Standard operating procedure
Title: Requesting exceptions and recording of non-compliance events
Status: PUBLIC
Document no.: SOP/EMA/0044
Lead author
Approver
Effective date: 28-JUL-2014
Name: Mario Benetti
Name: Guido Rasi
Review date: 28-JUL-2017
Signature: On file
Signature: On file
Supersedes:
SOP/EMA/0044 (19-MAY-11)
TW3280
Date: 25-JUL-2014
Date: 25-JUL-2014
TrackWise record no.: 4037
1. Purpose
The procedure describes the approval, registration and follow up of exceptions and/or non-compliance
events as in accordance with the standard for internal control on recording exceptions (standard No.
8), the Agency shall ‘[….] track and give prior approval to control overrides or deviations from policies
and procedures.
The aim of reporting exception and/or non-compliance is to ensure that any deviation from established
policies or procedures is documented, justified and approved at an appropriate level before
decision/action is taken.
2. Scope
The procedure is applicable to all Agency staff through the hierarchy. This procedure is without
prejudice to the one described in the charter of tasks and responsibilities of the verifying officer and
verifying assistant(s) in paragraph 6.7 to 6.9 (doc. no.: EMEA/11970/59).
The present procedure does not cover irregular activities which are described in a separate procedure
dealing with reporting suspected improprieties (EMEA/11591/2006/2320).
3. Responsibilities
It is the responsibility of the Executive Director, Heads of Division and Department, Authorising
Officers by delegation/sub-delegation to ensure that staff is aware of and complies with this procedure.
Specific responsibilities are outlined in section 9.
30 Churchill Place ● Canary Wharf ● London E14 5EU ● United Kingdom
Telephone +44 (0)20 3660 6000 Facsimile +44 (0)20 3660 5555
Send a question via our website www.ema.europa.eu/contact
An agency of the European Union
© European Medicines Agency, 2015. Reproduction is authorised provided the source is acknowledged.
4. Changes since last revision
Update of SOP title to include “non-compliance”
Updated reference to the Charter of responsibilities of the verifying officer and verifying assistant(s)
Rename of managerial titles following the reorganisation/restructuring
Review the steps and description of the procedure
Update the request for an exception form (Annex I)
5. Documents needed for this SOP
Register of exceptions (Cabinets/06. Corporate governance/06.2 Integrated Management System/6.
Internal controls/Exceptions)
Template for requesting an exception (Word-File-New-Templates-Agency-More-request for exception)
6. Related documents
Standards for internal control (EMA/MB/555181/2010)
7. Definitions
ED: Executive Director
AO: Authorising officer by delegation/ sub-delegation
HDiv: Head(s) of Division
HDep: Head(s) of Department
ED-CG: Corporate Governance Department
ED-CG-QRM: Quality assurance, Risk Management and ex-post control coordination function
A-FI-VFO: Verification Office
RAP: Rules of application
Exception:
1. It constitutes a deviation from established processes and procedures (action of replacing one or
more steps in established process/procedures with another action or no action) or, an overriding
of controls (action which goes against the results of previous controls) but does not constitute a
breach of regulatory and/or contractual provisions and,
2. It is not foreseen in already existing processes/procedures and,
3. It is approved by the responsible person before action is taken (ex ante)
Non-compliance:
1. It constitutes a deviation from established processes and procedures or an overriding of controls
or a gap in existing controls and,
2. It might entail a breach of existing regulatory and/or contractual provisions, and
Standard operating procedure - PUBLIC
SOP/EMA/0044, 28-JUL-2014
Page 2/9
3. It is detected after action was taken (ex post).
Regulatory provisions (e.g. regulation, directive, Financial Regulation, Implementing Rules, Rules of
application, Staff Regulations, data protection regulation, access to documents)
Contractual provisions (e.g. contracts with entities outside of the European Medicines Agency)
Procedures (e.g. internal implementing rules, manuals, guidelines, SOPs, WINs…)
Standard operating procedure - PUBLIC
SOP/EMA/0044, 28-JUL-2014
Page 3/9
8. Process map(s)/ flow chart(s)
Start
1. Complete template and
forward it to Head of
Division
2. Head of Division or
delegated Authorising Officer
validates/rejects the request
after consultation with A-FIVFO and ED-CG-QRM
Rejected
validated
4. Head of Division
or delegated
Authorising Office
forward the
validated request to
ED-CG
3. Notify originator of
rejection and advise on
alternative course of action
5. ED-CG obtain
decision of
Executive Director
6. Notify Head of Division or
delegated Authorising
Officer to proceed in
accordance with decision
taken by ED
7. Register the exception/
non-compliance together
with the decisions taken
End
Standard operating procedure - PUBLIC
SOP/EMA/0044, 28-JUL-2014
Page 4/9
9. Procedure
Step
Action
Responsibility
1.
Request an exception or report a non-compliance event by
Staff member
completing a request form (Annex I) and forward it to Head of
initiating the
Division for validation. The request should:
request

Indicate which regulatory and/or contractual provisions,
policy/procedure/regulation/process is not respected.

