Internal Audit Strategy and Practices in the European Commission Brian Gray, Internal Auditor of the European Commission

Internal Audit Strategy and Practices in the

European Commission Brian Gray, Internal

Auditor of the European Commission

Commission’ internal audit –

our raison d'être

“We aspire to be a benchmark for public

sector audit functions”

3

The Union

• 27 Member States• 493 million people• 4 234 000 square km• Budget of 140 billion (2010),

80 % managed by the MSs

The Institutions • European Council• European Parliament• Council of the European Union • European Commission • Court of Justice • Court of Auditors • European Central Bank

The European Commission• President: José Manuel Barroso• 27 Commissioners• 34 000 civil servants and other agents• 40 Directorates General and Services

EU agencies and other decentralised bodies

The European Union



4

The European Commission The European Commission is the political “engine” of the European Union. It enjoys the exclusive right of initiative, is guardian of the Treaty and assumes, on its own responsibility, the implementation of the European budget, having regard the principles of sound financial management.

The European Commission and the Internal Audit Service

The Internal Audit Service (IAS) provides the College of the Commissioners with an independent audit opinion focusing on the Commission Services’ performance in managing the EU budget.

By identifying weaknesses and recommending corrective actions, the IAS provides assurance to the College that its services respect the rules and mitigate properly the risks.



5

Before internal audit

The weaknesses before the 2000 reform:

Blurred responsibilities – also between political level (Commission) and departments (DGs);

Centralised (ex-ante) Financial Control;

Under-developed accountability;

Cash-based accounting.



6

Clear responsibilities and accountability for

Directors General

Improvement in general control framework

Accrual accounting: sign-off by the Accounting

Officer

Creation of Internal Audit Service (IAS) and

IACs:

- Independent Internal Audit Service with DG status

reporting to

Commission Audit Progress Committee (APC)

- Internal Audit for each DG (IACs) reporting to DG

The Administrative Reform



7

The role of the IAS is set out in the Financial Regulation (Art.85 to 87).

Art.85: Each institution shall establish an internal auditing function which must be performed in compliance with the relevant international standards.

Art.86: The internal auditor shall advise his/her institution on dealing with risks, by issuing independent opinions on the quality of management and control systems and by issuing recommendations for improving the conditions of implementation of operations and promoting sound financial management.

The IAS’s Legal Basis



8

Our vision

A service which contributes to providing value for money for European citizens and helps the Commission in its objective to achieving a positive DAS, and thus to increasing public confidence in the European Union.

A service which contributes to the promotion of a culture of effectiveness, efficiency and economy within the Commission with a view to bringing about continuous improvement.

A mature internal audit service committed to quality and excellence, which builds on its quality certification and a culture of career-long learning, and aspires to be recognised as a benchmark for public sector audit functions.

Commission’s internal audit -

our strategy



10

Independent IA, effective follow-up,

exchange

IAS

Co-ordinates via Auditnet

IAC IAC IAC IAC IAC

DGDG

DGDG

DGDG

AuditsOLAF

Exchange

APC

College

Reports to

Effective follow-up

mechanism



11

DG

The internal audit architecture

College of Commissioners

Audit Progress Committee

DG DG

IAC IAC IAC IAS

Co-ordinated planning between IAS/IACs

The IAS reports tothe APC, which

reports to the College



12

Coordination with Internal Audit Capabilities

Coordination of the risk analysis and audit planning

Collaboration between the IAS and IACs through

Auditnet

Common audit programmes

Common audit methodology

Joint IAS-IAC audits

Streamlining working group

Mentoring scheme for new Heads of IACs

Bi-annual reporting on IACs’ work to APC

2011 IACs’ External Quality Review



13

Study visits andgood practice

Exchange with other EU institutions and professional

bodies

IAS

AgencyAgency

AgencyAgency

Audits

Discharge Authority

European Parliament Council

European Courtof Auditors Exchange

Professional andpublic organisationsProfessional and

public organisationsProfessional andpublic organisations

Exchange with other

internal auditors

Annual Report

Commission

Annual Report

Commission’s internal audit

working methods



15

Three yearly, annually updated Coordinated with IACs:

• Common tools agreed with IACs– definition of audit universe (financial and non-financial);

– audit risk assessment methodology;– coverage analysis

Management’s risk assessment used as a starting point Considers other inputs (AARs, ECA, OLAF) Supports IAS overall opinion on financial management Focus on re-assurance

