For DAHW Regional / programme offices and DAHW implemented

projects

AUDIT

TERMS OF REFERENCE FOR

A FINANCIAL AND INTERNAL CONTROL SYSTEMS AUDIT OF

[TITLE AND NO. OF THE PROJECT(S)/COUNTRY]

For the period from [date] to [date

 CONTENTS

1. INTRODUCTION 3

2. OBJECTIVES OF THE AUDIT 4

3. STANDARDS AND GUIDANCE 5

4. REQUIREMENTS FOR THE AUDITOR 6

5. SCOPE OF THE AUDIT 6

6. AUDIT PROCEDURES 7

7. SELECTION EXPENDITURE FOR VERIFICATION 8

8. PROCEDURES TO VERIFY THE ELIGIBILITY OF COSTS 8

9. AUDIT REPORTING 10

SUMMARY OF FINDINGS 11

ToR Financial and Internal Controls System Audit_Template_January 2018 2 of 14

1. Introduction
Millions of sick and marginalised people have received medical treatment or social support
through the German Leprosy and Tuberculosis Relief Association (DAHW). The registered
Association was founded in the year 1957 as the “Deutsches Aussätzigen-Hilfswerk” (German
Leprosy Relief Association – DAHW). Since that time DAHW has been giving sustainable
assistance to sick and marginalised people in developing and emerging countries –
irrespective of political or religious belief.
At the beginning of 2003 the Association changed its name so as to reflect the other major
focus of its work, tuberculosis, in its name, too. The acronym DAHW is still used to ease
recognition of donors and long-standing supporters. Over time, DAHW gradually expanded its
support services including other NTDs, e.g. Buruli ulcer. Applying a holistic approach, DAHW
also promotes the physical and social rehabilitation and empowerment of people with
disabilities often caused by the diseases. This relief Association has been awarded the “Seal
of Approval” from the German Institute for Social Affairs for many years now for its responsible
use of donated funds.
DAHW relief projects comply with the needs of each place and are very varied: they range
from supporting a single hospital, to the training of government health staff to supporting
disabled and marginalised people. DAHW co-operates with churches as project holders, with
other relief organisations or with government health services. On the spot, mostly local co-
workers of DAHW ensure the sustainability of the work and funds are used prudently. In many
projects even former patients are working for DAHW. Support for patients suffering from
diseases of poverty in Asia, Africa and Latin America is at the heart of DAHW’s engagement.
DAHW successfully implemented a project-accounting Software package in its Projects
worldwide (Winpaccs Suite). Winpaccs has custom tailored solutions to meet all the special
requirements for the project accounting (different currencies, assessment of the specific
budget lines of the donor etc.).
A financial accounting system will be used for additional requirements needed by the
organizations accounting department. Interface units guarantee a complete integration
between Winpaccs and these systems. Winpaccs offers a software solution ideal for the
requirements in development cooperation:
 A modern Cloud Plus Solution for the administration of key processes
 The modules of the Winpaccs Suite with their proven PC applications for the tasks on
site
 A central user administration, which assigns the authorizations necessary in each case
to the users in all Winpaccs modules
 Multilingual capability of the entire system in the English, French, Spanish, German and
partly Portuguese languages
 Data synchronization between Winpaccs Suite and Winpaccs Online
See attached annex “ What is Winpaccs - Overview Winpaccs Modules”

The following are the terms of reference (‘ToR’) on which DAHW agrees to engage the Auditor
to perform a financial and internal control systems audit. In these ToR the following terms
apply:

