EUR-Lex Access to European Union law
This document is an excerpt from the EUR-Lex website
Document 52020DC0268
"REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL AND THE COURT OF AUDITORS Annual report to the Discharge Authority on internal audits carried out in 2019"
"REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL AND THE COURT OF AUDITORS Annual report to the Discharge Authority on internal audits carried out in 2019"
"REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL AND THE COURT OF AUDITORS Annual report to the Discharge Authority on internal audits carried out in 2019"
COM/2020/268 final
EUROPEAN COMMISSION
Brussels, 24.6.2020
COM(2020) 268 final
REPORT FROM THE COMMISSION
TO THE EUROPEAN PARLIAMENT, THE COUNCIL AND THE COURT OF AUDITORS
Annual report to the Discharge Authority on internal audits carried out in 2019
{SWD(2020) 117 final}
Table of Contents
1. Introduction
2. The Internal Audit Service mission: accountability, independence and objectivity
3. Overview of audit work
3.1. Implementation of the 2019 audit plan
3.2. Statistical data on Internal Audit Service recommendations
4. Conclusions based on the audit work performed in 2019
4.1. Conclusion on performance audits
4.1.1. Supervision strategies for the implementation of programmes by third parties
4.1.2. Control strategies for selected Directorates-General and services
4.1.3. Human-resource-management processes
4.1.4. Information-technology-management processes
4.1.5. Better regulation
4.1.6.
Reviews assessing the implementation of the new internal-control framework
in the Commission
4.1.7. Other processes
4.2. Internal Audit Service limited conclusions
4.3. Overall opinion on the Commission’s financial management
5. Consultation with the Commission’s financial irregularities panel
6. Mitigating measures for potential conflicts of interest (international internal auditing standards) — Investigation of the European Ombudsman
1.Introduction
This report presents the internal audits conducted in 2019 by the Internal Audit Service of the European Commission in the Commission Directorates-General, services and executive agencies ( 1 ), and contains: (i) a summary of the number and type of internal audits carried out; (ii) a synthesis of the recommendations made; and (iii) the action taken on those recommendations. In accordance with Articles 118(8) and 247 of the Financial Regulation( 2 ), the Commission forwards the report to the European Parliament and to the Council. It is based on the report drawn up in accordance with Article 118(4) of the Financial Regulation by the Commission’s Internal Auditor on Internal Audit Service audits and consulting reports completed in 2019 ( 3 ).
2.The Internal Audit Service mission: accountability, independence and objectivity
The mission of the Internal Audit Service is to enhance and protect organisational value by providing risk-based and objective assurance, advice and insight. The Internal Audit Service helps the Commission accomplish its objectives by bringing a systematic, disciplined approach in order to evaluate and improve the effectiveness of risk-management, control and governance processes. Its tasks include assessing and making appropriate recommendations to improving the risk-management, control and governance process to achieve the following three objectives: (i) promoting appropriate ethics and values within the organisation; (ii) ensuring effective organisational-performance management and accountability; and (iii) effectively communicating risk and control information to appropriate areas of the organisation. In doing this, the Internal Audit Service aims to promote a culture of efficient and effective management within the Commission and its departments.
The independence of the work of the Internal Audit Service is enshrined in the Financial Regulation and its mission charter ( 4 ) as adopted by the Commission. This charter stipulates that, to ensure objectivity in their judgement and avoid conflict of interest, Internal Audit Service auditors must preserve their independence in relation to the activities and operations they review. If their objectivity is impaired in fact or in appearance, the details of the impairment should be disclosed. If the Internal Auditor considers it necessary, he/she may address himself/herself directly to the President of the Commission and/or the College.
The Internal Audit Service performs its work in accordance with the Financial Regulation, the International Standards for the Professional Practice of Internal Auditing, and the Code of Ethics of the Institute of Internal Auditors.
