FICHE NO 17 C MANAGEMENT AND CONTROL SYSTEMS IMPLEMENTING ACT VERSION 1 26/09/2013. Version

Transcription

1 FICHE NO 17 C MANAGEMENT AND CONTROL SYSTEMS IMPLEMENTING ACT VERSION 1 26/09/2013 Regulation Common Provisions Regulation (CPR) Article Article 113bis (7) on model for system description, audit report and audit opinion on the system description This document is provisional, without prejudice to the on-going negotiations in the Trilogues between the European Parliament and the Council (in line with the principle that "nothing is agreed until everything is agreed"). This document is a draft that shall be adjusted following the expert meeting. It does not prejudge the final nature of the basic act, nor the content of any delegated or implementing act that may be prepared by the Commission. 1/15

2 1. EMPOWERMENT Article 113bis (7) of the CPR sets out that: The Commission shall adopt, by means of implementing act, in accordance with the examination procedure referred to in Article 143(3), uniform conditions on the model for the report and opinion of the independent audit body and the description of the functions and procedures in place for the managing authority and, where appropriate, the certifying authority. This document is based on the most recent compromise text, and is a provisional text, without prejudice to the on-going negotiations (in line with the principle that "nothing is agreed until everything is agreed"). 2. MAIN OBJECTIVES AND SCOPE The implementing act sets out the models for the description of the functions and procedures in place for the managing authority and, where appropriate, the certifying authority, the report and the audit opinion thereon in view of the designation process carried out by the Member State. 3. MAIN ELEMENTS Description of the functions and procedures in place for the managing authority and, where appropriate, the certifying authority Description of the functions and procedure in place Article 62 of the CPR contains the general principles of management and control systems Management and control systems shall, in accordance with art. 4(8), provide for: (a) a description of the functions of each body concerned in management and control, and the allocation of functions within each body; (b) compliance with the principle of separation of functions between and within such bodies; (c) procedures for ensuring the correctness and regularity of expenditure declared; (d) computerised systems for accounting, for the storage and transmission of financial data and data on indicators, for monitoring and for reporting; (e) systems for reporting and monitoring where the responsible body entrusts execution of tasks to another body; (f) arrangements for auditing the functioning of the management and control systems; (g) systems and procedures to ensure an adequate audit trail; (h) the prevention, detection and correction of irregularities, including fraud, and the recovery of amounts unduly paid, together with any interest on late payments. 2/15

3 Annex XX (Political Agreement Coreper of 26/06/2013) of the CPR contains the designation criteria for the managing and certifying authority: 1. Internal control environment (i) Existence of an organisational structure covering the functions of managing and certifying authorities and the allocation of functions within each of them, ensuring that the principle of separation of functions, where appropriate, is respected. (ii) Framework for ensuring, in case of delegation of tasks to intermediate bodies, the definition of their respective responsibilities and obligations, verification of their capacities to carry out delegated tasks and the existence of reporting procedures. (iii) Reporting and monitoring procedures for irregularities and for the recovery of amounts unduly paid. (iv) Plan for allocation of appropriate human resources with necessary technical skills, at different levels and for different functions in the organisation. 2. Risk management Taking into account the principle of proportionality, a framework for ensuring that an appropriate risk management exercise is conducted when necessary, and in particular, in the event of major modifications to the activities. 3. Management and Control activities A. Managing authority (i) Procedures regarding grant applications, appraisal of applications, selection for funding, including instructions and guidance ensuring the contribution of operations to achieving the specific objectives and results of the relevant priority axes in accordance with the provisions of Article 114(3)(a)(i). (ii) Procedures for management verifications including administrative verifications in respect of each application for reimbursement by beneficiaries and the on-the-spot verifications of operations. (iii) Procedures for treatment of applications for reimbursement by beneficiaries and authorisation of payments. (iv) Procedures for a system to collect, record and store in computerised form data on each operation, including, where appropriate, data on individual participants and a breakdown of data on indicators by gender when required, and to ensure that systems security is in line with internationally accepted standards. (v) Procedures established by the managing authority to ensure that beneficiaries maintain either a separate accounting system or an adequate accounting code for all transactions relating to an operation. (vi) Procedures for putting in place effective and proportionate anti-fraud measures. (vii) Procedures to ensure an adequate audit trail and archiving system. (viii) Procedures to draw up the management declaration of assurance, report on the controls carried out and weaknesses identified, and the annual summary of final audits and controls. 3/15