ToR Financial and Internal Control Systems Audit Template January 2017 3 of 14
 'Audit' or 'engagement' refers to this assurance engagement which is a financial and internal
control systems audit.
 'Project' refers to the project(s) subject to audit. Projects are DAHW Regional / Programme
offices and projects directly implemented by DAHW. The Project is (are) entitled '[title and
no. of the Project(s)]'.
 'Financial Report' refers to the Financial Report of the Project prepared by the Entity. The
Financial Report presents the actual expenditure incurred and revenue received for the
Project for a specified period. This expenditure and revenue are the subject of this audit.
(cash based accounting principles).
 'Internal Control Systems' refers to the design and efficiency of the Internal Control Systems
set up and operated by the Entity and which is the subject of this audit.
 'Auditor' refers to the audit firm contracted for performing this audit and for submitting a
report to DAHW. 'Auditor' can refer to the person or persons conducting the audit. The
engagement partner is the partner or other person in the firm who is responsible for the
engagement and its performance, and for the report that is issued on behalf of the firm, and
who has the appropriate authority from a professional, legal or regulatory body.
 'Entity' refers to the entity subject to audit. The entity subject to this audit is [full name and
address of the Entity]. It is the organisation responsible for implementing the Project, which
is using the funds for the Project and which is required to report on the Project and the use
of funds.
 The audit must include the local and company currency (EURO). Winpaccs Accounting
features a moving average rate procedure. For further information see attached annex
“Average rate procedure”.

2. Objectives of the audit

The purpose of the audit is to confirm whether the financial and asset management systems as
well as the design of the internal control systems being used complies with internationally
accepted norms, and whether the corresponding DAHW policy has been satisfactorily
implemented.
The objectives of this audit are to enable the Auditor to express an opinion on whether:
 the Financial Report presents fairly, in all material respects, the actual expenditure incurred
and the revenue received for the Project(s) for the period from [date] to [date] in conformity
with the applicable DAHW regulations; and
 the Project funds provided have, in all material respects, been used in conformity with the
applicable DAHW regulations.
 the Internal Control Systems set up and operated by the Entity for the purpose of managing
risks, was suitably designed and operated effectively.
The additional specific objectives of this audit are:

ToR Financial and Internal Control Systems Audit Template January 2017 4 of 14
 to examine whether financial policy and procedures ensure smooth and efficient
implementation of activities and prevent fraud,
 to evaluate the financial bookkeeping systems per project in terms of reliability,
comprehensibility and correctness of the accounting entries and the integrity of the
documentation (vouchers and supporting documentation) from Winpaccs Accounting and
Winpaccs Cost Control,
 to examine whether asset management and procedures (local purchase, inventory, storage,
operational use, disposal) are in line with DAHW regulations to avoid misuse,
 to examine whether for staff with local contract, the national labour law and tax regulations
have been observed.
 <Option: additional specific objectives can be included where the Auditor is requested to
report on specific matters. If not this option should be removed.>

Code of Conduct
DAHW has formulated a Code of Conduct as a central guideline and reference to all staff and
officials to support them in their work and in their day-to-day decision making process.
We refrain not only from corruption but also clearly from sexual abuse of any person. We
therefore take protective measures.

 to examine whether all staff received and signed our Code of Conduct and know where any
cases of abuse shall be reported to. (Documents “Code of Conduct” and “Internal
Complaints Management Mechanism”)

3. Standards and Guidance

The Auditor who performs this financial and internal control systems audit is governed by:
 The IFAC International Standards on Auditing ('ISAs') for Audits of Historical Financial
Information insofar as these can be applied in the specific context of a contractual
compliance audit;
 IFAC International Standard on Assurance Engagements ('ISAE') 3000 for Assurance
Engagements other than Audits or Reviews of Historical Financial Information insofar as it
can be applied in the specific context of an internal control systems audit intended to
provide assurance that risks to the achievement of the objectives of the Project are properly
managed and controlled.
 The IFAC Code of Ethics for Professional Accountants (issued by IFAC's International
Ethics Standards Board for Accountants (IESBA), which establishes fundamental ethical
principles for Auditors with regard to integrity, objectivity, independence, professional
competence and due care, confidentiality, professional behaviour and technical standards;

ToR Financial and Internal Control Systems Audit Template January 2017 5 of 14
4. Requirements for the Auditor
By agreeing to these ToR the Auditor confirms that he/she meets at least one of the following
conditions:
 The Auditor and/or the firm is a member of a national accounting or auditing body or
institution which in turn is member of the International Federation of Accountants (IFAC).
 The Auditor and/or the firm is a member of a national accounting or auditing body or
institution. Although this organisation is not member of the IFAC, the Auditor commits
him/herself to undertake this engagement in accordance with the IFAC standards and
ethics set out in these ToR.
 The Auditor and/or the firm is registered as a statutory auditor in the public register of a
public oversight body and this register is subject to principles of public oversight as set out
in the legislation of the country concerned.
The Auditor will employ staff with appropriate professional qualifications and suitable
experience with IFAC standards, in particular International Standards on Auditing and with
experience in auditing financial information of entities comparable in size and complexity to the
Entity.

