2020 ANNUAL ACTIVITY REPORT OF SMART THE AUTHORISING ...

For the attention of the Secretary-General

SMART 21/0096

2020 ANNUAL ACTIVITY REPORT OF THE AUTHORISING OFFICER BY DELEGATION

Council of the European Union General Secretariat Deputy Director-General Digital Services

2020 AAR SMART 21/0096 | EN | 30 March 2021

1

I. INTRODUCTION – MISSION STATEMENT A) MISSION STATEMENT

1. In partnership with delegates and staff, Digital Services (SMART) organises information and makes it accessible through smart and secure services. SMART helps transform work by innovating and promoting a 'digital-first' mind set.

B) DEPARTMENTAL STRUCTURES

2. The Digital Services department (SMART) is led by a Deputy Director-General and is made up of two directorates (Digital Solutions and Digital Platforms) and one unit directly attached to the Deputy Director-General.

3. The Digital Solutions directorate (SMART.1) has four units: − Customer Services − Information Management − Architecture and Processes (Compass) − Design and Development (BUILD)

4. The Digital Platforms directorate (SMART.2) has four units, following a reorganisation which took effect on 1 September 2020:

− Infrastructure and Operations (RUN) − Systems Security − Document Services − Digital Workplace (new unit created as part of the reorganisation)

5. The Resources unit (SMART.A) reports to the Deputy Director-General.

6. There is also a Digital transformation team directly reporting to the Deputy Director-General since the reorganisation.


2

II. PERFORMANCE OF DUTIES A) PERFORMANCES/ ACHIEVEMENTS

Overall performances

7. In 2020, SMART delivered an extensive range of services to the European Council, the Council and the GSC.

8. Beyond responding to the crisis, SMART continued developing new systems and applications, progressed on information and knowledge management, IT governance and inter-institutional cooperation and ensured sound management of its human and budgetary resources.

9. 2020 has been a particularly challenging year. SMART staff have continued to rally throughout this difficult period, not only in keeping our infrastructure and document services running, but also by innovating through developing and acquiring new technology, optimising existing systems and working increasingly long hours or being present on-site to ensure business continuity by providing services and digital support to the European Council, the Council, GSC staff, delegates and the Presidency.

Coronavirus response

10. As from March, teleworking became the default mode of working, and SMART's previous efforts to extend the capacity of its platforms and increase bandwidth allowing almost all staff to telework via Pulse and VDI ensured that this proceeded smoothly.

11. In parallel, SMART continued to expand its videoconferencing portfolio so the European Council and the Council could continue to meet. Introduced in April, the use of the Council Video Conferencing Platform (Pexip) increased exponentially during the German Presidency. Its use was extended beyond informal working parties and high level meetings to include Council organised trilogues (replacing Interactio) in early October, following extensive collaboration with DG ORG and the SCIC. Since its introduction almost 1500 meetings have been held on this platform.

12. Throughout this period of high usage, SMART has upgraded and improved the platform based on user feedback, requests for additional features and experience gleaned. Its capacity has been regularly upgraded to support the growing demand in terms of capacity and functionalities. We also installed part of the solution in our own data centres to enhance quality and provide an extra layer of security when required.

13. The video conference team has worked intensively with all policy DG meeting organisers to set up and operate the virtual meetings and provided extensive training, coaching and guidance to meeting hosts and participants. In particular it has organised test sessions with Member States ahead of major meetings.

14. In addition SMART has continued preparations for a secure video conference system for discussions on highly sensitive or classified matters up to the level SECRET UE/EU SECRET following a proposal made to COREPER in September.

15. SMART also increased the number of pilot users on Microsoft Office 365 to provide additional options to ensure business continuity. While the pilot phase is restricted to DGs ORG, COMM, SMART and now LING, the number of participants has been extended to just over 1000 users, providing a very high level of satisfaction in facilitating collaboration and teamwork under the circumstances entailed by the pandemic. SMART continued working on the security risk assessment, the data privacy impact


3

assessment and on legal risks to provide the inputs required to for the GSC to determine the possible future use of this tool.

16. In anticipation of a future gradual return to working in the GSC's buildings, SMART has started to equip small meeting rooms in the secretariat with high-quality videoconferencing equipment in order to facilitate hybrid meetings. In particular, a number of "Meet Anywhere" rooms have been equipped, ensuring at least one per Directorate General.

17. In October, SMART launched the Home Office Package (HOP) initiative to support staff in their telework. The package complements the laptop or hybrid and includes the necessary IT equipment to allow staff to work efficiently from home. More than 1600 staff members have requested this package and over 1500 sets have been distributed. This initiative has been hugely successful both in terms of the equipment provided and the swift administration of the scheme.