The Internal Audit Service reports — and is accountable functionally — to the Audit Progress Committee. The Internal Audit Service: (i) reports to the Audit Progress Committee significant issues arising from its audits and potential improvements to the audited processes; (ii) provides an annual overall opinion on the state of financial management in the Commission; and (iii) reports (at least annually) on its mission and performance, as set out in its annual audit plan. This reporting includes significant risk exposures, control issues, corporate governance issues and other matters.
The Audit Progress Committee assists the College of Commissioners in fulfilling its obligations under the Treaties, the Financial Regulation and other statutory instruments. It does this by: (i) ensuring the independence of the Internal Audit Service; (ii) monitoring the quality of internal audit work; (iii) ensuring that internal and external audit recommendations are properly taken into account by the Commission services; and (iv) ensuring that these recommendations receive appropriate follow-up. In this way, the Audit Progress Committee helps improve the Commission’s effectiveness and efficiency in achieving its goals. The Audit Progress Committee also facilitates the College’s oversight of the Commission’s governance, risk-management, and internal control practices. The charter of the Audit Progress Committee was updated in 2020 to take account of the new Commission entering into office on 1 December 2019 and changes in the Committee’s membership.
The Internal Audit Service does not audit Member States’ systems of control over the EU funds. Such audits reach down to the level of individual beneficiaries, and are carried out by Member States’ internal auditors, national audit authorities, other Commission Directorates-General and the European Court of Auditors. However, the Internal Audit Service does audit measures taken by the Commission to supervise and audit: (i) bodies in Member States; and (ii) other bodies which are responsible for disbursing EU funds, such as the United Nations. As provided for in the Financial Regulation, the Internal Audit Service can carry out these duties on the spot, including in the Member States.
3.Overview of audit work
3.1.Implementation of the 2019 audit plan
By the cut-off date of 31 January 2020, 100% of the updated 2019 audit plan had been implemented. This audit plan included audits in the Commission and executive agencies ( 5 ).
155 ‘engagements’ (consisting of audits, consulting, follow-ups and reviews), as well as one other (internal) project, were completed, and 160 reports (including follow-up notes and management letters) were issued ( 6 ). A breakdown of the types of engagements and reports completed is contained in the charts below.
Source: European Commission, Internal Audit Service
The 2019 initial plan contained 44 audit engagements (consisting of audits, reviews and consulting engagements, but excluding follow-ups) which were planned to be completed by the cut-off date of 31 January 2020. Furthermore, the plan contained 29 additional engagements which were planned to start before this cut-off date and to be completed after the cut-off date in 2020. The 2019 plan was updated at mid-year. Both the initial and updated plans were considered by the Audit Progress Committee.
The Internal Audit Service plans its audit work on the basis of a risk assessment and a capacity analysis. This is required by its charter and the international standards and helps to ensure efficient and effective implementation of the audit plan. The implementation of the audit plan is then regularly monitored and adjustments are made as necessary.
3.2.Statistical data on Internal Audit Service recommendations
The number of recommendations issued by the Internal Audit Service in 2019 can be seen in the figure below ( 7 ).
Source: European Commission, Internal Audit Service
In 2019, the auditees accepted all 136 recommendations issued by the Internal Audit Service. For all recommendations, the auditees drafted action plans, which were submitted to — and assessed as satisfactory by — the Internal Audit Service.
Over the period 2015-2019, 1,704 (87%) of the total 1,949 (partially) accepted recommendations ( 8 ) made by the Internal Audit Service were assessed as implemented by the auditees at the cut-off date of 31 January 2020 ( 9 ). This leaves a total of 245 recommendations (13%) that are still open.
Source: European Commission, Internal Audit Service
Of these 245 open recommendations, 71 are rated very important and 64 are overdue (i.e. not implemented by the originally agreed implementation date). These overdue recommendations represent 3.3% of the total 1,949 (partially) accepted recommendations. Of these 64 overdue recommendations, 6 very important recommendations are classified as long overdue (a recommendation is long overdue when the recommendation is still open more than 6 months after the original implementation date). These very-important long-overdue recommendations represent 0.3% of the total number of critical and very important accepted recommendations in the period 2015-2019 (compared to 0.9% in the previous reporting period).
