirements: reply = NO – whatever the Block 2 – Additional suitability requirements score. OR 2. Block 1 – Minimum requirements: reply = YES and Block 2 – Additional suitability requirements: score is ≥ 5/10 but one of the question's score is < 4/10. OR 3. Block 1 – Minimum requirements: reply = YES 3. Block 2 – Additional suitability requirements: score is < 5/10 |
Programmatic Partnership | 1. Block 1 – Minimum requirements: reply = NO – whatever the Block 2 – Additional suitability requirements score. OR 2. Block 1 – Minimum requirements: reply = YES and Block 2 – Additional suitability requirements: score is ≥ 7/10 score but one of the question's score is < 4/10. OR 3. Block 1 – Minimum requirements: reply = YES Block 2 – Additional suitability requirements: score is < 7/10. |
9
The Auditor should perform the assessment in accordance with the procedures described below, which cover documentation and evidence, planning, fieldwork, and reporting. The Auditor should exercise due professional care and judgment and determine the nature, timing and extent of assessment procedures to fit the objectives, scope and context of the assessment.
4.1. Assessment Documentation (Working Papers)
The Auditor should in accordance with ISAE 3000, prepare documentation that provides:
- A sufficient and appropriate record of the basis for the Auditor’s report; and
- Evidence that the assessment was planned and performed in accordance with ISAE 3000 and applicable legal and regulatory requirements.
Documentation or working papers means the record of assessment procedures performed, relevant evidence obtained, and conclusions the Auditor reached. Audit file means one or more folders or other storage media, in physical or electronic form, containing the records that comprise the assessment documentation or working papers for a specific engagement.
4.2. Evidence
The Auditor should in accordance with ISAE 3000, ensure that evidence is gathered to support the Auditor's conclusion and evidence that the Assessment was carried out in accordance with the IFAC International Framework for Assurance Engagements and International Standard on Assurance Engagements ('ISAE') 3000 (Revised), Assurance Engagements other than Audits or Reviews of Historical Financial Information.
The Auditor should obtain sufficient appropriate evidence to support assessment findings and to draw reasonable conclusions on which to base the assessment conclusions, using professional judgement to determine what constitutes sufficient appropriate evidence.
Access to Records and Documents of the Organisation
The Auditor should have full and unrestricted access at any time to all records and documents (including accounting records, contracts, minutes of meetings, bank records, invoices etc.), to employees of the Organisation and to the Organisation's locations insofar as this is possible and relevant to the assessment. The Auditor may request the Organisation to get access to xxxxx (e.g. to request a bank confirmation), consultants and other persons or firms engaged by the Organisation.
4.3. Planning
4.3.1. Preparatory Meeting with the Organisation
The assessment should commence with a preliminary meeting between the Auditor and
the Organisation. The purpose of this meeting is to discuss the planning, fieldwork and reporting of the assessment and to clarify outstanding issues. During the preparatory meeting, the Auditor may request additional information and documents that he/she considers necessary or useful for the planning and fieldwork of the assessment.
4.3.2. Planning Activities, Assessment Plan and Assessment Work Programmes
The Auditor should plan the assessment so that it is performed in an effective and efficient manner. Adequate planning involves that appropriate attention is devoted to important areas of the assessment, that potential problems are identified and resolved on a timely basis and that the assessment is properly organised and managed in order to be performed in an effective and efficient manner.
The Auditor should have an assessment plan (or a similar planning document such as an assessment work plan or a planning memorandum) documenting the assessment approach and key principles of planning, fieldwork and reporting. The Auditor should have assessed work programmes that detail and document the assessment tests and procedures.
4.4. Fieldwork
4.4.1. Tests of Systems, Controls, and Procedures
The scope of work should include an assessment of whether relevant systems, controls, rules and procedures are suitably designed and, where required, operating effectively. This is specified in Annex 3 Assessment Questionnaire by the use of “D” (for assessment of design) and “E” (for assessment of effectiveness) in relation to each criterion.
Annex 3 can be found in the Template of the Assessment report to be used by the auditors here: xxxxx://xxx.xxxxxx-xxxxxxxx-xxxxxxxx.xx/xxxxxx_x_xxxxxxx/xxxxx.
4.4.2. Assessing the suitability of the design of controls and systems in place
The scope of work should include an assessment of the suitability of the design of relevant systems, controls, rules and procedures that are relevant for the question concerned.
