Communication from the Commission to the Council, the European Parliament and the European Court of Auditors on a roadmap to an integrated internal control framework
/* COM/2005/0252 final */
[pic] | COMMISSION OF THE EUROPEAN COMMUNITIES |
COM(2005) 252 final
COMMUNICATION FROM THE COMMISSION TO THE COUNCIL, THE EUROPEAN PARLIAMENT AND THE EUROPEAN COURT OF AUDITORS
on a roadmap to an integrated internal control framework
A. THE CASE FOR ACTION
The Court of Auditors published its Annual Report for the financial year 2003 in November 2004. For the 10th time, the Court presented an annual statement of assurance (or a DAS), which was largely positive as regards the reliability of the accounts, commitments and own resources but indicated that it had no reasonable assurance for payments under all parts of the general budget of the European Union apart from administrative expenditure.
The current situation cannot be left as it is. Taxpayers should have reasonable assurance that the funds of the European Union are managed in a legal and regular manner. This is highlighted by the fact that both Parliament and Council have repeatedly stated their disappointment that the Court is not able to give a positive statement of assurance – most recently, in connection with the 2003 discharge procedure. Both institutions have invited the Commission to take action to resolve the situation. The Barroso Commission has therefore made it a strategic objective to strive for a positive statement of assurance from the European Court of Auditors. This process of course implies renewed Commission efforts in a number of areas. Whilst the Commission has sole responsibility under the Treaty for implementing the Budget, 4 out of every 5 euros in the budget are in reality handled by the Member States under shared management, so it is essential that Member States take active part in the initiative.
Achieving a positive DAS is a highly ambitious objective and the DAS should not be expected to turn from negative one year to clean the following year. Indeed, the Court of Auditors is not able to give a positive DAS unless it has reasonable assurance that transactions down to the level of the individual beneficiary, i.e. payments made by Member States to the final beneficiary such as the farmer, the student, the enterprise and in some cases a public body, are legal and regular. Thus, the supervisory systems and controls must provide reasonable assurance that the risk of error at this level is properly managed, and include an appropriate level of on-the-spot checks at the premises of claimants.
In its opinion No 2/2004 on an effective and efficient control framework, the Court, whilst accepting that many of the necessary elements were in place, and that there had recently been significant progress in improving systems, criticised certain aspects of the current control frameworks in the various areas of the budget in the following terms:
Unclear and inconsistent objectives No clearly established control strategy leading to overall or specific objectives for the various systems. |
Lack of coordination No formal requirement for control bodies to coordinate the planning of checks, or take into account the checks made by others. Information provided by Member States on the results of checks is sometimes inadequate or inconsistent. |
No information on costs and benefits In the areas of shared management, the majority of the costs of undertaking controls are borne by the Member States/beneficiary States whereas the benefit accrues to the EU budget. Thus, Member States/beneficiary States have little incentive to devote sufficient resources to controlling EU funds. No information is currently available on the costs of controls borne by either Member States or the Commission, or on the benefit they bring. |
Inconsistent application Random checks and risk-based checks have very different and mutually exclusive objectives. When rules do not sufficiently define the approach to be used, the result is confusion and reduced effectiveness. Control procedures are highly decentralised both in the Commission and in Member States. In practice, there is not always consistency in approach, extent, timing, follow-up etc. As a result, there are differences in the quality of checks. Independent audits are not required in all budgetary areas and, where required, there are sometimes inadequate terms of reference for the audit work, and there are not always standard procedures for the selection of the auditors. The option of penalties for irregular claims exists only within agriculture and internal policies. |
- Not all these points are relevant to all budgetary areas, and in some cases qualifications are required.
The Court also offered its advice on the elements it considers indispensable for an effective and efficient control framework, in which the Commission would, except for directly managed expenditure, play a mainly supervisory role, and on-the-spot checks by the central, Community level would become less necessary:
- “common principles and standards ... [are] to be applied at all levels of administration in the institutions and Member States alike" (paragraph 57);
- internal controls should "provide reasonable" (not absolute) "assurance on the legality and regularity of transactions, and compliance with the principles of economy, efficiency and effectiveness" (paragraph 57);
- the "cost of the controls should be in proportion to the benefits they bring in both monetary and political terms" (paragraph 57);
- the "system should be based around a logical chain structure where controls are undertaken, recorded and reported to a common standard, allowing reliance to be placed on them by all participants" (paragraph 57).
The Commission broadly agrees with the Court’s recommendations, and indeed has been implementing improvements along these lines. It accepts that the road towards a 'positive' statement of assurance is to provide the Court with evidence that supervisory systems and controls are in place which keep the risk of irregularity within reasonable limits. If it can be shown that the control framework which it recommends is in place, and functions effectively, the Court would have a basis for the assurance it seeks.