Source: European Commission, Internal Audit Service
Overall, the Internal Audit Service considers the implementation of the audit recommendations to be satisfactory and comparable to previous reporting periods. This state of play indicates that the Commission services are diligent in implementing the critical and very important recommendations, and that they therefore mitigate the risks identified by the Internal Audit Service. Nevertheless, attention should be paid to the individual recommendations rated very important which are long overdue (i.e. more than 6 months overdue).
A summary of these very important and long overdue recommendations is provided in annex to this report - part 3. A dedicated report on the implementation of internal audit recommendations was drawn up and sent to the Audit Progress Committee.
4.Conclusions based on the audit work performed in 2019
4.1.Conclusion on performance audits
To contribute to the Commission’s performance-based culture and its greater focus on value for money, the Internal Audit Service carried out two types of audits in 2019: performance audits ( 10 ) and audits which include important performance aspects (comprehensive audits). Carrying out both of these types of audit was part of the Internal Audit Service’s 2019-2021 strategic audit plan.
In line with its methodology and best practice, the Internal Audit Service approached performance in an indirect way. It does this by examining whether and how management has set up control systems to assess and provide assurance on the performance (efficiency and effectiveness) of its activities. Through this approach, the Internal Audit Service aims to ensure that Directorates-General and services have set up appropriate performance frameworks, performance measurement tools, key indicators and monitoring systems.
The following sections set out the conclusions of the Internal Audit Service on the various performance aspects of its audits carried out in 2019.
4.1.1.Supervision strategies for the implementation of programmes by third parties
In previous years, the Internal Audit Service performed several audits focusing on the supervision arrangements in place in Directorates-General and services for the implementation of programmes (and/or policies) by third parties. In its overall opinion on financial management, the Internal Audit Service formulated an emphasis of matter for 5 years in a row (2015 to 2019) on the supervision strategies regarding third parties implementing policies. The 2019 audits provide a mixed picture, with weaknesses identified (in 3 out of 5 audits completed in 2019) in the effectiveness of the audited supervision strategies. Details of this mixed picture are set out in the four bullet points below.
·In 2019, two audits were performed in the Directorate-General for Energy and the Directorate-General for Mobility and Transport. These two audits did not give rise to any critical or very important recommendations pointing to weaknesses in the existing supervision arrangements. However, one weakness was identified in the audit on the implementation of the control strategy of the Directorate-General for Energy on the delegated bodies implementing the nuclear-decommissioning-assistance programme with regard to the clearing of pre-financings, which is not directly related to the supervision strategies.
·One audit on the European Union Finance for Innovators programme (InnovFin) was performed in the Directorate-General for Research and Innovation. InnovFin forms part of the actions under the Horizon 2020 programme helping companies and other organisations engaged in research and innovation to gain easier access to debt and equity financing. It promotes a range of tailored debt and equity products to direct loans to enterprises, the implementation of which was delegated to the European Investment Bank and the European Investment Fund. Although the internal controls put in place by the Directorate-General for Research and Innovation to supervise and monitor the implementation and performance of InnovFin are based on a well-designed supervision strategy, weaknesses were identified in its performance framework and hence the reliability of the underlying data to assess its effectiveness.
·In the Directorate-General for Agriculture, the Internal Audit Service identified weaknesses in the extent to which the processes for the management, monitoring and supervision of the fruit-and-vegetables regime are effective in practice. The current legislation governing the fruit-and-vegetables regime is very much characterised by subsidiarity. In practice, this means that the Commission has limited opportunities to intervene in the management of this regime. The proposals for the common agricultural policy post-2020 go even further in this direction. Nevertheless, the Internal Audit Service identified gaps in: (i) the support and guidance provided to Member States; (ii) the information received from Member States; and (iii) the Directorate-General’s monitoring and evaluation of the fruit-and-vegetables regime.
