Regularity of spending in EU Cohesion policy: Commission discloses annually a minimum estimated level of error that is not final
About the report:Cohesion policy represents one of the largest parts of the EU budget. It is also a policy area, where we consider the risk of irregular expenditure to be high. A relevant and reliable estimated level of error in Cohesion spending is therefore a key element for the Commission’s disclosure and monitoring whether expenditure in this policy area complied with the legal provisions. Our findings lead us to conclude that the related key performance indicators published in the annual activity reports of the relevant Directorate-Generals and in the Commission’s annual management and performance report represent a minimum level of error and are not final. This is because of the Commission’s limited coverage of both operational programmes and operations through its compliance audits, the inherent limitations of its desk reviews and issues related to its audit work.
ECA special report pursuant to Article 287(4), second subparagraph, TFEU.
I ‘Cohesion’ represents one of the largest parts of the EU budget. It is also a policy area, where we consider the risk of irregular expenditure to be high. A relevant and reliable estimated level of error in Cohesion is a key element for the Commission’s disclosure and monitoring whether expenditure in this policy area complied with the legal provisions. It is also the basis for taking the required corrective actions.
II Regularity information in Cohesion is based on the work of Member State audit authorities and the Commission’s subsequent verification and assessment of their work and results. The result of this audit work is presented in the annual activity reports of the relevant Directorates-General, and in the Commission’s annual management and performance report as a key performance indicator for the estimated level of error in expenditure of the underlying programmes.
III We have previously highlighted in our annual reports that the weaknesses that we found in the work of audit authorities limits the reliance that can be placed on that work. The main objective of this audit was therefore to assess whether the Commission’s audit processes compensate for this limitation and enable it to disclose a relevant and reliable estimate of the level of error in Cohesion spending in the annual activity reports and the annual management and performance report.
IV For this purpose, we examined the Commission´s processes and procedures for the acceptance of the accounts and for its assessment of the regularity of the expenditure underlying the annual accounts, which provides the basis for the validation and confirmation of the annual residual error rates reported by the audit authorities. We also examined the way the Commission prepares and presents regularity information in the annual activity reports and the annual management and performance report.
V While the Directorates-General present the key performance indicators as their best estimate of the level of error, we conclude overall that they are not final and represent a minimum level of error at Directorate-General level and consequently in the annual management and performance report.
VI In line with the regulatory framework, the Commission accepts the annual accounts of Member States without taking into account the regularity of the related expenditure. Consequently, the 10 % payment retention, introduced with the intention of safeguarding the EU budget, is released, even in situations where Member States’ audit authorities had confirmed a residual error above the materiality threshold of 2 % and where the Commission’s regularity checks had yet to be completed.
VII The Commission in its desk reviews, checks the consistency of the regularity information included in the assurance packages. However, desk reviews are not designed to detect additional ineligible expenditure, which limits their added value.
VIII These desk reviews contribute to the Commission’s risk-based approach for selecting audit authorities for its compliance audits. However, the Commission did not always select the audit authorities with the highest risk score and did not sufficiently document the justification for selecting these audit authorities.
IX Compliance audits, where the Commission reviews the eligibility of operations, represent the most important element for its assessment of the audit authority’s work and related results. While the Commission found a number of undetected errors in the compliance audits that we reviewed, it often revised its final audit results in a follow-up phase with the Member States. We also noted the high frequency of undetected errors found by the Commission in the cases that we reviewed. Together with its often limited sample of operations, this indicates that further types of errors are likely to be present in the rest of the audit authority’s sample not reviewed by the Commission. This means that the residual total error rate is a minimum rate at programme level.
X The Commission reports the results of its work in the annual activity reports as a key performance indicator. While this indicator represents the Commission´s best estimate of the level of error, we consider that the key performance indicators published by the Directorates-Generals represent a minimum. This is because of the limited coverage of both operational programs and operations through compliance audits, the inherent limitations of the Commission´s desk reviews and other issues related to its audit work. We also consider that the published key performance indicators are not final, so they are therefore provisional.
XI With a view to improving the reporting of regularity information in Cohesion for the new programming period, we recommend that the Commission should:
- propose a legislative revision to ensure that the legal framework adequately protects the payment retention before it is released;
- improve its audit work, audit documentation and review process and;
- strengthen the main elements of the regularity information provided in the annual activity reports.
We also recommend that Central Services receive instructions on the production of the annual management and performance report from its owner, the College of Commissioners.
Cohesion, a major EU spending area with two control cycles
01 Cohesion policy, which focuses on reducing development disparities between the different Member States and regions of the EU, makes up a significant part of the EU-budget. It is implemented through multiannual operational programmes (OPs) which Member States generally submit at the beginning of each programming period. Figure 1 illustrates for the last five years the significant amounts involved in Cohesion spending in the programming period 2014-2020.
02 In the programming period 2021-2027, multiannual financial framework heading (MFF) 2, encompassing two distinctive subheadings ‘MFF 2a - European economic, social and territorial cohesion’ and ‘MFF 2b - Resilience and values’, represents 35 % of the EU budget and has become the largest policy area. The budget for MFF 2a, the equivalent to ‘Cohesion’ under the 2014-2020 MFF, amounts to €372.6 billion for 2021-2027.
03 We assess Cohesion expenditure in our annual audit report as high-risk, on the grounds that rules are complex and much of the expenditure is based on the reimbursement of costs declared by the beneficiaries themselves. We repeatedly find a material level of error for Cohesion in our annual statement of assurance audit work. Together with the significant amount of spending involved, this calls for a robust control and assurance system that can ensure the regularity of the Cohesion expenditure. It should also deliver a relevant and reliable estimate of the real level of error in this area.
04 The control and assurance framework used to deliver this regularity information for Cohesion was revised for the 2014-2020 programming period. It introduced the Commission’s annual acceptance of Cohesion expenditure submitted by Member States, which complements the closure arrangements at the end of the programming period. It also introduced an annual indicator of residual risk, which is known as the residual total error rate (RTER). The RTER presents an estimate of irregular expenditure remaining in the annual accounts of the OPs, after taking into account the effect of all control procedures, recoveries and corrections made by Member State authorities.
05 The control and assurance framework is centred around two control cycles, a national cycle at Member State level and a subsequent cycle at Commission level. This reflects the fact that the Commission and Member State authorities jointly manage the implementation of the Cohesion policy and its funding, a concept known as shared management.
The national control cycle
06 The first element in the control and assurance framework is the national control cycle, outlined in Figure 2.
07 The first line of defence in the national control cycle to safeguard the EU budget encompasses the Member States’ certifying and managing authorities. While the certifying authorities take care of Member States’ applications for payments and drawing up their accounts, the managing authorities are responsible for the selection of the operations funded within the programmes and for management verifications, which aim to ensure that beneficiaries receive reimbursement only for expenditure that is regular. The number of the errors that are detected through the Commission’s and our audit work demonstrates that the controls in place do not yet sufficiently mitigate the high inherent risk of error in this area. We reported in our annual report, that this particularly concerns managing authorities whose verifications are ineffective in preventing or detecting irregularities in the expenditure declared by beneficiaries.
08 Member State audit authorities are the second line of defence. They carry out annual audits of the programme accounts, and of representative samples of operations, for which the expenditure was declared to the Commission. They are also responsible for assessing the proper functioning of the management and control systems. In their annual control reports, the audit authorities report to the Commission the detected level of error in the expenditure declared (total error rate, TER). Where based on their work the TER goes above 2 %, audit authorities recommend the corrections required to reduce the residual total error rate (RTER) to below 2 %. Audit authorities report to the Commission on the implementation of these corrections.
