Legislative Observatory
European Parliament
Please fill in this field to find a procedure

2007 discharge: EU general budget, Section III, Commission

2008/2186(DEC)

2007 DISCHARGE – COMMISSION – ANNUAL REPORT ON INTERNAL AUDITS

PURPOSE: to inform the Discharge Authority about the work carried out by the Commission's Internal Audit Service (IAS) in 2007. This report is based on IAS audit and consulting reports finalised in 2007. It concerns audit and consulting work related to Commission DGs and Services and executive agencies only. It does not cover the IAS work on other agencies or bodies.

CONTENT: to recall, in 2006 the Commission presented an Action Plan towards an Integrated Internal Control Framework consisting of 16 actions which sought to improve all aspects of the control structures in place. The Commission sought to improve its reporting through different statements of assurance established by its Directors-General in order to support the political responsibility of the Commissioners to manage the Commission.

The Commission's reactions to the findings and conclusions of the Internal Auditor are covered in the synthesis report on the annual activity reports of the Directors-General (see SEC(2008)2361). In this synthesis report, adopted at the same time, the Commission takes a position on the crosscutting issues raised by the Internal Auditor, the European Court of Auditors and the Discharge Authority, or identified by the Audit Progress Committee and by the Director-General for Budget in his overview report.

On the basis of the Commission audits and reviews finalised in 2007, and other related work, the Internal Auditor of the Commission drew the following conclusions (the Commission's position is contained in the synthesis report on the annual activity reports of the Directors-General).

IAS conclusion 1: Overall progress made, but more improvements needed: in the course of its audit work, the IAS noted further improvements in the Commission's internal control systems. The number of critical IAS recommendations issued decreased from twelve in 2006 to six in 2007 and the number of audits with adverse IAS opinions dropped from nine in 2006 to six in 2007. However, further improvements are still needed, for instance in the areas of grant management, ex-post controls, procurement and implementation of data protection provisions.

IAS conclusion 2: Information Security: ensuring that sensitive information held in the Commission (both at Headquarters and in the Delegations) is protected against unauthorised disclosure and access is of paramount importance for the Commission's effectiveness and reputation. All DGs and services concerned should pay particular attention to information security and should coordinate with and seek validation of all their security measures by the corporate security service.

IAS conclusion 3: Policy Directorates-General have front-line responsibility for fraud

Prevention: the Commission has recently adopted a new approach to fraud proofing. OLAF plays a key role in fraud investigations and contributes to developing methods of fighting fraud on the basis of its experience. However, in the Commission, Directors-General - as Authorising Officers by Delegation - have, front-line responsibility for the prevention of fraud in their area of responsibility (in which they will be supported by OLAF) and for the follow-up to OLAF investigations (recoveries etc.).

IAS conclusion 4: AAR assurance process steadily being improved: the ultimate aim of both the AAR (Annual Activity Reports) assurance process and the synthesis report is to support the political responsibility of the Commissioners to manage the Commission. The foundation of the assurances given will be improved by a better definition of the underlying control strategies, backed by indicators for key controls and by better "reconciliation" of the assurances with the results of the European Court of Auditor's work.

IAS conclusion 5: Some progress in follow-up, but also some areas lagging behind: follow-up of audit recommendations has improved recently, but still takes too long in some areas. Also some issues raised in previous annual reports still require continued attention, e.g. a human resources strategy that is fully aligned on the strategic planning process and the development of shared services and improvements in IT governance.