2014 IAS Conference

"The perfect timing of the audit"

Case study: IAS audit of the AAR Process in the Commission

Cristiana Giacobbo, Head of Audit Unit, IAS, European Commission

Pascal Leardini, Secretariat General, European Commission

1

The Annual Activity Report

The AAR is the cornerstone of the EC's governance architecture since 2001

Result of a corporate process involving all the Directors-General/Directors of the Commission

Accountability, assurance and reporting tool for the Directors-General on the performance of their duties

Includes a Declaration of Assurance on use of resources, sound financial management, control system and legality and regularity.

Main basis for preparing the Synthesis report (tool for the Commission to take full political responsibility for the implementation of the budget)

Addressed to the College but used by Discharge Authority and ECA2

Why audit the AAR process in the Commission? – The auditor’s perspective

3

1. Interest from external users :Discharge Authority (discharge report) and ECA (DAS audit) are looking more and more to the AARs, with particular focus on:o Legality and regularity of financial transaction

o Sound management of activities and achievement of objectives

=> Reputational risk in case of non-reliable assurance-building process

Why audit the AAR process in the Commission? - The auditor’s perspective

4

2. Multiple actors:Corporate services:

o Guidance and supporto Quality assuranceo Consolidation at corporate level

DGs/Serviceso Preparation of AAR following the corporate guidance o Responsibility for the quality of information

=> Risk of inconsistent quality of the AARs, difficulties in comparing them

Why audit the AAR process in the Commission? – The auditor’s perspective

5

3. Continuous evolving processFrom reporting to accountability tool

Focus on legality and regularity led to very detailed chapter on control strategies’ results

Increasing information on policy achievement (used for the report to the EP) and performance

=> Risk of overly long and complex AARs, too much focused on legality and regularity,

hence not achieving their objectives

Why audit the AAR Process?The auditee's perspective

Multi-dimensional process:•Several actors•Local versus corporate dimension•Internal versus external dimension•Financial and reputational risks•Recurrent/repetitive but progressive/evolutive•Evolutionary process since 2001: usefulness of regular and timely auditing 6

Audit Sequence of the AAR Process until this audit

• Latest audit in 2007

• Follow-up audit in 2009 (no audit opinion)

• 2012 audit (audit opinion)

• Audit of corporate processes: regularly but not too often!

7

Objectives of the audit

Assess the support provided at Corporate level and the quality assurance function

Assess the quality of the AAR building process in the DGs

Assess whether the information provided in the AARs is sufficient to support the assurance of the AOD

8

Challenges

Very wide scope:

• Central Services (SG and DG BUDG)• 9 Operational DGs• Survey in all the other Operational DGs/Services

Time constraint related to the AAR annual cycle:• Preparation of revised corporate instructions:

Sept-Nov N-1• Draft AAR: end Feb N• Peer-review: Feb-Mar year N• Final AAR: end Mar N 9

Results of the audit AAR process well established and achieving its objectives as accountability and assurance tool from management to the Institution.

Main areas of improvements at corporate level:•Improve the instructions on reporting on economy, efficiency and effectiveness and cost/effectiveness of controls;

•Reinforce the quality control process to focus on substantive elements of the AAR

•Streamline the structure of the AAR to increase usefulness for the different readers (College, ECA, Discharge Authority).

10

Achievements: the Auditor’s perspective 1/3

11

The audit intervened at the right moment:

1.The AAR process was ready to move to a different level of

maturity (in parallel with the improvement of the MP)

2.The focus of the stakeholders (internal and external) was

moving from pure legality and regularity to sound

management

=> The audit accompanied this evolution with specific

findings and recommendations both at corporate and

DG level.

Achievements: the Auditor’s perspective 2/3

12

The results of the audit were shared in a timely way:

1.The preliminary conclusions were shared with the central

services on time for the revision of the corporate instructions;

2.The final conclusions were delivered before the quality

review process took place.

=> In both cases the Central Services implemented the

recommendations immediately.

Achievements: the Auditor’s perspective 3/3

13

In addition the audit:

•Allowed an open discussion about the Governance model of

the EC and the measures to reinforce it;

•Confirmed the importance of challanging the individual

DGs/Services centrally in their conclusions to ensure the

robustness of their Declaration;

•Enabled a closer partnership among the different actors,

including the Internal Audit Service (audit of the residual

error rate, active participation to the peer-review).

Key success factors from the Auditee's point of view

• Auditors and auditees agreed on main parameters and identification of risks

• The audit identified and covered the different actors and responsibilities in the process

• "Wide" audit approach:o Audit itself based on a selection of both corporate and

users serviceso Complemented by survey/questionnaire to ensure

100% coverage/validationo Recommendations come at the right moment of the

cycle and can be easily integrated14

• Contact the Internal Audit Service:ias-europa@ec.europa.eu

15