09 The annual control report forms part of the annual assurance package, which can cover an OP or group of OPs. This package is a set of documents, which each Member State submits to the Commission each year in respect of the European Structural and Investment Funds (ESI funds), comprising the annual accounts, annual summary, management declaration and the audit authority’s audit opinion together with the annual control report. Audit authorities issue an audit opinion on the completeness, accuracy and veracity of the accounts, the legality and regularity of the expenditure in the account and the effective functioning of the management and control system. The assurance packages must be sent to the Commission by 15 February each year for the previous accounting year.
The Commission’s control cycle
10 The Commission retains ultimate responsibility for protecting the EU financial interests. Following completion of the national control cycle, every year the Commission launches its annual control cycle of the annual accounts and carries out an assessment of the assurance packages received in the year. Figure 3 shows the key steps involved, culminating in the reporting of the RTERs in the Commission’s annual activity reports (AARs).
Acceptance of accounts
11 The Commission carries out administrative checks of the completeness and accuracy of the accounts. If the Commission’s assessment results in its acceptance of the Member State’s accounts, it can then pay the annual balance of expenditure owed to the Member State, including the 10 % retained when making interim payments, introduced to safeguard the EU budget.
Assessment of legality and regularity
12 According to its audit strategy, the Commission aims to obtain reasonable assurance that the RTER for each OP is below 2 %. For this purpose, the Commission first assesses, through a desk review, information on regularity in the annual control reports of the audit authorities. It also uses the information gained during the desk reviews, and from previous audit work together with its assessment of audit authorities’ system audit reports, for its risk assessment to select those audit authorities and OPs for which they will be performing an on-the-spot compliance audit.
13 Compliance audits primarily focus on the re-performance of audits of operations at the level of audit authorities. They are the main contributor to the Commission’s own assurance. The compliance audits assess the reliability of the audit authority’s work for the audit opinion and the RTER. Where necessary, the Commission adjusts the RTER and requests additional financial corrections, which are measures to protect the EU budget from irregular expenditure by withdrawing this expenditure or recovering it.
14 The Commission calculates a weighted average of the adjusted RTERs as its key performance indicator (KPI 5). The KPI 5 is the main regularity indicator reported in the AARs. Finally, in its annual management and performance report (AMPR), the Commission consolidates the KPIs of the DGs (Directorates-General) for Employment, Social Affairs and Inclusion (EMPL) and for Regional and Urban Policy (REGIO) to provide its estimation of the level of error in Cohesion expenditure (known as the ‘risk at payment’).
Our previous work shows that we cannot always rely on the error rates reported by the audit authorities
15 In the four years we have been examining 2014-2020 expenditure, we detected additional errors in operations previously audited by the audit authorities. We were therefore unable to agree with audit authorities’ conclusions that RTERs were below 2 % for half of the assurance packages audited, representing also half of the expenditure audited. Based on this observation, we concluded that we cannot always rely on the error rates reported by the audit authorities. Figure 4 illustrates our results over the years.
16 The error rates reported in the AARs of DGs REGIO and EMPL and aggregated in the AMPR can therefore only be reliable if the Commission’s control cycle can compensate for these limitations in the work of the audit authorities. This is the subject of this report. The results of our audit could be an important input for the Commission in designing its audit work for the 2021-2027 programming period.
Audit scope and approach
17 Our audit covered the 2014-2020 control and assurance framework that aimed to allow the Commission to report an annual residual risk of error for each accounting year. We asked whether the Commission:
- carries out sufficient and appropriate audit work to produce a reliable and relevant annual residual risk of error for each assurance package (RTER);
- discloses a reliable annual residual risk of error in the AARs of each DG (KPI 5);
- presents, in the AMPR, a reliable annual level of error (risk at payment) for Cohesion.
18 We assessed the relevant processes and procedures for the acceptance of the accounts, the assessment of the regularity of the expenditure underlying the annual accounts of the assurance packages and the way the Commission prepares and presents the regularity information in the AARs and the AMPR.
19 To this end, we analysed the work done by the Commission to calculate a RTER for the two main Cohesion DGs, REGIO and EMPL, and at an aggregated level in the AMPR:
- For ten assurance packages – five from each DG – we analysed the desk-reviews performed for the accounting years 2015/2016, 2016/2017 and 2017/2018;
- We selected ten completed compliance audits – again, five for each DG –performed by the Commission for the accounting years 2016/2017 and 2017/2018;
- For each of the compliance audits selected we took one operation audited by the Commission and reviewed the audit file in detail;
- We reviewed the financial corrections resulting from 26 compliance audits undertaken in 2018.
20 We excluded from our audit scope the work done by the Commission for the accounting year 2018/2019, as the control cycle for that year had not been completed at the time of our audit. Our main focus was therefore the Commission’s work for the accounting years 2016/2017 and 2017/2018.
New legal provisions address some limitations in the acceptance of accounts, but some risks remain at the time of releasing the payment retention
21 Our review of a sample of ten assurance packages confirmed that the Commission, in line with the legal provisions, carries out targeted work on the Member States’ accounts. It accepts them when the audit authority has provided an unqualified audit opinion on their completeness, accuracy and veracity, unless the Commission has specific evidence that this audit opinion is unreliable. The level of error is not a factor in determining acceptance. Consequently, the Commission releases the 10 % payment retention initially withheld, even if it has evidence that the expenditure in the accounts contains a material level of error - a RTER above 2 %. The legal provisions governing the acceptance procedure therefore cannot deliver the overall objective of protecting the EU budget until the assessment of regularity is completed. Box 1 illustrates this limitation.
Acceptance of accounts with material level of error
The national audit authority provided a qualified audit opinion on the assurance package 2017-2018 and confirmed a RTER of 8.54 %. The Commission asked the audit authority to modify the audit opinion on the accounts to unqualified, arguing that the high residual error rate had no impact on the accounts but only on the legality and regularity of expenditure and the management and control systems. Consequently, the audit authority modified its qualified opinion. It removed its qualification on the accounts, but maintained a qualification on the legality and regularity of expenditure and functioning of the management and control system. In line with the regulation, this meant that the accounts were accepted and the 10 % retention was released before the necessary corrections to bring the RTER below 2 % had been implemented.
22 The new legal framework for the programming period 2021-2027 partly addresses the limitations of the acceptance of the accounts. The retention will be reduced to 5 % and the Commission cannot accept the accounts, if the RTER reported by audit authorities is above 2 %. However, the Commission’s assessment of the reliability of the RTER reported and the related regularity of the expenditure concerned will still take place after the acceptance of the accounts. We raised the same issue in our opinion 6/2018, where we underlined that the acceptance of accounts by the Commission does not take into account any subsequent financial corrections by the Commission, nor the need to amend error rates, since the related expenditure is subject to additional Commission checks after the acceptance of the accounts.
Inherent limitations of the Commission’s desk reviews reduce their contribution to confirming the RTER
The Commission’s desk reviews are not designed to detect additional ineligible expenditure
23 In the desk reviews for assessing regularity, the Commission analyses the information provided in each assurance package using standardised checklists. Unlike the acceptance of accounts procedure, these desk reviews aim to cover the legality and regularity of the underlying operations and to confirm the reliability of the RTERs reported by audit authorities.
24 To this end, the Commission not only assesses the assurance packages received but also takes into account other audit information. This other audit information is usually not just related to the work of the audit authority, but also covers other elements of the management and control systems, based on the Commission’s early preventive systems audits and other thematic audits.
