Eligibility and control requirements in European Territorial Cooperation programmesCopenhagen 6-7 November 2008

INTERACT POINT VIBORG

Purpose of first level control

Functions of control:

• European Commission specifically highlights:

- Effectiveness and efficiency of operations- Reliability of financial reporting- Compliance with applicable laws and regulations- Prevention and detection of fraud

Sound financial management principles

What is sound financial management?

The principle of economy: Resources used by the institution for the pursuit of its activities shall be made available in due time, in appropriate quantity and quality and at the best price.

The principle of efficiency: The best relationship between resources employed and results achieved.

The principle of effectiveness: Attaining the specific objectives set and achieving the intended results.

(1605/2002 §27.2)

First level control criticisms

• Not thorough enough - too many errors getting through• Not wide enough - some issues not checked• Not documented enough - auditors and programme authorities only see a short declaration• Not good enough - too many projects have to repay funds because problems have not been detected• Acceptable error rate after first level control is 2%• European Court of Auditors estimates 16% error rate after second level control• You need to prove you are not part of this problem

Control in INTERREG III programmes

FLC: Who can really reduce the error rate?

Suggested relative responsibilities and workloads

Project partner MA

and/or JTS

Project partner controllers

CA

Lead Beneficiary

Actions here are to reduce the error rate. Later audit focuses primarily on

estimating undetected error rate

AA

First Level Control in the new regulations

First Level Control in the regulations

§16 EC 1080/2006

“In order to validate the expenditure, each Member State shall set up a control system making it possible to verify the delivery of the products and services co-financed, the soundness of the expenditure declared for operations or parts of operations implemented on its territory, and the compliance of such expenditure and of related operations, or parts of those operations, with Community rules and its national rules.”

First Level Control in the regulations

§13 EC 1828/2006

“The verifications…shall cover administrative, financial, technical and physical aspects of operations, as appropriate.’’

= Everything

First Level Control in the regulations

§13 EC 1828/2006

“Verifications shall ensure that the expenditure declared is real, that the products or services have been delivered in accordance with the approval decision, that the applications for reimbursement by the beneficiary are correct and that the operations and expenditure comply with Community and national rules.’’

First Level Control in the regulations

§13 EC 1828/2006

“They shall include procedures to avoid double financing of expenditure with other Community or national schemes and with other programming periods.’’

First Level Control in the regulations

§13 EC 1828/2006

“Verifications shall include the following procedures:

(a) Administrative verifications in respect of each application for reimbursement by beneficiaries:

(b) On-the-spot verifications of individual operations’’

First Level Control in the regulations

1080/2006 §16

“(…) each MS shall designate the controllers responsible for verifying the legality and regularity of the expenditure declared by each beneficiary participating in the operation.

Each MS shall ensure that the expenditure can be validated by the controllers within a period of 3 months”

The regulations in reality:

The guidance document on management verifications

Major elements of first level control

Four stages of first level control

Securing the control

frameworkConfirming the

control framework

Implementing and documenting

control

Reviewing and confirming

control

Securing the control framework

Designation of controllers

• Different methods from controller approval to setting up special control units• All represent a Member State guarantee of the quality of the controllers in use• Can ensure controllers are aware of requirements and able to implement them• Creates a smaller group of named controllers – which can be monitored and trained• Strengthens controller independence from projects• Also implies that designation can be withdrawn

Auditors and control

3. Auditors used for first level control

• All parties need absolute clarity on the scope of the work carried out (it will not normally cover ‘full’ first level control)• Guidance still needed from MS / MA on scope of the work and the report / certificate• IFAC International Standard on Related Services (ISRS) 4400 – ‘Engagements to Perform Agreed-upon Procedures Regarding Financial Information’ provides guidance for agreeing on:- Nature and purpose of the engagement- Identification of financial information used in procedures- Nature, timing and extent of the procedures- Anticipated form of the report

Auditors and control

3. Auditors used for first level control – Summary options

• Agree with auditors a more limited assignment and adjust other programme bodies to fill the gaps• Auditors carrying out full control need training on Territorial Cooperation specifics• Programme must monitor performance to ensure that these aspects are being properly implemented

