Submission of the updated Audit Strategy

Lõkke 4 / 10122 Tallinn / 663 8200 / [email protected] / www.rtk.ee / Registrikood 70007340

Christoph Liechti

Embassy of Switzerland to Latvia, Lithuania

and Estonia

[email protected] Ours 31.12.2025 no 11.1-5/25/2679-1

Smilšu iela 8 Riga

LV-1050 LATVIA

Submission of the updated Audit Strategy

Dear Mr Liechti,

The National Coordination Unit of the Swiss-Estonian Cooperation Programme hereby submits

the updated Audit Strategy and the General Checklist to be used in audits of Support Measures.

Yours sincerely,

(signed digitally)

Urmo Merila

Deputy Director General

Annexes:

Annex 1 Audit Strategy

Annex 2 General Checklist

Helena Musthallik +372 56466003

[email protected]

SWISS-ESTONIAN COOPERATION FACILITY

AUDIT STRATEGY

As prepared by:

AUDIT AUTHORITY

SITUATED IN

Ministry of Finance of the Republic of Estonia

29th of December 2025

TABLE OF CONTENTS

INTRODUCTION ....................................................................................................................................... 3

RISK ASSESSMENT ................................................................................................................................... 3

METHODOLOGY ....................................................................................................................................... 4

Overview.............................................................................................................................................. 4

Walkthrough ........................................................................................................................................ 4

Audits of the management and control systems at the level of the Cooperation Facility ................. 5

Audits of Support Measures ................................................................................................................ 6

AUDIT WORK PLANNED ........................................................................................................................... 7

RESOURCES .............................................................................................................................................. 8

INTRODUCTION

The Framework Agreement for the implementation of the second Swiss Contribution to selected

Member States of the European Union was entered into between the Swiss Federal Council and the

Government of the Republic of Estonia on the 21st of November 2022. The country-specific setup of

the Swiss Contribution along with the Framework Agreement will be henceforth referred to as “Swiss-

Estonian Cooperation Facility”.

As per the country-specific setup, the Audit Authority is the Financial Control Department of the

Ministry of Finance of the Republic of Estonia. The Audit Authority is solely responsible for drawing up,

monitoring, and updating the audit strategy.

The functions of the Audit Authority are set out in Regulations on the implementation of the second

Swiss Contribution to selected Member States of the European Union. In addition to that, the tasks of

the Financial Control Department are stipulated with the statute of the Ministry of Finance and

specified with the statute of Financial Control Department, which functions as the audit charter.

With the decree of the Government of Estonia No 177 from 22nd of December 2011, the Financial

Control Department as the Audit Authority is subordinated directly to the Secretary General of the

Ministry of Finance. That ensures its functional and organizational independence within the Swiss-

Estonian Cooperation Facility, as the National Coordination Unit and the Paying Authority of the Facility

are situated in the State Shared Service Centre.

RISK ASSESSMENT

National Coordination Unit is responsible for the overall risk assessment of the Swiss-Estonian

Cooperation Facility, including the methodology, coordination, and consolidation of the results of the

risk assessment.

In addition to the risk assessment exercise coordinated by the National Coordination Unit, the Audit

Authority carries out its own, independent risk assessment to compose the annual audit plan, including

audits of the management and control systems at the level of the Cooperation Facility as well as audits

of Support Measures.

The risk assessment is carried out annually, before the composition of annual audit plan, considering

the risk components of impact, likelihood and implemented internal control measures. The risk factors

to be considered for risk assessment exercise are the following:

- Results of risk assessment carried out by the National Coordination Unit.

- Results of audits of the management and control systems as well as audits of Support Measures.

- The quantity and frequency of errors and the error rate of previous accounting year or years.

- Any other indications of significant risks or weaknesses.

METHODOLOGY

Overview

According to the statute of the Financial Control Department, all the auditors of the department must

follow the Global Internal Audit Standards and related materials issued by the Institute of Internal

Auditors.

There are no discrepancies between the standards for professional practice of internal auditors which

are established by the decree of Minister of Finance of Estonia and International Standards for the

Professional Practice of Internal Auditing issued by the Institute of Internal Auditors.

To obtain assurance of the Swiss-Estonian Cooperation Facility as a whole, the Audit Authority shall

carry out audits of the management and control systems at the level of the Cooperation Facility as well

as audits of Support Measures.

