Regulation 155 — Audit Regulations 2020
Original Rule Text
155. Requirement of and access to data, information and documents
The form, type and extent of data, information and documents required for audit tests and evidence shall be determined by Audit. Access to data, information, documents and information systems will be as provided in these Regulations. Data, information and documents would also include those obtained by the auditable entity from a third party and relied upon by it in performance of its functions. If such third party evidence as relied upon by auditable entity is found to be insufficient in Audit, additional information may be requisitioned by Audit from the auditable entity with prior approval of the Accountant General (Audit). On receipt of such requisition, the same shall be obtained by the auditable entity from the third party and provided to Audit. In certain cases, with approval of the Accountant General (Audit), information
Regulations on Audit and Accounts 2020
from third parties, for example bank confirmations etc may be obtained directly by Audit.
What This Means
The audit team decides what type, form, and extent of data, information, and documents are needed for audit tests and evidence — the auditable entity cannot limit what audit can ask for. This includes third-party documents that the entity has obtained and relied upon. If such third-party evidence is insufficient, audit can require the entity to obtain additional information from the third party. In certain cases, with the AG's approval, audit can directly obtain information from third parties (like bank confirmations) without going through the auditable entity.
This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.
Key Points
- 1Audit determines what data, information, and documents are required — not the auditable entity
- 2Third-party documents relied upon by the entity are also within audit's scope
- 3If third-party evidence is insufficient, audit can require the entity to obtain more from the third party
- 4With AG's approval, audit can directly approach third parties (e.g., for bank confirmations)
- 5Access rights are as provided in the CAG's Regulations
Practical Example
During an audit of a smart city project, the audit team requests the contract documents with a private IT vendor, including performance reports submitted by the vendor. The smart city SPV provides these but the reports are vague. The audit team, finding the third-party evidence insufficient, requires the SPV to obtain detailed deliverable-wise completion reports from the vendor. Separately, with the AG's approval, the audit team directly writes to the project's bank to confirm the amounts disbursed to the vendor.
This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.
Frequently Asked Questions
Can the auditable entity refuse to provide documents citing confidentiality?▼
When would audit directly approach a third party?▼
What if the third party refuses to provide information when requested through the auditable entity?▼
This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.