52007DC0086

[pic] | COMMISSION OF THE EUROPEAN COMMUNITIES |

Brussels, 7.3.2007

COM(2007) 86 final

REPORT FROM THE COMMISSION TO THE COUNCIL, THE EUROPEAN PARLIAMENT AND THE EUROPEAN COURT OF AUDITORS

on the progress of the Commission Action Plan towards an Integrated Internal Control Framework

{SEC(2007) 311}

REPORT FROM THE COMMISSION TO THE COUNCIL, THE EUROPEAN PARLIAMENT AND THE EUROPEAN COURT OF AUDITORS

on the progress of the Commission Action Plan towards an Integrated Internal Control Framework

PART 1: KEY MESSAGES

The Commission's ambitious “Action Plan towards an Integrated Internal Control Framework”[1], adopted in January 2006, draws on recommendations by the European Court of Auditors (ECA opinion No 2/2004[2]) and underlines the Commission's determination to improve financial management and achieve an effective and efficient control framework. The Plan is not intended to address all internal control issues at the Commission, but rather addresses identified gaps in the framework. Other important developments took place in 2006 with respect to internal control. Notably, by adopting its Synthesis report on Commission Management, the Commission assumed its full political responsibility for management by its Directors-General and Heads of Services, based on the assurance and reservations issued by them in the AARs.

One year after the adoption of the Plan it is time to evaluate progress and make adjustments to actions in certain areas. Part 1 of this report summarises progress. Further detail on the 16 original actions in the Plan is in Part 2, and a summary with completion indicators is in annex.

The Commission has made concrete progress on the Action Plan.

The following measures have been implemented in the past year:

- Improved assessment of management and control systems in the structural funds . An assessment of control components per Member State has been established, as well as legality and irregularity indicators which will contribute to the overall analysis of controls and assurance gained.

- Improved definition and attribution of control responsibilities in shared management . The 2007-13 legislation for agriculture and structural measures contains a number of provisions intended to provide a more reliable control structure with a better definition of Member States’ responsibilities in providing assurance. These include enhanced reporting of audit results by Member States and improved coordination of audit work between DGs using common systems and procedures. "Contracts of confidence" covering the quality of national control systems, audit strategies and reporting have so far been signed in two cases. For management declarations, the Inter-Institutional Agreement on the Financial Perspectives and the revised Financial Regulation require Member States to provide summaries of available audits and declarations. In agriculture, this new requirement has already been implemented in the sector-specific rules.

- Strengthened oversight of paying and certifying agencies in shared management . In agriculture, the paying agencies of the new Member States have been accredited upon accession. Moreover, under the new rules applicable as of financial year 2007, all paying agencies in EU-27 are subject to a review mechanism which requires the authorities competent for the accreditation to keep their paying agencies under constant supervision and to inform the Commission every three years of the results of that supervision, including whether the paying agencies continue to comply with the accreditation criteria. For Structural Funds for the new period every Member State will be required to accredit the management and control system including the managing authority and certifying authority. This process will be repeated on an annual basis by way of the annual opinion of the audit authority, working according to an audit strategy approved by the Commission. In both areas, the Commission can, depending on its risk assessment, audit compliance with the accreditation criteria and, if necessary, suspend financing or apply financial corrections.

- Improved presentation of assurance in DGs' Annual Activity Reports . A concise format to permit consistent presentation of control strategies and sources of assurance has been developed for use in services’ 2006 annual activity reports. Control strategies, results, indicators on legality and regularity and overall assurance at DG level should progressively be set out in a standard way, facilitating the build-up to global assurance with reservations where justified.

- Sampling based on international standards . A new sampling approach[3] for the Sixth Research Framework Programme seeks to prioritise the detection and correction of systematic errors among major beneficiaries while covering an appropriate representative sample of the audited population.

- Validation of costing methodologies . To tackle a key source of error in past programmes, the Commission has designed procedures for the Seventh Framework Programme to verify beneficiaries' costing methodologies at the beginning of projects. This action is intended to reduce errors in the use of average costs.

- Compulsory procedures for audit certification . To guarantee consistent quality of audit certification, the Commission has developed "agreed upon procedures" for use by auditors of spending for the Seventh Research Framework Programme.

- Coordination of audit standards and dissemination of guidance and good practice in the Structural Funds . The Commission has secured harmonisation of sampling methodologies to be used by Member States in the new period and issued guidance and good practice notes on checks by Member States' authorities, recoveries, closure requirements and information to beneficiaries.