The Audit Authority shall carry out those audits for each accounting year running from 1st of July on

the year N-1 to 30th of June on the year N (with an exception for the first accounting year which shall

cover the period from the signing of the Framework Agreement on the year N-1 until the 30th of June

on the year N).

It is the sole responsibility of the Audit Authority to prepare and submit to Switzerland for each of

those accounting years and not later than 31st of March of the year N+1 an Annual Audit Report along

with the Audit Opinion signed by the head of the Audit Authority. The Annual Audit Report shall include

all data of the audits carried out for the accounting year, including findings and measures taken.

The Audit Authority will not produce a separate manual for carrying out those audits. Instead, the

Audit Authority will rely on the audit methodology developed by the Department of Financial Control

as well as on the principles outlined in Regulations on the implementation of the second Swiss

Contribution.

However, a short description of audit principles along with the main elements to be verified shall be

outlined in the audit strategy. The Audit Authority will also prepare general checklists to be used in

audits of the management and control systems as well as audits of Support Measures. Those checklists

will be annexed to the audit strategy.

Also, every audit will be thoroughly planned with the reasons, processes, risks, goals, and extent of

defined and agreed on in detail during the planning process. This thorough planning process precludes

the need for a separate manual.

Walkthrough

The methodology used by the Audit Authority is compliant with the Global Internal Audit Standards as

operated by the Institute of Internal Auditors.

The audits are carried out assuming full and unhindered access by the auditors for all documents and

information necessary.

All auditors included in the audit activities must sign a declaration of independence and objectivity in

relation to the audit scope.

All engagements are communicated to the auditees beforehand. The audit engagements include desk-

based checks of documents and other information, with additional on-site visits, if necessary.

The communication of all results, including irregularities, errors and corrective measures, is always

provided to the auditee as well as the Managing Authority. The auditee has always the right to

comment on the results of the audit before the final report is issued.

The corrective measures recommended by the Audit Authority are always reviewed later to ensure

that they are carried out in a sufficient manner.

All audit documents are archived in accordance with the principles of the Cooperation Facility.

The materiality level for the annual reporting is set at 2% of the amounts included. For annual

reporting, any extrapolated final residual error rates above should be met with corrective action at the

level of the Cooperation Facility.

Audits of the management and control systems at the level of the Cooperation Facility

The Audit Authority will not produce a separate manual for the audits of management and control

systems. Instead, the Audit Authority will rely on the audit methodology developed by the Department

of Financial Control as well as on the principles outlined in Regulations on the implementation of the

second Swiss Contribution

To obtain assurance and to express the opinion on the functioning of the management and control

systems, audits at the level of the Cooperation Facility shall be carried out. Those audits shall aim to

provide the Audit Authority with assurance that the management and control systems in the Partner

State are functioning effectively and in compliance with the Framework Agreement and national law

of the Partner State.

The crucial bodies to be audited are the National Coordination Unit, the Paying Authority (the tasks of

which are also taken on by the National Coordination Unit) and any Intermediate Bodies that carry out

tasks of the Cooperation Facility. Those bodies shall be audited at least once during the

implementation period of the Cooperation Facility.

Additionally, there are crucial aspects of the implementation of the Cooperation Facility that shall also

be audited at least once during the implementation period, either along with the audits of the bodies

carrying out the implementation of those aspects, or separately. Those are the following.

- The definition of the functions of the bodies involved in the management and control of the Cooperation Facility and the allocation of functions within each body.

- Compliance with the principle of separation of functions between and within such bodies.

- The procedures and embedded controls for ensuring the correctness and regularity of expenditure.

- The reliability of the accounting, monitoring and financial reporting.

- The reporting and monitoring systems where the responsible body entrusts the execution of tasks to another body.

- The system to ensure that all documents regarding expenditures and audits are held to ensure an adequate audit trail.

- The procedures ensuring that the rules on public procurement are correctly applied.

- The procedures for preventing, detecting, reporting, correcting and prosecuting irregularities.

Audits of Support Measures

The Audit Authority will not produce a separate manual for carrying out the audits of support

measures. Instead, the Audit Authority will rely on the audit methodology developed by the

Department of Financial Control as well as on the principles outlined in Regulations on the

implementation of the second Swiss Contribution.

The Audit Authority has prepared a general checklist to be used in audits of Support Measures. This

checklist has been annexed to the audit strategy as Annex 1 (no updates since the last audit strategy).

The planning of the audit of Support Measures will be based on the following

- Accounts presented to the Audit Authority, that will be tested in full.