5. Scope of the audit

The audit will be performed at [location(s)]. <indicate the correct location(s) where the audit
is to be performed>. The Auditor should confirm the location(s) and time schedule for the
audit with the Entity prior to the start of the audit fieldwork and ensure that relevant supporting
documents as well as key staff will be available during the audit. The Auditor should take into
account that the DAHW Regional / Programme office normally requires meetings to prepare
the audit and to discuss the draft report.
If the audit scope covers several projects (Office and directly implemented projects) a
separate and specific audit report should in principle be issued for each audited project
(Grant letter + budget + general conditions, plan of action).
The subject of the audit is:
 the expenditure and revenue as stated in the Financial Report of the Project(s) for
the period from [date] to [date]; and
 the design and operating effectiveness of the Internal Control Systems in this
period.
The Auditor will inform DAHW Regional / Programme office (or DAHW Headquarters) as soon
as possible about any limitations in the scope of work he/she may find prior to or during the
audit.
The Auditor will report any attempt by the Entity to restrict the scope of the audit, or any lack of
co-operation on the part of the Entity.

ToR Financial and Internal Control Systems Audit Template January 2017 6 of 14
6. Audit Procedures
The Auditor should exercise due professional care and judgement and determine the nature,
timing and extent of audit procedures to fit the objectives, scope and context of the audit. The
Auditor should in accordance with ISAs, prepare audit documentation and obtain sufficient
appropriate audit evidence to support audit findings and to draw reasonable conclusions on
which to base the audit opinion. The Auditor uses professional judgement to determine
whether audit evidence is sufficient and appropriate.
The Auditor’s procedures should include:
 Obtaining an understanding of the engagement context.
 The Auditor should obtain a sufficient understanding of the engagement context
including the Project, the Entity and the DAHW regulations which apply to the Project.
 The Auditor should identify controls which are relevant and appropriate to the Entity.
 The audit should cover an examination of the Entity's control environment and more
specifically of:
 Documentation, filing and record keeping for expenditure and income.
 Asset management (including procurement process and procedures). This concerns
management and control of Project fixed assets (such as vehicles, equipment etc.).
 Cash and bank management (treasury).
 Accounting and financial reporting (including underlying transaction processing systems
and financial ledgers). Project accounting is done with Winpaccs Accounting and
reporting with Winpaccs Cost control.
 Computerised information systems (IT).
 Budgetary and expenditure control.
 Human resources, payroll processes and time management.
The understanding should be sufficient to identify and assess the
 risks of material errors or misstatements in the expenditure and revenue stated in the
Financial Report, whether caused by error or fraud; and
 the main risks to the achievement of the objectives of the Project including risks to the
Project funding provided not being used in conformity with the applicable conditions.
The Auditor should assess the main risks. This work involves an assessment of the risks that:
 the Financial Report of the Project is not reliable i.e. that it does not present , in all
material respects, the actual expenditure incurred and the revenue received for the
Project;
 the Project funds have not in all material respects, been used in conformity with
applicable contractual conditions;
 fraud and irregularities can occur or have occurred which have an impact on Project
expenditure and income.

ToR Financial and Internal Control Systems Audit Template January 2017 7 of 14
The Auditor should assess whether the design of the Internal Control Systems sufficiently
mitigates those risks and whether it is operating effectively. A weakness or a deficiency in
controls exists where an internal control is designed, implemented or operated in such a way
that it is unable to prevent, or detect and correct errors, or where a necessary internal control is
missing.