Procedures to obtain an understanding of the design of systems, controls, rules and procedures may include:
• Enquiring of Organisation staff who may have relevant information;
• Evaluating whether descriptions, if available, fairly present the systems, controls, rules and procedures that have been designed and implemented by the Organisation. Fairly described control procedures do not omit or distort significant information that may affect the assessments of the control risk;
• Inspecting legal and regulatory documents (e.g. laws, regulations, contracts and
agreements), internal instruction and guidance papers (e.g. operating rules, internal control manuals etc.) and any other document the Auditor may consider relevant;
• Observing operations and inspecting documents, reports, printed and electronic records of transaction processing, accounting procedures (e.g. bank reconciliation) and other key approval and internal control procedures (e.g. periodical expenditure reports, budget – actual comparisons, review and approval of timesheets etc.), documents relating to the Organisation's regulatory framework for external audit, documents relating to grant and procurement procedures, documents relating to financial instruments and financial instrument transactions etc.;
• Re-performing controls and procedures.
The Auditor may consider using flowcharts or questionnaires to facilitate assessing the design of the controls, rules and procedures.
If there are omissions or misstatements with regard to the control objectives, the [Auditor] ask(s) the [Organisation] to amend the description. If it is not amended, the [Auditor] consider(s) the need to state that fact in their report.
“A control procedure is suitably designed if individually, or in combination with other control procedures, it is likely to prevent or detect errors that could result in the non- achievement of specified control objectives when the described control procedures are complied with satisfactorily.
The (…) assessment of the suitability of control procedure design may include:
• considering the linkage between the control procedures and the associated control objectives;
• considering the ability of the control procedures to prevent or detect errors related to the control objectives;
• performing walk-throughs of selected transactions and control procedures; and performing further procedures, such as enquiry of appropriate entity personnel, inspection of documents and reports and observation of the application of specific control procedures, to determine whether they are [i] suitably designed to achieve the specified control objectives and [ii] if they are operated as prescribed, by appropriately qualified or experienced persons.”
4.4.3. Assessing the operating effectiveness of the controls and systems in place
A system, control, procedure or rule is operating effectively if, individually or in combination with other systems, controls, rules and procedures, it provides reasonable assurance that:
• The Organisation's objectives (e.g. objectives of the internal control system or of x xxxxx or procurement process) are achieved and in particular that risks to the achievement of the objectives are properly managed and controlled;
• The risks of error, irregularities and fraud, as well as misconduct, are properly and
timely prevented, detected and corrected.
• When designing and performing tests of controls, the Auditor should:
• Perform other procedures in combination with inquiry to obtain evidence about:
• How a system operated or how a control, rule or procedure was applied;
• The consistency with which the system worked or a control, rule or procedure was applied, over a period of time, and;
• By whom or by what means controls, rules or procedures were applied.
• Determine means of selecting items for testing that are effective in meeting the objectives of the procedure.
When determining the extent of tests of controls, rules or procedures, the Auditor shall consider matters including the characteristics of the population to be tested, which includes the nature of the controls, rules and procedures, the frequency of their application (for example, monthly, daily, a number of times per day), and the expected rate of deviation.
Tests of controls, procedures and rules may include but are not limited to inspection (of records, documents and assets), observation, inquiry of management and others within the Organisation, confirmation, recalculation and re-performance.
Where the Auditor is “unable to test a described control procedure because, for example, it has not operated during the year, [s/he] states the fact that no tests have been carried out and the reason in [the] description of tests.” 3
4.4.4. Sampling and other means of selecting items for testing
When designing and performing tests of systems, controls, rules and procedures the Auditor may apply sampling or other means of selecting items for testing. Sampling involves the application of procedures to less than 100% of items within a population of assessment relevance (e.g. a class of transactions or account balance) such that all sampling units have a chance of selection in order to provide the auditor with a reasonable basis on which to draw conclusions about the entire population.
Sampling can use either a statistical or non-statistical approach. The Auditor may use a judgmental selection of specific items from a population (e.g. high value or key items, all items over a certain amount, items to obtain information or items to test control activities, rules or procedures).
While selective examination of specific items will often be an efficient means of obtaining evidence, it does not constitute sampling. The results of procedures applied to items selected in this way cannot be projected or extrapolated to the entire population; accordingly, selective examination of specific items does not provide evidence concerning the remainder of the population. Sampling, on the other hand, is designed to enable conclusions to be drawn about an entire population on the basis of testing a sample drawn from it.