Most Member States have shown their openness to the Court's proposals for an integrated control framework and for a single audit model.
In its recommendation for the 2003 discharge, Council stated that "it shares the Court's consideration relating to further improving the design of control systems by establishing clear and consistent objectives and responsibilities. In this context, the Council notes with great interest the Court's proposal for the development of a Community internal control framework as presented in its opinion on the single audit model". It considered "that as a rule no sector should be excluded from this approach and invites the Commission to take, where appropriate, the relevant initiatives. In this context, the Council underlines the importance of applying and, where appropriate, developing common standards for financial control and internal audit".
The European Parliament gave its political analysis of the issue in §15 to §80 of its resolution on the 2003 discharge, and, in §75, called on the Council to work with the Parliament and Commission to give the creation of a comprehensive control and audit framework the priority and political momentum it requires.
The Commission broadly agrees with the recommendations of both Parliament and Council. It will build further on the achievements of its administrative reform to complete an integrated control framework.
B. ACTIONS REQUIRED OF THE COMMISSION
The Commission is determining the gaps which, in its view, exist between the control framework in place for each area of budgetary expenditure and the general principles defined by the Court in its opinion No 2/2004, with particular emphasis on the controls which limit the risks concerning the legality and regularity of the underlying transactions. It will propose the action required to address each gap, and the timetable for implementing this action, and discuss this with the Court, Council and Parliament.
The action will include, on the one hand, the identification of weaknesses in the present legislation, and the improvements envisaged, and, on the other hand, the action required to implement an adequate control framework within the present legislation. It will also cover an assessment of the consistency of the regulatory framework for the 2007-2013 period with the Court’s recommendations.
Firstly, to ensure that its own house is in order, the Commission is identifying the improvements necessary to the control framework for budgetary management and centrally managed funds where this does not meet the objectives defined by the Court. The action required to address these gaps includes:
- ensuring that the Directors-General's annual activity reports present clearly the basis for assurance on the underlying transactions, accompanied by appropriate indicators, and that the declaration of assurance covers the part of the accounts for which they are responsible, and, as much as possible, quantifies the effect of any reserves;
- ensuring that the Accounting Officer signs off the Commission's accounts to certify that (s)he has made the checks that (s)he considers necessary and is satisfied that the accounts have been prepared in accordance with the accounting rules, methods and accounting systems established under his/her responsibility for the Commission's accounts, that (s)he has made any adjustments which are necessary for a true and fair presentation of the accounts in accordance with Article 136 of the Financial Regulation, and that they are therefore reliable. In this respect, an amendment to Article 61 of the Financial Regulation has been proposed as part of the revision of this Regulation adopted on 3 May 2005;
- assure in all Directorates General a clear definition of the role of the resource directors, in their support of their Director-General in daily financial and control matters, and as regards the annual activity report and its accompanying declaration;
- further elaboration of the Commission’s follow-up reports, making it possible for the Court to assess what steps have been taken to implement previous recommendations of the Court;
- reinforce the role of the Commission-wide management assessment played by the annual Synthesis report, which takes stock of the situation in the services and addresses major crosscutting issues;
- exploring the scope for greater simplification of the management of EC funds, and ensuring that the control requirements are proportionate to the risks;
- introducing a common methodology for risk assessment, in particular to give assurance on the management of the risk of error in the underlying transactions;
- providing guidelines for the services concerned by each family of expenditure on strategies for on-the-spot checks, including the methodology for the evaluation of supervisory systems and controls, the determination of sample sizes, the sampling techniques, the evaluation of the effect of errors on the EC budget and the level of acceptable risk;
- defining categories of errors, determining the rate of error found by on-the-spot checks on the basis of representative samples and reporting this, together with the corrective measures taken and/or planned, in the annual activity reports;
- ensuring that the resources allocated to ex-ante and ex-post checks are sufficient to achieve an appropriate balance between the costs and benefits of controls.
When the Commission delegates powers to implement a Community programme or project managed on a centralised basis to an Executive Agency, these can recruit staff in the number required and with the skills necessary to assure appropriate checks. These agencies have internal control requirements which are identical to those in force in the Commission, allowing the Commission to exercise full supervision. They.could be subject to an independent annual audit.
No new legislation is necessary to implement this plan of action, but adjustments have been proposed to the present provisions of the Financial Regulation and its Implementing Rules which could contribute to the Commission's initiatives in this area. Some sector regulations may also need to be adjusted. When new policies are formulated, the level of risk which is acceptable during their implementation should be defined and agreed with the legislative authority.
