Legislative Observatory
European Parliament
Please fill in this field to find a procedure

2004 discharge: EC general budget, section III, Commission and ECSC in liquidation

2005/2090(DEC)

PURPOSE : to present the Commission’s third annual report to the discharge authority on internal audits carried out in 2004.

CONTENT : the aim of this third annual report on internal audit is to inform the Discharge Authority about the work carried out by the Commission's Internal Audit Service (IAS) in 2004. The present report is a shortened version of the Internal Auditor's Annual Internal Audit Report to the Commission. It is based to a large extent on the results of work conducted by the IAS to complete Action 87 of the Reform White Paper but it also takes into account other audits finalised in 2004, including follow-up audits to earlier engagements and other relevant sources such as the overview of the Relex family DGs, the first summary report on the work of the DG's own Internal Audit Capabilities (IACs) and the follow-up to systemic recommendations made by the Internal Auditor in 2003.

The in-depth audits and follow-up audits undertaken by the IAS resulted in recommendations addressed to the appropriate Director-General who is responsible for taking action. This report concentrates on recommendations that are of Commission-wide interest, often crosscutting in nature and that could also concern other DGs besides the ones audited.

The acceptance by audited services of IAS audit findings and recommendations is high with 84% of all recommendations issued being accepted and another 10% accepted with comments. In one case a critical recommendations was rejected by the auditee as it was felt that follow-up action was not manageable at the DG level.

The report highlights both issues/control weaknesses and related recommendations that were brought to the attention of the College, either because they are of sufficient importance (materiality), because they provide insight into the state of the Commission internal controls or because they cannot easily be resolved at the DG level.

The report concludes by stating that in 2004 several milestones were reached in terms of the Commission's ongoing effort to modernise and strengthen its management and control systems. The new staff regulation entered into force and Directorates-General continued their effort to improve the internal control systems put in place under the Commission Reform. The Internal Audit Service (IAS) completed the so-called Action 87 of the Reform White Paper by carrying out audit work (including desk reviews and risk assessments) in 33 Commission services. Taking a more strategic perspective, audit work and recommendations have lead the Internal Auditor to a series of conclusions where the Commission could make considerable gains in terms of improved governance and performance.

The Internal Control System : the DGs indicated in a self-assessment exercise that they had reached a high level of compliance with the Internal Control Standards (ICS). Major progress is also confirmed by the IAS audits. However, these audits also revealed that there are still critical control weaknesses and that important improvements are still needed in key areas such as grant management and public tendering, management supervision and ex-post controls (both in terms of funds managed by the Commission and in shared management with Member States) and that the Commission is still exposed to potential control breakdowns. The present report (as do the individual audit reports) includes recommendations designed to strengthen related controls.

Conclusion 1: despite important progress in internal control, important weaknesses still exist in areas such as grant management and tendering, management supervision and ex-post controls. These weaknesses should be addressed with urgency. But the challenge goes even further and is twofold: first, compliance with the Internal Control Standards is not an end in itself. What is important is that the internal control systems are effective in giving reasonable assurance that the Commission's objectives are being achieved, that laws and regulations are complied with and that the financial reporting from the Commission is reliable. Second, the answer is not necessarily more controls, but better and more cost-effective controls. Newly established rules and regulations now need to go through the natural next step, i.e. they need to be refined on the basis of lessons learnt, taking into account simplification and proportionality in terms of costs and risks.

  • Shared management: in order to be efficient, assurance has to come primarily from the Member States and not through more Commission on-the-spot controls. This is why the IAS proposed in its last Annual Report to introduce disclosure and assurance statements from Member States management. Additional steps need to be taken to embed controls into standard management processes, in order to facilitate DG management and for DGs to obtain a return on their "investment".

Conclusion 2: Directorates-General have to strive for effectiveness of their control systems – beyond compliance. Cost-effectiveness and risks should be taken more into account in designing controls; for shared management this means that more assurance has to come from Member States.

  • Horizontal Functions: the College has collective political and budget responsibility for the Communities' budget (including funds under shared management). However, the Commission's financial management and control architecture is primarily focused on the individual Directorates-General and the accountability/assurance statements come from DGs. A pre-dominantly DGlevel perspective means there is an increased likelihood that important, notably "crosscutting" control issues/risks, are not sufficiently covered or mitigated. Certain of these horizontal functions are well established, e.g. the establishing of the Commission's budget. The Commission also has made important improvements to strengthen policy coordination and coherence such as establishing high-level networks and the creation of DIGIT. But certain horizontal functions are not yet adequately covered.

The Financial Regulation as revised in 2002 does not explicitly provide for the Accounting Officer to certify the integrity, consistency and reliability ("true and fair view") of the accounts. However, such a step strengthens the control system. It ensures the consistency and reliability of the Commission's accounts and therefore provides adequate protection to the College.

Signing off the accounts is also a natural complement to the Accounting Officer's authority to set accounting standards: being able to sign off means for instance having undertaken plausibility and coherence checks in order to minimise differences in application or misapplication of rules. This is why the IAS recommends a sign-off on the accounts by the Accounting Officer. This systemic responsibility in no way reduces the responsibility of Authorising Officers to guarantee the reliability of information made available to the Accounting Officer. It is now timely to introduce this central oversight, as the new accruals accounting system increases the level of accounting expertise required throughout the Commission.

Conclusion 3: in order to ensure the integrity, consistency and reliability of the accounts, the Accounting Officer should sign off the Commission's accounts certifying that they present a true and fair view. The Accounting Officer should be adequately empowered in order to be able to exercise this responsibility without modifying the responsibility of Director-Generals for the underlying transactions and the reliability of the information made available to the Accountant.

  • Risk management: another area of concern is risk management. When effectively utilised, risk management serves as a proactive management tool for identifying obstacles to achieving policy and operational objectives and assisting in taking political decisions, including in prioritisation and allocation of resources. As set out in this report, risk management in the Commission is still in a rather embryonic state. DGs focus largely on risk analysis, and risk management is not embedded in regular management processes. This situation persists despite the fact that BUDG has recently launched very welcome initiatives in this field (these are detailed in the body of this report). A Commission-wide approach to risk management, including methodology and tools, has yet to be implemented and should result in a consolidated risk overview at the Commission level.

Conclusion 4: a Commission-wide risk overview process should be implemented (allowing for a complete top down view of key risks). This would facilitate pro-active risk management related to the key objectives of the Commission and more informed resource allocation decisions.