·The Directorates-General for Regional and Urban Policy, for Employment and Social Inclusion, and for Maritime Affairs and Fisheries monitor the implementation of the 2014-2020 operational programmes on an ongoing basis through a number of monitoring activities. These monitoring activities include: (i) participating in Member State monitoring committees; (ii) reviewing annual implementation reports; (iii) holding annual review meetings with the managing authorities; and (iv) more ad hoc activities such as bilateral meetings with Member States, project visits, and targeted support to Member States. Through these various monitoring activities, the Directorates-General assess the progress made in the implementation of operational programmes, identify implementation weaknesses, and follow-up on how Member States address those weaknesses. A key monitoring event is the performance review carried out in mid-2019 and assessing the achievement of the milestones set out in the programmes’ performance frameworks. Although overall, the Directorates-General are effectively monitoring the implementation and performance of the programmes, and that the performance review was well prepared, there remain weaknesses in: (i) assessing programme performance; (ii) identifying and following-up on implementation weaknesses; and (iii) for the Directorates-General for Regional and Urban Policy and for Employment and Social Inclusion, the reliability of performance data.
4.1.2.Control strategies for selected Directorates-General and services
Directorates-General and services must ensure the legality, regularity, and sound financial management of programmes and projects financed via the EU budget. Authorising officers by delegation design a control strategy. This strategy encompasses ex ante and ex post controls that provide the key building blocks supporting the annual declaration of assurance. In 2019, the Internal Audit Service performed various audits in this area and identified several weaknesses in the performance of these processes. These weaknesses are set out in the bullet points below.
·The Executive Agency for Small and Medium Sized Enterprises is responsible for the implementation of projects under the programme for the environment and climate action. The Internal Audit Service found that, in the planning and design of its control activities, the Agency did not use risk-related information to decide on the level of the controls performed. It also found that the Agency did not assess the cost-effectiveness of these controls for the programme for the environment and climate action separately from the other programmes it implements, even though the Agency does carry out a global assessment of cost-effectiveness of all controls for all programmes managed.
·In the Directorate-General for International Cooperation and Development, the Internal Audit Service identified a weakness in the monitoring and follow-up of audits both in EU delegations and in headquarters. A similar weakness was identified in the Directorate-General for Neighbourhood and Enlargement Negotiations: although the guidance on the risk assessment leading to the establishment of the control plan and of the annual audit plan is well developed, weaknesses remain in the follow-up of audit results and the design of the key performance indicators.
·In the Directorate-General for European Civil Protection and Humanitarian Aid Operations, the Internal Audit Service identified regularity weaknesses and sound-financial-management weaknesses in the ex ante controls before final payment as well as in the ex post audits. If these weaknesses are not addressed in a timely manner, they may affect the effectiveness of the control strategy over time.
·The Service for Foreign Policy Instruments finances projects to support: (i) civilian crisis-management missions; and (ii) preparatory, follow-up and emergency measures such as common security and defence-policy missions. It obtains assurance on the implementation of the budget through: (i) a system of ex ante and ex post controls and internal monitoring arrangements; (ii) the obligations included in the agreements concluded between the Commission and each common-foreign-and-security-policy mission; and (iii) specific measures such as external audits and financial reporting by the missions. The auditors observed delays in the closure of mandates to missions and ineffective risk-mitigating measures for the implementation of the EU budget delegated to the non-pillar-assessed mission in Somalia.
·Finally, the Directorate-General for Migration and Home Affairs, which also performs the ex post audit function for the Directorate-General for Justice and Consumers, has overall put in place the necessary processes for managing the audit activity, including the clearance of accounts. Nevertheless, weaknesses exist in the set-up and planning of the audit activity, in the execution of the audit plan, and in the clearance of accounts that could have an impact on the effectiveness of these processes in practice. Although these weaknesses do not put into question the Director-General’s declaration of assurance, they raise the question as to whether the Directorate-General has the underlying capacity to address these weaknesses in practice under the current set-up.
4.1.3.Human-resource-management processes
In recent years, the Internal Audit Service has performed various audits on human-resource-management processes in several Commission Directorates-General and services. In 2018, it also sent a management letter to the Directorate-General for Human Resources and Security outlining the common issues identified in these audits.