- Expenditure presented to the Audit Authority, that will be audited in accordance with a non- statistical or statistical sampling.

- Risk assessment of the management and control system, based on which audits of management and control system are carried out.

Audits of Support Measures shall be carried out by the Audit Authority to obtain assurance and to

express the opinion on the following crucial matters.

- Accuracy, completeness, and veracity of the accounts.

- Legality and regularity of expenditure.

- Existence, adequacy and effectiveness of the management and control system.

To obtain assurance and to express the opinion on accuracy, completeness, and veracity of the

accounts, an audit of accounts shall be carried out by the Audit Authority for each accounting year.

The audit of accounts shall consider the results of audits of the management and control systems as

well as the results of audits on the legality and regularity of expenditure along with the existence,

adequacy and effectiveness of the management and control system. In addition, the audit of accounts

shall consider the results of any other audits or checks carried out at the Cooperation Facility.

The audit of accounts shall aim to provide reasonable assurance on the completeness, accuracy, and

veracity of the amounts declared in the accounts.

To obtain assurance and to express the opinion on legality and regularity of expenditure, audits of

expenditure shall be carried out by the Audit Authority for each accounting year.

The audits of expenditure shall be carried out on the entirety of the expenditure for each accounting

year and with a sampling method that shall ensure a random selection of each sampling unit from the

population. If possible, a statistical sampling method shall be used for making that selection. However,

the Audit Authority assumes at this stage that the population for each accounting year will be less than

50 units, making a non-statistical sampling method the reasonable option of choice.

In composing the random sample, the following principles shall be used.

- At least 10% of items (either projects or other programme components) for which expenditure has been declared during an accounting year and at least 15% of the expenditure which has been declared during the same accounting year must be included in the sample.

- The selection of those items shall be done with a simple random equal probability principle.

- Any negative items in the population shall be separated from the population before drawing a sample and examined as a separate population.

- Any irregularities found because of the audits of expenditure shall be extrapolated in line with the principles of non-statistical sampling and this extrapolation shall form the basis for the assurance obtained and opinion given on those audits.

To obtain assurance and to express the opinion on existence, adequacy and effectiveness of the

management and control system, the Audit Authority considers both the results of audits of the

management and control systems at the level of the Cooperation Facility and the results of the audits

of expenditure for each accounting year.

For results considered this way, the Audit Authority shall pay specific attention to whether any errors

detected in those audits that are related to existence, adequacy and effectiveness of the management

and control system are random or systemic.

In addition to that, the Audit Authority shall pay specific attention to whether any such errors point to

a risk of fraud, corruption, conflict of interest, or double funding. Any of those risks shall be treated as

the highest priority.

AUDIT WORK PLANNED

The first audit of the management and control systems at the level of the Cooperation Facility was

carried out by the Audit Authority during the year 2025. Thereon, at least one such audit shall be

carried out for each accounting year, unless otherwise proposed by the Audit Authority in the Annual

Audit Report and agreed on with the acceptance of the same Annual Audit Report.

The audits of expenditure shall be carried out by the Audit Authority for each accounting year for which

expenditure has been declared and in line with the principles of sampling approved in the Audit

Strategy. In addition to that, an audit of accounts shall also be carried out by the Audit Authority for

each accounting year for which expenditure has been declared.

Work plan for the year 2025:

• One systems audit was carried out: “Audit of the description of the management and control

system of the State Shared Service Centre as a national coordination unit” no JKS-3/2025.

• From the ten projects that received funding during the accounting period, one project was

selected for auditing (respecting the non-statistical sampling principles): project No

Šveits.1.02.25-0006 in the amount of € 445 675,53 (organization Environmental Board). This

audit is being started and will be finalized by the time of annual reporting.

Work plan for the year 2026:

• A risk assessment will be carried out to select a subject for auditing systems. The subject

selected will then be audited.

• A sample will be selected for auditing expenditure based on the costs of the accounting period.

The sample selected will then be audited.

RESOURCES

The Audit Authority resources allocated by the Financial Control Department for the Swiss-Estonian

Cooperation Facility amount to 0,75 full-time equivalent. This may be divided between more than one

auditor of the Financial Control Department, to ensure the best possible audit team for the tasks at

hand as well as the principles and necessities of the work in the Financial Control Department.

Approved by

(Signed electronically)

Anu Alber

Head of the Financial Control Department of the Ministry of Finance

Head of the Audit Authority

Annex 1: General checklist for auditing Support Measures