Obligations related to Audit Report Staus
(Excerpt of ERCA Policy v.2.1)
5.3.43 - The MSA audit shall establish whether the Requirements of this Section are being maintained.
5.3.44 - The MSA shall perform the first Audit within 12 months of the start of the operations covered by the approved policy.
When an Audit finds no evidence of non-conformity, the next Audit may be performed within 24 months.
When an Audit finds evidence of non-conformity, the next Audit shall be peformed within 12 months.
5.3.45 - The MSA shall report the results of the audit as mentioned in 5.3.43 and provide the audit report, in English, to the ERCA.
5.3.46 - The audit report shall define any corrective actions, including an implementtation schedule, required to fulfill the MSA obligations.
* The start of the audit period corresponds with the start of the MSA key ceremony, a date that ERCA does not know, after MSA Policy approval and before the first ERCA issuance for the MSA.
* The MSA audit report will specify (a posteriori) the start of the MSA key ceremony.
* An audit report has to be sent by each MSA, independently of the fact that they are sharing some common services or infrastuctures.
* The audit report requested by ERCA is different from the report that an MSA would receive from an external company. ERCA does not need to receive the detail of all audit control activities.
* If all MSA obligations have been fulfilled correctly, the MSA audit report is short, basically stating that (a) an audit has been performed,(b) the scope of the audit (what system, when it started to be operational) and (c) no breach of obligations have taken place during operation.
* In case of breach, the MSA has also to include "... any corrective actions, including an implementation schedule." In the following tables is reported the reception of these audit reports for the E.C. Member States and in the second one, for the AETR Member States.
|M.S.A.||Last Report||Previous Reports|
|S.A.||Last Report||Previous Reports|