Internal Audit Strategy and Practices in the
European Commission Brian Gray, Internal
Auditor of the European Commission
Commission’ internal audit –
our raison d'être
“We aspire to be a benchmark for public
sector audit functions”
3
The Union
• 27 Member States• 493 million people• 4 234 000 square km• Budget of 140 billion (2010),
80 % managed by the MSs
The Institutions • European Council• European Parliament• Council of the European Union • European Commission • Court of Justice • Court of Auditors • European Central Bank
The European Commission• President: José Manuel Barroso• 27 Commissioners• 34 000 civil servants and other agents• 40 Directorates General and Services
EU agencies and other decentralised bodies
The European Union
“We aspire to be a benchmark for public
sector audit functions”
4
The European Commission The European Commission is the political “engine” of the European Union. It enjoys the exclusive right of initiative, is guardian of the Treaty and assumes, on its own responsibility, the implementation of the European budget, having regard the principles of sound financial management.
The European Commission and the Internal Audit Service
The Internal Audit Service (IAS) provides the College of the Commissioners with an independent audit opinion focusing on the Commission Services’ performance in managing the EU budget.
By identifying weaknesses and recommending corrective actions, the IAS provides assurance to the College that its services respect the rules and mitigate properly the risks.
“We aspire to be a benchmark for public
sector audit functions”
5
Before internal audit
The weaknesses before the 2000 reform:
Blurred responsibilities – also between political level (Commission) and departments (DGs);
Centralised (ex-ante) Financial Control;
Under-developed accountability;
Cash-based accounting.
“We aspire to be a benchmark for public
sector audit functions”
6
Clear responsibilities and accountability for
Directors General
Improvement in general control framework
Accrual accounting: sign-off by the Accounting
Officer
Creation of Internal Audit Service (IAS) and
IACs:
- Independent Internal Audit Service with DG status
reporting to
Commission Audit Progress Committee (APC)
- Internal Audit for each DG (IACs) reporting to DG
The Administrative Reform
“We aspire to be a benchmark for public
sector audit functions”
7
The role of the IAS is set out in the Financial Regulation (Art.85 to 87).
Art.85: Each institution shall establish an internal auditing function which must be performed in compliance with the relevant international standards.
Art.86: The internal auditor shall advise his/her institution on dealing with risks, by issuing independent opinions on the quality of management and control systems and by issuing recommendations for improving the conditions of implementation of operations and promoting sound financial management.
The IAS’s Legal Basis
“We aspire to be a benchmark for public
sector audit functions”
8
Our vision
A service which contributes to providing value for money for European citizens and helps the Commission in its objective to achieving a positive DAS, and thus to increasing public confidence in the European Union.
A service which contributes to the promotion of a culture of effectiveness, efficiency and economy within the Commission with a view to bringing about continuous improvement.
A mature internal audit service committed to quality and excellence, which builds on its quality certification and a culture of career-long learning, and aspires to be recognised as a benchmark for public sector audit functions.
Commission’s internal audit -
our strategy
“We aspire to be a benchmark for public
sector audit functions”
10
Independent IA, effective follow-up,
exchange
IAS
Co-ordinates via Auditnet
IAC IAC IAC IAC IAC
DGDG
DGDG
DGDG
AuditsOLAF
Exchange
APC
College
Reports to
Effective follow-up
mechanism
“We aspire to be a benchmark for public
sector audit functions”
11
DG
The internal audit architecture
College of Commissioners
Audit Progress Committee
DG DG
IAC IAC IAC IAS
Co-ordinated planning between IAS/IACs
The IAS reports tothe APC, which
reports to the College
“We aspire to be a benchmark for public
sector audit functions”
12
Coordination with Internal Audit Capabilities
Coordination of the risk analysis and audit planning
Collaboration between the IAS and IACs through
Auditnet
Common audit programmes
Common audit methodology
Joint IAS-IAC audits
Streamlining working group
Mentoring scheme for new Heads of IACs
Bi-annual reporting on IACs’ work to APC
2011 IACs’ External Quality Review
“We aspire to be a benchmark for public
sector audit functions”
13
Study visits andgood practice
Exchange with other EU institutions and professional
bodies
IAS
AgencyAgency
AgencyAgency
Audits
Discharge Authority
European Parliament Council
European Courtof Auditors Exchange
Professional andpublic organisationsProfessional and
public organisationsProfessional andpublic organisations
Exchange with other
internal auditors