4.4.5. Criteria and materiality
A description of the criteria and materiality applicable to these Terms of Reference is provided in Annex 5 Approach and Criteria to Annex A Assessment Report.
These annexes can be found in the Template of the Assessment report to be used by the auditors here: xxxxx://xxx.xxxxxx-xxxxxxxx-xxxxxxxx.xx/xxxxxx_x_xxxxxxx/xxxxx.
4.4.6. Using the work of internal auditors
When the Auditor determines that an internal audit function is likely to be relevant for the assessment he/she (a) may determine whether, and to what extent specific work of the internal auditors can be used, and (b) if using the specific work of the internal auditors, whether that work is adequate for the purposes of the assessment. The Auditor should comply with ISA 610 insofar as this ISA is relevant to the assessment.
4.4.7. Using the Work of Other Assurance Providers
When the Organisation has been in receipt of a previous assurance report by another provider of such services, other than internal audit, the Auditor may determine (a) whether, and to what extent specific work of the provider can be used, and (b) if using the specific work of the provider, whether that work is adequate for the purposes of the assessment. The Auditor should apply the same criteria as are set out in ISA 610 'Using the Work of Internal Auditors' to the extent relevant. By way of example of possible reliance on other assurance providers, the Auditor could consider, if the Organisation has been certified or verified by the Humanitarian Qualitative Assurance Initiative4, to rely on it to reply to the relevant questions, provided they have satisfied themselves with the quality of HQAI work.
4.4.8. Written representations
The auditor should obtain representations from the management. A written representation is a statement by the management provided to the Auditor to confirm certain matters or to support other assessment evidence. The letter should be signed by the member(s) of the management of the Organisation who have the primary responsibility for the systems, controls, rules and procedures operated by the Organisation.
4.4.9. Debriefing Memorandum ('Aide Mémoire')
The Auditor will prepare a Debriefing Memorandum for discussion at the closing meeting. The Memorandum should outline the main assessment findings that have resulted from the fieldwork and recommendations. A copy of the Memorandum should be sent to the Assessment Task Manager of the Organisation.
4.4.10. Closing Meeting
The Auditor should organise a closing meeting with the Organisation.
The purpose of this meeting is to discuss the Debriefing Memorandum and to obtain the confirmation and initial comments of the Organisation on the Auditor's findings and recommendations. The Auditor and the Organisation can agree outstanding information to be provided by the Organisation and where applicable a deadline for submission. The Auditor can inform the Organisation about the reporting procedures. The Auditor should document any comments (verbal and written) made by the Organisation and take these into account for the assessment report.
4.5. Reporting
The use of the model ‘Assessment’ report in Annex A is compulsory. This annex can be found here:
xxxxx://xxx.xxxxxx-xxxxxxxx-xxxxxxxx.xx/xxxxxx_x_xxxxxxx/xxxxx.
4.5.1. Reporting process
Reporting Requirements
The Auditor should report the results of the assessment in accordance with ISAE 3000 and the requirements of these ToR.
The report should be objective, clear, concise, timely and constructive. The use of the model report and its annexes is compulsory. The model report is found in Annex A to the ToR.
This annex can be found here:
xxxxx://xxx.xxxxxx-xxxxxxxx-xxxxxxxx.xx/xxxxxx_x_xxxxxxx/xxxxx.
The report should be presented in English.
The date of draft and pre-final reports should be the date when these reports are sent for consultation. The date of the final assessment report should be the date when the final Independent Auditor's Report (Annex A) is signed.
Facts and events that have come to the Auditor's attention before the final report is signed and which have an impact on the findings in that report must be taken into account. However, the Auditor is under no obligation to enquire of the Organisation's management and/or to carry out further procedures after the closing meeting and before the signature of the final report.
Procedures and timetable for the submission of draft and final assessment reports
1) Procedure for the consultation and submission of the draft report
The Auditor should start the fieldwork for the assessment on 1 March 2020, and should be finalized by 30 March 2020.
The Auditor should submit a draft report to the Organisation 15 calendar days after the
day of the closing meeting (i.e. the end of field work – approximate date: 15/04/2020). The draft report should include the comments of the Organisation insofar as these have already been obtained during the fieldwork of the assessment and the closing meeting.