- Improved co-operation with national Supreme Audit Institutions (SAIs) . The Commission provided SAIs with reports of payments made in their countries in 2005 and has developed bilateral contacts with many SAIs. These will be pursued in 2007 to explore how the Commission can further facilitate SAIs’ work on Community funds spent in Member States[4] and how it can gain assurance from this work, while respecting SAIs' independence.

Remaining challenges

Experience in the first year of implementation of the action plan has identified further challenges to be addressed. Also, certain proposed actions were not supported by the legislator. As a result, some adjustments or modified actions are proposed:

- Strengthening the link between reasonable assurance and payments . Legislation provides for payments to be suspended and for financial corrections and recoveries to be made where justified. In line with the approach set out in its Synthesis Report 2005, the Commission will apply the legislative provisions and will clearly set out in Annual Activity Reports and communicate to the budgetary authority reservations to global assurance, including where relevant by sector or Member State, and information on corrections and recoveries made.

- Clarifying the importance of recoveries . During 2006, the Court of Auditors clarified that it considered recoveries to be relevant for the DAS. The Court also considered that the amount of recoveries made by Commission and Member States was too low compared to the assumed overall level of errors. To help strengthen the Commission’s performance on recoveries, an additional sub-action will identify, for direct centralised management and the structural funds, amounts recovered in 2005 and 2006 and their coherence with errors identified during controls.

- Ensuring cost of control is commensurate with risk of error . The concept of "tolerable risk" (linked to cost effectiveness of control) was not taken by the legislator into the revised Financial Regulation. However, the Commission still wishes to ensure that control resources are used cost effectively and that the cost of control is justified in terms of the observed error rate, the dissuasive effects, and other qualitative benefits. Work is underway to determine the cost of controls in agriculture and the Structural Funds on the basis of a common methodology. In the research area, costs of controls are also being assessed and a pilot study added to Action 10 will focus on the design of control strategies, including the study of 'reasonable' vs. 'absolute' assurance and the impact of risk on this.

- Simplification and clarification of rules . The complexity of simplifying detailed legislation in terms of eligibility requirements, and the advanced stage of negotiations, meant that limited simplification was possible for the 2007-13 programming period. Nevertheless, in certain sectors, significant simplifications had been negotiated beforehand, reducing the risk of error particularly in shared management. The challenge now is to simplify and clarify the operation of the new rules in practice.

- Sharing of audit data . Building on the data sharing already taking place in the research and structural funds area, the Commission will continue to explore how to make the sharing of audit information more effective, including on planned audits and on results of systems audits of beneficiaries funded under different programmes.

PART 2: DETAILED REVIEW OF PROGRESS AND FURTHER DEVELOPMENTS

SIMPLIFICATION AND COMMON CONTROL PRINCIPLES (ACTION 1-4)

Action 1: Simplification review of proposed 2007-13 legislation

When the action plan was adopted, a limited window of opportunity remained for further simplification of legislation for the 2007-13 planning period beyond the provisions already negotiated. While simplification has not been as extensive as hoped, some elements intended to reduce the numbers of beneficiaries inadvertently making erroneous claims were introduced in specific sectors. Commission services now have wider scope for using lump sum payments, reducing the risk of irregularity. Cost reporting models and the definition of eligible costs have also been simplified to reduce the risk of error. In the Structural Funds, accreditation of national systems together with Commission approval of Member States' audit strategies and simpler procedures to interrupt payments should deliver increased assurance. A new regulation consolidating and reinforcing controls and sanctions in the area of rural development was adopted by the Commission in December 2006. In indirect centralised management in education and culture corrective measures have been reinforced and Member States will be obliged to issue an ex ante declaration on national agencies’ control systems.

Action 2: Integrate common internal control principles in the proposal for the revised Financial Regulation

Despite the rejection by the legislator of an additional specific principle in the Financial Regulation (FR), Article 28a provides that "the budget shall be implemented in compliance with effective and efficient internal control…", including, "adequate management of risks relating to the legality and regularity of the underlying transactions". As such the main aim of underpinning fundamental concepts of an internal control framework within the regulation has been achieved.

Action 3: Establish and better harmonise the presentation of control strategies and evidence providing reasonable assurance

Using pilot templates for Research and Structural Funds, services' Annual Activity Reports for 2006 should set out control strategies in a progressively harmonised format. This includes a clear presentation of sources of assurance and the results of controls, including legality and regularity indicators. It will take time to ensure complete consistency of approach but this action is expected to improve awareness of control structures and sources of assurance and will help pinpoint weaknesses and define improvements.

