Assurance and Advice - A journey through the last 20 years and into the future

Prologue and welcome

The IAS in its second decade: still at the forefront and getting the job done!

This book allows the IAS to look back and reflect on the developments and achievements of the service over the last 10 years.

In its second decade, the IAS has grown in size, reorganised itself and taken further steps to maintain its status as a benchmark for quality in the delivery of professional internal audit services in the public sector.

These developments have allowed the IAS to be flexible and adaptable, in an ever-changing audit environment, to the increasingly complex needs of our clients, whether in the Commission or in the EU agencies and other autonomous bodies.

Looking back at the challenge set by Brian Gray in 2011 (in the first IAS History Book (¹)), I am proud that over these past 10 years the IAS has become, as Brian fully expected, an internal audit function that is highly respected by auditees, stakeholders and peers in the internal audit profession worldwide.

This second IAS history book is hopefully an interesting, reflective and reasonably easy read! It will allow all those who have worked, or are working, in the service, or those who have shared in our journey as key stakeholders or clients, to recognise our hard work and achievements.

The messages of Commissioner Didier Reynders, Chair of the Audit Progress Committee, Executive Vice-President Frans Timmermans, former Chair of the APC, and Pascal Leardini, the Commission’s Chief Operating Officer, provide positive recognition of the professional and organisational changes that the service has initiated, or reacted to, over the past 10 years.

The contributions to this book are, however, largely the personal thoughts and reflections of IAS managers and staff. They perhaps best reveal the source of much of the organisation’s success over this period.

In writing this book, many colleagues agreed to be interviewed and to have their thoughts recorded by Leslie Milne and our colleagues on the IAS book team. This book is a clear testimony to the dedication, professionalism and excellent sense of team spirit of the IAS’s managers and staff throughout the entire period.

In this period, perhaps the biggest change for the IAS occurred in 2015 when, following a decision of the College of Commissioners, internal audit in the European Commission was centralised in the IAS. The IAS is grateful for the efforts of Philippe Taverne and his team for their work on the successful centralisation and reorganisation of the service.

Following reports by both the European Court of Auditors and the IAS itself, important changes in the Commission’s governance systems towards the end of the decade had a significant impact on our relations and interactions with the Commission’s Corporate Management Board and the Audit Progress Committee. The impact of these changes on the Commission’s management of risk has been profound. The quality and added value of the IAS’s recommendations in this domain have maintained respect for the service as a ‘trusted advisor’ in important policy areas.

In Executive Vice-President Timmerman’s excellent contribution to our book, and in a specific chapter on the APC (²), we get an insight into an organisation within which the role of the key players in the governance of the Commission is increasingly under review and requiring constant oversight. The insights of Pascal Leardini, the Commission’s Chief Operating Officer, in his stimulating article are equally indicative of the fact that the IAS, together with the operational managers in the Commission, is already stepping up to play its part in this regard.

Over this 10-year period, the IAS has worked hard to add value by equipping our clients with findings, conclusions and recommendations on effectiveness, efficiency and economy, which are required to ensure sound financial management related to the Commission’s increasingly complex policies and programmes and to meet the expectations of stakeholders.

A number of the important professional changes and initiatives introduced throughout this period by Brian, Philippe and myself to improve the quality of the service’s work are featured throughout this book. These include the increasing importance of the overall opinion, the development and use of an effective professional methodology for performance audit, and the implementation of increasingly powerful audit management systems to document and support our work.

One key element in the organisation’s continuing success has been to better recognise, and capitalise on, the professional experience and technical expertise of the audit staff. The book allows colleagues to discuss and share their thoughts on a range of initiatives that have been instigated not only to boost their ‘know-how’ or to support their continuing professional development, but also to encourage their direct input into the improvement of policies, procedures, and the quality of the service.

Of course, it cannot be all work and no play in the IAS. Through its Staff Engagement Committee, the IAS has recognised that the promotion of exchanges, discussions and the organisation of fun social events and parties are the real glue that maintains and strengthens the IAS team!

Enhancing the Commission’s governance and internal audit

When I became first vice-president, in charge of better regulation, interinstitutional relations, the rule of law and the Charter of Fundamental Rights, in 2014, the European Union had just come through one of the most testing periods in its history. The effects of the economic and financial crisis were still causing great hardship in many parts of Europe, particularly highlighted by the high levels of unemployment, notably among young people.

