Scope of the Statutory Auditor's Certifications Regarding Social Security Contributions

Following Technical Concept No. 0110 issued in April 2026 by the Technical Council of Public Accounting (CTCP), it is important to recall the limits of these certifications and the responsibilities that remain with an entity's management.

Within the professional practice of auditors serving as statutory auditors, discussions frequently arise regarding the scope of statutory audit responsibilities. In practice, however, questions continue to emerge concerning the extent of our authority and obligations. Although Article 207 of the Colombian Commercial Code clearly establishes the statutory auditor's functions, it is still common to receive requests expecting the auditor to provide a definitive opinion on matters that exceed the legal scope of the engagement, assuming that the auditor's public faith grants the final word on issues beyond professional responsibilities.

Limits of Statutory Auditor Certifications

These requests often come from government agencies and supervisory authorities seeking confirmation of companies' balances related to social security obligations. They expect the statutory auditor to fully certify such information. However, it is often overlooked that, as an independent external professional, the statutory auditor does not have unrestricted access to all information maintained on external platforms, nor to data administered by third parties, nor the ability to independently verify every individual employment condition affecting workers.

Although statutory auditors are authorized to issue these certifications, Article 50 of Law 789 of 2002 establishes that such certifications must be based on accounting records, accrued payroll information, and the corresponding PILA payment forms that have actually been paid. Consequently, it is essential to distinguish that this certification does not constitute a clearance certificate ("good standing certificate") issued by the creditor of the obligation.

CTCP Technical Concept No. 0110 of 2026

To reinforce this distinction, the Technical Council of Public Accounting issued Technical Concept No. 0110 in April 2026, clarifying that statutory auditors may certify social security contributions only when sufficient and appropriate audit evidence has been obtained.

Such review should include, among other elements:

• The company's accounting records.
• Accrued payroll records.
• Properly paid PILA contribution forms.

Based on this evidence, the statutory auditor may reach a reasonable conclusion regarding the information examined. Nevertheless, the Concept expressly states that such certification does not constitute a full clearance certificate for balances recorded in external systems managed by organizations such as health insurance providers (EPS), pension funds (AFP), or occupational risk administrators (ARL).

Management's Responsibility

Whenever sufficient evidence is unavailable or inconsistencies are identified in the information provided, the statutory auditor must promptly communicate these matters to management, reminding them of their responsibility for complying with labor and social security obligations and for maintaining the supporting documentation.

Likewise, it should be emphasized that reconciling balances with the various social security administrators or replacing the oversight functions assigned to those entities does not fall within the statutory auditor's responsibilities. This distinction is precisely where professional independence is demonstrated with respect to management's exclusive responsibilities.

Scope of Public Faith

It is important to note that although statutory auditors are empowered to perform specific reviews of their clients' information, these powers do not extend to obtaining unrestricted access to social security systems or performing comprehensive validations of those systems. Neither do they include resolving inconsistencies arising from contribution calculations, collections, or billing processes managed by third parties.

The public trust granted to statutory auditors does not expand their legal responsibilities beyond those established by law. Instead, it requires them to act strictly within the limits of the evidence obtained while maintaining independence from responsibilities that belong exclusively to management.

Final Considerations

Accordingly, certifications issued by statutory auditors must always be understood within the scope of their legal functions and the evidence gathered during the audit. Expecting these certifications to replace the validations performed by social security administrators or to serve as a comprehensive clearance certificate for all related obligations disregards both the legal and technical limitations governing statutory audits.

Finally, professional independence requires statutory auditors to recognize these limitations and to communicate, in a timely manner, any restrictions or uncertainties identified during the performance of their professional duties.

Prepared by: María Angélica Mora – Senior Auditor.

THIS ARTICLE REPRESENTS THE PROFESSIONAL OPINION OF OUR FIRM. TAX AUTHORITIES MAY DISAGREE WITH THE POSITION EXPRESSED HEREIN. SHOULD YOU REQUIRE FURTHER INFORMATION OR SPECIALIZED PROFESSIONAL ADVICE REGARDING THIS MATTER, PLEASE DO NOT HESITATE TO CONTACT US. WE WILL BE PLEASED TO ASSIST YOU.