25 The desk review checking regularity information covers the information provided in the annual control report, the audit opinion and the other documents in the assurance package. To complement the desk reviews, the Commission may also carry out fact-finding missions to the audit authorities before or after receipt of the assurance package. However, until the 2020 revision, the Commission’s methodology for desk review and fact-finding missions did not provide for the assessment or verification of the regularity of individual operations or expenditure items. Our review of ten assurance packages showed that the Commission assessed each assurance package in a structured way, but the impact of these assessments on the regularity of expenditure was limited, as set out in the following paragraphs.
26 We noted that, based on its desk-reviews, the Commission had amended RTERs previously reported by the audit authorities. We analysed a sample of ten such cases related to the accounting year 2017/2018, where a substantial modification took place. We found that in all cases, the modification was based on a mistake in calculations made by the audit authority or on findings from other audit engagements, such as the Commission’s early preventive system audits, its previous compliance audits or from our own work. In order to find additional errors to those already detected by the audit authority in its audits of operations, the Commission would need to perform additional work at operations level, which shows the inherent limitation of the Commission’s desk reviews.
27 Additionally, the Commission assesses each national system audit report and takes the information into consideration for the conclusion following the desk review on the legality and regularity of the expenditure certified in the assurance package. However, the Commission’s documentation of the work done to review the national system audit reports was not sufficiently detailed. The Commission’s checklists include three questions to which auditors often answered only yes/no without explanatory comments. The absence of more detailed information did not allow us to understand what work had been done and to confirm that it was sufficient.
Both the Commission’s compliance audits and our audits found material errors that could not have been detected by the desk reviews
28 Our analysis showed that, as a result of the compliance audits performed by the Commission between 2018 and 2020 for the accounting years 2016/2017 and 2017/2018, the Commission had adjusted a significant number of RTERs. For approximately two fifths (42 %) of the cases the Commission found errors that contributed to increasing the RTER to above 2 % as outlined in Figure 5. For almost one fifth (17 %) of these cases the RTER was above 5 %. The additional errors resulting in an adjusted RTER had not been found by the preceding desk reviews.
29 Additionally, our own statement of assurance audit work in 2017, 2018 and 2019 showed that in 23 of the 47 assurance packages (49 %), the RTER was significantly under-reported by the audit authority. In all 23 cases, the RTER should have been reported as being above the 2 % materiality threshold.
30 While the Commission is performing a structured assessment of the information provided in the assurance packages, in particular of the annual control reports, our analysis has shown that irregular expenditure remained undetected and uncorrected by the desk reviews. The Commission’s desk reviews are not designed to detect additional ineligible expenditure, which limits their added value in terms of confirming the regularity of the underlying transactions and the validity of the RTER reported by the audit authorities.
The Commission did not always follow its risk-based approach for selecting the most risky audit authorities for compliance audits
31 The Commission’s audit strategy provides that it follows a risk-based approach. To this end, it performs an annual risk assessment to select the most risky audit authorities to be covered by its compliance audits. Both DGs use the same criteria and approach for their annual risk assessment, which also takes into account the information obtained from the desk review of the assurance packages. The result of the risk assessment is that audit authorities are risk-rated and assigned a specific risk score.
32 In addition, the Commission performs an assessment of specific risk factors for each OP. Having assessed the level of risk associated with the OPs under the responsibility of the previously risk-rated audit authorities the Commission selects the audit authorities and OPs for its compliance audits.
33 In our examination of the risk assessments carried out by both DGs in the years 2018 and 2019, we found that the Commission did not always follow its procedure. For example, it attributed a value of 20 to a particular risk, while the procedure provided only for five points. In some cases, it did not attribute a value of 0 (for ‘yes’) and 10 (for ‘no’), but attributed five points, reflecting that its procedures did not provide for this option. The inconsistencies had an impact on the overall risk score for individual audit authorities and hence how the Commission ranked them when preparing the audit plan. They also indicate weaknesses in this process.
34 To assess the robustness of the Commission’s risk assessment, we analysed whether the results as presented in the final compliance audit reports of 2017, 2018 and 2019 corroborated its initial risk assessment - i.e. whether audit authorities were correctly assessed as high-risk or low-risk. We considered an audit authority to be high-risk when its risk score is above the Commission’s average risk score and consequently to be low-risk when it is below. We found that for 11 of the 13 low-risk audit authorities the Commission had revised the RTER. In two cases this revision brought the RTER from below 2% to above 2 %. In the remaining nine cases this revision did not alter the conclusion, that the RTER reported was below 2 %. This shows that two of the audit authorities were not actually low-risk. For high-risk authorities, it revised the error rates more often to above 2 % (in 20 out of 39 cases).
35 Following our own statement of assurance work, we considered that RTERs would be above 2 % for three out of eight low-risk audit authorities covered by our substantive testing. In terms of impact, Figure 6 illustrates that the average adjustment of the RTERs reported by low-risk audit authorities is higher than the adjustment needed for high-risk audit authorities. This means that the Commission’s assessment of what constitutes a low-risk authority depends on the information available at a given moment and that it has inherent limitations.
36 We also reviewed the Commission’s 2019 audit plan to find out whether the audit authorities classified as most risky had been selected. We found that eight of the 12 audit authorities selected by DG EMPL had a risk score below the general average of 32 %. However, the Commission did not document the justification for this deviation from the outcome of its risk assessment. In consequence, we were not able to confirm whether the Commission always followed its risk-based approach by selecting the most risky audit authorities for compliance audits. Table 1 shows the risk scoring and selected audit authorities per DG.
|2019 – risk assessment||REGIO||EMPL|
|Number of audit authorities assessed||83||101|
|Average risk score of AAs assessed||38 %||30 %|
|2019 – audit plan|
|Compliance audits done||14||12|
|Audit authorities selected for compliance audits||11||12|
|Average risk score for the audit authorities selected||53 %||26 %|
|Audit authorities selected with a risk score above the average||10||4|
While the Commission detects irregular expenditure in its compliance audits, it often revises their final results in the follow-up phase with the Member States
Compliance audits found irregular expenditure, but in our sample two errors remained undetected
37 With its compliance audits the Commission seeks reasonable assurance that the work of the audit authorities is reliable. To this end, the Commission usually reviews in each compliance audit eight to ten operations previously examined by the audit authority.
38 We analysed a sample of ten Commission compliance audits involving 73 operations in total. For 28 of these 73 operations the Commission, in its final compliance audit report, reported findings with a financial impact. This means that ineligible expenditure was detected that may affect the RTER. In our sample of ten randomly selected operations, we found additional errors for two operations that the Commission had not detected.
39 In one case, we found that overhead costs were reimbursed based on a flat rate (simplified cost option). While the regulation provides that simplified cost options have to be approved and granted in advance, the flat rate in this case was only approved during implementation of the operation. Furthermore, neither the audit authority nor the Commission auditors had detected that the costs had not been declared in line with the methodology defined in the grant agreement. In this respect, we noted that the Commission, in its working papers, had referred to the wrong legal provision. We conclude that the costs declared were not in line with the legal basis and were therefore ineligible. The impact of this error means that the RTER reported by the Commission in its final compliance audit report was understated.
40 In the second case, an operation concerned the acquisition of two vessels intended for the organisation of multiday river cruises. According to the Member State authorities and the Commission, the activities were classified as “other amusement and recreation activities”, and the aid was exempted from state aid notification. As the beneficiary indicated in the application that vessels were to be partially operated by entities within the same group to which the beneficiary belonged, the aid is likely to support the activities in the cruise sector. The Commission explicitly categorised this sector as belonging to the transport sector, which is not exempted from the state aid notification requirement. As neither the group structure nor the operating agreements were analysed by the Member States or the Commission auditors, we conclude that the necessary eligibility elements for approving the operation may have not been met and the expenditure should not have been declared as eligible.