Securing the control framework

Quality control

• At designation stage• Through providing guidelines, manuals and written rules on key issues• During control through:- Managing and Certifying Authority reviews of control work- Audit of project sample and feedback of results to other programme authorities- Collection and monitoring of control reports and checklists- Ability of projects to avoid repetition of the same errors (Good idea of Sweden to do 100% on first check)

Purpose of first level control

Uniform standards in control

• Set by nationally approved manuals, checklists and report formats• Under-pinned by ‘clear and unambiguous’ eligibility rules and requirements for the audit trail• First level control should be a process of performing agreed checks against agreed standards• As far as possible, first level control should not require an interpretation of rules and regulations• Subsequent quality checks should follow the same procedures- offering confirmation of the agreed standards

Ex-ante checks

1. Ex-ante / Pre-contracting checks

• Particular need to inform beneficiaries about:

- Specific conditions concerning the products or services to be delivered under the operation (e.g. programme eligibility rules, audit trail requirements)

- The financing plan

- The time-limit for execution

- The financial and other information to be kept and communicated (1828/2006 §13.1)• ‘The MA must satisfy itself that the beneficiary has the capacity to fulfill these conditions before the approval decision is taken.’

Ex-ante checks

1. Beneficiary capacity checks

• Assessment of the financial standing of the beneficiary• Qualifications and experience of staff• Administrative and operational structure

• What can be based on declarations (e.g. existence of adequate book-keeping system, separation of project transactions, filing system, document retention etc.)?• What can be confirmed during appointment of controller / first interim control?• Role of e.g. Lead Partner seminars in developing capacity

Control at beneficiary level

2. Lead Beneficiary basics

• All beneficiaries are responsible (and liable) for their own expenditure• Control is carried out at beneficiary level (including Lead Beneficiary) by the controllers designated in each beneficiary’s country – Because they will understand the documents, know the national rules and be able to easily go on-the-spot• Lead Beneficiary controller does not control the expenditure of beneficiaries in other countries – Because this did not work very well in the past

MA / JTS

Certifying Authority

CommissionLead Benficiary /

Controller

Benficiaries

B1 B2 LB

Beneficiary controllers

31 December

Programme certificationProject certification

Basic Lead Beneficiary control structure

Control at beneficiary level

Control at beneficiary level

2. Variations in systems

• 20% countries – under the responsibility of the Lead Beneficiary to make sure arrangements are in place• 10% beneficiaries’ expenditure must be confirmed by MS controller, Norway or Iceland (after document submission to responsible beneficiary)- May mean that one controller checks multiple beneficiaries. Standards and requirements should be uniform for all beneficiaries

Control at beneficiary level

2. Confirming the control framework

• As soon as possible controllers should- Check the set-up of beneficiary accounting and payment systems - Check that staff hours are being properly recorded- Check that a correct calculation method is in place for indirect costs- Check that beneficiaries are aware of the applicable rules (especially publicity and procurement)- Check that an adequate audit trail is being maintained • Problems here need to be tackled early to avoid serious problems later

Control at beneficiary level

2. First level control fundamentals

• Should always be carried out before expenditure is declared to the next level• Must be completed before CA includes expenditure in a claim to the Commission• Consist of an administrative / desk-based and an on-the-spot element• Certification of 100% correctness but checking 100% of items of expenditure, though desirable, may not be practical• Sampling method and risk factors used (e.g. value of items, type of beneficiary, past experience) need to be documented

Control at beneficiary level

Note that first level control includes

• ERDF and national co-financing (in whatever form)• Control should check that co-financing has been made available• And is eligible - All rules applying to ERDF apply to co-financing as well• Control should also include checks that payments have been made by Lead Beneficiary to beneficiaries on time and in full

The administrative check – Commission proposal

2. The administrative check - Commission

• Examination of claim + invoices + delivery notes + bank statements + progress reports + timesheets• Recommended to include as minimum a list and description of invoices + list of contracts awarded (allows early correction of common procurement problems)• Exact requirements will depend on the nature of the on-the-spot checks