7. Selection expenditure for verification

The Auditor applies the principles and criteria set out below when planning and performing the
specific verification procedures for selected expenditure. Verification by the Auditor and
verification coverage of expenditure items does not necessarily mean a complete and
exhaustive verification of all the expenditure items that are included in a specific expenditure
heading or subheading.
The Auditor should ensure a systematic and representative verification. Depending on certain
conditions (see further below) the Auditor may obtain sufficient verification results for an
expenditure heading or subheading by looking at a limited number of selected expenditure
items.
The Expenditure Coverage Ratio (ECR) represents the total amount of expenditure verified by
the Auditor expressed as a percentage of the total amount of expenditure reported in the
Financial Report.
The Auditor ensures that the overall ECR is at least 65%. If he finds an exception rate of
less than 10% of the total amount of expenditure verified (i.e. 6.5 %) the Auditor finalises the
verification procedures and continues with reporting.
If the exception rate found is higher than 10%, or if the Auditor assesses serious weakness or
deficiencies in respective controls with major risks, or any other reasonable suspicion, the
Auditor extends verification procedures until the ECR is at least 85% up to 100%.
The Auditor ensures that the ECR for each expenditure heading and subheading in the
Financial Report is at least 50%. (ILEP 1 Investments, 1.1 Buildings etc.)
The Auditor verifies the selected expenditure items and reports all the factual findings and
exceptions.

8. Procedures to verify the eligibility of costs

The Auditor verifies, for each expenditure item selected, the eligibility criteria set out below.
 Costs actually incurred
The Auditor verifies that the expenditure for a selected item was actually incurred by
and relates to the Beneficiary. For this purpose the Auditor examines supporting
documents (e.g. invoices, contracts) and proof of payment. The Auditor also examines
proof of work done, goods received or services rendered and he/she verifies the
existence of assets if applicable.

ToR Financial and Internal Control Systems Audit Template January 2017 8 of 14
  Implementation period
The Auditor verifies that the expenditure for a selected item was incurred during the
implementation period of the Action.
 Budget
The Auditor verifies that the expenditure for a selected item was indicated in the budget.
 Necessary
The Auditor verifies whether it is plausible that the expenditure for a selected item was
necessary for the implementation of the Plan of Action.
 Records
The Auditor verifies that expenditure for a selected item is recorded in the Winpaccs
accounting system and was recorded in accordance with the applicable accounting
standards and the usual cost accounting practices (cash based accounting).
 Justified
The Auditor verifies that expenditure for a selected item is substantiated by evidence
and notably the supporting documents.
 Valuation
The Auditor verifies that the monetary value of a selected expenditure item agrees with
underlying documents (e.g. invoices, salary statements) and that correct exchange
rates are used where applicable.
 Classification
The Auditor examines the nature of the expenditure for a selected item and verifies that
the expenditure item has been classified under the correct (sub)heading of the Financial
Report.
 Compliance with Procurement
Where applicable the Auditor examines which procurement rules apply for a certain
expenditure item. The Auditor verifies whether the expenditure was incurred in
accordance with DAHW Regulations by examining the underlying documents of the
procurement and purchase process. Where the Auditor finds issues of non-compliance
with procurement rules, he/she reports the nature of such events as well as their
financial impact in terms of ineligible expenditure.
 Vouchers
The auditor verifies that the expenditure voucher or invoice is easily traceable through
regional / programme office stamp and a unique voucher number on the original
document.

ToR Financial and Internal Control Systems Audit Template January 2017 9 of 14
9. Audit Reporting
<Option 1 (standard)> A specific and separate audit report should be issued for each
audited entity (Grant letter). <Remove if not applicable>.
<Option 2 (exceptional): this option can only be used if and when the audit covers a series of
grant letters which are implemented by the same entity and the results of the audit (findings
and opinion) can be aggregated in one audit report>. One audit report should be issued for the
following grant letters: <specify grant letters> <remove if not applicable>.
The report should be presented in [language]. [An executive summary of the audit report in
[English] should be provided along with the report.] <remove if not applicable>.