Annual Report
Commission
Annual Report
Commission’s internal audit
working methods
“We aspire to be a benchmark for public
sector audit functions”
15
Three yearly, annually updated Coordinated with IACs:
• Common tools agreed with IACs– definition of audit universe (financial and non-financial);
– audit risk assessment methodology;– coverage analysis
Management’s risk assessment used as a starting point Considers other inputs (AARs, ECA, OLAF) Supports IAS overall opinion on financial management Focus on re-assurance
Risk based audit plan
“We aspire to be a benchmark for public
sector audit functions”
16
Financial processes
Non Financial processes
Grants
Procurement
Ethics
Communication
IAS Strategic
Audit Plan
Risk assessment
Audit Universe: Financial and Non- financial
IT
BCP
Financial statements
HR
Payroll
Monitoring EU law
Risk
factors
Audit Results
REPORTING
Performance Indicators 80% Financial80% Financial
20% Non-financial20% Non-financial(C1/C2)(C1/C2)
276 auditable entities representing commitments of €139bn and payments of €122bn in 2010
135 auditable entities
“We aspire to be a benchmark for public
sector audit functions”
17
Decentralised EU Agencies
LOCATIONSLOCATIONS5
“We aspire to be a benchmark for public
sector audit functions”
18
Decentralised Agencies - Audit Universe and Diversity of Audit
Engagements
Core operational processes / sub-processes specific to each organisation
28 standard Support Administrative processes / sub-processes common to all organisations
Operational audits: Preparedness for anti-pollution exercises, Standardisation of National Aviation Authorities inspectionQuality management audits
Audits of Support/administrative functions: Planning and monitoring, Building blocks of assurance, Human resources management, Financial management
Financial management: Procurement, Grants, Financial circuits
“We aspire to be a benchmark for public
sector audit functions”
19
“We aspire to be a benchmark for public
sector audit functions”
20
Our strategy = our audit plan
Contributes to the improvement of governance, risk management and control processes
• Balance between financial and non-financial audits
• Focus on assurance activities but both IAS and IACs still able to perform consulting and other activities
Contributes to the objective of progressing towards a positive DAS (Déclaration d’assurance)
“We aspire to be a benchmark for public
sector audit functions”
21
Our strategy = our working methods
Quality Assurance Dedicated QA cells Quality Assurance and Improvement Programme (IIA IPPF) Formalised audit procedures and audit document templates Auditee satisfaction surveys Ongoing monitoring of performance of the IA activity Periodic internal and external assessments
IT – audit tool (GRC) Follow –up by APC Communication and sharing of good
practices IAS annual conference Auditnet working groups Auditors’ Forum Study visits
“We aspire to be a benchmark for public
sector audit functions”
22
Our strategy = our training
Internal Audit Training Programme Developed in-house Introduction to internal audit Internal audit methodology Governance Risk & Compliance (GRC) IT tool Internal audit communication skillsLeadership in internal audit Certification
Open to internal auditors from other EU institutions
Commission’s internal audit - towards excellence
“We aspire to be a benchmark for public
sector audit functions”
24
Mature Internal Audit in the Commission – towards excellence
Overall opinion• IAS mandated by the Commission to produce
annually an Overall Opinion
• Scope of opinion limited to financial management
• Takes into account IAS & IAC work over three years and relevant reports by the Court of
Auditors
“We aspire to be a benchmark for public
sector audit functions”
25
Mature Internal Audit in the Commission – towards
excellence
Why a positive opinion
DG implementationof +/- 500 IAC/IASrecommendations
each year
Strength and maturityof the existing controlframework.
DG identification of error rates in underlying
transactions
“We aspire to be a benchmark for public
sector audit functions”
26
Mature Internal Audit in the Commission – towards
excellence
Overall opinion
‘’It gives me additional layer of confidence.’’
(APC meeting, 7 September 2011)
“We aspire to be a benchmark for public
sector audit functions”
27
1989 2001 2011
ECA recommendation
for an internal audit function
Creation of IAS and IACs
Creation of APC
More Performance
Audits
Positive DAS
Single Audit
IAS Overall Opinion
300+ in 2010Reports
188+StaffIACs
1008Reports (No.)
5430Staff (Auditors)IAS
4933Scope: DGs & EAs
Methodology and tools
development
AuditNet
Quality Review of
IACs
IAS Certification
External Quality Review
IACs External Quality Review
IAS/IACs coordinated
planning
Report (pages) 80 <25
(+35 Agencies)
Mature Internal Audit in the Commission – towards
excellence
“We aspire to be a benchmark for public
sector audit functions”
28
Challenges on the way towards excellence
• Focus on performance audits
• Positive DAS
• Single Audit
• …………..
Top Related