41 In addition to the issues identified above, we found for one of the ten compliance audits we reviewed, that DG REGIO and EMPL concluded differently on the final RTERs (see Box 2). In this case, the audit authority had reported a common error rate covering the funds of both DGs. We also identified a similar issue for one of the desk reviews in our sample. We note in this context, the setup in July 2021 of the Joint audit directorate for Cohesion (DAC), encompassing all audit activities of the Cohesion expenditure. The mission of the DAC is to provide assurance and audit functions to both Directors-General and to cover all audit functions under their responsibility. Merging the two previously separate audit directorates of DGs REGIO and EMPL should help to ensure consistency in the Commission’s audit work and assessments.
Compliance audit - Common sample of four OPs covering ERDF and ESF
An audit authority provided its opinion on legality and regularity based on a common sample of operations covering ERDF and ESF OPs for the 2016/2017 accounting year. By taking a common sample across two funds, the audit authority generated one common error rate to represent both funds.
Following the audit of the common sample of operations, the audit authority reported a common RTER of 0.0 %. Both DG REGIO and DG EMPL decided to carry out a compliance audit.
Following DG REGIO’s compliance audit of eight operations for the ERDF OPs, it adjusted the common RTER to 6.9 %. While DG REGIO used the common error rate, DG EMPL reported an error rate for the ESF OPs only, amounting to 0.3 %. As the RTER for the ERDF OPs only would amount to 21.3 % this leads to a significant under estimation at Commission level.
In this case, the sample size would have allowed each DG to conclude on its funds. However, they should have coordinated and followed the same approach, either by both considering the RTER for their funds, or by both considering the common rate, in order to avoid an underestimation of the risk at Commission level.
42 We reviewed the Commission’s documentation of the work that it carried out for the 73 operations covered by its compliance audits. Adequate documentation is a requirement of the international auditing standards, in particular when other auditors intend to rely on the audit work and the findings.
43 Each DG has developed specific checklists for its review of the operations selected. We found that more than one third (37 %) of the checklists had not been completed, as one or more audit questions had not been answered. Where they had been answered, the answer was often limited to ‘yes’ or ‘no’, with no additional information allowing an independent reviewer to assess the adequacy of the underlying work that led to this response. Documentation related to the expenditure tested by the Commission also showed shortcomings, as for almost one-fifth (18 %) of the audit files examined the information on the number and value of expenditure items tested was not available. Figure 7 summarises the shortcomings we found in the Commission’s audit documentation.
The Commission often revises its final audit results during the follow-up phase with the Member States
44 When the Commission has completed its work, it issues a draft audit report including the findings of its compliance audits. In line with the provisions of the CPR (Common Provisions Regulation) and international audit standards Member States have the opportunity to comment on and contest the Commission’s initial assessment. Following the Commission’s analysis of the replies of the Member State, the Commission, in line with its internal rules, issues a final audit report which should include its final conclusions and, where necessary, indicate the required corrections. The Commission has three months after its on the spot audit to provide its draft report, and a further three months to issue the final report after it has received a complete reply from the national authorities.
45 Following the issue of the final audit report, the Commission initiates the follow-up phase in which it verifies whether the Member States’ authorities accepted and applied the corrections resulting from its findings, or whether the Commission should launch a financial correction procedure. In general, the Commission encourages Member States authorities to implement the corrections and when necessary it engages in further discussions.
46 For two of the ten compliance audit reports we reviewed, the Member States accepted the audit results and implemented the corrections. For the remaining eight compliance audit reports, we noted that the Commission and Member States continued to exchange information and views. For three of them, the Commission revised its assessment made in the final report: in one case, the Commission dropped one finding; and for the other two cases, the Commission re-assessed the financial impact of the errors – see Box 3 below. The remaining five cases were still ongoing at the time of our audit, in one case 24 months after the final audit report had been issued, with no final decision by the Commission. Consequently, the conclusions presented in the final audit reports we examined were, in practice, not final and subject to further changes. We note in this context that the Commission does not formally confirm a final error rate.
Final error rates are not final
DG EMPL carried out a compliance audit for one OP, where it reviewed eight operations examined previously by the audit authority. The Commission’s final report concluded that six operations had additional errors, one of which was a 100 % error because the operation did not meet the eligibility criteria of the OP. It recalculated the RTER from 1.8 % to 5.5 %. DG EMPL also informed the Member State about the corrections it needed to implement to reduce the RTER to below 2 %.
However, the Member State disagreed with the Commission’s assessment. In a subsequent follow-up letter, DG EMPL accepted the Member State’s argument that the error was not ‘random’, i.e. did not recur in the remaining population, but was ‘systemic’, i.e. only recurred in specific circumstances, leading to a RTER of 2.0 %.
In our view, the reclassification of a random error to a systemic error was not justified as it did not follow the definition of the Commission’s guidance. The Member State authorities confirmed to the Commission that this error had no impact in any non-audited operation in the population. In consequence, the RTER was not final in the final audit report and remained underestimated.
The Commission has not yet implemented net financial corrections
47 Our review of the 26 compliance audits carried out in 2018 (the most complete year available at the start of our audit) showed that the implementation of corrections is a lengthy process, which can take several years reflecting Member States’ legal right to challenge the Commission’s request for financial corrections. Of these compliance audits, 19 required a financial correction according to the Commission’s final audit report. In nine cases, the Member State authorities fully implemented the corrections by 31 December 2020. This allowed Member State authorities to replace this irregular expenditure with other expenditure in subsequent accounting periods. In all other ten cases, discussions with the Member States, including additional work to be carried out by the audit authorities were still ongoing. Two of these ten compliance audits account for more than 50 % of the corrections to be made.
49 The legal framework for the 2014-2020 period stipulates that the Commission should apply net financial corrections in case of serious deficiencies not identified by the Member State under the conditions set out in Article 145 (7) of the CPR. Net financial corrections mean that there is a definitive reduction of funds to the Member States concerned. As of November 2021, the Commission has not yet implemented a net financial correction.
The Commission discloses a minimum error rate as its main indicator of regularity in the AARs which is not final
50 To establish a regularity indicator at policy level, each DG (REGIO and EMPL) first calculates a weighted average RTER for the OPs under its management and publishes it as a KPI in the respective AARs. These calculations take into account the results of both desk reviews and compliance audits.
51 While the DGs present the KPI as their best estimate of the RTER, we found a number of methodological issues that mean that the KPI published by the DGs represents only a minimum estimated level of error. We also note that the published KPIs are not final, since the underlying RTERs at OP level, can be still revised due to ongoing or future audit work. We present these methodological issues in the following paragraphs.
Limitations in the Commission’s methodology generally only allow for establishing a minimum error rate at OP level
52 The Commission’s compliance audits are based on a sample of OPs already audited by the audit authority. In line with its methodology, the Commission generally reviews eight to ten operations for each of its compliance audits. The Commission usually selects these operations on a judgmental basis, taking account of a number of risk factors, such as the potential presence of state aid, the use of public procurement, and the type of beneficiary. When selecting the operations, it also considers the size of the operation and the different priority axes.
53 We assessed the Commission’s selection of its sample and found that the documentation was insufficient for us to link specific risks to the selected operations. We further note that the number of operations selected may not always allow it to cover all types of operations in the audit authorities’ sample and related risks, reflecting the diversity of OPs’ priorities and of operations that receive Cohesion funding. This is especially the case when an annual control report covers several OPs.