In the wake of the financial crisis, the Commission was under increased external scrutiny of its wider governance structures, and the focus on ever-improved performance vis-à-vis the political objectives was intense.

President Juncker decided to entrust some key elements of the Commission’s governance machinery to me, namely chairing the APC and the political responsibility of the IAS. This very important decision, along with the excellent work of and collaboration between the Internal Auditor and the members of the APC, significantly raised both the profile and the effectiveness of the Commission’s internal audit function.

One of the key challenges at the beginning of the mandate of the Juncker Commission was to ensure that resources were allocated to the Commission’s priorities and that every action delivered maximum performance and added value.

In my mission letter, President Juncker indicated that the IAS should be gradually reinforced through the integration of the Internal Audit Capabilities (IACs) of the individual Commission departments. This major change in the Commission’s internal audit structure took place shortly after I took office. In January 2015, the internal audit function was centralised within the IAS, and the former IACs providing internal audit services within the DGs were abolished. This proved to be a most challenging period not only for the Director-General of the IAS but also for the Commission departments. I was particularly grateful to Philippe Taverne for ensuring that all of the essential governance and audit risks arising from this important change to the Commission’s internal audit governance structure were effectively addressed. This included ensuring that the IAS provides assurance, advice and insight on the effectiveness of risk management, control and governance processes across all Commission areas. As part of a comprehensive exercise to further improve and consolidate professionalism within the IAS, this also involved adapting key reports and outputs. In particular, the IAS designed specific contributions to the Commission departments to replace the service previously provided by the IACs, under the format of limited conclusions on the effectiveness of internal control, delivered to each Commission DG and service.

Integrating the IACs also required the IAS to be comprehensively reorganised. The outcome of this exercise brought efficiency gains and higher quality for the Commission from its internal audit function. This also ensured that the APC was able to oversee the comprehensive internal audit work relating to the Commission and the executive agencies and monitor its follow-up at a different scale.

The core asset of the IAS is definitely its skilled and competent staff and, therefore, the newly appointed Director-General, Manfred Kraff, naturally focused on fostering a creative environment and developing staff potential. The follow-up to the various staff survey results and the setting-up of the Staff Engagement Committee were key priorities.

Moreover, Manfred brought from his previous senior management roles in the European Court of Auditors and the Directorate-General for Budget not only a comprehensive perspective on the Commission’s audit but also on the political environment, which is extremely valuable to the work of the IAS in the current complex configuration and in the context of the interdependence of European policies. Under his leadership, the IAS made an extremely important contribution to the development of good governance and sound management in the Commission.

Over the last few years, the IAS has raised key issues related to, and recommendations for, the Commission’s operations and budget implementation related to IT security, financial management in the executive agencies, supervision of third parties implementing the EU budget, the key performance of programmes, and governance arrangements. These were systematically brought to the attention of, and monitored by, the APC to ensure proper follow-up by the Commission departments and, where appropriate, directly by the members of the College with the services in their portfolios. The IAS has also developed, over the last few years, a range of consulting and advisory services, which were all appreciated by the APC and the Commission departments. In addition, the strengthening of the IAS’s communication channels with the audit profession worldwide, the continuation of the IAS high-level annual conferences and the organisation of exchanges with other international organisations were focus areas.

The APC: a key player in the Commission’s governance architecture

While chairing the APC was not an easy task, with the necessity of navigating between auditors, auditees and politicians, the rich and fruitful discussions in the meetings confirmed that facts do count. In view of the professionalism of IAS management and staff and the high quality of their work, as recognised by independent external assessments, the observations made and evidence brought by the IAS were not challengeable or challenged by the members of the APC or the auditees. The debates in the APC could thus always focus on the way forward and on making sure that the Commission departments address the risks and improve the Commission’s systems. We often called on the directors-general to explain themselves to the APC and to ensure close monitoring of the implementation of the IAS recommendations.

Key words guided the work of the APC: responsibility, transparency and accountability.

The APC evolved significantly in this period as its responsibilities and workload increased. The Committee paid particular attention to governance issues. This was largely due to the results of both internal and external audit work covering aspects of the Commission’s governance structures directly, or because of the Committee’s prioritisation of thematic discussions in which points of wider relevance for the institution have been raised.