Secondly, the Commission will work with the Member States to improve controls over funds in shared management. It acknowledges its responsibility for the implementation of the budget as set out in Article 274 of the Treaty: “The Commission shall implement the budget […] on its own responsibility and within the limits of the appropriations, having regard to the principles of sound financial management. Member States shall cooperate with the Commission to ensure that the appropriations are used in accordance with the principles of sound financial management.”
Given the proportion of the budget under shared management, it is not possible for the Commission to achieve a positive DAS unless Member States – fulfilling their obligations under Articles 274 and 280 of the Treaty – can provide the Commission with reasonable assurance for the transactions which they implemented. There should be clear provisions specifying how this assurance will be given. The proposed control framework should provide for incentives and, where necessary, coercive measures.
The action required to address the gaps found includes:
- continuation of the Commission’s efforts to simplify aid schemes financed by EAGGF Guarantee, and to improve the provisions concerning primary level controls for market measures outside the scope of the Integrated Administration and Control System (IACS) and geographical information systems (GIS);
- verifying the regulatory framework proposed for 2007-2013 and if necessary adapting this to include the provisions which, in the light of the gap-assessment, are required to complete an integrated control framework, addressing the views of the Court and taking into account the elements requested by Parliament (annual audits of each paying authority, ex-ante Disclosure Statements and ex-post Declarations of Assurance at Member State level, access to the reports of auditors and control bodies, sanctions on claimants which are proportionate but dissuasive, and reporting of the rate of error affecting EC funds and of systemic weaknesses);
- improving cooperation arrangements in line with the 'single audit' approach, and completing the existing body of guidance on common principles and standards regarding auditing methods, key controls and strategies for on-the-spot checks, including the assessment of supervisory systems and controls, the determination of sample sizes, the sampling techniques and the evaluation of the effect of errors on the EC budget;
- presenting in October 2005 an initial report exploring the road map to a protocol with Member States in which the managing authority (Parliament suggests the Finance Minister) will declare, prior to disbursement and on an annual basis, that proper control systems, capable of providing adequate assurance for Commission accountability purposes, are in place.
When a Member State fails to adequately address the risks of error, the Commission will protect the EC budget by rigorously applying the existing provisions for the suspension of payments and financial corrections.
Once the basis for an integrated control framework is agreed, the Commission will explore further with the Member States the scope for attaining greater efficiency in the audit effort through the single audit model .
Where funds are under indirect central management, decentralised management or joint management, it will introduce the principles set out above, but adapted as appropriate for each circumstance. In particular, its action will include:
- requiring ex-ante Disclosure Statements and annual ex-post Declarations of Assurance at Member State level for funds managed by national agencies;
- where necessary, increasing surveillance and control over intermediary bodies.
Most irregularities found in the underlying transactions represent error rather than fraud. Work will be undertaken in close collaboration with OLAF to make a clear distinction.
C. ACTIONS REQUIRED OF THE MEMBER STATES
In its 2003 discharge report, the European Parliament firmly calls for Member States' financial control systems to be reviewed and for the failings to be remedied. To ensure that Member States deal with the weaknesses in their management of EU funds, the Parliament resolution on the 2003 Discharge (Wynn report) suggests that the managing authority of each Member State ( e.g. the Finance Ministry) should have to state every year that proper control systems are in place. The Commission is called upon to draw up a report to look at ways of agreeing a protocol on this matter with Member States. Parliament is adamant that the Commission's central controls cannot on their own solve the problem. Member States must therefore be encouraged to manage EU funds as “their own”.
There is at present little evidence that the level of checks prescribed by the present regulations needs to be increased, although this eventuality is not excluded. First and foremost, the Member States are asked to ensure that the control framework required by present Community legislation is in place, is adequately resourced, and works effectively to limit the risk of error in the underlying transactions.
Under the pressure of financial corrections, the controls required of Member States under EAGGF Guarantee are largely in place, but further improvements are still needed, for example IACS in Greece, and ex-post controls and mutual assistance between customs services under Regulation (EEC) No 4045/89.
It is particularly for structural funds that the Member States have yet to demonstrate that the controls in place are effective in limiting the risk of error. In view of the diversity of the projects and aid schemes eligible for funding and of the implementing bodies concerned, the Community legislation and Commission guidance cannot set precise rules for supervision and controls. The Member States must ensure, for all programmes, that the present regulations are fully respected:
- the primary controls (checks on the reality of the service rendered and on the expenditure claimed) are either exhaustive, or else sufficient with regard to the costs and benefits of the checks;
- there is an appropriate risk analysis;
- the error rate in the samples verified is assessed and reported;
- proportionate but dissuasive sanctions are applied for serious irregularities;
- primary controls are adequately supervised by the implementing body and by the Managing Authority;
- corrective action is taken whenever necessary;
- the Paying authority has the means and resources to obtain the assurance it needs to certify the amounts claimed from the Commission.
