Brian Gray, Internal Auditor of the
European Commission

The Union
• 27 Member States
• 493 million people
• 4 234 000 square km
• Budget of 140 billion
(2010), 80 % managed by
The Institutions
• European Council
• European Parliament
• Council of the European
Union
• European Commission
• Court of Justice
• President: José Manuel Barroso
• 27 Commissioners
• Court of Auditors
• European Central Bank
• 34 000 civil servants and other agents
• 40 Directorates General and Services
EU agencies and other decentralised bodies
“We aspire to be a benchmark for public sector audit functions”
3

The European Commission and the
Internal Audit Service
The Internal Audit Service (IAS) provides the College of the
The European Commission
The European Commission is the political “engine” of the
European Union. It enjoys the exclusive right of initiative, is guardian of the Treaty and assumes, on its own responsibility, the implementation of the European
Commissioners
Services’ with an independent audit opinion focusing on the Commission performance in managing the EU budget .
By identifying weaknesses and budget, having regard the principles of sound financial management.
recommending corrective actions, the IAS provides assurance to the
College that its services respect the rules and mitigate properly the risks.
“We aspire to be a benchmark for
4 public sector audit functions”

The weaknesses before the 2000 reform:
 Blurred responsibilities – also between political level
(Commission) and departments (DGs);
 Centralised (ex-ante) Financial Control;
 Under-developed accountability;
 Cash-based accounting.
“We aspire to be a benchmark for public sector audit functions”
5


Clear responsibilities and accountability for Directors General
 Improvement in general control framework
 Accrual accounting: sign-off by the Accounting Officer
 Creation of Internal Audit Service (IAS) and IACs :
- Independent Internal Audit Service with DG status reporting to
Commission Audit Progress Committee (APC)
- Internal Audit for each DG (IACs) reporting to DG
“We aspire to be a benchmark for public sector audit functions”
6

The role of the IAS is set out in the Financial Regulation
(Art.85 to 87).
Art.85
: Each institution shall establish an internal auditing function which must be performed in compliance with the relevant international standards.
Art.86
: The internal auditor shall advise his/her institution on dealing with risks , by issuing independent opinions on the quality of management and control systems and by issuing recommendations for improving the conditions of implementation of operations and promoting sound financial management.
“We aspire to be a benchmark for public sector audit functions”
7

A service which contributes to providing value for money for
European citizens and helps the Commission in its objective to achieving a positive DAS, and thus to increasing public confidence in the European Union.
A service which contributes to the promotion of a culture of
effectiveness, efficiency and economy within the Commission with a view to bringing about continuous improvement.
A mature internal audit service committed to quality and
excellence, which builds on its quality certification and a culture of career-long learning, and aspires to be recognised as a
benchmark for public sector audit functions.
“We aspire to be a benchmark for public sector audit functions”
8

OLAF
College
Effective follow-up mechanism
APC
Reports to
Exchange
IAS
Audits
DG
DG
DG
DG
Co-ordinates via Auditnet
IAC IAC IAC IAC IAC
“We aspire to be a benchmark for public sector audit functions”
10

College of Commissioners
Audit Progress Committee
The IAS reports to the APC, which reports to the College
Co-ordinated planning between IAS/IACs
IAS
IAC
DG
IAC
DG
IAC
DG
“We aspire to be a benchmark for public sector audit functions”
11

 Coordination of the risk analysis and audit planning
 Collaboration between the IAS and IACs through Auditnet
 Common audit programmes
 Common audit methodology
 Joint IAS-IAC audits
 Streamlining working group
 Mentoring scheme for new Heads of IACs
 Bi-annual reporting on IACs’ work to APC
2011 IACs’ External Quality Review
“We aspire to be a benchmark for public sector audit functions”
12

European Court of Auditors
Exchange with other EU institutions and professional bodies
Discharge
Authority
European
Parliament
Council
Annual Report
Commission
Annual Report
Exchange IAS Audits
Agency
Agency
Agency
Agency
Professional and public organisations
Professional and public organisations
Study visits and good practice
“We aspire to be a benchmark for public sector audit functions”
13