Risk based audit plan



16

Financial processes

Non Financial processes

Grants

Procurement

Ethics

Communication

IAS Strategic

Audit Plan

Risk assessment

Audit Universe: Financial and Non- financial

IT

BCP

Financial statements

HR

Payroll

Monitoring EU law

Risk

factors

Audit Results

REPORTING

Performance Indicators 80% Financial80% Financial

20% Non-financial20% Non-financial(C1/C2)(C1/C2)

276 auditable entities representing commitments of €139bn and payments of €122bn in 2010

135 auditable entities



17

Decentralised EU Agencies

LOCATIONSLOCATIONS5



18

Decentralised Agencies - Audit Universe and Diversity of Audit

Engagements

Core operational processes / sub-processes specific to each organisation

28 standard Support Administrative processes / sub-processes common to all organisations

Operational audits: Preparedness for anti-pollution exercises, Standardisation of National Aviation Authorities inspectionQuality management audits

Audits of Support/administrative functions: Planning and monitoring, Building blocks of assurance, Human resources management, Financial management

Financial management: Procurement, Grants, Financial circuits



19



20

Our strategy = our audit plan

Contributes to the improvement of governance, risk management and control processes

• Balance between financial and non-financial audits

• Focus on assurance activities but both IAS and IACs still able to perform consulting and other activities

Contributes to the objective of progressing towards a positive DAS (Déclaration d’assurance)



21

Our strategy = our working methods

Quality Assurance Dedicated QA cells Quality Assurance and Improvement Programme (IIA IPPF) Formalised audit procedures and audit document templates Auditee satisfaction surveys Ongoing monitoring of performance of the IA activity Periodic internal and external assessments

IT – audit tool (GRC) Follow –up by APC Communication and sharing of good

practices IAS annual conference Auditnet working groups Auditors’ Forum Study visits



22

Our strategy = our training

Internal Audit Training Programme Developed in-house Introduction to internal audit Internal audit methodology Governance Risk & Compliance (GRC) IT tool Internal audit communication skillsLeadership in internal audit Certification

Open to internal auditors from other EU institutions

Commission’s internal audit - towards excellence



24

Mature Internal Audit in the Commission – towards excellence

Overall opinion• IAS mandated by the Commission to produce

annually an Overall Opinion

• Scope of opinion limited to financial management

• Takes into account IAS & IAC work over three years and relevant reports by the Court of

Auditors



25

Mature Internal Audit in the Commission – towards

excellence

Why a positive opinion

DG implementationof +/- 500 IAC/IASrecommendations

each year

Strength and maturityof the existing controlframework.

DG identification of error rates in underlying

transactions



26


excellence

Overall opinion

‘’It gives me additional layer of confidence.’’

(APC meeting, 7 September 2011)



27

1989 2001 2011

ECA recommendation

for an internal audit function

Creation of IAS and IACs

Creation of APC

More Performance

Audits

Positive DAS

Single Audit

IAS Overall Opinion

300+ in 2010Reports

188+StaffIACs

1008Reports (No.)

5430Staff (Auditors)IAS

4933Scope: DGs & EAs

Methodology and tools

development

AuditNet

Quality Review of

IACs

IAS Certification

External Quality Review

IACs External Quality Review

IAS/IACs coordinated

planning

Report (pages) 80 <25

(+35 Agencies)


excellence

http://www.google.be/imgres?imgurl=http://europa.eu/rapid/exploit/2009/11/ECA/EN/a09_67.eni/Pictures/100000000000010A0000010A7D75E249.png&imgrefurl=http://europa.eu/rapid/pressReleasesAction.do%3Freference%3DECA/09/67%26format%3DHTML%26aged%3D0%26language%3DEN%26guiLanguage%3Den&usg=__IA7oa5SgU-iK2j8St44PyuelZSs=&h=266&w=266&sz=12&hl=fr&start=3&sig2=diFmefwmvZxy3_pT48kqew&zoom=1&um=1&itbs=1&tbnid=2B4tnQN1n3pojM:&tbnh=113&tbnw=113&prev=/images%3Fq%3Deuropean%2Bcourts%2Bof%2Bauditor%26um%3D1%26hl%3Dfr%26sa%3DN%26rls%3Dcom.microsoft:*%26tbs%3Disch:1&ei=yT2STN3YOIWAswa8sviFCQ



28

Challenges on the way towards excellence

• Focus on performance audits

• Positive DAS

• Single Audit

• …………..

Contact the IAS: [email protected]

Thank you!

mailto:[email protected]

Documents

Internal Audit Strategy and Practices in the European Commission Brian Gray, Internal Auditor of the European Commission