The administrative check – Commission proposal

2. Administrative checks should cover:

• The correctness of the application for reimbursement • That expenditure relates to the eligible period • That the expenditure relates to an approved operation• Compliance with programme conditions including, where applicable, compliance with the approved financing rate • Compliance with national and Community eligibility rules• Adequacy of supporting documents and of the existence of an adequate audit trail• Compliance with State aid rules, environmental rules and equal opportunity and non discrimination requirements• Compliance with EC and national public procurement rules• The respect of EC and national rules on publicity

The on-the-spot check – Commission proposal

2. On-the-spot checks should cover:

• The reality of the operation• Delivery of products and services in full compliance with the approved application• Physical progress• Compliance with Community and national rules on publicity and procurement rules• Accuracy of all information provided by beneficiary regarding physical and financial implementation of the operation

Beneficiary control – Commission proposal

2. Link between administrative and on-the-spot checks• Procedures should ideally allow all documentary verifications to be carried out at desk so on-the-spot can focus on other issues• Minimum supporting documentation at desk check- List of items of expenditure, totalled and showing expenditure amount- References of the related invoices- Date of payment and payment reference number• Preferably copies of invoices + proof of payment for all items• Acceptance this may be unrealistic + depends on nature of on-the-spot checks + IT systems may allow electronic data

On-the-spot checks

Timing of on-the-spot checks

• At or near project start-up if capacity checking is not complete• Then when project is well-advanced (physically + financially)• Generally not after the end of a project (when it is too late to take corrective action)• In large projects, possibly more than once• Where projects include purchase of assets and/ or revenue generation after the project, possibly after closure to ensure continuing compliance• Where projects produce little lasting evidence (e.g. training courses) during implementation to ensure reality of deliverables

On-the-spot checks

Organising on-the-spot checks

• Generally planned and notified in advance to ensure that the necessary staff and documents are available• In cases where verification is impossible after an activity has finished (e.g. training courses) may be appropriate to conduct checks without prior notice• Where different staff are responsible for administrative and on-the-spot checks, good feedback loop needed• Different staff can be a good idea – to ensure that on-the-spot is also a quality check of administrative controls

On-the-spot checks – key questions

How much on-the-spot? What methodology for sample selection?

• A risk based sample is possible (1828/2006 §13.3) based on operational risks (size of operation, past irregularities, unusual transactions) + possible random sample• Size of reasonable sample determined by Managing Authority (?) based on assurance level provided by administrative checks (or at least coordinated between all national authorities)• Should include all beneficiaries, not just Lead Beneficiaries – potentially any beneficiary (control descriptions say ‘each project’ will be visited – meaning?)• Controllers should keep record of the sampling method and the operations selected• If problems are detected, size of sample should be increased until risk has been eliminated

Possible risk factors for on-the-spot checks

Risk factors for on-the-spot

• Complexity of the project and/or large number of beneficiaries• Size of operation• Inexperienced Lead Beneficiary / beneficiaries• Signs of bad financial planning (frequent budget changes, slow spending etc.)• Negative findings from earlier control work• Unusually positive findings from earlier control work• Unusual transactions spotted during monitoring• Partner experience with other EU programmes• Significant differences between national eligibility rules (especially in cross-border programmes)• Private partners and academic institutions…etc

Lead Beneficiary control

The Lead Beneficiary in first level control• Formal Lead Beneficiary responsibility is to ensure that satisfactory certified statements of expenditure have been received from each partner and certification has been carried out by the designated body• Lead Beneficiary shall also ensure‘…that the expenditure presented by the beneficiaries participating in the operation has been incurred for the purpose of implementing

the operation and corresponds to the activities agreed between those beneficiaries…’ (1080/2006 §20.1 (c))

• In some programmes Lead Beneficiary controllers will be expected to play a role in this by providing a consolidated project claim • But often Lead Beneficiary control is no different to checking other beneficiaries