On my initiative, the College modified the APC Charter, and the working practices, role and composition of the Committee were enhanced following the audits of the European Court of Auditors and the IAS related to governance at the Commission. In particular:

• The number of APC external members with proven professional expertise in audit and related matters was increased (from two to three), while at the same time the number of internal members decreased (from seven to six).
• The principle of selecting external members following an open and transparent procedure was endorsed and has since become a well-established practice.
• New tasks were added to the APC mandate as of autumn 2018. The APC now scrutinises the follow-up to audit matters and recommendations relating to the reliability of the EU annual consolidated accounts. Furthermore, the APC now receives an overview of all critical risks identified by the Commission’s management, and cross-checks management’s critical risks with the risk assessment results of the IAS.
• The follow-up of internal audit recommendations was considerably strengthened through targeted discussions and exchanges with the relevant Commission departments on the IAS overdue recommendations.
• Based on a new reporting method developed by DG Budget, the APC set up reinforced monitoring of the implementation of the European Court of Auditors’ recommendations by the Commission departments.
• From 2016, the summary of the APC’s conclusions for the year have been included in the Commission’s annual management and performance report, acknowledging its role in the overall assurance-building process and making the APC’s work more transparent.
• The APC Secretariat, a key element in ensuring the proper preparation and functioning of the APC, was reinforced with additional staff, and specific arrangements to guarantee its functional independence towards the IAS were agreed.

Over 5 years, the Committee increased the quality and added value of its oversight and advice. It has evolved into a mature and effective player in the Commission’s governance structure, alongside the College and the Corporate Management Board. Working with the IAS, the APC continues to play an important role in enhancing governance, organisational performance and accountability across the entire organisation.

The APC has grown into its role as the cornerstone of the Commission’s framework, sitting at the crossroads of governance, external and internal auditing, internal control, accounting and risk management.

I am happy to see that there is clear recognition of the APC as a key stakeholder in the Commission, and of the IAS as a mature, modern and respected internal audit service by its auditees, its stakeholders and the internal audit profession worldwide.

Responding to the challenges ahead

The COVID-19 pandemic brought to light the importance of scientific data, even when these data may be incomplete or still under validation. The need for evidence-based decision-making and policies is obvious, now more than ever. I definitely think that in this context we need auditors to be forward looking, proactive and ethics and value-driven.

With a focus on innovation and digital auditing, looking to further improve strategic planning, with a view to ensuring that better-informed auditors can give more effective advice and assurance in increasingly complex policy areas, is a challenge that modern internal auditor services should respond to.

In my period as First Vice-President and Chair of the APC, I had the privilege of working with excellent senior managers, the Directors-General Philippe Taverne and Manfred Kraff, and the IAS team of directors: Jeff Mason, who stepped in remarkably for the interim period as Acting Director-General, as well as Cristiana Giacobbo and Reinder van der Zee. They have not only restructured and solidified the professionalism of a modern internal audit service, but have demonstrated the ability to be flexible and adaptable in the face of institutional, technological and professional challenges. Throughout the period, they have acted in a sure-footed and confident manner to ensure that their service remains at the forefront of internal audit in the public sector.

I trust that the IAS and its valuable staff will decisively take up these challenges in the coming years.

A view from the top: how the IAS supports the Commission as a modern, dynamic public-sector organisation in a rapidly changing environment

Throughout my career in the Commission, I have experienced first-hand how the IAS has evolved into the day-to-day business companion it is today and on which I can rely as Chief Operating Officer.

Back in 1999, the Commission stood on the cusp of radical change. With many others, I had the opportunity to contribute to the Commission’s administrative reform led by Vice-President Kinnock. A central principle of the reform was to bring decision-making closer to the business. The directors-general became fully empowered and responsible for managing resources.

In parallel, we designed a counterbalance by conceiving a new and independent IAS providing independent internal audit assurance. This system has continued to evolve and improve. An important milestone came in 2010 when the IAS started issuing overall opinions. In addition to a range of independent audit reports, the IAS also reached a comprehensive conclusion, based on the work it had been doing over the preceding years.

Nowadays we take for granted that the IAS can rely on a strategic cycle of representative audits. This was in part made possible by another innovation of the administrative reform: the strategic planning and programming cycle. This framework provides a solid basis for risk management, structured documentation of processes and reporting on internal control. I was closely involved in this work and, after all these years, I still chair the annual peer review meetings during which we compare notes on the different challenges related to assurance building.