54 For the ten compliance audits we reviewed, we analysed the frequency of errors (the proportion of operations with errors not detected by the audit authorities), and the increase in the RTER in terms of percentage points – see Table 2.
|Audit n°||AA1 sample size||COM1 sample size||Coverage (N° of operations2||N° of operations with errors2||Frequency of additional errors||Increase in % points in RTER|
|Total for 10 compliance audits reviewed||487||73||15 %||28||38 %||1.94 %|
|audit 1||99||8||8 %||3||38 %||0.36 %|
|audit 2||34||8||24 %||1||13 %||6.82 %|
|audit 3||6||4||67 %||1||25 %||0.86 %|
|audit 4||146||8||5 %||6||75 %||2.25 %|
|audit 5||30||8||27 %||3||38 %||4.20 %|
|audit 6||40||8||20 %||4||50 %||0.29 %|
|audit 7||30||8||27 %||1||13 %||0.05 %|
|audit 8||30||5||17 %||1||20 %||0.00 %|
|audit 9||30||8||27 %||4||50 %||2.22 %|
|audit 10||42||8||19 %||4||50 %||2.38 %|
1 AA means audit authority, COM means Commission.
2 Numbers refer to the Commission’s sample.
55 In general the number of operations sampled by the Commission was in line with its methodology, which allows it to partially cover the operations audited by the audit authority. For the ten compliance audits we reviewed, DGs covered 15 % of the operations audited by the audit authorities representing 24 % of the expenditure covered by the audit authorities’ sample. They detected additional errors, not previously detected by the audit authorities’ audits, in 38 % of the operations they audited, where they often detected multiple different types of errors. For the errors that it detected, the Commission assessed whether the same types of error occurred in other operations audited by the audit authorities. In five of the ten compliance audits we reviewed, some errors were recurring and the Commission determined the impact of these errors. In nine of the ten compliance audits, it considered other errors to be non-recurring. In these cases, the Commission does not extend its sample in order to reduce the risk of additional different types of errors previously undetected.
56 In our view, the high frequency of undetected errors found by the Commission in its often limited sample of operations indicates that further types of errors are likely to be present in the rest of the audit authority’s sample not reviewed by the Commission. This means that the RTER is a minimum rate at OP level in such cases.
57 Box 4 illustrates how the Commission’s approach only allows it to establish a minimum error rate.
Compliance audits – additional errors remained undetected and uncorrected
DG REGIO carried out a compliance audit covering several OPs for the 2016-2017 accounting year. During the audit, it re-performed the audit of eight of the 99 operations audited by the audit authority. For three out of the eight operations, it found additional errors that the audit authority had not detected. These additional errors had an impact on the RTER, which it adjusted from 1.18 % to 1.54 %. Although three additional errors were present in the Commission’s sample, it considered that it had reasonable assurance that there were no remaining undetected errors in the 91 operations it did not review. DG REGIO relied on the audit work of the audit authority for those operations.
During our audit for the 2018 Statement of Assurance, we audited nine out of the 91 operations not audited by the Commission, and identified quantifiable errors in six of them. These six operations with quantifiable errors contained different types of errors. While the Commission was aware of the state-aid (type) errors that we found, it had not detected the other types of errors in its sample. As a result of our work, we estimated that the RTER was at least 7.10 % compared to the 1.54 % resulting from the Commission’s compliance audit. Given the high frequency of errors with financial impact, it is likely that additional errors are still present in the operations not audited either by the Commission or by us.
The Commission’s methodology only allows it to estimate a minimum error rate at DG level
58 We found that desk reviews are not designed to detect additional ineligible expenditure, which limits the added-value in confirming the validity of the error rates reported. They are no substitute for compliance audits (see paragraph 30). Despite this, the DGs place reliance on the desk reviews as part of their methodology for establishing an error rate at both Fund and DG level (KPI 5). However, they do not estimate the impact of the errors found in compliance audits on the non-audited OPs (desk reviews) for estimating the aggregated error rate (KPI 5).
59 In our view, it is not justified to assume that non-audited OPs are free from additional errors. While the Commission detects a significant number of unreported errors in the sample of operations/OPs audited by the AAs, the methodological weaknesses in its approach means that the error rates it reports at DG level as KPI can only be a minimum error rate. Therefore, it is likely that the real level of error is higher.
60 In addition to this KPI, since 2018 both DGs have also disclosed an estimated maximum error rate, designed to take account of the potential impact of ongoing audit work on the regularity information presented in the AARs. In order to determine this maximum rate, both DGs used flat rates for the OPs where the outcome of audit work performed was still pending.
61 Since 2019, both AARs also explain that the maximum rates take account of any potential errors lying outside the sample of operations in OPs audited by either the Commission or the ECA. In our 2019 annual report, we considered this rate to be more suitable, because it takes account of the potential impact of ongoing audit work.While DG REGIO applied the approach as described in the AAR, DG EMPL did not take full account of possible errors beyond those detected. The Commission’s approach, as applied by DG REGIO, is designed to respond to our finding that audit work continues after the rates have been reported in the AARs. However, it does not address other methodological issues, such as the inability of desk reviews to identify ineligible expenditure, the limited coverage of OPs by the Commission’s compliance audits and the risk that errors remain undetected in its review of operations.
Annual error rates at fund or DG level are not final
62 In our 2018 annual report, we highlighted that most of the provisions dealing with the closure of the 2014-2020 programmes delay the final assessment of the eligibility of costs declared for some operations until a later stage, usually at programme closure. This is the case for a range of operations in many OPs, in particular for operations involving investments made by financial instruments, the clearing of state aid advances, the final assessment of revenue-generating operations, and the treatment of non-functioning operations. While the Commission excluded advances for financial instruments from the KPIs it reports in its AARs, the delayed assessment of the other eligibility issues may affect the error rates reported for the years in question. This further supports our conclusion that the rates presented in the AARs do not necessarily reflect the DGs’ final assessment. If an error later materialises in these type of operations, the error rates of the OPs concerned will need to be reassessed and increased.
Reservations are affected by the lack of complete information
63 In the DGs’ AARs, the Directors-General provide a declaration of assurance that the control procedures put in place provide the necessary guarantees concerning the legality and regularity of the underlying transactions. The Directors-General may add a reservation related to defined areas of revenue and expenditure, where they consider that the general declaration does not apply. In cohesion, the Directors-General make reservations at OP level, rather than at fund level.
64 The Commission’s instructions provide that OPs are included in the reservation for the 2014-2020 programming period if at least one of the following criteria is met:
- a total error rate (TER) above 10 %;
- deficiencies in key elements of the systems, which could result in/lead to irregularities above 10 % and for which no adequate corrective measures to remedy the deficiencies have yet been implemented;
- an RTER above 2 %;
- material issues concerning the completeness, accuracy and veracity of the accounts.
In deciding whether or not to make a reservation, the Commission also takes account of qualitative shortcomings with a significant impact on its reputation.
65 The Commission applies these criteria to expenditure declared in the latest available assurance packages. While these are subject to the Commission’s work for the acceptance of accounts in the year the AARs are published, the Commission completes its regularity assessment and confirms the RTERs per OP in the subsequent years’ AARs.
66 We have examined the confirmed rates for the 2016/2017 and 2017/2018 accounting years in the subsequent years´ AARs (2018 and 2019 respectively). For each of the OPs for both DGs, we analysed information from subsequent compliance and other audit work after reservations had been made. The results are in Figure 8 and illustrate the inherent limitations in the system.