Information and Knowledge Management (IKM)

18. A number of IKM applications intended for roll-out in the first half of 2020 encountered delays due to the Covid-19 crisis. Despite the delays, significant progress was made in many key areas.

19. The delivery of the pilot version of the unified digital workspace, named eConsilium, was launched as planned in Q3 2020. eConsilium offers a redesigned, more user-friendly interface improving the way GSC operates in the digital world. The first version of eConsilium containing most of Agora's features was released in September and was well received by the pilot users.

20. SMART has been fine-tuning the Translation Management System (TMS), which is being used by almost 800 pilot users in LING since April 2020. This system offers several improved features that will help LING to plan and manage the many translation requests they receive on a daily basis. It goes hand-in-hand with a number of changes in working methods that are being advanced by LING. The system will be activated in full use in September 2021.

21. The updated Document and File Management (DFM) policy for the GSC was approved in November after a consultation process with all GSC departments, the IKM Programme Board and the AMB. The DFM policy defines key concepts in the whole document lifecycle and includes the use of electronic signatures and governance roles and responsibilities.

22. The new High Classified Information (HCI) system has progressed as planned. Physical installation of the equipment in the GSC has been done, initial training with end-users to test document and information flows has been successfully completed and the accreditation process conducted by the Security Accreditation Board has moved to the second phase (system engineering). Alongside the HCI system, work has started on the next generation system for handling EU Restricted information (RCI), with the definition and planning of proof of concepts.

New developments beyond IKM

23. In July, a new Budgetary Data Base became operational for ECOMP to assist the Council and the Presidency in the different stages of the budgetary procedure; from establishing the Council's position on the annual budget to closure and discharge.

24. In September 2020, SMART, in cooperation with the ORG finance directorate and the three participating institutions (Court of Auditors, Court of Justice and European University Institute), put into production a major upgrade of the GSC financial system, SOS II, which is based on the SAP S4/HANA system. The GSC is among the first EUIs that completed such a major migration. With a unique architecture, the new SOS II system has the capabilities to provide ease of use via a modern design, and improved performance to the end user.


4

25. Another significant development has been the establishment of an Identity Management Programme (EIDM). Here, SMART in partnership with DG ORG safety and security directorate has set about centralising the various strands of identity management and accreditation to ensure a more robust, efficient and easier to manage system in future. The GSC’s DPO (data protection officer) participates in Programme Board meetings to monitor compliance at all stages with the data privacy by design and default principle.

IT Security

26. Cybersecurity continues to be an important aspect of SMART's work. As more sophisticated methods are used, and adversaries begin to focus on supply chain attacks, SMART is continuing its efforts to improve our cyber-resilience, not only by proactively enhancing our defence posture, but also by improving monitoring and response capabilities, and enhancing our prevention and communication strategy. Interinstitutional co-operation is vital in this aspect, and we have continued. to support CERT-EU's development.

27. As the protection of information is paramount, SMART has contributed to ORG's Information Security Policy, which will provide the basis for our security risk assessments and will set out an information security context for our cloud and data strategy. SMART has also been working proactively, on implementing rules focussed around the CIS 20 security controls.

Improved structures in SMART

28. In September an internal restructuring in SMART established a new Digital Workplace Unit and reinforced the Customer Services Unit. The Digital Workplace Unit's mission is to take a comprehensive approach to all aspects of the staff digital workplace, including basic office productivity tools and all hardware such as laptops, printers and videoconferencing. Since its establishment, the Unit has handled urgent Covid-related projects and has also started to analyse and review the current service offering with a view to developing a digital workplace strategy for the GSC and a more structured governance to manage it.

29. The transfer of all related activities to the new service desk function of the Customer Services Unit, which involved transferring staff and rescheduling tasks, has been completed. Benefitting from this reinforcement, the Customer Services Unit began to implement new processes, including a Quality Assurance function, to provide more efficient tracking and fulfilment of user incidents and requests through the Helpline.

30. Work on the Service Improvement Programme (SIP) also continued.

Governance

31. SMART started to review the IT Governance framework following the internal audit on the subject. The main areas addressed include improvements on the process for demand management, the processes for the Annual Work Programme creation, monitoring and change management, an updated risk management framework and more clarity on the implementation of programmes as part of our portfolio of activities.

Digital Transformation and Interinstitutional Cooperation

32. SMART's digital transformation team, Polaris, has been very active. Building on their impressive work on conceptualising how the GSC might host delegates in the future, the team embarked on a major project with DG ORG, Human Resources, to envision what HR might look like at the GSC in a decade from now. SMART's positive assessment of the team's work, role and effectiveness has been confirmed by the AMB at its meeting in October. Following this assessment, the team's remit has been adjusted and the team has been placed under the deputy Director-General of SMART.