In recent years, the focus of the IAS’s work has evolved. Its work now complements assurance on past compliance by analysing the present and making recommendations for the future. Relying on a good understanding of our policies and procedures, the IAS is uniquely positioned to create value and help us improve our operations.

I experience this directly in my day-to-day work as Chief Operating Officer. My role is to oversee the administration of our organisation while keeping the Commission’s high-level strategy front and centre. My job is also about monitoring the external environment and championing the required change. I need to know when there are issues and I need to be able to assess whether they are minor or potentially explosive, and what needs to be done.

This is where the contribution of the IAS is so valuable. The management view is essential, but a second opinion from the auditor is also vitally important. We have a collective interest in detecting problems early so that we can fix them and constantly improve our compliance and performance. Not every system is perfect, so each audit results in a number of recommendations for improvement. This is not a weakness but a strength and a sign of a healthy and mature control environment.

The world is changing at lightning speed. The actions we take today will define the role and nature of Europe for decades to come. To make the right choices, we need both a good understanding of where we stand and how we got here, and a clear vision of where we want to go. This requires a real culture of anticipation, preparedness and resilience.

More and more, the IAS makes recommendations about how to prepare for and anticipate the risks of the future. To give an example, audits on human resources have shown how we can be better at redeploying resources to areas of great political importance and that we need a multiannual human resource strategy that can match our future needs.

A Chief Operating Officer should be the transformation champion who turns strategy into operational success by translating corporate-level strategies into a set of concrete change initiatives. There is a key role for the IAS here too. It assists us as managers in maintaining the Commission as a modern, dynamic public-sector organisation in a rapidly changing environment. The IAS has been instrumental in delivering relevant, timely, value added audits that have proved their worth to the Commission and resulted in recommendations that really make a difference. The increasing use of consultancy engagements is also a positive indicator of the mature relationship between management and audit in the Commission.

Through this work, the IAS has helped improve the way we are organised and how we manage risks. The recent audit on our governance structures is an excellent example of how proportionate recommendations can help the College to improve the way we function. In addition, the recent consulting engagement on the supervision of executive agencies will help to improve the efficiency and effectiveness of operations and to ensure economy in the use of resources.

This brings me to another key task of the Chief Operating Officer. Bearing in mind that the world is constantly speeding up, the Chief Operating Officer must be aware of what is happening in our ‘backyard’ and monitor the operating environment by tracking new technologies, the human resources market, the evolving expectations of our political stakeholders and so on.

Effective public policy increasingly depends on being able to analyse and assess multiple, and often conflicting, sources of information. The organisations that are best able to harness and understand these data will best support the interests of citizens. Digitisation generates huge amounts of data and requires smart algorithms.

Here again, the IAS is our partner and helps us to ensure that information is filtered and processed properly. For example, the IAS recommendations on IT governance helped me in rolling out data governance and data policies to improve traceability, accessibility and preservation of data across the Commission.

During my career, I have witnessed how the IAS has grown into a partner that supports the organisational modernisation of the Commission. In this way, the IAS adds value to the performance of the services, while keeping the College informed of all of the issues deserving its attention.

Looking forward, it will be important for the IAS to keep a sharp focus on the core functions of audit. While we are always looking to push the boundaries in terms of how best we can deliver on the Commission’s political priorities, we must not lose sight of the fundamentals.

Providing assurance on the effectiveness of financial management, risk management and control remains the core function of internal audit. Recommendations from our internal and external auditors have made us more resilient and helped us build a very robust financial and performance management system. This provides a very solid foundation for everything we do.

In memoriam: Francisco Merchan Cantos

Francisco Merchan Cantos: ‘The best Director-General we never had’

Our new history book would not be complete without a dedication to the man whose hard work, professionalism and generosity as a colleague and manager are widely recognised as having significantly transformed the professional reputation of the IAS.

Not surprisingly, the IAS struggled in its early days to find its footing as a modern professional internal audit service. It was a challenging and turbulent time and it took a while for internal audit to be really understood and accepted across the Commission. Francisco arrived initially to take up an audit supervisor role, but was soon promoted to audit director. Working with Walter Deffaa and then Brian Gray, he was instrumental in steadying the ship and laying the foundations for what is widely regarded today as being a benchmark for internal audit in a public-sector organisation.