In order to strengthen the link between reasonable assurance and payments, as from the Synthesis Report 2006, the Commission will clearly set out and communicate to the budgetary authority reservations to the global assurance, including where relevant by sector or Member state, together with the corresponding financial corrections or suspensions of payments.

Action 4: Initiate inter-institutional dialogue on risks to be tolerated in the underlying transactions

The Action Plan stimulated significant discussion of tolerable risk. In following the European Court of Auditors' recommendation to explicitly foresee political acceptance of risk, the Commission sought to define in law what had hitherto been implicitly reflected in control strategies. Although the legislator rejected its inclusion in the Financial Regulation, it expressed support for the Commission to continue exploring the concept. The Commission considers it of fundamental importance to pursue the inter-institutional dialogue on tolerated risk and will pursue this action on the basis of the necessary background information stemming from the implementation of Actions 10 and 11.

MANAGEMENT DECLARATIONS AND AUDIT ASSURANCE (ACTION 5-8)

Action 5: Promote operational level management declarations and synthesis reports at national level

As regards shared management, the revised Financial Regulation provides in Article 53b that "Member States shall produce an annual summary at the appropriate national level of the available audits and declarations". These audit summaries and declarations will be received for the first time during 2008. While this is outside the timeframe of this action plan, the Commission will use the results of its own audits and controls to appraise the quality of the annual audit summaries and declarations in order to ensure management and control systems are working effectively. Where the results are positive this will provide a building block to overall assurance. Negative results may lead to reservations and payment suspension or recovery where appropriate. The Commission will monitor progress in this area and will evaluate how best to cooperate with Member States to ensure a continuous feedback of results into the annual planning and reporting cycle.

Action 6: Examine the utility of management declarations outside shared and indirect centralised management

Action 6a, involving examination of whether declarations would add value in direct centralised management, was not found likely to be effective. Due to the lack of intermediary bodies performing a verification function between the Commission and the final beneficiary, obtaining a declaration from a beneficiary on top of other requirements related to financial management would not be cost effective. This action has been removed from the plan but the main objective is being addressed in Action 7 via certification of methodology.

Action 7: Promote best practices for increasing cost-benefit of audits at project level

Audit certificates were envisaged for the Sixth Research Framework Programme to increase assurance on project execution. However, experience has shown that errors which can be identified by the Commission on the spot are frequently not identified by certifying auditors, mainly due to unfamiliarity with eligibility requirements.

To ensure audits are carried out on a consistent basis by all auditors working for the Commission in the Seventh Framework Programme, "agreed upon procedures" have been developed to provide a compulsory set of procedures for all such audits. This approach will enable the auditor to identify and report exceptions, allowing the Commission to draw conclusions based on its greater understanding of the issues which may arise.

In indirect centralised management, 2007-2013 legal bases for the Lifelong Learning and Youth in Action programmes require Member States to give preliminary and annual assurance. Models for the ex ante declaration have been prepared and guidelines issued to national authorities. Work under the Action Plan for the Seventh Research Framework Programme seeks to address one of the key sources of error in past programmes – the use of average costing by beneficiaries. To reduce these errors, the Commission has drawn-up procedures to analyse cost accounting systems and their underlying costing methodologies in advance to pick up systematic errors. This to some extent also fulfils the goal of Action 6a by sensitising beneficiaries to the importance of establishing a methodology compliant with the contract, and can serve to 'fix the future' by preventing errors.

Action 8: Facilitate additional assurance from Supreme Audit Institutions

The Commission has improved its cooperation with Supreme Audit Institutions. The Commission took the lead by increasing its transparency with regard to SAIs and provided each Member State SAI with a report of payments from the Community budget in their country in 2005. On the basis of feedback, a standard report has been developed providing more detailed information. Reports on 2006 payments will be sent to the SAIs shortly.

The Commission considers that establishing an ongoing relationship with the SAIs is a successful realisation of the action, and an important breakthrough in improving the overall control environment in shared management. The role of SAIs in various national initiatives on country-level declarations is welcomed for the increased focus it will give to management of Community funds in those Member States.

New sub-action: To build on the momentum created by this action, the Commission will pursue contact with the SAIs to determine how their work can be used to provide assurance on the execution of its programmes in the Member States. It will also launch a case study on the key issues faced by SAIs in examining Community expenditure.