67 Overall, our analysis demonstrates that the Directors-General declared that they had reasonable assurance on the regularity of the expenditure in the AARs on the basis of preliminary rates for OPs. However, the subsequent audit work revealed that the adjusted values for TER exceeded 10 % and/or the RTER exceeded 2 % in a significant number of cases. This illustrates the inherent limitations in the Commission's approach of making reservations on the calendar year expenditure. In Box 5 we provide an example illustrating these inherent limitation.
DG EMPL – Reservations are made in the absence of complete information
Following its review of an assurance package for the 2017/2018 accounting year, covering expenditure from 1 July 2017 to 30 June 2018, DG EMPL considered that the RTER for a regional OP amounted to 2.00 %. Since this rate did not exceed the relevant threshold, DG EMPL did not make a reservation and provided assurance on the 2018 expenditure for this OP in its 2018 AAR.
The compliance audit carried out after publication of the 2018 AAR, resulted in an adjusted RTER of 4.38 %, which, if the control cycle had been completed, would have justified the need for a reservation.
The Cohesion regularity information in the AMPR inherits the shortcomings of the AARs
Supported by Central Services, the College of Commissioners adopts the AMPR and is responsible for its content
68 We focus in the following paragraphs on the presentation of regularity figures in section 2 of the Annual Management and Performance Report (AMPR), including Cohesion. The AMPR is the Commission’s main contribution to the annual discharge procedure and consists of two parts:
- Section 1 – Performance and results – providing a high-level overview of the results achieved and
- Section 2 – Internal control and financial management – presenting the Commission’s management of the EU budget, including a summary of the information from the AARs, an estimate of the level of error in EU spending and the Commission’s estimated risk at payment for the annual relevant EU expenditure, overall and for the different policy areas, including Cohesion.
69 The information on internal control and financial management presented in the AMPR is based on the AARs of the various Commission Directorate-Generals. Responsibility for the information disclosed in the AMPR follows the division of responsibilities set out in the Commission’s governance arrangements. The Directors-General are responsible for the reliability of the information provided in their respective AARs, while the College of Commissioners adopts the AMPR and therefore ultimately has responsibility for and ownership of the report’s production and the information it presents.
70 The process leading to the AMPR, reflecting this division of responsibilities and outlining the input from the Directors-General (in the AARs), Central Services and the Internal Audit Service, is presented in Figure 9.
The AMPR inherits the limitations of the regularity information included in the AARs of DGs REGIO and EMPL
71 The Commission’s Central Services, DG Budget and Secretariat-General, are responsible for preparing the AMPR, based on the AARs of the different DGs. To this end, they review the content of the AARs, provide feedback and organise peer review meetings with the DGs, but the mandate for making any changes remains with the Director-General, in line with their status as retaining day-to-day management responsibility for their DGs.
72 Central Services inform the Corporate Management Board about any significant issues they find during the peer review. In the years we reviewed, they did not indicate any remaining issues with the key performance indicators presented in the AARs of DGs REGIO and EMPL. Effectively this implies Central Services accepted the rates reported in these AARs, together with the underlying approach.
73 The risk at payment for Cohesion disclosed in the AMPRs we reviewed is therefore subject to the same limitations as the underlying figures presented in the DGs AARs. For the reasons outlined above it is only a minimum rate (see paragraphs 58-62) that is not final and likely to be underestimated.
74 We noted in this context that Central Services issue instructions/guidance for the AARs, including standard requirements for quality and comparability across the Commission, but these are not provided by the owner of the AMPR with detailed instructions on the content and scope of the AMPR and the related review of other DGs’ AARs. Issuing such instructions could help the College of Commissioners to ensure that it provides relevant and reliable information in the AMPR.
Conclusions and recommendations
75 In this audit, we examined the work of the Commission on the annual assurance packages of the Member States, which provides the basis for the validation and confirmation of the annual residual error rates reported by the audit authorities. Together with the Commission’s reporting in its annual activity reports (AARs) and the annual management and performance report (AMPR), we analysed the reliability of the regularity information provided by the Commission. Through our recommendations, we aim to further improve the functioning of the current management and control system, without adding additional layers to it.
76 Overall, we found that the Commission carries out a substantial amount of work related to accepting Member States’ annual accounts and verifying the reliability of the regularity information provided in the Member State authorities’ reports. However, our observations lead us to conclude that the Commission only provides a minimum estimate of the level of error that is not final, at operational programme (OP) and Directorate-General (DG) level and consequently in its AMPR.
77 We noted that, for 2014–2020, the Commission, in line with the regulatory framework, accepted the annual accounts without taking into account the regularity of the related expenditure (paragraph 21). Although the legislator introduced the 10 % payment retention, with the intention of safeguarding the EU budget, the Commission had to release it even when the Member States’ audit authorities had confirmed a residual error above the materiality threshold of 2 % and the Commission’s regularity checks still had to be completed. The provisions governing these arrangements have changed for the 2021–2027 programming period (paragraph 22). While the Commission can no longer accept accounts with a confirmed residual total error rate (RTER) above the materiality threshold of 2 %, it will continue to release the reduced retention of 5 % before it has completed its regularity checks.
Recommendation 1 – The Commission should propose a legislative revision to ensure that the payment retention is adequately protected before it is released
In order to safeguard the EU budget, we recommend that the Commission proposes a revision of the 2021-2027 legal framework to address the remaining risk when the 5 % retention is released. The Commission should only be able to release it when it has finished the regularity work for an OP for a specific accounting period or at the latest at programme closure.
Timeframe: Next revision, at the latest at the mid-term review of the legal framework for the programming period 2021-2027.
78 The Commission’s desk-based reviews of all annual assurance packages submitted by the Member States are not designed to detect additional ineligible expenditure (paragraphs 23-25). Adjustments of error rates, following desk reviews, are usually based on issues detected in previous years (paragraph 26). Our analysis has shown that irregular expenditure remained undetected and uncorrected by the desk reviews (paragraphs 28-30). Therefore, they have only limited value in confirming the regularity of the underlying transactions and the validity of the RTERs reported by the audit authorities.
79 Although the Commission in its audit strategy provides for a risk-based approach for selecting audit authorities for its compliance audits, we found that the risk rating of the audit authorities did not always reflect the selection of audit authorities for compliance audit (paragraphs 33-35). Furthermore, we found that the final selection of audit authorities, in particular for Directorate-General for Employment, Social Affairs and Inclusion, was not fully in line with the results of its risk assessment and the Commission did not document the justification for this deviation (paragraph 36).
80 Our assessment of the Commission’s audit work revealed several weaknesses. We found shortcomings in audit documentation, making it difficult for us to assess the appropriateness of the work it carried out (paragraphs 42 and 43). In two out of the ten operations we reviewed, we found additional errors affecting the regularity of the expenditure concerned, which the Commission had not detected. This also has an impact on the related reported error rates (paragraphs 38-40).
81 We found that the Commission issues its compliance audit reports within the time limits prescribed by the legislation (paragraph 44). However, in most cases we reviewed, the Commission continued to exchange information and views with the Member States in a follow-up phase after the final report had been sent, where it verifies whether the Member State authorities accepted and applied the required corrections. This means that the results and error rates presented in the final reports were not always final (paragraphs 45 and 46). We note in this context, that the Commission does not formally confirm a final error rate to the Member State authorities.
82 Our review of a sample of corrections showed that they are implemented following a lengthy process, which can take several years, reflecting Member States’ legal right to challenge the Commission (paragraphs 47 and 48). As of November 2021, the Commission has not yet implemented a net financial correction (paragraph 49).