To get a real sense of the challenges faced and overcome by Francisco in his time with the IAS, the IAS History Book 2001–2011 (³) provides numerous examples of, and insights into, the drive, determination and professionalism of a much-loved and admired colleague. However, to see what he really meant to those around him and the extent to which his recent passing has touched so many here at the IAS and indeed throughout the Commission, one needs to look no further than the numerous tributes paid to him in the memorial book created by DG Employment, Social Affairs and Inclusion. The COVID-19 pandemic prevented us from paying those tributes in person, but the words were no less heartfelt.

Celebrated for his many outstanding personal and professional qualities, he is remembered as a thoughtful, constructive and knowledgeable colleague who defended the interests of the European Union with vigour and passion. Colleagues’ remarks from throughout his career reflected that Francisco was not only an excellent director and a charming colleague, but also, and above all, an exceptional person who never forgot the human side of his role. Many colleagues very powerfully conveyed how Francisco motivated his staff, supported them and pushed them to do their best and to grow professionally and personally.

Jeff Mason, Director of IAS.B, adds: ‘I don’t think I’ve met anyone more hardworking, dedicated and professional. He provided the inspiration for many of the good working practices we take for granted now, and was also an inspiration to others around him. Tough and resolute when he needed to be, but charming and kind-hearted at the same time and with a great sense of humour.
We didn’t officially have mentors back then, but he was the closest thing
that came to it.’

‘Owing to his outstanding knowledge and experience, his excellent negotiation skills and brilliant way of presenting arguments, Francisco had a huge impact on the discussions in which he participated. He was able to listen to everybody’s opinion before drawing well-balanced conclusions.’

Cristiana Giacobbo, Director of IAS.C, also remembers him well: ‘When working with Francisco (you never worked for Francisco, you worked with him), you knew that you were part of a project, that your work contributed to something bigger and important. … I never told him, but he was also my virtual mentor since I became a manager. Many times, I asked myself what Francisco would have done in this or that situation and I found the right answer.’

Most importantly, Francisco was known to ‘lead by example’, always striving to reach the highest level of professionalism.

Manfred Kraff underlines that Francisco won the respect of all his colleagues both in the Commission and externally in the European Court of Auditors, the European Parliament and the Member States.

At the same time, he will also be remembered as having enjoyed life to the full. Manfred recalls: ‘As Francisco and myself shared a passion for good wine and delicious food, we went regularly to our favourite restaurant “Le monde est petit”. In our discussions, you could also see that he was a “family man” who really cared for his wife and daughters. But for him, his colleagues also belonged to his family. Therefore, they saw him as a kind of father who had an impressive authority but also a lot of empathy. Last, but not least, Francisco was a proud Spaniard and at the same time a real European. For him, the EU was a way to make sure that his beloved home country, and all other Member States, would also play an important role in the future, in particular when it came to guaranteeing peace and safeguarding fair and social societies.’

Even though he left the IAS in 2011, in many ways Francisco was the embodiment of the service.

The contribution he made and the legacy he leaves will never be forgotten.

Staying ahead - Ensuring improvement, managing priorities, and establishing the tone at the top

1.1. Bridging the gap between the first and second decades: the enduring value of communication in internal audit

Brian’s roles following his departure from the IAS

• Chair of the Audit Committee of the European Council from 2013 to date
• Member of the Audit Committee of Fusion for Energy (F4E) from 2014 to date (Chair from 2016 to 2019)
• Special Advisor for the Audit Committee of the Committee of Regions from 2014 to date
• Member of ITER’s Financial Audit Board from 2017 to 2019 (Chair from 2018 to 2019)
• Special Advisor to the Director-General of Eurocontrol on Internal Audit Matters, responsible for heading the Internal Audit Unit from December 2012 to April 2014
• Treasurer of the Parents’ Association of the European School, Uccle, from 2016 to date

Brian Gray was the third Director-General of the IAS. He was in charge from June 2009 until June 2012. Naturally, he is delighted to have been able to feature in our first two IAS history books.

With a good overview of the Commission services and challenges, Brian came to the IAS with solutions to problems that were required at that time. With an already mature service, staffed with competent, experienced professionals, and a credible work programme implemented within deadlines, Brian was leading an organisation that was, since 2008, operating fully in conformity with the required professional standards set by the Institute of Internal Auditors (IIA).