5

33. Interinstitutional cooperation through the Interinstitutional Committee for Digital Transformation (ICDT) has focused on sharing experiences on our collective COVID-19 response and, where possible, aligning approaches on videoconferencing, cloud-based office solutions and minimum standards for authentication of electronic documents and digital signatures. Five standing working groups have been set up and mandated to deliver on the ICDT's work programme for 2020-2021 on cybersecurity, cloud, emerging technologies, IT sourcing, and interoperability and digitalisation.

Human resources

34. Following a participatory process among Digital Services staff and managers, a SMART improvement plan was developed with the objective of fostering collaboration across different teams and for SMART to be more efficient in delivering services. Alongside this a number of organisational changes were carried out to reinforce service delivery.

35. SMART recruited 38 statutory staff (21 in SMART.1, 14 in SMART.2, 2 in SMART.A and 1 in the DDG's office). In some cases, we have had to resort to converting AST posts into TA/AST4 posts to be able to complete our teams. During the same period, 22 colleagues left SMART, either on retirement, internal mobility to other GSC services or inter-institutional mobility. The SMART vacancy rate at the end of 2020 was of 3,9% taking into account posts published, under selection or soon to be filled (7,3% considering vacant posts irrespective of their status).


6

Internal communication

36. SMART stepped up its internal communication effort significantly in 2020, in particular with regard to teleworking procedures and videoconferencing products offering. During 2020,SMART published 32 articles, issued five SMART newsletters (inaugural edition in July and monthly issues from September) that were very well received, and carried out a number of communication actions, such as the cybersecurity month in October as well as videos and infographics on several topics of interest.

Performance in relation to internal audit recommendations 37. SMART remains the most audited service in the GSC. In 2020 SMART underwent two new audits: IT

governance and Approval and distribution of Council documents to policy DGs. SMART was also involved in recommendations of audits under responsibility of other services, such as Quality of legislation and Transparency. We were still quite busy with the audits on PKI, IT user support, Preservation of archives, Security clearance and treatment of EU classified information, and well as on the follow-up of previous open audit recommendations.

38. In 2020, as communicated at the occasion of the April and November audit follow-up exercises,

SMART closed a total of 16 recommendations (of which 2 were closed by accepting the residual risk, in agreement with the concerned services). 42 recommendations remained open (35 under SMART ownership and 7 in contribution with other services in the lead), most of them concerning recent audits and within deadline for implementing agreed action plans.

*

* *

39. To say that 2020 has been a strange year is an understatement. When faced with increased operational demands, SMART was able to innovate, revealing the real motivation and passion in its staff. At a time when our colleagues had to depend on us, SMART staff rose to the challenge.


7

Achievement of objectives set out in the 2020 Annual Work Plan

40. In 2020, SMART undertook 181 projects within is Annual Work Plan (AWP). A total of 49 projects (27%) were completed by the end of the year, whereas 96 initiatives (53%) were still ongoing and will continue their execution in 2021. Out of these 96 ongoing projects, 75% were initially foreseen as multiannual, while 25% were expected to finish in 2020. The remaining 36 projects (20%) were either on hold, postponed or still under formalisation.

41. The extra workload due to the corona virus crisis impacted the delivery of the 2020 AWP. On top of this, the AWP evolved throughout the year. From 103 initiatives at the beginning of 2020, the AWP ended up doubling its size. After some cancelled projects, the AWP eventually included 181 valid projects at the end of 2020. All this posed a challenge in managing the capacity.

42. In any case, all finalised projects reported successful deliveries and all projects in execution reported partial deliveries, even when the final end date slipped into 2021. Overall, the effort dedicated to all the work in the AWP constituted an aggregated budget consumption of 19 MEUR and a total effort of 181,6 Full Time Equivalents (FTEs) in terms of staffing. This represents around a third of SMART's budget appropriations and over half of SMART's human resources.

43. The Council Decision Making and Policy Support functions of the GSC accounted for 47% of the

overall project investments. This area includes large initiatives such as the IKM programme and the HCI project, where important products were delivered, such as eConsilium, eAgenda, TMS (Translation Management System) or TTE (Trilogue Table Editor). Other smaller projects provided solutions for the Legal Service and Policy DGs, such as the budgetary data base (BDB) for DG ECOMP and the IPCR (Integrated Political Crisis Response) for DG RELEX.