Describe the type of transaction/event and amount concerned.

Explain the exceptional circumstances that justify an exception
request or that caused a non-compliance.

Describe the risk (e.g. reputational, financial or legal).

Indicate the actions taken to mitigate the resulting risk and/or
measures proposed to avoid repetition of the situation.
2
Validate/reject the request after consulting with the Verification
Head of Division /
office (A-FI-VFO) and the Quality assurance and risk management
Authorising Officer
function (ED-CG-QRM)
(by delegation / sub-
If the request is rejected go to step 3.
delegation)
If the request is validated go to step 4.
3
Inform staff member of decision and advise on alternative course
Head of Division /
of action
Authorising Officer
(by delegation / subdelegation)
4
Head of Division or delegated Authorising Officer forward the
Head of Division /
validated request to ED-CG.
Authorising Officer
(by delegation / subdelegation)
5
Obtain decision from the Executive Director
ED-CG-QRM
6
Notify Head of Division or delegated Authorising Officer to proceed
ED-CG-QRM
in accordance with decision taken by ED
7
Register the decision taken and file original request.
Standard operating procedure - PUBLIC
SOP/EMA/0044, 28-JUL-2014
ED-CG-QRM
Page 5/9
10. Records
Electronic files:
The register of exceptions/non-compliances, including the completed forms and the supportive
documentation, are kept in the appropriately labelled folder in the electronic document management
system: Cabinets/06. Corporate governance/06.2 Integrated Management System/6. Internal
controls/Exceptions
Document security setting:
For non-confidential documents the ACL EMA_default_staffonly should be used. For confidential issues
an ACL with an appropriate access level should be chosen.
Signed originals:
Originals of signed forms are kept by the Corporate Governance Office Department (ED-CG)
Standard operating procedure - PUBLIC
SOP/EMA/0044, 28-JUL-2014
Page 6/9
ANNEX 1
Request for an exception / reporting of non-compliance
event
CONFIDENTIAL (To be delivered by hand)
URGENT Please call requester and inform of decision by
(DD/MM/YYYY)
(For non-urgent requests, information will be processed within 24 hours after decision)
Exception
Division:
Non-compliance event
Name:
Office:
Tel:
Policy or procedure this request for exception/report of non-compliance refers to / is in
conflict with (enclose reference)1:
Financial Regulations /Staff Regulation/Implementing Rules/Legal base
Contract / Grant Agreement
Call for tenders / call for proposals
Other (please specify)
Type of transaction/event and amount concerned2
Exceptional circumstances that require an exception request / caused a non-compliance
event
Resulting risk of the exception / non-compliance (consequences of the event)
Measures to be taken to mitigate the resulting risks and ensure that such a situation does not
reoccur:
Validation
Opinion of the verification office (A-FI-VFO):
Opinion of the quality assurance and risk management function (ED-CG-QRM):
Head of Division or delegated Authorising Officer validates the application: Yes
Date: ..........................................................
No
Signature: ................................................................
1
To attach the relevant documents
In case the amount cannot be determined or if the impact is not financial please indicate the significance e.g. important /
immaterial
2
Request for an exception / reporting of non-compliance event - PUBLIC
SOP/EMA/0044, 28-JUL-2014
Page 7/9
Decision
Opinion of the Executive Director:
Granted
Date: ..........................................................
Refused
Signature: ................................................................
Justification if refusing request or if granting exception to regulatory or contractual obligations:
Registration - For exception and non-compliance
Reference Number:
Date of registration in exceptions register by Internal Control Coordinator (ED-CG-QRM):
Date: ..........................................................
Signature: ................................................................
Request for an exception / reporting of non-compliance event - PUBLIC
SOP/EMA/0044, 28-JUL-2014
Page 8/9
ANNEX 2
DELIVER BY HAND
Transmission slip
Request for exceptions and recording of non-compliance
URGENT Please call requester and inform of decision by
(DD/MM/YYYY)
(For non-urgent requests, information will be processed within 24 hours after decision)
Exception
Non-compliance event
Title/ brief description
Transmission
Name
Signature
Date
Office / Tel. No.
Initiator
Head of Division
A-FI-VFO
ED-CG-QRM
Head of Division
/
/
/
/
/
After consultation with A-FI-VFO and ED-CG-QRM the Head of Division validates the request and send
it to the Executive Director for decision.
ED-CG-QRM
Executive Director
ED-CG-QRM
/
/
/
Return to Initiator
Initiator
/
Comments
The transmission is effective on 15-JUL-2014. Please refer to SOP/EMA/0044 for details of the procedure.
DELIVER BY HAND - PUBLIC
SOP/EMA/0044, 28-JUL-2014
Page 9/9