4 (ix) Procedures to ensure the provision to the beneficiary of a document setting out the conditions for support for each operation. B. Certifying authority (i) Procedures for certifying interim payment applications to the Commission. (ii) Procedures for drawing up the accounts and certifying that they are true, complete and accurate and that the expenditure complies with [applicable Union and national rules] taking into account the results of all audits. (iii) Procedures for ensuring an adequate audit trail by maintaining accounting records including amounts recoverable, recovered and withdrawn for each operation in computerised form. (iv) Procedures, where appropriate, to ensure that it receives adequate information from the managing authority on the verifications carried out, and the results of the audits carried out by or under the responsibility of the audit authority. 4. Monitoring A. Managing authority (i) Procedures to support the work of the monitoring committee. (ii) Procedures to draw up and submit to the Commission annual and final implementation reports. B. Certifying authority (i) Procedures on the fulfilment of its responsibilities for monitoring the results of the management verifications and the results of the audits carried out by or under the responsibility of the audit authority before submitting payment applications to the Commission. Report and opinion of the independent audit body Article 113bis (2) of the CPR requires that the designations of the managing authority and, where appropriate, of the certifying authority "shall be based on a report and an opinion of an independent audit body that assesses the compliance of the authorities with the criteria relating to the internal control environment, risk management, control activities, and monitoring set out in Annex XX. The independent audit body shall be the audit authority, or another public or private law body with the necessary audit capacity, which is independent of the managing authority and, where applicable, of the certifying authority, and which shall carry out its work taking account of internationally accepted audit standards. Where the independent audit body concludes that the part of the management and control system, concerning the managing authority or the certifying authority, is essentially the same as for the previous programming period, and that there is evidence, on the basis of audit work done in accordance with the relevant provisions of Council Regulation (EC) No 1083/2006, of their effective functioning during that period, it may conclude that the relevant criteria are fulfilled without carrying out additional audit work." 4/15

5 4. MAIN CHANGES COMPARED TO THE PERIOD Description of the functions and procedures in place for the managing authority and, where appropriate, the certifying authority, opinion and report of the independent audit body These 3 documents were already foreseen for the period Main changes compared to the period concern the procedure (role of the Commission) and the authorities covered by the description and the designation process: - These documents support the formal designation of the managing authority and where applicable of the certifying authority as well as the description of their functions, while the audit authority was also covered for the period There is no systematic transmission of these documents to the European Commission. For programmes above a threshold (EUR 250 million) the transmission is done upon request from the European Commission or on a voluntary basis at the initiative of the Member State if there are significant changes in the functions / management and control system compared to the previous period, in accordance with the provisions of Articles 113bis(3) and 113bis(4). 5. ANNEXES Annex 1 Model for description of the functions and procedures in place for the managing authority and, where appropriate, the certifying authority Annex 2 Model for the opinion and report of the independent audit body on the designation of the managing authority and, where appropriate, the certifying authority 5/15