44. Solutions delivered to DG COMM, DG ORG and LING constituted 14% of the effort. This included work

to provide added functionalities to the Consilium Website and the Newsroom website, and preparatory work for the Presidency website. The project for the Visitor Management Tool was also almost finalised, and the new MeetingLAN conferences network was delivered.

45. The IT part of the NWOW (New ways of working) programme continued and EB10 (Europa building

10) was almost fully implemented. Many small projects provided enhancements to HR management tools; for example, a COVID-19 tracing tool was also developed. In the financial area, a project to migrate the SAP infrastructure was successfully delivered, as well as the digitalisation of the CEP processes. New functionalities for EMMA, ADAM and AARON were also deployed and the preparatory work for the EIDM (Identity Management Programme) programme continued.

46. Information technology management services constituted 39% of the effort. In this area are included

all the projects that SMART undertook to provide digital workplace and end user support solutions, as well as to maintain and improve the overall information technology infrastructure supporting all the services offered by SMART to its customers.

47. For example, in the IT infrastructure area, extensive work was carried out for the delivery of a disaster

recovery datacenter. In the end user support area, a new tool for providing IT Service Management was acquired. Several projects were also launched to improve all videoconferencing platforms and remote working tools, worked continued in the Office 365 pilot to prepare for a possible GSC wide deployment of the platform.

48. Furthermore, important investments took place through projects aimed to improve the security

infrastructure, such as enhancements to the PKI infrastructure, deployment of tools to improve the GSC network defense capabilities and security audits over multiple critical systems. Additionally, SMART carried different platform and version upgrades in 2020, such as on the Oracle databases or on the Exchange infrastructure.


8

49. Full details of all the work carried out through projects of the SMART 2020 AWP, including the status of each individual project and the corresponding dedicated effort are to be made available to all GSC DGs through specific 2020 end of year reports.


9

B) HUMAN RESOURCES ALLOCATED FOR THE INTENDED PURPOSE

50. SMART had at its disposal the following human resources on 31 December 2020:

Permanent staff Temporary staff Others Total

Administrators 84,45 1 85,45 Assistants 175,1 16,8 191,9 Secretaries 7 7

Subtotal 266,55 17,8 0 284,35

Contractual agents 19 2 21 National experts 1 1

Subtotal 19 3 0 22

Total 285,55 20,8 0 306,35

Table includes staff in place on 31 December 2020, expressed as full-time equivalents (FTEs) Source: Staffing Office

C) FINANCIAL RESOURCES ALLOCATED FOR THE INTENDED PURPOSE

− Implementation of the budget 2020

51. SMART has put in place a full array of internal controls to ensure that it carries out its financial management tasks in a meticulous way and in conformity with the Financial Regulation, its Rules of Application and the Internal Rules applicable in the GSC.

52. When executing the budget, the highest priority is afforded to the principles of specificity and

annuality as well as to the principle of consuming revenue before committing appropriations.

− Overview of the implementation of budget 2020 (annex, AAR1 table)

53. As a consequence of the various developments described in section A above, SMART requested a substantial increase in budget appropriations at the mid-term and year-end reviews of the Council budget. After agreement of the Budget Committee, SMART's appropriations for this year were increased by 10,6 MEUR.

54. In addition to allowing SMART face the challenges imposed by the pandemic, the budget reinforcement provided opportunities to anticipate necessary investments, such as the budgetary database, the Presidency website, the FADO system update and enhancements to the application portfolio. It also has allowed covering Commission HR applications costs (with prior agreement by DG ORG finance directorate).

55. With this reinforcement, the final budget appropriations made available to SMART in 2020 amounted to 54.675.000 EUR, of which 54.668.910,10 EUR were committed. Consequently, and as for the two previous years, the execution rate of SMART budget appropriations was 99,99%.

56. Of the amounts committed in 2020, 23.927.912 EUR were carried-over for payment to 2021, which represents 43,8%. Such a rate is not unusual, given that commitments have to be settled within two budgetary exercises. In particular, consultancy services have been committed with the first trimester of 2021 included.


10

57. Given the teleworking imposed by COVID-19, SMART adapted its financial circuits such that internal workflows are now mostly paperless. This was achieved in coordination with the ORG finance directorate and we intend to maintain this good practice in future.

− Overview of the implementation during 2020 of appropriations carried over from 2019 (annex, AAR2 table)

58. Overall, a total amount of 16.667.323 EUR was carried over from 2019 to 2020, of which 16.169.780 EUR were implemented, representing an outturn rate of 97,01%. The outturn rate remains above 90 % overall, for all SMART fund centres and budget lines, with the exception of budget line 2231 (postal charges), where 5.893 EUR out of 18.303 EUR carried over from 2019 had to be cancelled, representing an outturn rate of 67,8%.