SINGLE AUDIT APPROACH: SHARING RESULTS AND PRIORITISING COST-BENEFIT (ACTION 9-11)

Action 9: Construct effective tools for sharing audit and control results & promote the single audit approach

With the new ABAC accounting system in 2005, the Commission can now more easily coordinate management information which has been collected and stored in services' local systems. 2006 saw the implementation of a module in ABAC linked to legal entities which allows audit information to be input, searched and followed up. In 2007 this module will be supplemented by an automated interface to services' local systems, permitting an overview of Commission audit activity covering direct beneficiaries, without further manual input of data. A detailed database of audit activity gives potential for improved planning and risk management on a Commission-wide basis.

Sharing of audit data is also foreseen in the other management modes. In Education and Culture, an EC decision on the responsibilities of the Commission, Member States and national agencies based on the single audit approach specifies the type and levels of control. A specific guide for national agencies indicates in particular the type and minimum number of controls to be performed. In shared management, the reporting of audit results by Member States and their use by the Commission has been steadily improved through standardised formats and assessment procedures, earlier coordination meetings and database tracking tools.

New sub-action: To oversee the initial stages of data-sharing in ABAC, the Commission will, for the Sixth Framework Programme, monitor the use of data sharing and management reporting with a view to identifying key factors for success in better integrating the sharing of data in the overall control process.

Action 10: Conduct an initial estimation and analysis in the costs of controls

For shared management, a methodology for estimating the costs of control has been agreed and a survey launched for agriculture and structural funds. For agriculture all Member States are involved, while for structural funds the initial exercise covers Wales, Hungary and Portugal before extension to the remaining Member States. For direct management, the Commission is determining the costs of control for two pilot DGs (EAC and INFSO).

New sub-action: To further explore the cost-benefit ratio of control, the Commission will examine the effect of programme design and eligibility requirements on costs of control to develop a detailed analysis of tolerable risk on a practical basis.

Action 11: Initiate pilot projects on evaluating benefits of control

Benefits of control may be financial (recovery of erroneous payments) and qualitative (for example the dissuasive effect of the possibility of being controlled and sanctioned encourages better checks by the beneficiary on payment claims). However, the valuation of the deterrent effect of controls is problematic due to the lack of a control population to compare the monetary effect of an added control and the difficulty of cross-sectoral comparisons owing to differences in policy environment and control structures.

As a result, this action is focusing on quantifiable benefits in DGs INFSO and EAC and aims to value recoveries in 2005 of errors detected for these DGs’ programmes. This approach is still likely to undervalue the direct benefits of control given the multi-annual nature of some programmes and that errors made in year N may be detected and recovered in subsequent years. To ensure the cost of control is justified in terms of the observed error rate, a pilot study will explore this matter further. Covering both centralised direct and shared management, this will provide information on recoveries and financial corrections in 2005 and how risk can be applied to the definition of control strategies taking account of the multi-annual nature of programmes. Qualitative benefits will also be considered.

New sub-action: To determine whether recovery and offsetting systems are working effectively, by identifying amounts recovered in 2005 and 2006 and their coherence with errors identified during controls, the Commission will, in direct management, develop a typology of error and the relationship with recoveries, financial corrections and adjustments to payments and for structural funds it will examine the reliability of national monitoring and reporting systems.

SECTOR-SPECIFIC GAPS (ACTION 12-16)

Action 12: Address the gaps identified by participating services

Since the Gap Assessment exercise in mid-2005, DGs have had an opportunity to integrate the specific elements in their Annual Management Plans, which will be reported in the 2006 and 2007 Annual Activity Reports. Some DGs were also able to integrate key Gap Assessment findings within their 2007-13 legislation. In internal policies, the Research DGs have established and are implementing a multi-annual strategy of 6FP ex post audits based on a coordinated audit plan weighted towards making systematic improvements in major beneficiaries' cost claims while offering sufficient coverage across the whole audited population.

New sub-action: To ensure effective delivery of added assurance, the Commission will perform 300 audits for FP6 in 2007, compared with the 45 carried out in 2006. In addition, having developed a systematic approach to analysing and sampling the FP6 beneficiary population as part of Action 16b, the Commission will proceed with the identification and correction of errors in beneficiaries receiving the most significant proportion of the budget. This will also provide, by the end of 2007, a representative picture of the level and nature of irregularities in the research budget as a whole.

Action 13: Analyse the controls under Shared Management (in particular Structural Funds) at regional level and the value of existing statements

A more detailed assessment of the effectiveness of current controls and assurance statements by Member States will be provided in the Annual Activity Reports for 2006. DG REGIO and DG EMPL are continuing to improve their procedures to determine assurance on payments by producing a management and control systems assessment per Member State, detailed down to system or programme level. This rates the control components of systems on compliance and effectiveness using a similar scale to that of the Court of Auditors, classifying programmes into 3 groups according to the level of assurance obtained: reasonable assurance, assurance with limitations, and limited/no assurance. These DGs have also developed legality and regularity indicators which will supplement the presentation of the control strategy in the 2006 AAR.