Brian is a Fellow of the Institute of Chartered Accountants of England and Wales. Having had, and arguably still having, a most successful career in public-sector accounting and internal audit at the highest levels, Brian retains a very current knowledge of the developments and challenges that internal auditors in public-sector bodies face and the expectations of their stakeholders.

Our discussion with Brian focused on three of his initiatives that perhaps best reflect his priorities on the important issues that needed to be tackled 10 years ago, and his vision on the long-term impact and benefit of these initiatives as the IAS moves into its third decade.

Under his leadership, the service produced the first annual overall opinion on financial management within the Commission based on audit work carried out in 2010 and previous years.

It is no surprise to Brian, after issuing the first overall opinion in 2011, that these overall opinions have remained a key element of the internal auditor’s annual reporting package to the College. Brian recognises that this exercise necessarily requires judgement and that it does not provide an overall positive assurance. However, he underlines that the preparation of these opinions, in line with the requirements of professional standards, is an essential layer of assurance on financial management in the Commission, to be considered along with the other elements of the IAS’s corporate reporting on the use of the EU budget (⁴).

Another key initiative that Brian was responsible for was the IAS methodology for performance auditing. The focus on value for money, the ‘3Es’ (⁵), was already an increasingly important priority for all stakeholders in the European budget, including the Commission itself.

Progressively, the IAS under Brian was looking not only at auditing financial processes, but also at other management processes and at common problems of DGs that had similar activities.

This was the moment when Brian launched the performance audit methodology project in the IAS in 2011–2012. According to Cristiana Giacobbo, who eventually finalised a full methodology in 2014(⁶), Brian’s original ideas and guidance prepared in 2011–2012 remain the basis of the performance audit methodology used by the IAS today to support the internal auditor’s opinion on the effectiveness of controls underpinning sound financial management.

For Brian, the full impact of these, and many other contributions, was only possible as a result of communication being integral to his strategy as Director-General. His emphasis on communication internally and externally was a very strong feature of his time as Director-General. Brian focused on creating a positive and constructive communication strategy for the IAS. This ensured the timely implementation of work, provided a constructive service, and contributed to reports being presented clearly in terms of what improvements could be made and what actions could be taken. Brian recognised that effective communication with staff, stakeholders and professional partners was key to the success of the modern internal auditor. As Editor-in-Chief of the first IAS history book, I think we can all see the benefits of his vision here too.

Brian, as you can see from his CV, has remained professionally active at a very senior level and has kept himself informed on all of the developments, and changes, since he left the IAS. He believes that the trajectory followed by the IAS since his departure has been very positive and professional, moving from the professional delivery of audit assurance and opinions to becoming a constructive and increasingly trusted adviser to the Commission. He recognises and welcomes the fact that communication has contributed to this process. He refers to the IAS conferences in particular as a source of inspiration to public-sector audit organisations around the world.

1.2. A clear focus on improving quality, independence and professionalism in the IAS

Philippe Taverne graduated from Solvay Brussels School of Economics and Management in 1976 and then worked in financial control as well as internal and external audit. He joined the Commission in 1983 where he held a variety of posts with a particular focus on budget and resource management. As Director of the Central Financial Service in the Directorate-General for Budget (DG BUDG), he supervised the reform of the Financial Regulation and the establishment of the Commission's internal control framework. In 2009, he was appointed Accounting Officer of the Commission and Deputy Director-General of DG BUDG, responsible for establishing the annual accounts of the EU institutions, and coordinating relations with the European Court of Auditors and the discharge procedure with the European Parliament.

He was the Internal Auditor of the Commission and Director-General of the Internal Audit Service from 2012 to 2016.

Philippe became the fourth Director-General of the IAS on 1 October 2012. Before his retirement in September 2016, he led a number of very important initiatives that have had a significant impact not only on the delivery of internal audit services in the Commission but also on the size, organisation, and professional quality of the work done by the IAS.

His former assistants(⁷) refer to him as a manager, a strong person with a high-energy, whose focus was on improving the independence and professionalism of the IAS. As he took office, Philippe reinforced the quality review and strengthened the management and efficiency of the overall audit process: risk assessment, planning, resource and budget monitoring. The reinforcement of the monitoring of the audit process was particularly appreciated by the external members of the APC, and, notably, Caroline Mawhood emphasised this very often in her interventions in the committee meetings.

