This is an HTML version of an attachment to the Freedom of Information request 'Guideline on Internal Audit'.


 
Ref. Ares(2013)2774382 - 30/07/2013
EUROPEAN COMMISSION 
INTERNAL AUDIT SERVICE 
 
 
 
The Director General-Internal Auditor of the Commission 
Brussels,            
ARES (2009)       
NOTE FOR THE ATTENTION OF 
Pick from list ADD NAME, DIRECTOR, AGENCY - Pick from list 
Subject: 
IAS Audit on "Add title" - Announcement Letter 
According to the Pick from list IAS Audit Plan, I would like to inform you that an audit 
on "Activity / Process" is scheduled to start in your Agency on dd/MM/yyyy and be 
finalised by dd/MM/yyyy. The audit will be conducted in accordance with the attached 
"Mutual Expectations Paper" which also summarises the key milestones of the audit 
process. The audit team will be supervised by Chose Name. The team leader will be 
Pick from list Chose Name and the team members will be Pick from list Chose Name and 
Pick from list Chose Name. 
As specified in the Mutual Expectations paper, we will need a contact person in your 
Agency. Would you please let us know by dd/MM/yyyy (2 weeks) the person you have 
designated for this purpose. 
As soon as you have provided us with the name of the contact person, we will get in 
touch in order to discuss logistical matters. 
Prior to the start of the fieldwork, some preliminary interviews may take place. In this 
context, the Audit Manager and the Team Leader will provide details on the audit 
objectives, the planned scope, and the audit methodology. We can then have an exchange 
of views on the audit and obtain your expectations and suggestions for the engagement. 
In conducting this audit, the auditors may collect personal data, as described in Council 
Regulation 45/2001 and the internal auditor is required to inform the data subject under 
Article 20.31 of the same Regulation. This is explained in a standard letter, provided as 
attachment 2 to the present note, which we kindly ask you to send to all staff concerned2. 
                                                 
1 Article 20 – "Exemptions and restrictions" of Regulation (EC) 45/2001. If a restriction provided for by 
paragraph 1 is imposed, the data subject shall be informed, in accordance with Community law, of the 
principal reasons on which the application of restriction is based on and of his or her right to have 
recourse to the European Data Protection Supervisor. 

2 Director(s), Head(s) of Unit and relevant staff concerned by the audit. 
Commission européenne, B-1049 Bruxelles / Europese Commissie, B-1049 Brussel - Belgium. Telephone: (32-2)299 11 11. 
Office: MADO 27/032. Telephone: direct line (32-2)295.46.27. Fax: (32-2)295.41.40. 
 
E-mail: xxxxx.xxxx@xx.xxxxxx.xx 

Brian GRAY 
Encl.: 
1. Mutual Expectations Paper 
2. Note to the Auditee on Handling of Personal Data 
3. Office and IT Facilities 
C.c.: 
Pick from list Add Name, Chairman of the Board, 
AGENCY - Pick from list 
Mrs A. KAŹMIERCZAK, Director Horizontal Affairs, IAS.A