6 Annex 1 Model for description of the functions and procedures in place for the managing authority and, where appropriate, the certifying authority 1. GENERAL 1.1. Information submitted by: [Name of the] Member State: Title of the programme and CCI No: (all operational programmes covered by the managing authority/certifying authority) Name of main contact point, including (coordinating body responsible for the description) 1.2. The information provided describes the situation on: (dd/mm/yy) 1.3. System structure (general information and flowchart showing the organisational relationship between the authorities/bodies involved in the management and control system) Managing authority (Name, address and contact point in the managing authority) Indication whether the managing authority is also designated as certifying authority, in accordance with Article 113(3) CPR Certifying authority (Name, address and contact point in the certifying authority) Intermediate bodies (Name, address and contact points in the intermediate bodies) When Article 113(5) applies, indicate how the principle of separation of functions between the audit and the managing/certifying authorities is ensured. 2. MANAGING AUTHORITY 2.1. Managing authority and its main functions The status of the managing authority (national, regional or local public body or private body) and the body in which it is located (in cases where the managing authority and the certifying authority are both designated in the same body (Article 113(3) of the CPR), the managing authority shall be a public authority or body) Specification of the functions and tasks carried out directly by the managing authority Where the managing authority carries out in addition the functions of the certifying authority, description of how separation of functions is ensured Functions formally delegated by the managing authority, identification of the intermediate bodies and form of delegation (underlying that the managing authorities maintains the full responsibility for the delegates functions), under Article 113(6) and (7) of the CPR. The procedures concerning this delegation are described in section 2.2 below Description of the procedures for ensuring an effective and proportionate anti-fraud measures taking account of the risks identified, including reference to the risk assessment carried out (Article 114(4)(c) of the CPR). 6/15

7 2.2. Organisation and procedures of the managing authority Organisation chart and specifications of the functions of the units (including plan for allocation of appropriate human resources with necessary technical skills). This information should also cover the intermediate bodies to which some tasks have been delegated) Framework to ensuring that an appropriate risk management exercise is conducted when necessary, and in particular in the event of major modifications to the activities Description of the following procedures (that should be provided in writing to the staff of the managing authority and intermediate bodies; date and reference): Procedures to support the work of the monitoring committee Procedures for appraising, selecting and approving operations and for ensuring their compliance, for their whole implementation period, with applicable rules (Article 114(3) of the CPR), including instructions and guidance ensuring the contribution of operations to achieving the specific objectives and results of the relevant priority axes in accordance with the provisions of Article 114(3)(a)(i) and procedures to ensure that operations are not selected where they have been physically completed or fully implemented before the application for funding by the beneficiary (including the procedures used by the intermediate bodies where the appraisal, selection and approval of operations have been delegated, and the procedures to supervise the effectiveness of the delegated tasks) Procedures to ensure the provision to the beneficiary of a document setting out the conditions for support for each operation, including procedures to ensure that beneficiaries maintain either a separate accounting system or an adequate accounting code for all transactions relating to an operation Procedures for the verifications of operations (Article 114(4) to (7) of the CPR) and identification of the authorities or bodies carrying out such verifications. These verifications concern administrative verifications in respect of each application for reimbursement by beneficiaries and on-the-spot verifications on samples of operations 1. Where the management verifications have been delegated to intermediate bodies, the description includes the procedures applied by the intermediate bodies for those verifications and the procedures applied by the managing authority to supervise the effectiveness of the delegated tasks Description of the procedures by which applications for reimbursement are received from beneficiaries, verified, and validated, and by which payments to beneficiaries are authorised, executed and accounted for, in line with obligations for e-cohesion as from 2016, including flowchart indicating all bodies involved (including the procedures used by the intermediate bodies where processing of applications for reimbursement has been delegated, and the procedures to supervise the effectiveness of the delegated tasks), in view of respecting the deadline of [90] days for payments to beneficiaries under Article 122 of the CPR Identification of the authorities or bodies carrying out each step in the processing of the application for reimbursement. 1 The frequency and coverage of which shall be proportionate to the amount of public support to an operation and to the level of risk identified by these verifications and audits by the audit authority for the management and control system as a whole. 7/15