Perhaps the most significant event in the second decade of the IAS was the decision taken by the College on 5 November 2014 to re-organise the internal audit function within the Commission and Executive Agencies, by concentrating this task into the IAS from 1 January 2015 onwards.

Driven by Catherine Day, Secretary-General at the time, the centralisation of the internal audit function, which had already been brought up before, became possible as part of the preparatory work for the start of the Juncker Commission. Philippe received the full support of the responsible Commissioner, First Vice- President Timmermans for this endeavour. As a consequence, the new College, in its first meeting on 5 November 2014, decided that the internal audit activity within the DGs was abolished and the internal audit activity fully centralised within the IAS as from February 2015 (⁸).

Philippe drove the complex process of delivering on the Commission’s centralisation of the internal audit function, and adapting and reorganising the IAS appropriately.

Together with the management team, he had already undertaken a review of how the IAS might appropriately take up the challenge of satisfactorily addressing the risks that had been covered by the Internal Audit Capabilities in the DGs and services across the Commission.

The process led to synergies for the Commission. The IAS benefited from a significant increase in resources to allow it to operate in an enlarged scope and audit universe. This increase came with increased responsibilities as the IAS had become the single internal audit provider in the Commission.

Within one year, Philippe and his team had significantly reorganised the IAS and recruited all the auditors required. In particular, Philippe created an additional directorate (thus having two directorates in charge of audits in the Commission and Executive Agencies). Two new directors – Jeff Mason and Cristiana Giacobbo, and a number of heads of unit (including from the former IACs) completed the new management team(⁹).

Operationally, to further consolidate working relations with the DGs and services, the IAS agreed to provide a ‘limited conclusion’ to all Authorising Officers by Delegation on the effectiveness of the control systems supporting their declarations of assurance, replacing the former declarations by the IACs(¹⁰).

Throughout the mandate, then First Vice-President Timmermans, Chair of the APC, expressed his satisfaction with the reorganisation of the internal audit service in the Commission, ‘which brought efficiency gains and higher quality’. The APC would note that, ‘following the centralisation of the audit function within the IAS in 2015 the number of audit reports issued by the IAS gradually and significantly increased from 38 in 2014 to 57 in 2015, and 68 in 2016.’

Underlying all these important structural changes, Philippe brought a new and more intense focus on ensuring that the IAS added value to its clients and stakeholders. He introduced in 2015 an internal quality assurance programme that covers all audit activities and continuously monitors its effectiveness, including periodic internal and external quality assessments and ongoing internal supervision.

The IAS Quality Assurance and Improvement Programme (QAIP)(¹¹) that he set up ensures quality within the IAS is in line with standards focusing on best practices. Under the reorganisation, Unit 01 ‘Quality assurance, resources, administrative coordination and communication’ was set up to ensure a central design and oversight for the whole DG of the QAIP of the IAS(¹²). Philippe ensured that Unit 01 performed its activities independently, under the steering of the Director-General. He also, working with Cristiana Giacobbo, finalised the performance audit model and guidelines that has become an increasingly key tool in the IAS’s audit methodology.

Philippe’s key message to the auditors and the IAS stakeholders was that the IAS has to deliver ‘the uncomfortable truth’. This involves raising the most relevant issues and putting ‘things on the table’ often as critical or very important recommendations that would be discussed at the APC and brought to the attention of the College, and required urgent action by the audited entity.

Respecting the high quality and professionalism of the service, on two occasions in 2016 and 2017 the College (¹³), asked the Internal Auditor to add to the IAS work programme two particularly important engagements:

• in May 2016, an audit on the implementation of the OLAF Supervisory Committee Budget for 2014 and 2015;
• in January 2017, an audit on the Commission's governance arrangements concerning risk management, financial reporting, and the ex-post verification/audit function, in particular second level scrutiny.

The recommendations of this second report, and their implementation by the Commission, has subsequently had a profound impact on the role and contribution of the IAS in streamlining and strengthening corporate governance within the European Commission.

As Philippe’s successors, both Jeff (as Acting Director-General) and Manfred have greatly appreciated the important role he played in the reorganisation of the IAS, and the significant work done under his leadership to improve the quality, the independence and the professionalism of its work.