Although the very important recommendations from previous human-resources audits have been implemented, the issues identified in previous years were also identified in two of the three human-resources audits performed in 2019. The Internal Audit Service identified weaknesses in task and skills mapping, workload assessment, and staff allocation in both the Directorate-General for Taxation and Customs Union and the European Anti-Fraud Office. Furthermore, the Internal Audit Service recommended the Directorate-General for Taxation and Customs Union to: (i) develop an overarching human-resources strategy in line with its business strategy; and (ii) implement the necessary operational measures. The European Anti-Fraud Office has already designed a human-resources strategic plan. It should now translate the objectives of this strategic plan into concrete actions and monitoring measures that ensure effective implementation of these actions on the ground to support the achievement of its operational objectives.
In contrast, the human-resources audit in the Directorate-General for Trade did not give rise to any critical or very important recommendations.
The audit on site management in the Joint Research Centre revealed two issues, relating to: (i) governance and management structures; and (ii) adequate staffing and staff expertise for site management and infrastructure-related activities.
Finally, the audit on the efficiency and effectiveness of the Health and Food Audits and Analysis Directorate in the Directorate-General for Health and Food Safety revealed weaknesses in: (i) the staffing of activities; (ii) time reporting; and (iii) performance monitoring. If these weaknesses are not addressed, they could impair the ability to provide the necessary assurances that the control systems in place in Member States and in exporting countries meet the regulatory requirements.
The audits confirmed that in the area of human-resource management both the corporate and the operational Directorates-General and services must fulfil their responsibilities. The Directorate-General for Human Resources and Security plays a key role in: (i) the design of the Commission’s human-resources policies; (ii) the design of centralised tools still to be developed; and (iii) providing specific guidance, assistance and support via the account-management centres and via corporate human-resources services. Directorates-General and services should design and implement appropriate human-resources strategies that support the achievement of their objectives and address the identified risks. They can do this via targeted actions at their level, taking into account the specificities of the Directorate-General/service, without having to wait for actions or tools initiated at corporate level. This should not only be performed at the Directorate-General or service level but also at the level of specific business processes.
4.1.4.Information-technology-management processes
Several information-technology audits focused on information-technology project-management practices. Two audits on this topic in the Directorate-General for Informatics and the Directorate-General for Education, Youth, Sport and Culture did not identify any significant performance issues. However, one issue on governance practices for the monitoring of programmes and projects was identified in the audit on information-technology governance and project management in the Publications Office. In the European Anti-Fraud Office, the Internal Audit Service also identified a number of control weaknesses in relation to the Office’s content-management tool, particularly in the early stages of the project to develop the tool. Although these weaknesses were steadily being addressed, the Internal Audit Service considered that they needed to be dealt with as a matter of urgency. Overall, the controls in place for information-technology project-management practices in the European Anti-Fraud Office did not provide sufficient assurance to mitigate the risks, and five very important weaknesses were identified.
4.1.5.Better regulation
Several aspects of better regulation were audited in various audits. These included: (i) an audit on the implementation of better-regulation principles in the preparation of the digital-single-market policy proposals of the Directorate-General for Communications Networks, Content and Technology; (ii) an audit on impact assessment in the Directorate-General for Justice and Consumers; (iii) an audit on evaluation and studies in the Directorates-General for Climate Action and for the Environment; and (iv) an audit on the monitoring of implementation of EU law in the Directorate-General for Taxation and Customs Union. No significant performance issues were identified in these areas, except at the Directorate-General for the Environment, which was recommended to: (i) strengthen its monitoring of the implementation of the external contractors’ work; (ii) streamline its document-management system and access to procurement files; and (iii) improve the supervision and quality review of procurement documents.
4.1.6.Reviews assessing the implementation of the new internal-control framework in the Commission
In 2019, the Internal Audit Service launched a series of limited reviews (in six Directorates-General ( 11 )) to assess the implementation of the new internal-control framework in the Commission. Overall, the results were satisfactory as none of the six limited reviews gave rise to any critical or very important recommendations.
