Title page
Contents
1. Objectives and scope of the report 5
2. Mission of the Internal Audit Service: accountability, independence and objectivity 5
3. Overview of audit work 6
3.1. Implementation of the 2023 audit plan 6
3.2. Statistical data on Internal Audit Service recommendations 8
4. Conclusions based on the audit work performed in 2023 10
4.1. Conclusions on performance audits 10
4.1.1. Performance management 10
4.1.2. EU policy implementation 11
4.1.3. Internal control systems in relation to legality and regularity 11
4.1.4. Preparedness for and early implementation of the EU budget 13
4.1.5. Cooperation with third parties implementing policies and programmes 14
4.1.6. Information security and technology 14
4.1.7. Other processes 15
4.2. Internal Audit Service limited conclusions 16
4.3. Overall opinion on the Commission's financial management 16
5. Consultation with the Commission's financial irregularities panel 17
Accompanying the document 18
Part 1 - Final reports 24
Multi-DG and multi-entity audits 25
1.1. Audit on the management of large-scale building projects involving works (OIB, OIL) 25
1.2. Audit on design and set-up of the Digital Europe Programme (DG CNECT, HaDEA) 27
1.3. Audit on Horizon Europe governance arrangements, preparation of the work programmes and of budget planning, allocation and monitoring (DG AGRI,... 28
1.4. Audit on preparedness of the management and control systems regarding the implementation of the Citizens, Equality, Rights and Values (CERV) and... 29
1.5. Audit on preparedness for closing the 2014-2020 programming period of the European Structural and Investment Funds (DG EMPL, DG MARE, DG REGIO) 30
1.6. Audit on LIFE implementation (DG CLIMA, DG ENER, DG ENV, CINEA) 32
1.7. Audit on coordination and working arrangements with EU decentralised agencies (other than FRONTEX8) in DG HOME 33
1.8. Audit on preparedness of the management and control systems of EACEA for the implementation of the Erasmus+, Creative Europe and European... 33
1.9. Limited review on the adequacy of the cooperation and coordination mechanisms aimed to prevent, detect and respond to serious cross-border threats... 34
1.10. Audit on the implementation of the Innovation Fund (DG CLIMA, CINEA) 34
1.11. Limited review on data protection (DG ECHO, DG INTPA, DG NEAR, DG TAXUD, DG TRADE, FPI) 36
1.12. Audit on the early implementation of grants in the EU4Health Programme (DG SANTE, HaDEA, HERA) 36
1.13. Audit on intervention-level evaluations (DG INTPA, DG NEAR, FPI) 37
1.14. Audit on protection of confidentiality of information at corporate level (DG DIGIT, DG HR, SG) 39
1.15. Audit on Joint Audit Directorate for Cohesion (DAC) (DG EMPL, DG REGIO) 40
1.16. Limited review on the Commission's risk at payment (DG AGRI, DG BUDG, DG EMPL, DG INTPA, DG NEAR, DG REGIO, DG RTD, EISMEA, ERCEA,... 42
1.17. Audit on Horizon Europe - Grant management phase 1 (from publication of the calls until signature of the grant agreements) (ERCEA, HaDEA) 44
Single Market, Innovation and Digital 46
1.18. Audit on human resources management (DG COMP) 46
1.19. Audit on the preparedness of the management and control systems for the 2021-2027 Space Programme implementation (DG DEFIS) 47
1.20. Audit on ex ante controls of the Recovery and Resilience Facility payment requests (DG ECFIN) 48
1.21. Monitoring assignment on the design and implementation of the Recovery and Resilience Facility (DG ECFIN) 49
1.22. Audit on Eurostat's role in the European Statistical System (DG ESTAT) 50
1.23. Audit on European Anti-Fraud Office's effectiveness in the area of fraud prevention activities (OLAF) 50
1.24. Consulting on the construction and completion of Wing M in Karlsruhe (JRC) 51
1.25. Audit on Horizon Europe - Grant management phase 1 (from publication of the calls until signature of the grant agreements) (REA) 51
Cohesion, Resilience and Values 52
1.26. Audit on corporate communication (DG COMM) 52
1.27. Audit on measuring and reporting on the performance of technical support projects (DG REFORM) 53
1.28. Limited review on HERA's assessment of its internal control framework for the 2022 annual activity report 54
Natural Resources and Environment 55
1.29. Audit on the financial clearance of accounts (DG AGRI) 55
Migration and border management 55
1.30. Audit on the preparedness for closing actions and programmes funded under the Internal Security Fund and the Asylum, Migration and Integration... 55
Neighbourhood and the world 56
1.31. Audit on financial management of humanitarian aid under indirect management (DG ECHO) 56
Information technology 57
1.32. Limited review on the security plan and associated security measures of the EU emissions trading system (ETS) information system managed by... 57
1.33. Audit on the CASE@EC project (DG COMP) 58
1.34. Audit on the management of information technology security (DG EAC) 60
Part 2 - Follow-up engagements 62
Audits for which some recommendations remain open 63
2.1. Audit on IT security management in the human resources family (DG DIGIT, DG HR, PMO, EPSO) 63
2.2. Audit on monitoring the implementation and performance of 2014-2020 operational programmes in DG REGIO, DG EMPL and DG MARE 65
2.3. Audit on the preparation for the 2021-2027 programming period by DG REGIO, DG EMPL and DG MARE 66
2.4. Audit on interruptions, suspensions and financial corrections for the European Structural and Investment Funds 2014-2020 by DG REGIO, DG EMPL... 66
2.5. Audit on the implementation of anti-fraud actions in the research area in DG CNECT, DG RTD, CINEA, EISMEA, ERCEA, REA 67
2.6. Audit on the management of experts in Horizon 2020 grants in DG CNECT, DG RTD, EASME, CINEA and REA 68
2.7. Audit on the protection of personal data under the responsibility of REA, EACEA, EISMEA, CINEA, ERCEA, DG RTD/CIC 70
2.8. Audit on EC-EEAS coordination in DG INTPA, DG NEAR and EEAS 71
2.9. Audit on intellectual property rights supporting activities in DG DIGIT, DG COMM, DG GROW, JRC, OP 72
2.10. Audit on pillar assessment in DG BUDG and DG INTPA 72
2.11. Audit on the preparedness of DG DEFIS for the management of the European Defence Fund 73
2.12. Audit on the management and monitoring of compliance with the Commission's information technology (IT) security framework in DG DIGIT 73
2.13. Audit on public procurement in DG DIGIT 74
2.14. Audit on human resources management in DG ECFIN 74
2.15. Limited review on the Recovery and Resilience Facility control and audit strategies in the DG ECFIN 74
2.16. Audit on the control strategy for humanitarian aid actions in DG ECHO 75
2.17. Audit on the JRC's support to European Union policy and knowledge management (selection of and delivery on Commission requests) 76
2.18. Audit on TRAde Control and Expert System (TRACES) in DG SANTE 76
List of audits for which all recommendations were closed in 2023 77
Part 3 - Summary of long overdue recommendations 79