A paper and an electronic version of the draft report along with a cover letter should be submitted. The word 'draft' should be clearly indicated on all versions.
Electronic versions should be sent to the following addresses:
Name | E-mail address |
Xxx Xxxxxx | |
Xxxxxx Xxxxxxxx | |
Xxxxxxx Xxxxxxxxxx |
A paper copy should be sent to ACPP, Xxxxx xxx Xxxxxxxx 00, 00000, Xxxxxx.
The Organisation should provide comments to the Auditor, including comments on the recommendations in the dedicated section, within 10 calendar days from receipt of the draft report (approximate date: 25/04/2020)
The Auditor should submit to the Organisation a revised draft report which takes into account any comments received within 5 calendar days from receipt of the comments (approximate date: 30/04/2020).
The Organisation should submit comments to the Auditor within 10 days calendar days from receipt of the draft report (approximate date: 10/05/2020).
2) Procedure for the consultation and submission of the final report.
If no additional fieldwork is required, the Auditor should submit a pre-final report to the Organisation within 5 calendar days from receipt of comments on the draft report. The word 'pre-final' should be indicated on the cover page of the pre-final report (approximate date: 15/05/2020).
The Organisation should inform the Auditor in writing whether it accepts the pre-final report within 10 calendar days from receipt of the pre-final report (approximate date: 25/05/2020).
The Auditor should submit a final report within 5 calendar days from receipt of the comments on the pre-final report (30/05/2020).
The Auditor should then submit an original paper version and one electronic version of the final report along with a cover note to the Organisation to the addresses indicated above in point 1.
The reports should be provided on original letterhead of the Auditor. The word 'final' should be clearly indicated on all versions. The Auditor should also send an electronic
version of the final report (i.e. a scanned copy (in PDF format) of the signed and dated final report with the Auditor's letterhead paper) to the Organisation.
The period between the closing meeting and the submission to the Organisation of the final report should not exceed 45 calendar days.
The Organisation shall send/upload an electronic copy and a paper copy of the final Assessment Report to DG ECHO when applying for an FPA. Further details on this procedure will be given on DG ECHO’s Partners website5 in due time.
Summary of calendar:
Action | Date |
Start the fieldwork for the assessment by the Auditor | 1 March 2020-30 March 2020 |
Closing meeting (i.e. the end of field work) between ACPP and the Auditor | 30 March 2020 |
Submission of first draft report by the Auditor to ACPP | 15/04/2020 |
Comments by ACPP to the Auditor | 25/04/2020 |
Revised draft report sent by the Auditor to ACPP | 30/04/2020 |
Comments by ACPP to the Auditor | 10/05/2020 |
Submission of the pre-final report by the Auditor to ACPP | 15/05/2020 |
Communication by ACPP to the Auditor of acceptance or not of the pre-final report | 25/05/2020 |
Submission by the Auditor to ACPP of final report | 30/05/2020 |
4.5.2. Reporting on findings, recommendations and conclusion
A description of the findings and recommendations applicable to these Terms of Reference is provided in the Annex 5 Approach and Criteria to Annex A Assessment Report.
These annexes can be found in the Template of the Assessment report to be used by the auditors here: xxxxx://xxx.xxxxxx-xxxxxxxx-xxxxxxxx.xx/xxxxxx_x_xxxxxxx/xxxxx.
Conclusions
The assessment report should include a reply/score for each question as well as for each block.
The overall conclusion for each block is as follows:
− The conclusion on minimum requirements can either be positive (unqualified opinion) or negative (adverse opinion).
− The conclusion on additional suitability requirements can either be: i) positive (unqualified opinion); ii) positive but with some non-critical areas for improvement (qualified opinion); or iii) negative (adverse opinion).
