This Annex reports on the progress realised in 2007 against the reference framework laid down by the 2004 Synthesis and updated by the 2005 and 2006 Synthesis reports containing the Commission’s multiannual objectives and related actions to address the major crosscutting management issues.
New actions introduced as a follow up to the 2007 Synthesis report are indicated in bold italics.
Internal control systems and performance management
1. Achieving an effective internal control system and ownership of internal control concepts and processes at all levels in each DG and service.
The internal control coordinator in each service should carry out a regular review of the effectiveness of internal control issues at least in the context of the twice-yearly information to Commissioners and of the annual activity report.
All services, continuous action with the support and guidance of DG BUDG and the ICC network.
It is now a well established practice that services review at least once a year the effectiveness of internal control. This requirement is now enshrined in the Internal Control Standards for Effective Management adopted in October 2007- SEC(2007) 1341.
Furthermore, services inform their Commissioner at least twice yearly on management and control issues.
Members of staff are involved in self-assessment exercises on the effectiveness of the internal control system.
Revision of internal control standards to enhance effectiveness
DG BUDG by the end of 2007
An internal communication revising the internal control standards for effective management was adopted in October 2007- SEC (2007) 1341.
Develop indicators for legality and regularity of transactions to support assurance in annual activity reports.
All services by ‘families’ with the support of BUDG and SG, before the establishment of 2007 (originally: 2006) annual activity reports in March 2008.
Working groups have been set up to develop indicators for legality and regularity of transactions by families of DGs. The guidelines for the Annual Activity Report for the year 2007 refer to different sets of indicators for:
- the Research family
- direct centralised management (grants and procurement)
- joint management
- shared management.
For the Structural Funds family, legality and regularity indicators were developed and provided as from the AAR 2006. For the AAR 2007, particular attention has been paid to improving the content and clarity of the report by implementing the recommendations of the Court of Auditors and the IAS.
Annual activity reports and Synthesis
2. Promoting Commission’s accountability through annual activity reports and their synthesis solidly based on assurances from managers.
Some Commission departments should give, where needed, a fuller explanation of their environment and the risks faced, including risks that remain even after mitigating measures have been taken. The impact of their environment and risks should be made more explicit and in most cases fuller explanations should be given on the overall impact of reservations on the reasonable assurance.
All services in the 2007 annual reporting exercise.
The guidelines for Annual Activity Reports for the year 2007 emphasize the need to include more streamlined, precise and coherent explanations of DGs' internal control systems.
- the use of an internal control template ensures that control systems of the different DGs are presented in a more coherent way within the Commission and, more specifically, within families of DGs.
- Precise guidance was also given to DGs to explain how the various components of the assurance process link together ("building blocks").
- More precise guidance was given on when and how to make a reservation.
- Assurance had to be supported by legality and regularity indicators.
The DGs have generally followed the guidelines and an improvement can be observed in their AARs.
With the assistance of central services, work by ‘families’ will be continued, so that each area benefits from a specific, coherent methodology.
Under the Action Plan towards an Integrated Internal Control Framework, "internal control templates" were developed to promote consistency between services in the presentation of control strategies.
In 2007 such templates were developed for each management mode, describing the internal control system on a consistent and concise basis and presenting a logical build-up to the Director General's assurance statement. The format was used by almost all services in 2007 AAR and has improved awareness of control structures and sources of assurance. It furthermore helps pinpoint weaknesses and define improvements.
The central services will provide further guidance to promote consistency in the treatment of reputational risks and the link between error rates, materiality and reservations.
BUDG and SG
By end 2008
3. Establishing effective and comprehensive risk management making it possible to identify and deal with all major risks at service and Commission level and to lay down appropriate action to keep them under control, including disclosing resources needed to bring major risks to an acceptable level.
The Commission will further embed risk management in its regular management process and integrate risk assessment in its internal control systems.
All services, with the assistance of DG BUDG, as specified in SEC(2005) 1327.
The revised Internal Control Standards, decided by the Commission in October 2007, specifically provide a Standard for risk management processes (standard 6).
Risk management was formally integrated into the 2006 programming and planning exercise and services’ critical risks are since then disclosed in the Annual Management Plans.
4. Taking further the concept of residual risk
Commission will continue its work on the cost-benefit of control and on residual risk per policy area. A Communication on this subject will be issued in autumn 2008.
DG BUDG together with concerned services
By October 2008
Initiative(s) to meet the objective
Responsible service(s) and timetable
Progress made in 2007
Internal audit recommenda-tions
5. Ensuring a smooth implementation of accepted internal audit recommendations
Follow-up of action plans stemming from internal audit recommendations should be regularly monitored at senior management level, and fully integrated into regular management planning, especially the annual management plans.
Follow-up is being actively monitored through different tools (DGs' internal databases, "Issue track" system) and regularly reviewed by senior management.
Further efforts were made to ensure a timely implementation of the audit recommendations:
- The Audit Progress Committee alerted the Cabinets responsible for departments lagging behind, requesting them to monitor the appropriate follow up by their services.
- New provisions were introduced to the standing instructions to the Annual Activity Reports and to the "peer review" process to ensure that Directors-General concerned explain in their reports the reasons why recommendations had not been implemented in time.
6. Clarifying the respective roles and responsibilities of Commission services and regulatory agencies.
The input of all institutions is necessary to negotiate a comprehensive framework, to clarify the respective responsibilities of the institutions and of the regulatory agencies.This framework would be applicable to the creation of future agencies and, at a later stage, to those already in existence.The Commission calls on the Council to adopt the proposed framework on regulatory agencies, suggest amendments, or reflect on new possibilities.
All services concerned with the assistance of SG and DG BUDG.
