2016 discharge: EU general budget, European Commission and executive agencies

2017/2136(DEC)

PURPOSE: presentation of a report on the internal audits carried out in 2016 in the framework of the discharge procedure.

CONTENT: this report is to inform the European Parliament and Council of the work carried out by the Commission’s Internal Audit Service (IAS), as required by Article 99(5) of the Financial Regulation. It is based on the report drawn up by the Commission’s Internal Auditor under Article 99(3) of that Regulation, regarding IAS audit- and consulting reports completed in 2016 on Commission Directorates-General, Services and Executive Agencies.

In line with its legal base it contains a summary of the number and type of internal audits carried out, the recommendations and the action taken on those recommendations. The audit reports finalised in the period 1 February 2016 - 31 January 2017 are included in this report. Recommendations implemented after the cut-off date of 31 January 2017 are not considered.

Scope of the report: the mission of the Internal Audit Service is to provide to the Commission independent, objective assurance and consulting services designed to add value and improve the operations of the Commission. Its tasks include assessing and making appropriate recommendations for improving the governance process in its accomplishment of the following objectives:

  • promoting appropriate ethics and values within the organisation;
  • ensuring effective organisational performance management and accountability;
  • effectively communicating risk and control information to appropriate areas of the organisation.

The IAS performs its work in accordance with the Financial Regulation and the International Standards for the Professional Practice of Internal Auditing and the Code of Ethics of the Institute of Internal Auditors.

The IAS does not audit Member States’ systems of control over the Commission’s funds. Such audits, which reach down to the level of individual beneficiaries, are carried out by Member States’ internal auditors, national Audit Authorities, other individual Commission DGs and the European Court of Auditors (ECA).

Implementation of the 2016 audit plan: by the cut-off date of 31 January 2017, the implementation of the updated 2016 audit plan reached its target of 100% of planned engagements for audits in the Commission's Directorates-General, Services and Executive Agencies. 

154 engagements (including audits, follow-ups, reviews and one consulting assignment) were finalised.

The 2016 initial plan contained 67 audit engagements and limited reviews which were planned to be finalised by the cut-off date of 31 January 2017 and 34 audits which were planned to start before this cut-off date and to be finalised in 2017. The plan was updated at mid-year.

Overall, the IAS considers that the state of play regarding the implementation of audit recommendations is satisfactory and comparable to previous reporting periods. It indicates that the Commission services are diligent in implementing the very important recommendations, hence mitigating the risks identified. Nevertheless, and even though there is no recurrent outstanding issue or a specific service concerned, attention has to be paid to the individual recommendations rated very important which are long overdue, i.e. more than six months. A dedicated report was established and sent to the Audit Progress Committee, a summary of which is provided in the SWD accompanying this report.

Methodology: in response to the Commission's move towards an enhanced performance-based culture and greater focus on value for money, the IAS continued to carry out performance audits and audits which include important performance elements (comprehensive audits) in 2016 as part of its 2016-2018 strategic audit plan.

These audits addressed a number of aspects related to performance: 

  • several IAS audits focused on performance management and measurement and revealed that significant improvements are still necessary to enhance the maturity of the DGs performance management and measurement mechanisms. This confirms last year's conclusion which emphasised the need to take further steps at both corporate and DG level to improve the quality of objectives and indicators;
  • the European Court of Auditors also highlighted deficiencies in performance management and measurement in its annual report and in its special reports;
  • the Common Audit Service (CAS) in the Common Support Centre (CSC) needs to make significant efforts to increase the maturity of its internal processes, thus ensuring that it will achieve the objectives of the FP7 ex-post audit strategy, and that it will be prepared for the challenges brought by the H2020 ex-post audit strategy;
  • other IAS audits in the areas of anti-fraud activities for traditional own resources, managing and sharing data on agro-environmental-climate issues, better regulation and ex-post audits by the common audit service showed that further steps are necessary to increase the overall performance of these processes.

In line with its methodology and best practice, the IAS approached performance in an indirect way, i.e. whether and how management have set up control systems intended to assess and provide assurance on the performance (efficiency and effectiveness) of its activities. Through this approach, the IAS aims at ensuring that, in the first instance, DGs and Services have established adequate frameworks and performance measurement tools, key indicators and monitoring systems which means that SMART objectives and benchmarks have first to be established at Commission level, in order to dissociate, to the extent possible, the Commission's specific contribution from those of other major key players who contribute to the implementation and achievement of EU funds' objectives (Member States, Regions, Third Countries, International Organisations etc.).

Overall opinion: the IAS considered that the implementation of action plans drawn up in response to its audits this year and in the past contributes to the steady improvement of the Commission’s internal control framework:

  • on internal controls: the IAS conclusion on the state of internal control is limited to the management and control systems which were subject to an audit and does not cover those which had not been audited by the IAS or the IAC in the past three years. Particular attention, which led to reservations in the annual activity report of the DG concerned, was drawn in the limited conclusions to: (i) DG CLIMA with regard to the delay observed in the implementation of one very important IT security related recommendation (on the management of the security of the EU ETS IT system), which exposes the DG to the risk of security breaches; (ii)  DG DEVCO with regard to the combined effect of three open very important recommendations issued in the context of the audit on the management of the African Peace Facility;
  • on the Commission's financial management: as in the previous editions, the  overall opinion is qualified with regard to the reservations made in the Authorising Officers' by Delegation Declarations of Assurance. Given the magnitude of financial corrections and recoveries of the past and assuming that corrections in future years will be made at a comparable level, the EU Budget is adequately protected as a whole (not necessarily individual policy areas) and over time (sometimes several years later).

Without further qualifying the opinion, the internal auditor added one ‘emphasis of matter’ which relates to the supervision strategies regarding third parties implementing policies and programmes.