− The final conclusion for the whole ex-ante assessment would be one of the following:
A. ACCEPTABLE as an FPA Partner / for consideration for Programmatic Partnership after a further dedicated procedure
B. ACCEPTABLE as a provisional Partner with an Action Plan
C. INELIGIBLE / REJECTED
5.1. Professional Standards Governing the Assessment
As detailed above, the Auditor who performs this Assessment is governed by:
• ISAE 3000 “Assurance Engagements other than Auditors or Reviews of Historical Financial Information (Revised)” issued by the International Auditing and Assurance Standards Board (The IAASB) of IFAC (IAASB 2018 Handbook Volume 2)
xxxxx://xxx.xxxxx.xxx/xxxxxxxxxxxx/0000-xxxxxxxx-xxxxxxxxxxxxx-xxxxxxx-xxxxxxx- auditing-review-other-assurance-and-related-services-26
• The International Standard of Quality Control, ISQC1 Issued by The IAASB. (IAASB 2018 Handbook Volume 1). xxxxx://xxx.xxxxx.xxx/xxxxxxxxxxxx/0000-xxxxxxxx-xxxxxxxxxxxxx-xxxxxxx-xxxxxxx- auditing-review-other-assurance-and-related-services-26
• The International Code of Ethics for Professional Accountants (issued by the International Ethics Standards Board for Accountants (IESBA) of IFAC), which establishes fundamental ethical principles for Auditors with regard to integrity, objectivity, independence, professional competence and due care, confidentiality, professional behaviour and technical standards xxxxx://xxx.xxxxxxxxxxx.xxx/xxxxxxxxxxxx/0000-xxxxxxxx-xxxxxxxxxxxxx-xxxx-xxxxxx- professional-accountants-35
5.2. Specific Standards applicable to Humanitarian Aid
The selection of NGO partners for the signature of the 2021 Framework Partnership Agreement (FPA) is carried out based on minimum requirements and additional suitability requirements criteria established by, or on the basis of, the following regulations6:
• Council Regulation (EC) No 1257/96 of 20 June 1996 concerning humanitarian aid (Humanitarian Aid Regulation – HAR)7, and;
• Regulation (EU, Euratom) No 2018/1046 of the European Parliament and of the
Council of 18 July 2018 on the financial rules8 applicable to the general budget of the Union (FR), amending Regulations (EU) No 1296/2013, (EU) No 1301/2013, (EU) No 1303/2013, (EU) No 1304/2013, (EU) No 1309/2013, (EU) No 1316/2013, (EU)
No 223/2014, (EU) No 283/2014, and Decision No 541/2014/EU and repealing Regulation (EU, Euratom) No 966/2012 (Financial Regulation).
Specific benchmarks have been established for the minimum capacity required to be an ECHO partner in accordance with Article 7 of the HAR and with the Financial Regulation, as well as quality standards in the field of humanitarian aid, based on the following documents9:
• The European Consensus on Humanitarian Aid10, which is the reference policy statement jointly agreed by the European Parliament, the Member States, the Council and the Commission. The Consensus sets out the shared vision of the EU and of its Member States in relation to humanitarian aid policy;
• The Sphere Handbook11 – Humanitarian Charter and Minimum Standards in Humanitarian Response, which is one of the most widely known and internationally recognized sets of common principles and universal minimum standards in life- saving areas of humanitarian response;
• The Core Humanitarian Standard on Quality and Accountability (CHS), which sets out Nine Commitments to improve the quality and effectiveness of the humanitarian assistance12;
• The internationally accepted Organisation for Economic Cooperation and Development – Development Assistance Committee (OECD-DAC) criteria for the evaluation of humanitarian aid laid down in the Guidance for Evaluating Humanitarian Assistance in Complex Emergencies13;
• The revised Committee of Sponsoring Organisations of the Xxxxxxxx Commission (COSO) Integrated Framework14 which has been used in the development of benchmarks and criteria for certain questions, as relevant.
5.3. Guidance
The following guidance can be used for the auditor when assessing the minimum requirements and/or additional suitability requirements of the Organisation in the areas below:
5.3.1. Procurement:
The purchasing / procurement policy of the Organisation must be written and must describe in a well-defined and transparent manner the appropriate policies, procedures, accountability and controls.
Transparency and competition are to ensure best value for money. This can be achieved with a policy that promotes broad competition of tenderers while limiting single source or negotiated procedures to reasonable amounts or duly justified cases.
Broad competition is better achieved if the information linked to a procurement procedure is shared or published in an open and appropriate way.
The respect of the best value for money principle is presumed if the purchasing policy of the Organisation contains provisions ensuring that when the estimated value of the contract is above a given threshold (e.g. EUR 60 000), a minimum number of candidates of tenderers e.g. three) are engaged, provided that a sufficient number of suppliers satisfying the selection criteria exist.
Above that threshold, any exceptions to broad competition should be fully justified and documented and may include situations in which there is only one single supplier capable to provide the goods or the service or for urgent actions.
