2017 discharge: EU general budget, European Commission

2018/2166(DEC)

PURPOSE: presentation of a report on the internal audits carried out in 2017 in the framework of the discharge procedure.

CONTENT: this report is to inform the European Parliament and Council of the work carried out by the Commission’s Internal Audit Service (IAS), as required by the Financial Regulation. It is based on the report drawn up by the Commission’s Internal Auditor, regarding Internal Audit Service audit and consulting reports completed in 2017 on Commission Directorates-General, Services and Executive Agencies.

In line with its legal base it contains a summary of the number and type of internal audits carried out, the recommendations and the action taken on those recommendations.

The audit reports finalised in the period 1 February 2017 - 31 January 2018 are included in this report. Recommendations implemented after the cut-off date of 31 January 2018 are not considered.

Scope of the report

The mission of the Internal Audit Service is to provide to the Commission independent, objective assurance and consulting services designed to add value and improve the operations of the Commission. Its tasks include assessing and making appropriate recommendations for improving the governance process.

The IAS performs its work in accordance with the Financial Regulation and the International Standards for the Professional Practice of Internal Auditing and the Code of Ethics of the Institute of Internal Auditors.

The IAS does not audit Member States’ systems of control over the Commission’s funds. Such audits, which reach down to the level of individual beneficiaries, are carried out by Member States’ internal auditors, national Audit Authorities, other individual Commission DGs and the European Court of Auditors (ECA).

Implementation of the 2017 audit plan

By the cut-off date of 31 January 2018, the implementation of the updated 2017 audit plan reached 98%6 of planned engagements for audits in the Commission, Services and Executive Agencies.

148 engagements (including audits, follow-ups, reviews and consulting assignments) were finalised.

The 2017 initial plan contained 66 audit engagements which were planned to be finalised by the cut-off date of 31 January 2018. Furthermore, the plan contained 38 engagements which were planned to start before this cut-off date and to be finalised in 2018. The 2017 plan was updated at mid-year.

Overall, the IAS considers that the state of play regarding the implementation of audit recommendations is satisfactory and comparable to previous reporting periods. It indicates that the Commission services are diligent in implementing the very important recommendations, hence mitigating the risks identified. Nevertheless, attention has to be paid to the individual recommendations rated very important which are long overdue, i.e. more than six months. A dedicated report was established and sent to the Audit Progress Committee, a summary of which is provided in the Staff Working Document to this report.

Methodology

In response to the Commission’s move towards a performance-based culture and greater focus on value for money, the IAS continued to carry out performance audits and audits which include important performance elements (comprehensive audits) in 2017 as part of its 2016-2018 strategic audit plan.

These audits addressed a number of aspects including governance processes, human resources management, IT processes. In addition, other audits in various areas showed that further actions are necessary to increase the overall performance of the audited processes such as:

- the cost effectiveness of controls when setting up the internal control systems in DGs and need to report on the cost-effectiveness of controls in their Annual Activity Reports while the Commission needs to estimate the costs and benefits of control systems when revising or presenting new spending proposals;

- the improved management of agricultural markets, including market crises and drawing lessons from crisis situations in terms of risk management and the follow-up of the crisis measures;

- there are significant weaknesses that need to be addressed notably on the efficiency and effectiveness of complaints handling and the enforcement of EU environmental law;

- there are significant weakness in the implementation regarding the monitoring of the execution of scientific projects;

- the European Anti-Fraud Office staff’s awareness on how to deal with social media and interest representatives needs to be significantly improved.

Overall opinion

The implementation of action plans drawn up in response to Internal Audit Service audits this year and in the past contributes to the steady improvement of the Commission’s internal control framework:

- on internal controls: the IAS conclusion on the state of internal control is limited to the management and control systems which were subject to an audit and does not cover those systems which had not been audited by the Internal Audit Service in the past three years.

Particular attention, which led to reservations in the annual activity report of the Directorate-General concerned, was drawn in the limited conclusions of: (i) the DG CLIMA with regard to the delay observed in the implementation of one very important IT security related recommendation (on the management of the security of the EU Emissions Trading IT system), which exposes the DG to the risk of security breaches; (ii) the DG DEVCO with regard to the delay observed in the implementation of one very important recommendation issued in the context of the audit on the management of the African Peace Facility; (iii) the Education, Audiovisual and Culture Executive Agency with regard to one critical and a number of very important recommendations issued in the context of the audit on Erasmus+ and Creative Europe – grant management phase 1;

-on the Commission's financial management: as in the previous editions,

the 2017 overall opinion is qualified with regard to the reservations made in the Authorising Officers' by Delegation Declarations of Assurance. Given the magnitude of financial corrections and recoveries of the past and assuming that corrections in future years will be made at a comparable level, the EU Budget is adequately protected as a whole (not necessarily individual policy areas) and over time (sometimes several years later).

Without further qualifying the opinion, the internal auditor added one ‘emphasis of matter’ which relates to the supervision strategies regarding third parties implementing policies and programmes.