83 Some eligibility criteria can only be checked at the time of programme closure. This affects the Commission’s annual assessment and means that the annual error rates of the OPs concerned may not be final and may have to be reassessed and increased. Potential irregular expenditure in these OPs remains undetected and uncorrected until closure in a management and control system for Cohesion expenditure, which was meant to provide for annual acceptance of accounts. The recommendation we made on this issue in our annual report 2018 remains valid (paragraph 62).
Recommendation 2 – The Commission should improve its audit work, audit documentation and review process
We recommend that the Commission should take the necessary steps, to ensure that:
- its compliance audit plan reflects its risk assessment. When other factors are considered and result in changes, the Commission should clearly document and explain the reasons for that change,
- its audit work is sufficiently documented,
- its review process is strengthened in order to detect and correct potential weaknesses in its own work,
- the Member States receive a separate formal confirmation of the final RTER for the OP and each accounting year.
Timeframe: Accounting year 2020/2021.
84 The Commission in its compliance audits, using professional judgment, usually selects and reviews eight to ten operations selected from the audit authority’s own sample of operations selected for audit (paragraph 52). This review is an important element for its assessment of the audit authority’s work and related results. While the Commission found a number of undetected errors in the compliance audits that we reviewed, its limited coverage of the audit authorities’ testing as well as our own results means that more errors are likely to remain undetected and uncorrected (paragraphs 53-55). As a result, the Commission’s methodology generally only allows it to establish a minimum error rate at OP level (paragraph 56 and 57).
85 To establish a regularity indicator at policy level, each Directorate-General (Regional and Urban Policy and Employment, Social Affairs and Inclusion) first calculates a weighted average RTER for the OPs under its management and publishes it as a key performance indicator (KPI) in the respective AARs. These calculations take into account the results of both desk reviews and compliance audits. Both DGs also disclose an estimated maximum error rate, designed to take account of the potential impact of ongoing audit work on the regularity information presented in the AARs. While the DGs present the KPIs as their best estimate of the level of error, our work makes us consider that the KPI published by the DGs represents a minimum. This is because of the Commission’s limited coverage of both OPs and operations through its compliance audits, the inherent limitations of its desk reviews and the issues related to its audit work (paragraphs 58 and 59). We consider that the published KPIs are not final, since the underlying RTERs at OP level can be still revised due to ongoing or future audit work (paragraphs 46 and 62).
86 The DGs’ reservations on individual programmes are another key element related to the regularity of Cohesion expenditure. DGs for Regional and Urban Policy and for Employment, Social Affairs and Inclusion make reservations based on expenditure, which has not yet undergone the Commission’s regularity checks (paragraph 65). The inherent time limitations of the control process, meant that the majority of OPs where the Commission’s audit work gave rise to a material level of error were not covered by a reservation in the previous AAR (paragraphs 66 and 67).
Recommendation 3 – The Commission should strengthen the main elements of the regularity information provided in the AARs
The estimated level of error and the reservations represent key regularity information, which the Commission should strengthen. We recommend that the Commission should:
- address the methodological issues that we found in this audit, resulting in a minimum KPI (error rate). Such an approach should allow that the KPI takes into account, for the non-audited expenditure, the high frequency of the errors with financial impact found in compliance audits when estimating the aggregated error rate.
- facilitate readers’ understanding of a technical and complex matter and explain more clearly and more prominently in the AARs that the reservations are based on error rates that are not confirmed, together with the related risk.
Timeframe: Accounting year 2020/2021.
87 The AMPR is a key accountability document that summarises information on the Commission’s internal control and financial management. While the College of Commissioners is ultimately responsible for the information presented in this document, Central Services support the College of Commissioners in its production. Although Central Services play a leading role in producing the AMPR, we noted that no detailed instructions exist on the extent of the content and structure of the AMPR and the related AAR peer reviews (paragraph 74).
88 The regularity information reported for Cohesion is a simple aggregation of the figures provided in the AARs of DGs for Regional and Urban Policy and for Employment, Social Affairs and Inclusion, meaning that all the issues that we identified concerning these figures also apply to the AMPR. As a result, the error rate reported can only be a minimum rate that is likely to underestimate the real level of error in Cohesion (paragraph 73).
Recommendation 4 – Central Services should receive instructions for the production of the AMPR from its owner, the College of Commissioners
The AMPR is a key accountability document of the Commission that contributes to the discharge procedure. In order to ensure that its owner, the College of Commissioners provides relevant and reliable information in the AMPR, and to better reflect the responsibilities of the different actors involved in its production and adoption, we recommend that the owner of the AMPR provides instructions to the Central Services, outlining the content and structure of the AMPR and defining the scope of the Central Services’ review of the underlying AARs.
Timeframe: For the 2021 discharge.
This Report was adopted by Chamber V, headed by Mr Tony Murphy, Member of the Court of Auditors, in Luxembourg on 3 November 2021.
For the Court of Auditors
Klaus-Heiner Lehne President
Acronyms and abbreviations
AA: Audit Authority
AAR: Annual Activity Report
AMPR:Annual Management and Performance Report for the EU Budget
CPR: Common Provisions Regulation
DAC: Joint audit directorate for Cohesion
DG: Directorate General of the Commission
EMPL:Employment, Social Affairs and Inclusion
ERDF:European Regional Development Fund
ESF: European Social Fund
ESIFs:European Structural and Investment Funds
IAS: Commission’s Internal Audit Service
KPI: Key Performance Indicator
MFF: Multiannual Financial Framework
OP: Operational Programme
REGIO:Regional and Urban Policy
RTER:residual total error rate
SG: Secretariat-General of the Commission
TER: total error rate
Annual Activity Report (AAR): A report produced by each Commission Directorate-General, EU institution and body, setting out how it has performed in relation to its objectives, and how it has used its financial and human resources.
Annual Control Report (ACR): Document prepared by a Member State's audit authority and submitted to the Commission as part of that country's annual assurance package.
Annual Management and Performance Report (AMPR): Report produced every year by the Commission on its management of the EU budget and the results achieved, summarising the information in the annual activity reports of its Directorates-General and executive agencies.
Assurance package: The “assurance package” to be submitted by Member States' authorities by 15.02 (or 01.03 in exceptional cases agreed by the Commission) each year includes: the accounts drawn up by the certifying authority, the management declaration and the annual summary of final audit reports and controls carried out drawn up by the managing authority, the annual audit opinion and control report issued by the audit authority.
Audit Authority: An independent national entity responsible for auditing the systems and operations of an EU spending programme.
Certifying Authority: A body designated by a Member State to certify the accuracy and conformity of statements of expenditure and requests for payment.
Closure: The financial settlement of an EU programme or fund, through payment of the balance due to, or the recovery of funds from, a Member State or other beneficiary country.
Cohesion policy: The EU policy which aims to reduce economic and social disparities between regions and member states by promoting job creation, business competitiveness, economic growth, sustainable development, and cross-border and interregional cooperation.
Common Provisions Regulation (CPR): The regulation setting out the rules that apply to all five of the European Structural and Investment Funds.
Compliance audit: Audit to confirm that an activity adheres to the applicable rules and regulations and the terms of any contracts or agreements.
Contradictory procedure: Procedure in which the Commission discusses the results of its control checks with the body or department checked to ensure they are well founded.
Desk review: Document based review of the information provided in the assurance packages.
Discharge: An annual decision taken by the European Parliament giving the Commission final approval for the way a budget has been implemented.
Error: The result of an incorrect calculation or an irregularity arising from non-compliance with legal and contractual requirements.
Estimated level of error:A statistical estimate of the level of error affecting a population, based on testing of a representative sample of operations.