59. However, taking into consideration the total commitments in 2019 (which would better reflect the actual 2019 budget execution rate) instead of the commitments carried over from 2019 to 2020, the outturn rate would be of 98,91% for fund 4. In our view this perspective would be more appropriate, since it better reflects efforts at achieving a higher payment rate in 2019.

60. An additional effort has been undertaken in 2020 to further reduce unsettled amounts in fund 4. In

particular, SMART services have been instructed to order 180 consultancy days as reference basis in order to avoid over-commitment.

61. Our efforts in reducing, year after year, unsettled carried-over commitments from the previous year

are paying off, since this year they have been reduced to less than 3% of last year's carried over commitments and to less than 1,1% of last year's commitments.

62. Not achieving an optimal implementation rate for fund 4 (a total amount of 497.543 EUR has not

been used, representing 1,1 % of the commitments on fund 1 in 2019) is mainly due to the following factors on the budget lines 2101 (consultancy / provision of external services), 2102 (maintenance) and 2231 (postal charges):

− non-conformity of service provisions, overestimation of service requirements; − difficulties and delays in obtaining required profiles or replacing in due time unavailable or

unfit external service providers; − overestimation of maintenance provisions, inappropriate contractual executions; − in the specific case of postal charges (outturn rate of 67,8%), strong decrease in postal

mailings linked to the covid-19 pandemic. Occasionally invoices are not sent by the contractors (in particular regarding telecommunication services), despite several reminders by SMART.

63. For detailed budgetary figures, please refer to the table 1 'Overview of the implementation of the 2020 budget' and the table 2 'Implementation of amounts carried over from 2019 to 2020' in annex.


11

III. FUNCTIONING OF THE INTERNAL CONTROL SYSTEM

A) EFFICIENCY AND EFFECTIVENESS OF THE INTERNAL CONTROL SYSTEMS

64. SMART adheres to the 17 principles set out in the GSC’s internal control framework and contributes, together with other services, to the effective and efficient functioning of the framework.

65. The centralised monitoring and assessment report (updated on 17/3/2021 by ORG.4) of the Internal Control Framework is available on Domus: https://domusportal.consilium.eu.int/en/supportandservices/dga4finance/Pages/RefDocs/internal_control.aspx

66. Specific input from SMART to the 17 principals of the internal control framework is provided below:

Component: CONTROL ENVIRONMENT

PRINCIPLES Activities of SMART that contributed to the ICF (non exhaustive)

1. The GSC demonstrates commitment to integrity and ethical values

SMART staff is kept informed on the values of GSC and of its obligations, in particular regarding integrity and ethical values. SMART management respects integrity and ethical values in their instructions, actions and behaviour. All SMART staff approved in February 2020 six values to respected by all staff as well as three management behaviours as a tangible example of the values and ethics that are central to its mission.

2. The GSC enables oversight of the development and performance of internal control

SMART managers oversee the development and performance of internal control in their respective services. The deputy director-general of SMART provides annually a Declaration of Assurance in line with regulatory requirements

3. The GSC establishes structures, reporting lines, and appropriate authority and responsibilities in the pursuit of objectives

A comprehensive management structure is in place at SMART. Managers delegate authority and use appropriate processes to assign responsibility and segregate duties as necessary. Reporting lines are established within SMART between and across directorates, units and teams. A participatory process involving SMART staff took place in 2020 to streamline the organisational structures and better address needs.

4. The GSC demonstrates a commitment to attract, develop and retain competent individuals in alignment with objectives

SMART continuously seeks to recruit competent staff and to develop and retain its human resources. Training and development of competences are encouraged by SMART management. Internal mobility of staff is encouraged by SMART.

5. The GSC holds individuals accountable for their internal control responsibilities in the pursuit of objectives

Accountability is enforced through the organisational structure of SMART, delegation of authority and assigning responsibility, thereby establishing reporting lines.

Component: RISK ASSESSMENT

PRINCIPLES CHARACTERISTICS

6. The GSC's authorising officers work with objectives to enable the identification and assessment of risks

The objectives of SMART are set out in the Annual work plan (AWP) and updated as required. The AWP reflects SMART’s planned activities.

7. The GSC's authorising officers identify risks and analyse them as a basis for determining how risks should be managed

Risk identification and risk assessment is done both at the level of the department (SMART risk register) and at project level. The relevant SMART services, and the concerned project managers in the case of projects, estimate the significance of the risks identified and determine how to treat/mitigate them.

https://domusportal.consilium.eu.int/en/supportandservices/dga4finance/Pages/RefDocs/internal_control.aspx

https://domusportal.consilium.eu.int/en/supportandservices/dga4finance/Pages/RefDocs/internal_control.aspx


12

8. The GSC considers the potential for fraud in assessing risks to the achievement of objectives

SMART adheres to and follows the GSC measures in place to counter fraud and illegal activities affecting the interests of the EU, in particular the financial interests.