8 Description of how information will be transmitted to the certifying authority by the managing authority, where appropriate, including the information on the follow-up of deficiencies or irregularities detected in the context of management verifications, audits and controls by Union or national bodies Description of how information will be transmitted to the audit authority by the managing authority, where appropriate, including the information on the follow-up of deficiencies or irregularities detected in the context of audits and controls by Union or national bodies Reference to national eligibility rules laid down by the Member State and applicable to the operational programme Procedures to draw up and submit to the Commission annual and final implementation reports, including the procedures for collecting and reporting reliable data on performance indicators Procedures for drawing up the management declaration Procedures for drawing up the annual summary of the final audit reports and of controls carried out, including an analysis of the nature and extent of errors and weaknesses identified in systems, as well as corrective action taken or planned Procedures for ensuring the compliance of operations with the general principles and compliance with Union policies, such as the ones related with partnership and multi-level governance, promotion of equality between men and women, non-discrimination, sustainable development, public procurement, State aid and Environment rules Procedures for ensuring that the actions related with the compliance of ex-ante conditionalities with implications for the implementation of the programme(s) are followed-up Procedures concerning the communication to staff of the above procedures, as well of indication of training organised / foreseen and any guidance issued on the applicable rules (date and reference) Audit Trail Procedures to ensure an adequate audit trail and archiving system, including with respect to the security of data, taking account of e-cohesion, in accordance with national rules on the certification of conformity of documents Instructions given on retention of supporting documents by beneficiaries/intermediate bodies/managing authority (date and reference) Indication of the retention period Format in which the documents are to be held 2.6. Irregularities and recoveries Instructions issued on reporting and correction of irregularities and recording of debt and recoveries of undue payments (date and reference) Description of the procedure (including flowchart) to comply with the obligation to notify irregularities to the Commission in accordance with Article 112(2) of the CPR. 8/15

9 3. CERTIFYING AUTHORITY 3.1. Certifying authority and its main functions Specification of the functions carried out by the certifying authority Where the managing authority carries out in addition the functions of the certifying authority, description of how separation of functions is ensured (see 2.1.2) Functions formally delegated by the certifying authority (functions, intermediate bodies, form of delegation). Reference to relevant documents (legal acts with empowerments, agreements) Organisation of the certifying authority Organisation chart and specification of the functions of the units (including plan for allocation of appropriate human resources with necessary technical skills). This information should also cover the intermediate bodies to which some tasks have been delegated) Description of the procedures to be provided in writing to the staff of the certifying authority and intermediate bodies (date and reference) The status of the certifying authority (national, regional or local public body) and the body in which it is located Certification of statements of expenditure Description of the procedure by which payment applications are drawn up, certified and submitted to the Commission, including procedure to ensure sending of the final application for interim payment by 31 July following the end of the previous accounting year Description of the steps performed by the certifying authority to ensure fulfilment of requirements under Article 115 of the CPR Arrangements for access of the certifying authority to the detailed information on operations, management verifications and audits held by the managing authority, intermediate bodies and audit authority 3.4. Accounting system and accounts Description of the accounting system to be set up and used as a basis for certification of expenditure to the Commission (Article 115(d) of the CPR) Arrangements for forwarding aggregated data to the certifying authority in case of decentralised system The link between the accounting system and the information system to be set up (point 5) Identification of Structural and Investment Funds transactions in case of common system with other Funds Description of the procedures in place for drawing up the accounts referred to in article 59(5) of the Financial Regulation (Article 115(b) of the CPR) Arrangements for certifying the completeness, accuracy and veracity of the accounts and that the expenditure entered in the accounts complies with applicable Union and national rules (Article 115(c) of the CPR) and take into account the results of all audits Recoveries 9/15