Control – Step 3

Make sure Lead Beneficiaries are checking expenditure against approved activities

• Beneficiaries provide activity report (preferably by work package) + list and description of invoices• Should allow Lead Beneficiaries to confirm that all spending relates to providing relevant deliverables• Partnership agreements may also contain more detailed financial breakdowns that can be used here• Lead Beneficiary expenditure should of course be checked against the same criterion• Lead Beneficiary certification can confirm process, correct submission of beneficiary control documents and correct totalling of the claim

Documenting control

3. Documenting control

• Work performed + name + position + date• Date of any on-the-spot• Results of all checks• Full description of all irregularities, identification of the EC or national rule broken + corrective measures taken• Also applies to irregularities that do not need to be reported to the Commission• Completed checklist• Make sure you know what you are expected to keep and what you should send in (copy or original)

Documenting control

3. Use of the control audit trail• To demonstrate that problems are being detected and corrected• To ensure that programme authorities etc agree with interpretations• To provide an overview of the type of errors for future training etc. • Available to Member States, MA + CA to demonstrate adequate scope of control• To avoid unnecessary duplication when planning later control work• As a demonstration of controller quality + thoroughness• To demonstrate to e.g. Commission auditors the nature and extent of programme controls

Some comments on the Commission proposal and the programme response to them

Ex-ante checks

• Note that many capacity check proposals are quite basic and cannot replace beneficiary system checks at an early stage of the project• In Territorial Cooperation programmes, rules may be set by the programme rather than the Member States – always check with the programme on its inputs• Remember that the terms of the contract and particularly the approved activities and budgets are likely to change over time – make sure you are working with the latest approved versions

Administrative and on-the-spot checks

• The Commission proposal suggests desk-based administrative checks but in many cases administrative checks are also carried out at least in part on-the-spot• Checklists may therefore need to combine elements of the administrative and on-the-spot task lists• Make sure, however, that all tasks are covered and be aware that e.g. checking compliance with environmental rules goes considerably beyond normal audit practice

Control is more than controllers• Most parts of the regulations written for national programmes with a Managing Authority working according to national (and Community) procedures and rules and carrying out first level control itself• For European Territorial Cooperation, responsibility for control is designated to the Member States• But ultimate responsibility for the sound financial management of the programme rests with the Managing Authority• Which also in Territorial Cooperation sets up a Joint Technical Secretariat to assist it in its task

This adds extra players to the basic picture and raises additional questions

The interlink between controllers and other programme authorities

The Managing Authority supervises the work of nationally designated controllers

• ‘It cannot delegate the overall responsibility for ensuring that [control is] properly carried out’ (Good Practice Paper)• It must assess the quality of the work being carried out• Supervisory role fulfilled through:

- Obtaining and reviewing control reports- Reviewing audit findings on first level control work- Performing quality checks on control work (including review of original control documents)

MA supervisory role

Managing Authority supervision of controllers

• Can be expected to be strong because of European Court of Auditors criticism of past Managing Authority work:- Too passive - Insufficient management verification and quality check - Insufficient on-the-spot checks of reality of expenditure- Failure to check whether claims for payment were supported by appropriate evidence• MAs cannot afford significant negative findings on first level control in programme systems audits• MA must identify and manage programme risks – also at the control level

MA supervisory role

Control by programme authorities

The role of JTS and/or MA activity checks

• Some control issues are also included in programme activity report checks. For example:- Compliance of activities with the programme decision- Relevance of activities to programme objectives- Compliance with Community publicity rules• These activities need to be considered in the wider control context – Do they duplicate, supplement or replace other controls?• Vital to ensure that no checks are forgotten because it is assumed they will be taken care of at another level

The Audit Authority

Programme audit

• Controllers are now an integrated part of programme systems – and will be included in systems audits• Control will probably be the most checked part of programme systems• Weak control may lead to exclusion of controllers and more programme audit• Project audit sample size probably increases from 5% (10% minimum?)• Bad project audit = Evidence of bad control = Requirement of for MS and/or MA action• Expect Commission auditors to also be more active