4.1.7.Other processes
European statistics support the Commission in reporting to stakeholders and monitoring the achievement of its key policies, objectives and priorities. European statistics are also used in studies and decision-making by external stakeholders. It is therefore essential that European statistics are of high quality. The Internal Audit Service found that, although the primary quality controls embedded in the production processes were adequately implemented, Eurostat’s quality-review function was not effective.
The Directorate-General for Health and Food Safety manages expenditure for operations and programmes in the health and food-safety area. This includes a wide range of activities related to animal health, plant health, animal welfare, official controls, and information-technology activities. The Internal Audit Service found a number of weaknesses in the internal control system underpinning the processes for reviewing the unit-costs methodology used by Member States to finance veterinary and plant-health programmes and emergency measures. These included gaps in: the organisation of the process; the internal consultation; the prior analysis and assessment of the impact of the proposed changes; the timing of internal and external communication; and weaknesses in relation to business-continuity arrangements.
The Directorate-General for Environment is involved in a number of international activities to: mitigate threats to the environment; promote environmentally-friendly actions; reduce the EU's environmental footprint; create a level playing field for business domestically; and create opportunities for EU companies abroad. Effective cooperation and commitment is therefore key in addressing these global challenges. Although the Directorate-General for Environment has overall put in place the necessary processes to plan and prioritise its international activities effectively, and monitor and report on these activities adequately, the Internal Audit Service found that the Directorate-General for Environment has not formally established: (i) voluntary partnership agreements and the ensuing coordination arrangements with the Directorate-General for International Cooperation and Development, and (ii) the responsibilities for different steps in an individual, voluntary-partnership-agreement process.
Finally, the Internal Audit Service conducted the second phase of an audit on the management of recovery orders for competition fines and for recovery orders in the context of the Commission’s corrective capacity. This audit was conducted in two phases. The first phase involved an assessment of the management of the recovery orders at the operational level in a number of selected Directorates-General (focus of phase 1, audit finalised in 2017) and the second phase involved the central level (focus of phase 2, audit finalised in 2019). The second phase of the audit identified weaknesses at central level in the management of insolvencies and bankruptcies, and the offsetting process, which allows the Commission to recover debts by deducting payments against debts owed by legal entities or specific bodies. Even though these weaknesses do not fundamentally undermine the effectiveness of the recovery process, the Directorate-General for Budget should address them on time to maximise the efficiency of the recovery process and ultimately ensure that the EU budget continues to be well protected.
4.2.Internal Audit Service limited conclusions
The Internal Audit Service issued limited conclusions on the state of internal control to every ( 12 ) Directorate-General and service in February 2020. These limited conclusions contributed to the 2019 annual activity reports of the Directorates-General and services concerned. They draw on the audit work carried out in the last 3 years and cover all open recommendations issued by the Internal Audit Service and former Internal Audit Capabilities (insofar as the Internal Audit Service has taken over these recommendations). The Internal Audit Service’s conclusion on the state of internal control is limited to the management and control systems that were audited. The conclusion does not cover those systems that have not been audited by the Internal Audit Service in the past 3 years.
4.3.Overall opinion on the Commission’s financial management
As required by its mission charter, the Internal Audit Service issues an annual overall opinion on the Commission’s financial management. This is based on the audit work in the area of financial management in the Commission carried out by the Internal Audit Service during the past 3 years (2017 to 2019). It also takes into account information from other sources, namely the reports from the European Court of Auditors. The overall opinion is issued in parallel to the present report and covers the same year.
As in the previous editions, the 2019 overall opinion is qualified with regard to the reservations made in declarations of assurance by authorising officers by delegation. In arriving at its overall opinion, the Internal Audit Service considered the combined impact of: (i) the amounts estimated to be at risk as disclosed in the annual activity reports; (ii) the corrective capacity, as evidenced by financial corrections and recoveries of the past; and (iii) estimates of future corrections and amounts at risk at closure. Given the magnitude of financial corrections and recoveries of the past, and assuming that corrections in future years will be made at a comparable level, the EU budget is adequately protected as a whole (not necessarily individual policy areas) and over time (sometimes several years later).