They should do so in the light of the guidance provided by the Commission as mentioned above, and ensure coherence between the controls over the various programmes of assistance, and that the controls meet the required standards.
The controls at Member State level also need to be rendered effective throughout the structural funds' programming period. The 'contract of confidence' proposed by the Commission simply specifies an audit strategy for the controls required by the regulations, together with annual reporting on their progress and a formal conclusion as to the functioning of the system. Member States will be expected to bring their control units to apply such an audit strategy, and adequately report on its implementation, as from the present programming period.
The Member States should ensure that the material weaknesses of the supervisory systems and controls, and the error rates found at each level of the control framework, are determined and reported in terms of their effect on Community funds, and that appropriate corrective measures are taken whenever justified by considerations of costs and benefits.
So that the Commission, and hence the Court, can gain assurance from the Member States on the controls operated throughout each budgetary year on funds managed in partnership as from 2006, the Member States should:
- provide annual ex-ante Disclosure Statements and ex-post Declarations of Assurance at the highest Member State level (Parliament suggests the Minister of Finance);
- support the above by requiring each responsible authority at operational level (e.g. Paying Agency, Paying Authority and Managing Authority) to make similar annual statements and declarations, supported by opinions from independent auditors;
- request their Supreme Audit Institutions or the body providing audit assurance at Member state level to exercise oversight over the control frameworks for EC funds, and to report on weaknesses in its design and operation in practice;
- request the Supreme Audit Institutions, or other independent audit bodies, to audit the ex-post Declarations of Assurances and report to the national parliaments on the result.
Member States should be requested to take responsibility for the controls over National Agencies and implement similar measures where funds are under indirect central management.
Furthermore, it is recognised that the current time frame for the discharge process does not give the Council sufficient time to discuss and react in substance to the findings and recommendations from the Court. Likewise, the current Commission report on the Member States' replies gets only brief attention in the Council and plays a very limited role in the discharge procedure or in the follow-up to recommendations. Therefore, after consulting all the institutions concerned, the Commission is ready to consider a modification of Article 145 of the Financial Regulation to postpone the deadline for a discharge decision as requested by Parliament. An extension of the time allotted to the discharge procedure would contribute to facilitating the substantial involvement of the Council and Member States, which is the key objective of the road map towards an integrated control framework.
The Member States will also be requested to give their views on other issues raised by the Court and by the European Parliament:
- the degree to which the cost of controls over EC funds can be determined, and whether it should be borne by the EC budget;
- the scope for the introduction of a 'single audit' approach, implying the adoption of common principles and standards, the coordination of working programmes, and access by each control body to the results of the work of others;
- the scope for increasing the role of national Supreme Audit Institutions through a more systematic sharing of national audit reports on the use of EU funds with the European Court of Auditors.
D. ROLE OF THE COURT OF AUDITORS
The Court of Auditors has developed the DAS methodology in recent years. It now includes four elements: 1) an examination of supervisory systems and controls, 2) an examination of samples of transactions, 3) an analysis of the annual activity reports and declarations of Directors-General, 4) where necessary, an examination of the work of other auditors. The Commission as well as the Parliament and Council have supported this development. The Commission has taken note that the Court has stated in its 2005 work programme that it will work on “developing the DAS methodology in the context of new parameters” with the objective of answering “more and more closely to the needs of the users of the DAS”.
At the end of the meeting between the Commission and the Court of Auditors on 16 March 2005, Mr Hubert Weber, President of the Court of Auditors stated: "The Court of Auditors' aim is to maximise the impact and efficiency of its audit work through an approach which seeks to improve results rather than concentrate on listing errors. In order to help the Commission with its task to further improve the supervisory and control systems of the EU budget at all levels, the Court is committed to further developing its DAS approach. This allows the Court to even better measure progress and point out more precisely where improvements are needed."
This Communication presents the actions envisaged to put into place an integrated control framework. A working document will present the control framework in place in 2004, and the actions which the Commission considers necessary to achieve the objectives set out in the Court's opinion n° 2/2004, including those already proposed for the 2007-2013 period.