10 Description of the system for ensuring the prompt recovery of public assistance, including Union assistance Procedures for ensuring an adequate audit trail by maintaining accounting records in computerised form, including amounts recovered, to be recovered or withdrawn from a payment application, for each operation, including the recoveries resulting from the application of Article 61 of the CPR on durability of operations Arrangements made to deduct amounts recovered or amounts to be withdrawn from expenditure to be declared. 4. INFORMATION SYSTEM 4.1. Description of the information systems including flowchart (central or common network system or decentralised system with links between the systems) for: collecting, recording and storing, in computerised form data on each operation necessary for monitoring, evaluation, financial management, verification and audit, including data on individual participants in operations, where applicable, as required by Article 114(2)(d) of the CPR and by Article XX of Regulation XX [future delegated act resulting from the empowerment given by Article 1148() of the CPR]; ensuring that the data referred to in the previous point is collected, entered and stored in the system, and that data on indicators is broken down by gender where required by Annex I of the ESF Regulation, as required by Article 114(2)(e) of the CPR; maintaining accounting records in a computerised form of expenditure declared to the Commission and the corresponding public contribution paid to beneficiaries, as set out in Article 115(g) of the CPR; keeping an account of amounts recoverable and of amounts withdrawn following cancellation of all or part of the contribution for an operation, as established by Article 115(h) of the CPR Indication as to whether the systems are already operational to gather reliable data on the matters above-mentioned. If not, indication of the date when they will be operational, in order to ensure compliance with the provisions referred above and with Article 112(3) of the CPR. 10/15

11 Annex 2 Model for the opinion and report of the independent audit body on the designation of the Managing Authority and, where appropriate, the Certifying Authority Annex 2A. Model opinion issued under Article 113bis(2) of the CPR on the compliance of the managing authority and the certifying authority with the designation criteria at Annex XX of the CPR To.. (Member State authority/body) INTRODUCTION I, the undersigned, representing (name of the independent audit body under Article 113bis(2) of the CPR) as the body functionally independent from the managing and certifying authorities responsible for drawing up a report and opinion setting out the results of an assessment of the compliance of the managing authority and the certifying authority with the designation criteria set out in Annex XX of the CPR for.. [name of operational programme(s), CCI code number (s) 2 ] (hereafter the programme(s)), have carried out an examination in accordance with Article 113bis(2) of the CPR. SCOPE OF THE EXAMINATION The examination was based on the description of the management and control systems received on dd/mm/yyyy from (name of body or bodies submitting the description). In addition, I have examined further information concerning (subjects) and interviewed staff of (bodies whose staff were interviewed). The examination covered the managing authority, the certifying authority and (where appropriate) the following bodies (list only where managing authority or certifying authority functions have been delegated). OPINION (Unqualified opinion) On the basis of the examination referred to above, it is my opinion that the managing authority and the certifying authority designated for the programme(s) comply with the designation criteria relating to internal control environment, risk management, management and control activities and monitoring set out in Annex XX of the CPR. Or (Qualified opinion) On the basis of the examination referred to above, it is my opinion that the managing authority and / or the certifying authority designated for the programme(s) comply with the designation criteria relating to internal control environment, risk management, management 2 Where a common system applies to two or more operational programmes a single audit report and opinion may be given by the independent audit body. 11/15

12 and control activities and monitoring set out in Annex XX of the CPR, except in the following respects 3. My reasons for considering that this/these body(ies) do(es) not comply with the designation criterion(a) and my assessment of the seriousness are as follows 4 : Or (Adverse opinion) On the basis of the examination referred to above, it is my opinion that the managing authority and / or the certifying authority designated for the programme(s) do not comply with the designation criteria relating to internal control environment, risk management, management and control activities and monitoring set out in Annex XX of the CPR. This adverse opinion is based on... 5 [The audit authority may also include emphasis of subject-matter, not affecting their opinion, as established by internationally accepted auditing standards.] Date Signature 3 Indicate the authority(ies) and the designation criteria with which they do not comply. 4 Indicate the reason(s) for the reservation(s) entered for each authority and on each aspect. 5 Indicate the reason(s) for the adverse opinion for each authority and on each aspect. 12/15