 Three yearly, annually updated
 Coordinated with IACs:
• Common tools agreed with IACs
– definition of audit universe (financial and non-financial);
– audit risk assessment methodology;
– coverage analysis
 Management’s risk assessment used as a starting point
 Considers other inputs (AARs, ECA, OLAF)
 Supports IAS overall opinion on financial management
 Focus on re-assurance
“We aspire to be a benchmark for public sector audit functions”
15

Financial processes
276 auditable entities representing commitments of
€139bn and payments of
€122bn in 2010
Audit Universe: Financial and Nonfinancial
Financial statements
Grants
IT
Ethics
BCP
HR Monitoring EU law
Non Financial processes
135 auditable entities
Communication Procurement
Payroll
Risk assessment
Risk factors
REPORTING
Performance
Indicators
IAS
Strategic
Audit
Plan
“We aspire to be a benchmark for public sector audit functions”
(C1/C2)
Audit Results
16

5
Decentralised EU Agencies
“We aspire to be a benchmark for
17

Decentralised Agencies - Audit Universe and Diversity of Audit Engagements
Core operational processes / subprocesses specific to each organisation
28 standard Support
Administrative processes / subprocesses common to all organisations
Operational audits:
Preparedness for anti-pollution exercises, Standardisation of
National Aviation Authorities inspection
Quality management audits
Audits of Support/administrative functions : Planning and monitoring,
Building blocks of assurance,
Human resources management,
Financial management
Financial management : Procurement, Grants, Financial circuits
“We aspire to be a benchmark for public sector audit functions”
18

“We aspire to be a benchmark for public sector audit functions”
19

 Contributes to the improvement of governance, risk management and control processes
• Balance between financial and non-financial audits
• Focus on assurance activities but both IAS and IACs still able to perform consulting and other activities
 Contributes to the objective of progressing towards a positive DAS (Déclaration d’assurance)
“We aspire to be a benchmark for public sector audit functions”
20

Our strategy = our working methods
 Quality Assurance
 Dedicated QA cells
 Quality Assurance and Improvement Programme (IIA IPPF)
 Formalised audit procedures and audit document templates
 Auditee satisfaction surveys
 Ongoing monitoring of performance of the IA activity
 Periodic internal and external assessments
 IT – audit tool (GRC)
 Follow –up by APC
 Communication and sharing of good practices
 IAS annual conference
 Auditnet working groups
 Auditors’ Forum
 Study visits
“We aspire to be a benchmark for public sector audit functions”
21

Internal Audit Training Programme
Developed in-house
 Introduction to internal audit
 Internal audit methodology
 Governance Risk & Compliance (GRC) IT tool
 Internal audit communication skills
 Leadership in internal audit
 Certification
Open to internal auditors from other EU institutions
“We aspire to be a benchmark for public sector audit functions”
22

Mature Internal Audit in the
Commission – towards excellence
• IAS mandated by the Commission to produce annually an Overall Opinion
• Scope of opinion limited to financial management
• Takes into account IAS & IAC work over three years and relevant reports by the Court of Auditors
“We aspire to be a benchmark for public sector audit functions”
24

Mature Internal Audit in the
Commission – towards excellence
Why a positive opinion
DG implementation of +/- 500 IAC/IAS recommendations each year
DG identification of error rates in underlying transactions
Strength and maturity of the existing control framework.
“We aspire to be a benchmark for public sector audit functions”
25

Mature Internal Audit in the
Commission – towards excellence
(APC meeting, 7 September 2011)
“We aspire to be a benchmark for public sector audit functions”
26

2001
Mature Internal Audit in the
Commission – towards excellence
2011 1989
ECA recommendation for an internal audit function
Scope: DGs
& EAs
IAS Staff (Auditors)
Reports (No.)
Report (pages)
IACs Staff
Reports
Creation of IAS and IACs
Creation of APC
33
30
8
80
Methodology and tools development
AuditNet
Quality
Review of
IACs
IAS/IACs coordinated planning
IAS
Certification
External
IAS Overall
Opinion
Quality
Review
IACs
External
Quality
Review
“We aspire to be a benchmark for public sector audit functions”
49
(+35 Agencies)
54
100
<25
188+
300+ in 2010
More
Performance
Audits
Positive DAS
Single Audit
27

Challenges on the way towards excellence
• Focus on performance audits
• Positive DAS
• Single Audit
• …………..
“We aspire to be a benchmark for public sector audit functions”
28