9. The GSC identifies and assesses changes that could significantly impact the system of internal control

Change management processes are in place in SMART. The processes to identify new risks, monitor current risks and related risk treatment consider changes, both in the internal and external environment. A good example in 2020 was SMART's adaptation to the pandemic.

Component: CONTROL ACTIVITIES


10. The GSC selects and develops control activities that contribute to the mitigation of risks

The monitoring of risk mitigating measures is part of the SMART risk management process.

11. The GSC selects and develops general control activities to be applied to technology to support the achievement of objectives

The acquisition, development and maintenance of technology and related infrastructure by SMART is subject to appropriate control activities, in particular the security of IT systems is ensured by applying appropriate controls.

12. The GSC deploys control activities through policies and procedures

Appropriate SMART policies and control procedures ensure that objectives are achieved, continuity of core businesses is guaranteed, and that persons on premises and assets are safeguarded. Examples of control activities deployed by SMART: Cloud policy, mobile device policy, multiannual disaster recovery exercise plan, business information analysis, response strategy scenarios.

Component: INFORMATION & COMMUNICATION


13. The GSC obtains or generates and uses relevant quality information to support the functioning of internal control

Adequate information and document management relevant to internal control is conveyed in a timely manner and in compliance with the applicable security rules.

14. The GSC internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control

SMART implements a culture of internal communication enabling GSC staff to receive information on SMART activities and projects and to convey clear messages to SMART staff from senior management on matters of internal control.

15. The GSC communicates to external audiences on the work of the Council and the European Council. This may include communicating on matters related to internal control

SMART implements a culture of communication enabling stakeholders to receive information relevant to them on SMART activities and projects as required.

Component: MONITORING ACTIVITIES


16. The GSC selects, develops and performs evaluations to ascertain whether the components of internal control are present and functioning

Monitoring and evaluation of the internal control framework takes place periodically, depending on changes or identified risk.

17. The GSC evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action

Internal control deficiencies are communicated to relevant SMART services responsible for taking corrective action. Corrective actions are supervised and monitored. Corrective actions are taken in a timely manner by the services in charge of the processes concerned.


13

67. The Authorising Officer by Delegation is of the opinion that the above points have been implemented during the reporting year to a satisfactory degree, acknowledging that it is a collaborative exercise by the whole GSC. The implementation of internal control framework provides reasonable assurance regarding the achievement of the objectives.

B) ASSESSMENT OF THE ESTIMATED COSTS AND BENEFITS OF CONTROLS

COSTS OF CONTROLS

68. One indicator concerns the estimation of the cost of staff (full time equivalent - 'FTE') in SMART exercising the function of financial verification and comparing this to the total amount of the executed budget. This FTE was estimated at 0,33 MEUR and is reflected against the budget execution of 2020 of 54,67 MEUR, which provides a control coefficient of 0,61%.

69. The full EU budget Section II for the European Council and the Council covers exclusively administrative appropriations that support mostly the internal functioning of the institutions and therefore contribute to the pursuit in achieving its objectives.

BENEFITS OF CONTROLS

70. The benefits of preventative controls are not all quantifiable e.g. ethics training and awareness raising, legal advice to avoid litigations, actions taken to mitigate the risks of reputational damage. Consequently, they cannot be considered in calculations. However, such unquantifiable benefits of controls remain important to SMART's operations and they underpin the control environment.

71. The absence of any reported misuse of funds nor irregularities in reports of the Internal Auditor or European Court of Auditors can be interpreted as an indication that internal controls are functioning at a satisfactory level and that the controls have been beneficial to the institutions.

72. Other benefits of controls in non-financial terms include better value for money, efficiency gains, system improvements and stakeholder satisfaction.

C) RISKS ASSOCIATED TO THE OPERATIONS

73. In 2019 SMART updated its internal organisational risk register in the scope of the overall annual GSC risk management exercise coordinated by ORG.4.

74. Risks are grouped into three categories: − Resources, covering finance, staff and external service provisioning; − Initiatives, covering project and programme delivery, including project and programme

portfolio management; − Services, covering the delivery of reliable and secure services, including service portfolio and

service management.

75. There have been nine significant changes in the SMART risk register, referring more specifically to human resources as well as IT service provision, management and delivery. Regarding three risks identified as high in 2019, SMART implemented a number of mitigating measures to address them and reached a reduction in the overall risk level (one remaining high risk) during the annual review of the risk register in 2020.