European Structural and Investment Funds (ESIF): The five main EU funds which together support economic development across the EU: the European Regional Development Fund, the European Social Fund, the Cohesion Fund, the European Agricultural Fund for Rural Development, and the European Maritime and Fisheries Fund.
Internationally accepted audit standards: A set of professional standards laying down the responsibilities of auditors, issued by various standard-setting bodies.
Irregularity: An infringement of EU (or relevant national) rules or contractual obligations.
Managing Authority: The national, regional or local authority (public or private) designated by a Member State to manage an EU-funded programme.
Operational Programme (OP): An OP sets out a Member State’s priorities and specific objectives and describes how funding (EU and national public and private co-financing) will be used during a given period (generally seven years) to finance operations. OP funding may come from the ERDF, CF and/or ESF.
Quantifiable error: In reporting the results of transaction testing, a classification used by the ECA when the amount of a transaction affected by error can be measured.
Random error: The errors which are not considered as systemic, known or anomalous are classified as random errors. This concept presumes the probability that random errors found in the audited sample are also present in the non audited population.
Regularity: The extent to which a transaction or activity complies with the applicable rules and regulations and any contractual obligations.
Representative error rate: A statistical estimate of the error affecting a population, based on testing of a representative sample of transactions drawn from that population.
Reservation: Weakness flagged by a Director-General in the declaration of assurance they provide in an annual activity report.
Residual total error rate (RTER): The proportion of a population that is not deemed regular after taking into account the effect of all control procedures, recoveries and corrections.
Risk at payment: The estimated overall risk &quot;at payment&quot; is the Commission's best, conservative estimation of the expenditure authorised during the year in breach of applicable regulatory and contractual provisions at the time the payment is made, in value terms.
Shared management: A method of spending the EU budget in which, in contrast to direct management, the Commission delegates to the Member State while retaining ultimate responsibility.
Systemic error: Systemic errors are errors found in the sample audited; and have an impact in the non-audited population; and occur in well-defined and similar circumstances. Such errors generally have a common feature, e.g. type of operation, location or period. They are in general associated with ineffective control procedures within (part of) the management and control systems.
Total error rate (TER): The total error rate corresponds to the sum of the following errors: projected random errors (including errors established in the exhaustive strata), delimited systemic errors and uncorrected anomalous errors.
Replies of the Commission
The ECA’s special reports set out the results of its audits of EU policies and programmes, or of management-related topics from specific budgetary areas. The ECA selects and designs these audit tasks to be of maximum impact by considering the risks to performance or compliance, the level of income or spending involved, forthcoming developments and political and public interest.
This performance audit was carried out by Audit Chamber V Financing and administration of the EU, headed by ECA Member Tony Murphy. The audit was led by ECA Member Tony Murphy, supported by Wolfgang Stolz, Head of Private Office and Brian Murphy, Private Office Attaché; Juan IgnaciGonzalez Bastero, Principal Manager; Susanna Rafalzik, Head of Task; Anna Despotopoulou, Deputy Head of Task; Johan Adriaan Lok, Jiří Beneš, Marcel Bode, Peter Borsos, Maria Pia Brizzi, Kevin Deceuninck, Przemyslaw Dowgialo, Sandra Dreimane, Andrea Ferraris, Laure Gatter, Jorge Guevara Lopez, Martina Jurjevic, Agnieszka Kondzielska, Nikolaos Kylonis, Borja Martin Simon, Dana Christina Mohamed, Rene Reiterer, Orsolya Szarka, Peggy Vercauteren, and Dilyanka Zhelezarova, Auditors. James Verity provided linguistic support.
Back row from left to right: Brian Murphy, Wolfgang Stolz, Johan Adriaan Lok, Juan IgnaciGonzález Bastero, Nikolaos Kylonis
Front row from left to right: Niamh Mahon, Susanna Rafalzik, Tony Murphy, Anna Despotopoulou, Peter Borsos
 Systemic errors are found in the sample audited; and have an impact in the non-audited population; and occur in well-defined and similar circumstances (guidance EGESIF_15-0002-04, p. 39).
 As set out in Annex IV of the 2019 AARs.
 This part of the AMPR is the Commission’s report required by Article 318 of the Treaty on the Functioning of the European Union.
 Article 247(1)(b) of the Financial Regulation: The annual management and performance report providing for a clear and concise summary of the internal control and financial management achievements referred to in the annual activity reports of each authorising officer by delegation and including information on key governance arrangements in the Commission as well as:
(i) an estimation of the level of error in Union expenditure based on a consistent methodology and an estimate of future corrections;
(ii) information on the preventive and corrective actions covering the budget, which shall present the financial impact of the actions taken to protect the budget from expenditure in breach of law;
(iii) information on the implementation of the Commission’s anti-fraud strategy.
EUROPEAN COURT OF AUDITORS
12, rue Alcide De Gasperi
More information on the European Union is available on the internet (http://europa.eu).
Luxembourg: Publications Office of the European Union, 2021
|ISBN 978-92-847-7088-5||ISSN 1977-5679||doi:10.2865/496206||QJ-AB-21-026-EN-N|
|HTML||ISBN 978-92-847-7114-1||ISSN 1977-5679||doi:10.2865/502587||QJ-AB-21-026-EN-Q|
© European Union, 2021.
The reuse policy of the European Court of Auditors (ECA) is implemented by Decision of the European Court of Auditors No 6-2019 on the open data policy and the reuse of documents.
Unless otherwise indicated (e.g. in individual copyright notices), the ECA’s content owned by the EU is licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) licence. This means that reuse is allowed, provided appropriate credit is given and changes are indicated. The reuser must not distort the original meaning or message of the documents. The ECA shall not be liable for any consequences of reuse.
You are required to clear additional rights if a specific content depicts identifiable private individuals, e.g. in pictures of the ECA’s staff or includes third-party works. Where permission is obtained, such permission shall cancel and replace the above-mentioned general permission and shall clearly indicate any restrictions on use.
To use or reproduce content that is not owned by the EU, you may need to seek permission directly from the copyright holders.
Software or documents covered by industrial property rights, such as patents, trade marks, registered designs, logos and names, are excluded from the ECA’s reuse policy and are not licensed to you.
The European Union’s family of institutional Web Sites, within the europa.eu domain, provides links to third-party sites. Since the ECA has no control over them, you are encouraged to review their privacy and copyright policies.
Use of European Court of Auditors’ logo
The European Court of Auditors logo must not be used without the European Court of Auditors’ prior consent.
GETTING IN TOUCH WITH THE EU
All over the European Union there are hundreds of Europe Direct Information Centres. You can find the address of the centre nearest you at: https://europa.eu/european-union/contact_en
On the phone or by e-mail
Europe Direct is a service that your questions about the European Union. You can contact this service
- by freephone: 00 800 6 7 8 9 10 11 (certain operators may charge for these calls),
- at the following standard number: +32 22999696 or
- by electronic mail via: https://europa.eu/european-union/contact_en
FINDING INFORMATION ABOUT THE EU
Information about the European Union in all the official languages of the EU is available on the Europa website at: https://europa.eu/european-union/index_en
You can download or order free and priced EU publications at: https://op.europa.eu/en/web/general-publications/publications. Multiple copies of free publications may be obtained by contacting Europe Direct or your local information centre (see https://europa.eu/european-union/contact_en)
EU law and related documents
For access to legal information from the EU, including all EU law since 1951 in all the official language versions, go to EUR-Lex at: http://eur-lex.europa.eu/homepage.html?locale=en
Open data from the EU
The EU Open Data Portal (https://data.europa.eu/euodp/en/home) provides access to datasets from the EU. Data can be downloaded and reused for free, both for commercial and non-commercial purposes.