Without further qualifying the overall opinion, the Internal Audit Service emphasised the following matters:
(i) Implementation of the EU budget in the context of the current crisis related to the COVID-19 pandemic: need for a detailed assessment of emerging risks and for the definition and implementation of corresponding mitigating measures
The health, social, economic and financial situation created by the COVID-19 pandemic entails potentially high, cross-cutting risks for the institution as regards the implementation of the EU budget and the delivery of its policy priorities.
The Commission is accountable for the implementation of the EU budget. This includes the operations conducted prior to the crisis (as part of the 2014-2020 multiannual financial framework), for which adequate controls (ex post in particular) still need to be performed, and during the crisis itself, on assurance, compliance and performance aspects.
As the crisis continues, this context poses challenges, in particular as regards:
-the implementation of the budget in compliance with the applicable legal framework, due to changing rules and evolving regulations, urgent procedures, use of exceptional measures, difficult conditions and/or limited availability of financial and human resources;
-the extent to which the necessary controls and verifications, whether at the level of the Commission, Member States, third countries, implementing partners and/or beneficiaries, can be performed as intended due to logistical constraints such as full and timely access to information and documentation, problems in undertaking missions/on-the-spot checks and ability of implementing partners and beneficiaries to continue their normal activities;
-the potential impact on the Commission’s current and future corrective capacity, due to the very challenging economic situation which will need to be faced at EU and national levels, including the possible bankruptcies of final beneficiaries, which could make it difficult to recover undue amounts.
The assurances provided on the financial management of the EU budget are multi-annual in nature and depend on the robustness of the corresponding control strategies at different levels. These are based on risk assessments of the specific programmes and related budget operations, ex ante and ex post controls on expenditure, supervision strategies regarding third parties implementing policies and programmes, together with the implementation of the corrective capacity to protect the EU budget.
To ensure the budget is duly protected in the face of these unprecedented challenges, the Commission’s Directorates-General and services should (i) duly assess the risks caused by the COVID-19 pandemic related to financial management in terms of assurance, compliance with the legal framework, and the corrective capacity of the multi-annual systems, as well as performance; and (ii) define and implement adequate mitigating measures, such as adjusting or redefining their control strategies.
(ii) Supervision strategies regarding third parties implementing policies and programmes
Although the Commission remains fully responsible for ensuring the legality and regularity of expenditure and sound financial management (and also for the achievement of policy objectives), it has increasingly relied on third parties to implement its programmes. This is mostly done by delegating the implementation of the EU’s operational budget or certain tasks to countries outside the EU, international organisations or international financial institutions, national authorities and national agencies in Member States, joint undertakings, non-EU bodies and EU decentralised agencies. Moreover, in certain policy areas, alternative funding mechanisms such as financial instruments are (planned to be) increasingly used and entail specific challenges and risks for the Commission, as also highlighted by the European Court of Auditors.
To fulfil their overall responsibilities, the Directorates-General have to oversee the implementation of the programmes and policies and provide guidance and assistance where needed. Therefore, they have to define and implement adequate, effective and efficient supervision/monitoring/reporting activities to ensure that the delegated entities and other partners effectively implement the programmes, adequately protect the financial interests of the EU, comply with the delegation agreements, when applicable, and that any potential issues which are identified are addressed as soon as possible.
The Internal Audit Service continued to recommend in a number of audits in 2019 that the control strategies and supervisory arrangements of the relevant Directorates-General should set out more clearly the priorities and the need to obtain assurance on sound financial management in those EU and non-EU bodies. Although actions have been taken in recent years both at the level of the central services and at that of the relevant directorates-general to mitigate the risks identified as a result of audit work, further improvements are still needed in some areas.
In this context, the Commission Directorates-General should continue their efforts to identify and assess the risks involved in delegating tasks to third parties and pursue effective and efficient supervisory activities by further developing the relevant control strategies. This is relevant not only for the activities delegated under the current 2014-2020 multiannual financial framework, but more so in view of the expected increase in the use of equity, guarantee and risk-sharing instruments in the next 2021-2027 multiannual financial framework.