Audit Findings and Recommendations

All audit findings and recommendations should be reported in a management letter. The
Auditor should explicitly state and specify results (satisfactory and unsatisfactory) of specific
procedures for obtaining audit evidence in case of doubt or uncertainty with regard to the
eligibility of expenditure in the report. The management letter should include all financial
findings made by the Auditor regardless of the amount involved.
It should also provide at a minimum the following information:
 An assessment of the internal control system with equal emphasis on (i) the
effectiveness of the system in providing the project management with useful and timely
information for the proper management of the project and (ii) the general effectiveness
of the internal control system in protecting the assets and resources of the project.
 A description of any specific control weaknesses noted in the financial management of
the project and the audit procedures followed to address or compensate for the
weaknesses. Recommendations to resolve/eliminate the internal control weaknesses
noted should be included.
 Comments as to whether recommendations made in the management letter for the
previous audit were implemented or, if not, the implementation status.

The completed form “Summary Findings” (see annex) shall be part of the management letter.

Debriefing meeting with DAHW Regional / Programme office

DAHW Regional / Programme office foresees a meeting with the Auditor after receipt of the
draft audit report. The draft audit report is also to be sent to DAHW HQ.

Recommendations for Improvement

ToR Financial and Internal Control Systems Audit Template January 2017 10 of 14
Recommendations should be directed to a specific entity so there is no confusion regarding
who is responsible for implementation. The response of the entity should be included in the
management letter, immediately following the recommendation. Also, the auditor may wish to
comment on “good practices” (if any) that were developed by the entity.

ToR Financial and Internal Control Systems Audit Template January 2017 11 of 14
ANNEX

Summary of Findings
PROJECT [Name and No./Country]

PERIOD AUDITED FROM [date] TO [date]

General Information

% of total Project % of the total

expenditure amount of
Description amount reported expenditure
(Expenditure verified
Coverage Ratio) (exception rate)
Total amount of expenditure
[ amount ] %
verified by the Auditor
Financial findings (ineligible
[ amount ] %
expenditure established)

Financial Findings

Financial findings

compliance issue / reason for ineligible no(1) of

N° Total Amount [currency]
expenditure findings

1 Missing / inadequate documentation

2 No written approval from appropriate official

3 Incorrect procurement procedure applied

Budget exceeded without prior approval (see
4
actual DAHW Budget Handling Procedures).
5 Expenditure not for project purposes

6 Fraud and irregularities

7 Income not declared / not reported

8 Other financial findings

9 Other financial findings (add further lines)

2*
Total financial findings
(1) This is the number of times a finding for the compliance issue concerned was made.

12 of 14
Internal Control Findings
no number of
finding findings
N° internal control issue s (mark Observations, implications and recommendations
priority priority
with a
cross) 1* 2*
Asset management: procurement
1
process and procedures are observed
Asset management: assets are
2 labelled with identification numbers
and added to the asset register
Inventory is properly managed, use is
3 controlled. (Log books are kept for
vehicles.)
Cash and bank management: there is
4 a separate cash book for each project;
cash transactions are recorded daily
Cash and bank management: all
payments are subject to a procedure
5 of authorisation (approval from an
appropriate official) which is always
observed
Cash and bank management: bank
6 accounts signatories are according to
DAHW policy
Cash and bank management: Cash
7 book and bank accounts are
reconciled monthly
Accounting: all entries are subject to
8
an original voucher
Accounting: all entries are supported
9
by an adequate documentation

13 of 14
 no number of
N° finding findings
internal control issue s (mark Observations, implications and recommendations
priority priority
with a 1* 2*
cross)
Accounting: all payment vouchers are
10
cancelled after payment
Accounting: accounting software is
11
properly handled by the accountant
Different personal is in charge of cash
12
and book keeping
Budgetary and expenditure control:
13 financial reports are established and
forwarded to HQ in time
Budgetary and expenditure control:
14
there is a regular budget control
Human resources: there is a valid
15
contract for all national staff
Human resources: national labour,
16 income tax and social security
regulations are observed
All staff are familiar with Code of
17 Conduct and Internal Complaint
Management Mechanism

18 Other (add further lines)

* Priority levels for ranking recommendations:

Priority 1 – Prompt specific action is required. Key internal controls are absent or are not complied with on a regular basis. There is a fundamental weakness or deficiency in an
internal control or in a series of internal controls which involves a substantial risk.
Priority 2 – Specific remedial action is desirable. There is a weakness or deficiency in internal control which, although not fundamental, relates to shortcomings which expose
specific internal control areas.

14 of 14