Action 14: Provide greater guidance for structural funds on managing the risk of error

For Action 14a, the Commission has asked Member States to ensure beneficiaries of Structural Funds are made aware of controls and the risk of cancellation of funding. Further guidance on information Member States have to send to the Commission on recoveries and withdrawals of funding following irregularities has been issued and an amendment has been made to the regulatory reporting provisions[5]. Closure guidelines for 2000-06 programmes were issued by the Commission in August 2006. Guidance has also been issued illustrating good practices in first-level management checks and checks by paying authorities.

For Action 14b the Commission is preparing interpretative guidance on a number of subjects, including "financial engineering", which will be issued after discussion with the Member States.

Action 15: Promote the ‘Contracts of Confidence’ initiative for Structural Funds

DG REGIO has continued to promote the Contract of Confidence to increase the level of assurance for the 2000-06 programming period as well as to lay useful foundations for the 2007-13 period. Two Contracts of confidence have been formalised in the structural funds (Wales and Austria) and discussions are continuing with four other Member States.

Action 16: Establish common guidelines per policy family

Under Action 16a improved guidelines for research and internal policies have been provided in an updated audit manual for use by the contracted auditor for the 6th Framework Programme. The Commission also identified a need to provide guidance in adapting audit strategies to heterogeneous control environments while retaining core common standards. The deadline of this action has been extended to enable best practices from a range of policies to be gathered and presented in this area.

Action 16b has contributed to the 6th Framework Programme audit strategy by prioritising an initial global overview and evaluation of the beneficiary population. This resulted in an approach, based on international standards, which combines stratification with monetary unit sampling (MUS), and incorporates the correction of systematic errors with the detection of the global error rate via a statistical sample.

For Action 16c, DG REGIO is revising the audit manual for the Structural Funds. This will, inter alia , take account of the new legislative requirements and incorporate guidance on the application of international auditing standards.

OVERALL CONCLUSIONS AND THE WAY FORWARD

The conclusion is broadly positive. While there have been some delays (see annex), the Commission considers that it will still be able to meet the objective of having the foundations in place by the end of 2007 for properly managing the risk of errors and providing increased assurance as foreseen in the Action Plan. The results of actions will be progressively visible and demonstrable - initially in terms of a more transparent and clearer control approach. This should lead to a reduction in the error rate through improved correction and prevention.

Experience has shown that a number of actions need to be refined to provide a further impetus to increased assurance and the Commission has proposed new sub-actions in these areas. New sub-actions are concentrated on direct centralised management given the Commission's sole responsibility in this area. The new sub-actions will be completed within the original timetable for the action plan (end of 2007) and will, together with the ongoing actions, ensure that the framework will be in place by that date for the Integrated Internal Control Framework to begin to have the planned impact on assurance.

Where the Commission obtains additional assurance, there is the potential for the European Court of Auditors to rely on this for its Declaration of Assurance. The Commission will therefore continue to liaise closely with the Court on the implementation and impact of the action plan and is also committed to improving the contradictory procedure. Timing remains a challenge in all areas of budget implementation. In the area of shared management, about half of the replies from Member states to the Court's "statements of preliminary findings" were not available in due time for the contradictory procedure on the 2005 Annual Report[6]. Potentially important feed-back from the Member States on the preliminary findings of the Court therefore arrives too late to inform the DAS.

The Commission will provide a final report on the implementation of the action plan in early 2008. This report will take a first look at the impact of the different actions on assurance and will draw conclusions for the future consolidation of the Integrated Internal Control Framework.

[1] COM(2006) 9 and SEC(2006) 49.

[2] OJ C107, 30.4.2004, p. 1 (the Single Audit Opinion).

[3] ECA 02/2004, paragraph 48.

[4] Kontrola PaD[pic]stwowa Special issue December 2006http://www.nik.gov.pl/docs06) 49.

[5] OJ C107, 30.4.2004, p. 1 (the ‘Single Audit’ Opinion).

[6] ECA 02/2004, paragraph 48.

[7] Kontrola Państwowa Special issue December 2006http://www.nik.gov.pl/docs/kp/kp_2006_referaty_calosc.pdf

[8] Regulation (EC) No 448/2001, part of the amending Regulation (EC) No 1978/2006 of 22 December 2006 (OJ L 368, 23.12.2006, p. 89).

[9] Report on Member States replies to the ECA 2005 Annual Report.