2014 IAS Conference

"The perfect timing of the audit"

Case study: IAS audit of the AAR Process
in the Commission
Cristiana Giacobbo, Head of Audit Unit, IAS, European Commission
Pascal Leardini, Secretariat General, European Commission
1
The Annual Activity Report
The AAR is the cornerstone of the EC's governance
architecture since 2001
Result of a corporate process involving all the Directors-
General/Directors of the Commission
Accountability, assurance and reporting tool for the Directors-General
on the performance of their duties
Includes a Declaration of Assurance on use of resources, sound
financial management, control system and legality and regularity.
Main basis for preparing the Synthesis report (tool for the Commission
to take full political responsibility for the implementation of the
budget)
Addressed to the College but used by Discharge Authority and ECA
2
Why audit the AAR process in the
Commission? The auditors perspective
3
1. Interest from external users :
Discharge Authority (discharge report) and ECA
(DAS audit) are looking more and more to the
AARs, with particular focus on:
o Legality and regularity of financial transaction
o Sound management of activities and achievement
of objectives
=> Reputational risk in case of non-reliable
assurance-building process
Why audit the AAR process in the
Commission? - The auditors perspective
4
2. Multiple actors:
Corporate services:
o Guidance and support
o Quality assurance
o Consolidation at corporate level
DGs/Services
o Preparation of AAR following the corporate guidance
o Responsibility for the quality of information
=> Risk of inconsistent quality of the AARs,
difficulties in comparing them
Why audit the AAR process in the
Commission? The auditors perspective
5
3. Continuous evolving process
From reporting to accountability tool
Focus on legality and regularity led to very
detailed chapter on control strategies results
Increasing information on policy achievement
(used for the report to the EP) and performance
=> Risk of overly long and complex AARs, too
much focused on legality and regularity,
hence not achieving their objectives
Why audit the AAR Process?
The auditee's perspective
Multi-dimensional process:
Several actors
Local versus corporate dimension
Internal versus external dimension
Financial and reputational risks
Recurrent/repetitive but progressive/evolutive
Evolutionary process since 2001: usefulness of
regular and timely auditing
6
Audit Sequence of the
AAR Process until this audit
Latest audit in 2007
Follow-up audit in 2009 (no audit opinion)
2012 audit (audit opinion)
Audit of corporate processes: regularly but not
too often!
7
Objectives of the audit
Assess the support provided at Corporate level and
the quality assurance function
Assess the quality of the AAR building process in
the DGs
Assess whether the information provided in the
AARs is sufficient to support the assurance of the
AOD
8
Challenges
Very wide scope:
Central Services (SG and DG BUDG)
9 Operational DGs
Survey in all the other Operational DGs/Services
Time constraint related to the AAR annual cycle:
Preparation of revised corporate instructions:
Sept-Nov N-1
Draft AAR: end Feb N
Peer-review: Feb-Mar year N
Final AAR: end Mar N 9
Results of the audit
AAR process well established and achieving its
objectives as accountability and assurance tool from
management to the Institution.
Main areas of improvements at corporate level:
Improve the instructions on reporting on economy, efficiency
and effectiveness and cost/effectiveness of controls;
Reinforce the quality control process to focus on substantive
elements of the AAR
Streamline the structure of the AAR to increase usefulness
for the different readers (College, ECA, Discharge Authority).
10
Achievements: the Auditors perspective 1/3
11
The audit intervened at the right moment:
1.The AAR process was ready to move to a different level of
maturity (in parallel with the improvement of the MP)
2.The focus of the stakeholders (internal and external) was
moving from pure legality and regularity to sound
management
=> The audit accompanied this evolution with specific
findings and recommendations both at corporate and
DG level.
Achievements: the Auditors perspective 2/3
12
The results of the audit were shared in a timely way:
1.The preliminary conclusions were shared with the central
services on time for the revision of the corporate instructions;
2.The final conclusions were delivered before the quality
review process took place.
=> In both cases the Central Services implemented the
recommendations immediately.
Achievements: the Auditors perspective 3/3
13
In addition the audit:
Allowed an open discussion about the Governance model of
the EC and the measures to reinforce it;
Confirmed the importance of challanging the individual
DGs/Services centrally in their conclusions to ensure the
robustness of their Declaration;
Enabled a closer partnership among the different actors,
including the Internal Audit Service (audit of the residual
error rate, active participation to the peer-review).
Key success factors from the Auditee's point
of view
Auditors and auditees agreed on main parameters and
identification of risks
The audit identified and covered the different actors and
responsibilities in the process
"Wide" audit approach:
o Audit itself based on a selection of both corporate and
users services
o Complemented by survey/questionnaire to ensure
100% coverage/validation
o Recommendations come at the right moment of the
cycle and can be easily integrated
14
Contact the Internal Audit Service:
ias-europa@ec.europa.eu
15