The Internal Audit Service will monitor the developments regarding the impact of the COVID-19 crisis and the reliance on third parties for the implementation of programmes, on the current and the new (revised) multiannual financial framework, the updated political priorities and the Commission’s financial management. This will be done as part of the Internal Audit Service’s updates of the periodic (strategic) risk assessments and resulting audit plans.
5.Consultation with the Commission’s financial irregularities panel
No systemic problems were reported in 2019 by the panel set up under Article 143 of the Financial Regulation ( 13 ), where it gives the opinion referred to in Article 93 of the Financial Regulation.
6.Mitigating measures for potential conflicts of interest (international internal auditing standards) — Investigation of the European Ombudsman
The current Director-General of the Internal Audit Service, Internal Auditor of the Commission, Mr Manfred Kraff, took office on 1 March 2017. Mr Kraff was previously Deputy Director-General and Accounting Officer of the Commission in the Commission's Directorate-General for Budget.
In line with international audit standards ( 14 ), on 7 March 2017, following his appointment as Director-General and Internal Auditor, Mr Kraff issued instructions on the arrangements to be put in place to mitigate and/or avoid any potential or perceived conflict of interest in Internal Audit Service audit work in relation to his former responsibilities. These arrangements were prolonged in 2018 (until 1 March 2019), in 2019 (until 1 March 2020) and in 2020 (until 1 March 2021), through instruction notes to all Internal Audit Service staff issued by Mr Kraff on 1 March 2018, 1 March 2019 and 2 March 2020. According to the arrangements, Mr Kraff would not be involved in the supervision of audit work relating to operations for which he was responsible before joining the Internal Audit Service. The supervision of the audit work related to such cases ultimately fell/will fall under the responsibility of Mr Jeff Mason, former Internal Audit Service Acting Director-General (from September 2016 to February 2017) and current Director in the Internal Audit Service (IAS.B, Audit in Commission and Executive Agencies I). The arrangements also stated that the Audit Progress Committee would be informed of these instructions and of their implementation, and that Mr Mason would refer to the Audit Progress Committee for the assessment of any situation that may be interpreted as impairing Mr Kraff's independence or objectivity. In those cases, Mr Kraff would refrain from any supervision of the related audit work.
The arrangements in place were discussed with the Audit Progress Committee at its meeting of March 2018. The committee considered that the measures drawn up by the Internal Audit Service adequately address the risk of conflict of interest in line with the international standards and best practice. The committee also noted with satisfaction that arrangements to ensure organisational independence have been implemented in practice in the relevant audits. The Audit Progress Committee further took stock of the implementation in 2018 of these arrangements in its meetings of January 2019 (preparatory group), March 2019 and (preparatory group) March 2020. The Audit Progress Committee noted with satisfaction that these arrangements had been implemented in practice in a number of audits, and considered that this was leading practice in the internal audit profession.
In the period 2018-2020, during the hearings as part of the reporting year discharge, Mr Kraff presented to the European Parliament’s Budgetary Control Committee (CONT) the arrangements in place. These arrangements were also made public in the Internal Audit Service’s 2017, 2018 and 2019 annual activity reports, and in the Commission’s annual reports on internal audits of September 2018, June 2019 and June 2020.
On 4 December 2017, the European Ombudsman sent a letter to the European Commission informing it that, following a complaint from a member of the public, an inquiry would be opened to assess the appropriateness of the measures taken by the Commission to prevent any conflict of interest (or a perception thereof) in the appointment of the new Director-General of the Internal Audit Service. The Internal Audit Service and the Commission's central services replied to the questions raised by the Ombudsman, and provided all relevant supporting documents and information requested.
The inquiry was closed by the Ombudsman on 23 July 2019. The Ombudsman closed this case ( 15 ), concluding that: (i) the Commission had put in place appropriate measures to avoid potential conflicts of interest and to safeguard the objectiveness of the Internal Auditor’s function; and (ii) there was no maladministration by the Commission in how it appointed the Director-General of its Internal Audit Service.