In a Communication of March 200820, the Commission drew attention to the lack of a common vision on the role and functions of regulatory agencies.It announced a horizontal evaluation of the regulatory agencies, a moratorium on creating new agencies and a review of its internal systems governing agencies.
7. Ensuring that inter-service arrangements for small services are based on a cost-benefit analysis and made in accordance with applicable rules, while preserving the responsibility of each delegated authorising officer.
The Commission will develop practical solutions respecting the balance of responsibilities and accountability.
Interested DGs with the support of BUDG, SG, and DIGIT.
Regarding IT Infrastructure Consolidation, DIGIT is already ensuring end-user support for the ADMIN family (DG ADMIN and offices), DG REGIO and the IAS. Furthermore, DG EAC signed a "protocole d'accord" to take over its IT-support.
The Service Level Agreement (SLA) which was established in 2006 between BEPA and SG for management of human and financial resources, logistics and strategic planning was renewed in 2007.
The SLA signed in 2006 between DG ADMIN and the IAS for management of the latter's human and financial resources was renewed in 2007.
OIB cooperates with other Services on the basis of clearly defined arrangements & Service Level Agreements. In 2007, the following SLAs regarding buildings were signed:
- with EAC executive agency (on the supplementary office space)
Directors-General will report on progress to the respective Commissioner in the context of the regular follow-up meetings on audit and control. The ABM Steering Group will closely monitor and regularly report to the College on the implementation of the remedial actions that delegated authorising officers have committed to carry out in their annual activity reports.
DGs report on the implementation of action plans in a given year in their annual activity report. This has been specifically mentioned in the standing instructions for 2007 AARs.
DGs were also invited to mention the actions to be taken in the coming year as a follow up to previous reservations. This requirement was included in the guidelines for the 2008 AMPs.
For all reservations, delegated authorising officers have laid down appropriate action plans to solve the underlying weaknesses. They monitored the implementation of action plans and reported to the Commissioner responsible .
The implementation of all action plans has also been monitored by the ABM Steering Group which invited Directors-General to report regularly to the Group on the state of play of their action plans.
Initiative(s) to meet the objective
Responsible service(s) and timetable
Progress made in 2007
Integrated internal control framework
9. Enhancing accountability by establishing a comprehensive integrated internal control framework in line with the requirements set out in the ECA’s opinions on ‘single audit’.
Implementation of the action plan towards an Integrated Internal Framework.
Commission adopted on 27/2/2008 a report on the action plan towards an integrated internal control framework (COM(2008) 110 final). Most actions have been implemented and the remaining ones will be completed during 2008. The Commission can show that it has made concrete progress. The impact of the actions will form the basis of the evaluation of the progressive success of the action plan through decreasing error rates and improved ratings of systems by the Court. Early in 2009 the Commission will prepare a further impact assessment as at 31 December 2008.
10. Improving efficiency and strengthening accountability by ensuring proportionality and a sound balance between ex-ante and ex-post controls and by further harmonisation and better focusing of ex-post controls
Further attempts have to be made to achieve closer harmonisation of methodology and definition of common ex-post control strategies and ensure proportionality between ex-ante and ex-post controls, at least at the level of ‘families’ of services operating in the same budget area.
All services with the assistance of DG BUDG, continuous action.
In 2007, "internal control templates" were developed for each management mode, describing the internal control system on a consistent and concise basis and presenting a logical build-up to the Director General's assurance statement. These templates are built on a common format which leaves some flexibility for adaptation to the needs of the DGs. The format was used by almost all services in 2007 AAR and has improved awareness of control structures and sources of assurance. It helps pinpoint weaknesses and define improvements.
Common guidelines on sampling methods and related level of confidence should be finalised.
Services concerned with the support of DG BUDG, progressively up to the end of 2007.
Extensive guidelines on audit sampling in line with international auditing standards have been prepared in the Structural Funds to promote coherence in testing done by Member State audit authorities21. The Commission has provided guidance on best practice in the management of external audit framework contracts to ensure a consistency and high quality of audit results22.
In the research area, the joint audit strategy set up in 2007 includes guidance on sampling.
Based on the experience gathered from the research audit strategy and taking into account that not all elements of the approach are transposable to all areas, the Commission will issue guidance to its services on sampling strategies by July 2008.
DG COMM will put in place a system of structured ex-post control in all Representations and Units in the Headquarter.
DG COMM by the end of 2007
A centralised ex-post control unit was set up in this Directorate-General on 1 November 2007.
11. Increasing responsibility and accountability at the level of the Commission as a whole by the signing-off of the accounts by the Accounting Officer and by improved quality of financial information.
The Commission will further strengthen its accounting processes and systems to improve the quality of the financial information and the respect of deadlines.
All services, continuous action with the assistance of the services of the Accounting Officer
In 2007, DG Budget complemented and consolidated the accounting modernisation.
The single datawarehouse was also made available to all services and is expected to lead to an improvement in financial management information.
The Accounting Officer’s report on the verification of local systems at the end of 2007 noted improvements compared to 2006, mainly in the development of the knowledge of accrual accounting and ABAC systems. However, two systems were not validated.
12. Making financial management more efficient by applying simplification measures.
Services are called upon to apply the simplification measures that have been introduced by the basic acts under the next generation of programmes (2007-2013) and by the amended financial rules
All services concerned as from the entry into force of these legal provisions.
During 2007 the Commission clarified the rules through guidelines, notably the guidelines on FP7, on the implementing rules for Structural Funds 2007-13, for Education Policy 2007-13, and will continue to provide support and further guidance where necessary. The Commission will also ensure that future legislative proposals include clear and straightforward rules.