The fact that a good or a service can be purchased without a quotation (against an invoice or ticket) below a reasonable threshold (e.g. EUR 5 000) does not mean that best value for money is not achieved.
The internal controls of the Organisation should ensure that a procurement procedure is not split up in order to circumvent open competition. When a contract is sub-divided into several lots, the value of all lots together should be taken into account for the establishment of the procurement procedure to be used, even if each lot is subject to an individual contract.
The procurement policy of the Organisation must contain provisions to prevent any conflict of interest. As a minimum, the members of the evaluation committee cannot evaluate tenders in which they have a conflict of interest. If an evaluation committee is not required, the contract cannot be awarded by a person who is subject to a conflict of interest.
5.3.2. Anti-fraud and anti-corruption policy
The Anti-Fraud and Anti-Corruption policy of the Organisation should be thorough and comprehensive, in line with best practices (e.g. UN, Core Humanitarian Standards) and demonstrate a zero tolerance approach to fraud and corruption. The Organisation considers the potential for fraud in assessing risks to the achievement of objectives.
The scope of the policy should be clearly defined. The policy should:
- clearly stipulate that appropriate disciplinary and legal actions will be taken in all cases, where justified;
- clearly define the roles and responsibilities of all members of staff, workers and contractors to report fraud;
- identify key risks that may appear to staff and expected behaviours to deal with such threats.
- emphasise that disclosures will be kept confidential and protection is given to 'whistle- blowers'.
Whistleblowing reporting mechanisms should have dedicated confidential email
addresses and hotline numbers.
5.3.3. Safeguarding policy
The policy of the Organisation should:
- clearly stipulate that appropriate disciplinary and legal action will be taken in all cases, where justified;
- clearly define the roles and responsibilities of all members of staff, workers and contractors to report any safeguarding issue;
- be succinct and avoid the use of ambiguous terms;
- identify key risks that may appear to staff and expected behaviours to deal with such threats.
- emphasise that disclosures will be kept confidential and protection is given to 'whistle- blowers'.
- Whistleblowing reporting mechanisms should have dedicated confidential email addresses and hotline numbers.
5.3.4. Key characteristics of environmental considerations
The Organisation should have developed corporate policies for staff, providing guidance on how to protect the local environment and how to identify and escalate the reporting of possible environmental risks.
The Organisation has developed procedures and aligned itself with a generally-accepted set of principles for environmental safeguarding such as the EU's Xxxxx Public Procurement15 (GPP) principles and the Extractive Industries Transparency Initiative16.
6.1. Follow-Up
The Organisation may request the Auditor to provide further assistance with the follow- up of the final assessment report. Once it has effectively implemented the recommendations stemming from this assessment report, the Organisation may request the Auditor to carry out a re-assessment of one or more question(s) if the final assessment report concluded that the Organisation did not comply with the requirements for the question(s) concerned.
This work is not covered by these ToR and, if this is required, the Organisation will need to issue an addendum to the order form or to the other applicable contractual document for such an engagement.
6.2. Various Matters
The audit process will be performed at ACPP’s office in Madrid, or in Seville.
The auditing audit entity, whether a natural or legal person, must comply with the requirements set out in the present ToRs.
Offers should be sent to ACPP by e-mail to tbe following addresses, by 16 February 2020:
Name | E-mail address |
Xxx Xxxxxx | |
Xxxxxx Xxxxxxxx | |
Xxxxxxx Xxxxxxxxxx |
Offers should include the following documents:
1. Technical offer
Overall proposal according to the present ToRs, indicating the methodology to be used and criteria to be applied for the sample of supporting expenditure documents to be reviewed.
Certification of the legal registration of the audit entity. Professional experience in the field concerned.
CVs of the team of auditors, indicating experience and knowledge of languages (English and Spanish).
2. Financial offer
The total cost of the services should be indicated, including VAT, in Euros.
Offers will be evaluated by ACPP according to its internal procurement procedures, and notification of the awarding of the contract will be sent by ACPP to the winning offer by 21 February 2020.
Offers can be presented in English or Spanish.
Annex A. Assessment Report IMPORTANT: Annex A, i.e. the Assessment report and its annexes 1 to 5, form an integral part of the present Terms of Reference. Annex A can be found here in English and in French:
xxxxx://xxx.xxxxxx-xxxxxxxx-xxxxxxxx.xx/xxxxxx_x_xxxxxxx/xxxxx