E. CONCLUSION AND PROPOSAL
While all institutions would like a positive DAS to be granted on the implementation of the budget, it is for the Commission and the Member States together to ensure that the Court is in a position to find audit evidence of progress towards an adequate management of the risk of error. This will not happen overnight, and the DAS should not be expected to turn from negative one year to clean the following year. A nuanced positive DAS, however, would be much more effective in helping the Commission and Member States to make incremental improvements towards a clean DAS.
The Commission is realistic and it welcomes the continued critical scrutiny from the Court of Auditors, and its advice, as an independent observer, on all the preparatory work.
With this Communication, the Commission intends to initiate a process which can lead to a common understanding by November 2005 between the Commission, Parliament (as discharge authority) and the Council on how the current internal control framework can be improved in order to make it possible for the Commission to provide the Court of Auditors with reasonable assurance as to the legality and regularity of transactions. A further overview of the timetable for the roadmap is provided in the annex.
It is proposed that the Commission notes the recommendations of the Discharge Authority, and instructs its services to:
- identify the gaps and propose plans of action to complete the control frameworks on which the Court can base the assurance its seeks;
- undertake discussions with the appropriate Council Committees, and present in October 2005 an initial report proposing a basis for a common understanding with Member States on an integrated internal control framework;
- verify the regulatory framework proposed for 2007-2013 and if necessary propose adaptations to include the provisions which, in the light of the gap-assessment, are required to complete an integrated control framework.
In parallel, it is suggested that the Council Presidency should establish a High-Level Inter-institutional trialogue tasked with negotiating and reaching an agreement on the crosscutting issues in the present proposals, which should spell out a common understanding of what would constitute an adequate and satisfactory Community integrated control framework as well as the necessary steps to implement it. This agreement is to be formalised in an Inter-institutional agreement signed at political level.
The Commission would welcome the opinion of the European Court of Auditors on the actions proposed in the Inter-institutional agreement, and would also like its views on whether, if adequately implemented, they would be sufficient to provide the Court with a basis for an assurance on the legality and regularity of the underlying transactions, in particular on the evaluation of errors found in measures covered by a multi-annual control framework.
The following timetable is envisaged for the further process:
June 2005 | The Commission adopts the Communication on a roadmap to an integrated internal control framework, and completes (supervised by DG Budget) its assessment of the gaps between its present control frameworks and that recommended by the Court, and its proposals for action. |
July 2005 | First discussions among the Parliament, the Council and the Commission. The Council establishes a high-level panel of experts. |
July to September 2005 | Discussion by each service of its gap analysis and action plan with the Court of Auditors. |
October 2005 | Conference on the DAS organised by COCOBU. Initial report proposing the basis for a common understanding. Common understanding among the Parliament, the Council and the Commission on the internal control framework. |
November 2005 | The Commission adopts the Communication on a roadmap to an integrated internal control framework (action plan). This Communication will present the common understanding on the gap assessment and actions to be taken in order to achieve a fully integrated control framework for both centralised management and shared management. The aim is to make it possible for the Commission to provide the Court of Auditors with reasonable assurance as to the legality and regularity of transactions. Interinstutional agreement with Parliament and Council on the steps needed to achieve an integrated control framework. |
2006 - | Implementation of the action plan. |
 In the Annual Report for the financial year 2003, the Court enters one reservation concerning sundry debtors as regards the reliability of the accounts . It considers that underlying transactions are legal and regular in respect of revenue, commitments and administrative expenditure. It gives a qualified statement on the underlying transactions concerning agriculture, structural measures, internal policies, external actions and pre-accession aid.
 Cf. Commission Communication Strategic Objectives 2005-2009, Europe 2010: A Partnership for European Renewal, Prosperity, Solidarity and Security - COM(2005) 12, 26.1.2005
 Opinion No 2/2004 of the Court of Auditors of the European Communities on the ‘single audit’ model (and a proposal for a Community internal control framework) - OJ C 107, 30.4.2004.
 In the agricultural sector, for example, an ex-post declaration of assurance by the heads of Member States’ paying agencies has already been accepted by the Council as part of its agreement on the new basic regulation on the financing of the common agricultural policy.
 Under which the managing authority of each Member State ( e.g. the Finance Ministry) states every year that proper control systems are in place.
 An effective chain of controls operating to common standards, with each level taking into the account the work of others. See §39 of the Court's opinion No 2/2004.
 Article 4 of Regulation (EC) No 438/2001.
 Articles 10 and 15 of Regulation (EC) No 438/2001.
 Article 143(6) of the Financial Regulation requires the Commission to transmit a summary of the Member States' replies by 15 February of the year following the publication of the Court's Annual report.
 The issues to be examined include the conflict with the date of the electoral campaigns when Parliament is renewed, and impact of any postponement of a discharge decision on the subsequent discharge procedure.