13 Annex 2B. Model audit report on the designation under Article 113bis(2) of the CPR Content of the report I. Introduction a) Identify the objective of the report i.e. to set out the results of the assessment of the compliance of the managing authority and the certifying authority with the designation criteria relating to internal control environment, risk management, management and control activities and monitoring set out in Annex XX of the CPR, in order to express an opinion on their designation; b) Identify the scope of the report i.e. the body(ies) covered, namely the managing authority and the certifying authority and their compliance with the designation criteria relating to internal control environment, risk management, management and control activities and monitoring set out in Annex XX of the CPR, with reference to the particular Funds and programmes covered; c) Indicate the body that has prepared the report ("Independent Audit body") and specify if it is the audit authority for the operational programme(s) covered; d) Indicate how the functional independence of the Independent Audit body from the managing and certifying authorities is ensured (Article 113bis(2) of the CPR). II. Methodology and scope of the work a) Indicate the period and timeframe for examination; (date when the formal systems description was received by the Independent Audit body, date when the examination started and ended and resources allocated); b) Specify the extent of the use of previous audit work ( programming period) where applicable, in accordance with Article 113bis(2) of the CPR. c) Specify a) the extent of the use of audit work carried out by other bodies and b) the quality control performed on such audit work with respect to adequacy of work. d) Describe the work done for the examination of the system description (Article 62 of the CPR); e) Describe the work done for the interviews with the staff in the main bodies; describe the method and criteria for selection, what subjects have been covered, how many interviews have taken place and who has been interviewed; f) Describe the work done for the examination of other relevant documents concerning the system; indicate any review of laws, ministerial acts, circulars, internal procedure/other manuals, guidelines and/or checklists. g) Describe the work done for the examination of the computerised systems for keeping accounting records, for the storage and transmission of financial data and data indicators, for monitoring and for financial reporting; h) Indicate if any contradictory procedures have taken place prior to issuing this report and indicate relevant authorities/bodies; Confirm that the work has been carried out taking account of internationally accepted audit standards (Article 113bis(2)) 13/15

14 i) Identify if there were any limitations on scope 6. j) Where functions have been delegated by the managing authority or the certifying authority to other bodies, describe the work done to ensure that the managing and/or certifying authority have assessed the capacities of these bodies to carry out delegated tasks and have sufficient supervisory procedures in place over these intermediate bodies. CCI Number III. Results of assessment for each authority/body /system a) For each authority/body/system complete the table: Authority/ Body (Name and Type (MA, CA) Completeness and accuracy of description (Y/N) Conclusion (Unqualified, Qualified, Adverse) Shortcomings Priority axes affected Designation criteria affected Recommendations / Corrective measures b) Provide results of the assessment of other specific areas if not fully covered under (a), including an assessment of: the procedures in place for drawing up the accounts referred to in article 59(5) of the Financial Regulation (Article 115(b) of the CPR) IV. Overall conclusion the arrangements for certifying the completeness, accuracy and veracity of the accounts and that the expenditure entered in the accounts complies with applicable Union and national rules (Article 115(c) of the CPR) the procedures in place for ensuring an effective and proportionate anti-fraud measures taking account of the risks identified. (Article 114(4)(c) of the CPR) the arrangements for drawing up the management declaration and annual summary of final audits and controls and weaknesses identified. a) Provide an overall conclusion with respect to compliance of the managing authority (and the certifying authority) with the designation criteria relating to internal control environment, risk management, management and control activities and monitoring set out in Annex XX of the CPR ; b) In case of reservation or qualification to the opinion, indicate the priority axis or axes concerned; 6 Limitation on scope A limitation on the scope of the auditor s work may sometimes be imposed by the entity (for example, when the terms of the engagement specify that the auditor will not carry out an audit procedure that the auditor believes is necessary). A scope limitation may be imposed by circumstances. It may also arise when, in the opinion of the auditor, the entity s accounting records are inadequate or when the auditor is unable to carry out an audit procedure believed desirable. [IFAC Handbook] ] 14/15

15 c) Indicate timetable for the implementation of corrective requested measures as indicated in table III.a); d) Indicate action to be taken by the independent audit body with regard to the follow-up of the implementation of the corrective measures. 15/15