76. It is worth mentioning that in addition to the SMART risk register, specific risks are addressed as part of the management of relevant programmes and projects.


14

EXCEPTIONS

77. During 2020 SMART recorded 3 exceptions related to commitments or contracts which is less than 1% of the total transactions.

IV. CONCLUSIONS ON ASSURANCE 78. The following elements supporting assurance are worth mentioning.

79. Roles and responsibilities

− the deputy director-general of SMART, the director of SMART.1, the director of SMART.2, the heads of unit and the heads of sector are responsible for the planning and execution of activities under their remit;

− the heads of unit assume responsibility over operational verification for the contractual activities under their domain of competence, and the authorising officers by sub-delegation, respectively the directors and the deputy director-general, for the final validation of invoices and acceptance requests (assigned revenue);

− financial initiation of the department is partially centralised within the financial resources team of the Resources unit of SMART and partially decentralised within the SMART.1 and SMART.2 directorates respectively. A financial network is in place within SMART, composed by the financial team of the Resources unit and the financial initiators f the SMART.1 and SMART.2 directorates;

− responsibility over financial verification is assumed by three officials within the financial team of the Resources unit of SMART;

− the responsibilities of authorising officer for financial activities are assumed by the deputy director-general and the two directors of SMART for amounts above 50.000 EUR and by the heads of unit for amounts below or equal to 50.000 EUR.

80. The remarks of the financial verifiers are mainly linked to the non observance of article 77.1 of the Financial Regulation stipulating that a legal commitment must be preceded by a corresponding financial commitment. Given the limited number of such remarks in relation to the total number of financial transactions in SMART and given the limited risk of concluding a contract without budgetary cover, the effect of these findings is not significant. It is difficult to eliminate such cases, since an operational IT department is sometimes faced with urgent situations that require immediate action (e.g. extraordinary summits), before being in a position to address administrative obligations.

81. In compliance with the Financial Regulation, exceptions are included in the SMART exception register and duly communicated to ORG.4. In 2020, three exceptions were recorded by the different SMART services, which represents a very low percentage in relation to all the financial transactions carried out. The central register for the exception reports of all SMART services is kept and managed by the Resources Unit (SMART.A).

82. With a view to better controlling the financial and budgetary impacts of changes to projects and

activities, monthly financial management meetings have proven an efficient instrument for a structured review of the financial situation and have improved the quality of expenditure forecasts. In addition, SMART has a common project management methodology (PM2) and holds monthly Management Committee meetings to coordinate and review the work of various task forces and the status of the projects. Since 2016, a closer follow-up of carried-over appropriations and revenue has been performed from the beginning of the year, in order to minimise losses at budget closure.

83. Additional elements supporting assurance:

− SMART implemented most actions that improved our internal control systems that were linked to results of internal audit reports, such as the audits on IT assets management and IT procurement;


15

− the latest annual report of the Court of Auditors did not reveal any weaknesses directly linked to SMART;

− SMART applied a financial circuit to all our transactions whereby the function of verification was centralised and the all transactions were treated by minimum three pairs of eyes;

− SMART conducted a number of public procurement procedures of category A where the centralised Procurement Coordination Unit was in the lead;

− all CEP project progress reports (and end progress reports where applicable) related to the 2020 follow-up exercise have been provided to ORG.4, as well as the updated status on procurement files.

Overall conclusion

84. The general conclusion is that SMART has fulfilled its mission in 2020 with the human and financial resources at its disposal.


16

V. DECLARATION OF ASSURANCE1 I, the undersigned,

Deputy Director-General of the department Digital Services (SMART),

in my capacity as authorising officer by delegation,

declare that the information contained in this report gives a true and fair view2.

State that I have reasonable assurance that the resources assigned to the activities described in this report have been used for their intended purpose and in accordance with the principles of sound financial management, and that the control procedures put in place give the necessary guarantees concerning the legality and regularity of the underlying transactions.

This reasonable assurance is based on my own judgement and on the information at my disposal, such as observations of the internal audit service and lessons learnt from the reports of the Court of Auditors for years prior to the year of this declaration.

Confirm that I am not aware of anything not reported here which could harm the interests of the institution.

Brussels, 29 March 2021

[signed]

David Galloway

Deputy Director-General

1 On the basis of the foregoing and analogy of declarations by AOsD, the director-general established his/her own annual statement. 2 True and fair in this context means a reliable, complete and correct view on the state of affairs in the service.


17

ANNEXES


18

Annex 1 : Overview of the implementation of budget 2020 (AAR1 table)

Annex 2 : Overview of the implementation during 2020 of appropriations carried over from 2019 (AAR2 table)

ANNEX

Table 1: Overview of the implementation of the budget 2020 - ORGX

(Details by Commitment Item Hierarchy)

1

-

Initial Budget

2020

2

-

Final Budget

2020

3

-

Commitments

2020

4 = 3/2

-

Outturn rate

on final budget

5

-

Payments

2020

6

-

Carry-over to 2021

Commitments-

payments

7

-

Carry Over to 2021

on Decision

Fund Commitment item EUR EUR EUR % EUR EUR EUR

1* 2100 Acquisition of equipment and

software10.138.000,00 16.382.964,07 16.382.964,07 100,00% 7.339.694,06 9.043.270,01

1* 2101 Outside assistance for computer

systems24.588.000,00 30.138.691,95 30.132.602,05 99,98% 16.850.404,87 13.282.197,18

1* 2102 Servicing, maintenance of

equipment/SW7.318.000,00 6.261.430,78 6.261.430,78 100,00% 5.284.366,98 977.063,80

1 * 2103 Telecommunications 1.945.000,00 1.846.913,20 1.846.913,20 100,00% 1.247.791,27 599.121,93

1** ART-210 Computer systems and

telecommunications43.989.000,00 54.630.000,00 54.623.910,10 99,99% 30.722.257,18 23.901.652,92

1*** CHAP-21 Computer systems,equipment

and furniture43.989.000,00 54.630.000,00 54.623.910,10 99,99% 30.722.257,18 23.901.652,92

1 * 2231 Postal charges 55.000,00 45.000,00 45.000,00 100,00% 18.740,79 26.259,21

1 ** ART-223 Miscellaneous expenses 55.000,00 45.000,00 45.000,00 100,00% 18.740,79 26.259,21

1 *** CHAP-22 Operating expenditure 55.000,00 45.000,00 45.000,00 100,00% 18.740,79 26.259,21

1**** TITLE-2 Buildings,equipment and

operating expend44.044.000,00 54.675.000,00 54.668.910,10 99,99% 30.740.997,97 23.927.912,13

1 ***** EXPENSE EXPENSE 44.044.000,00 54.675.000,00 54.668.910,10 99,99% 30.740.997,97 23.927.912,13

1 ****** Total 44.044.000,00 54.675.000,00 54.668.910,10 99,99% 30.740.997,97 23.927.912,13

ANNEX

Table 2: Overview of the implementation during 2020 of appropriations carried over from 2019 - ORGX

(Details by Commitment Item Hierarchy) 1

-

Carry-over from

budget 2019

2

-

Paym 2020 on

carry-over 2019

3 = 2/1

-

Outturn rate

4

-

Cancelled

appropriations

5

-

Carry-over-from

2020 to 2021

Fund Commitment item EUR EUR % EUR EUR

4 * 2100 Acquisition of equipment and software 2.848.326,11 2.791.231,58 98,00% 57.094,53

4 * 2101 Outside assistance for computer systems 11.872.082,29 11.545.468,86 97,25% 326.613,43

4 * 2102 Servicing, maintenance of equipment/SW 1.099.845,28 1.042.678,32 94,80% 57.166,96

4 * 2103 Telecommunications 828.766,40 777.990,95 93,87% 50.775,45

4 ** ART-210 Computer systems and telecommunications 16.649.020,08 16.157.369,71 97,05% 491.650,37

4 *** CHAP-21 Computer systems,equipment and furniture 16.649.020,08 16.157.369,71 97,05% 491.650,37

4 * 2231 Postal charges 18.303,19 12.410,29 67,80% 5.892,90

4 ** ART-223 Miscellaneous expenses 18.303,19 12.410,29 67,80% 5.892,90

4 *** CHAP-22 Operating expenditure 18.303,19 12.410,29 67,80% 5.892,90

4 **** TITLE-2 Buildings,equipment and operating expend 16.667.323,27 16.169.780,00 97,01% 497.543,27

4 ***** EXPENSE EXPENSE 16.667.323,27 16.169.780,00 97,01% 497.543,27

4 ****** Total 16.667.323,27 16.169.780,00 97,01% 497.543,27

Rue de la Loi/Wetstraat 175 1048 Bruxelles • Brussel Belgique • België Tel. +32 (0)2 281 61 11 — www.consilium.europa.eu —

2020 ANNUAL ACTIVITY REPORT OF SMART THE AUTHORISING ...

Documents

Transcript of 2020 ANNUAL ACTIVITY REPORT OF SMART THE AUTHORISING ...