Without Philippe’s personal strength, energy, and drive in these areas, the scope and opportunities that his successors have had to further build on the expertise and skills of the IAS staff, would have certainly been more challenging.

1.3. The Acting Director-General whose objective was to keep the IAS ‘ticking over’ but who did so much more!

Before joining the European Commission in 2000, Jeff spent some 16 years with the UK National Audit Office, which included a year on secondment to the European Court of Auditors in Luxembourg. He spent just a few weeks with the then DG Financial Control before joining the newly created Central Financial Service of DG Budget. It was during this time that Jeff encountered two colleagues who would later have a major influence on his Commission career: Philippe Taverne, the Director of the Central Financial Service at that time, and later the Director-General of the IAS, and Francisco Merchan Cantos, former IAS Director, who sadly passed away this year. Jeff joined the IAS in 2005 to lead the newly formed quality assessment cell, a pioneer for our current Unit IAS.01.

Appointed as Head of Unit in 2008, Jeff had responsibility for audits in the areas of cohesion, agriculture and research. Following the centralisation of internal audit in the Commission in 2015, he took on the Acting Director role for Directorate B and was then confirmed in the post in September that year. Following Philippe Taverne’s retirement in 2016, Jeff was appointed Acting Director-General until the arrival of Manfred Kraff in March 2017.

Being asked to take on the responsibility for running a Commission service, even if only on an acting basis, is always a challenge, but by his own admission Jeff felt honoured and proud to be trusted with the job. He knew it would be for a limited time, but had no idea how long in practice. The well-established IAS machinery needed to continue, together with the challenge of filling the void left by the former IACs of the DGs. Moreover, Philippe’s shoes were a sizeable pair to fill.

Jeff reflects that he found this responsibility at the highest level a little daunting at first. An experienced audit manager, but relatively inexperienced at the senior level in the Commission at that time, he soon realised that the top job could indeed be a lonely one. However, trusting his own instincts and judgement, and with the support of his trusted colleagues, in particular his fellow Directors Cristiana Giacobbo and Rein van der Zee and Philippe’s former assistant Adrian Mircea, he helped to steer the IAS in preparation for another period of change with the arrival of Manfred Kraff in 2017. Indeed, this was his main goal: to protect and preserve the high reputation and standing of the IAS and lay a solid foundation for the arrival of the new permanent incumbent.

Jeff is indebted to all his colleagues in the IAS for the advice and support given during this time, but also to the very personal support and encouragement from the then First Vice-President Timmermans (responsible for the IAS at that moment), and his Deputy Head of Cabinet, Michelle Sutton.

Despite him spending a relatively short period as Acting Director-General, it was a period full of challenges. Again, with the support of his colleagues and the Cabinet, he had to lead the IAS through self-reflection following the staff survey. The survey results had been broadly positive, but there was clearly some work needed. In a first for the IAS, a video message addressed to all staff, seemed to go down quite well. This was then followed by a series of focus group meetings among staff and was the precursor to what is now a well-established package of staff engagement activities in the IAS today.

He also had his first direct experience of the Budgetary Control Committee of the European Parliament when he supported Kristalina Georgieva, the then Vice-President responsible for budget and human resources, when she presented, on behalf of the Commission, the IAS annual report. A daunting experience, but one he managed to cope with owing to good teamwork and the help of Mrs Georgieva herself.

Of course, there was also the day-to-day business of keeping the well-oiled IAS machinery running, with the usual year-end rush, the audit plan and the APC meetings. Jeff also reintroduced the annual IAS conference. The title of the first, ‘Innovation in Audit: Myth or Reality’, was taken forward by Manfred in 2017 as the first in a series of three successful conferences, which provided the IAS (and others) with inspiration, ideas and best practices that are more relevant today than ever(¹⁴).

Jeff looks back on this period with a certain sense of satisfaction and pride: pride in the fact that he was entrusted with the responsibility and more than satisfied that he did all he could to keep the business of the IAS ticking over and to ensure that a fully operational and well-managed professional internal audit function was ready to be handed over to his permanent successor, Manfred Kraff.

1.4 From normal to the new normal

Following professional experience and instincts: how Manfred is shaping a modern IAS for the European Commission

Manfred’s professional career – having started in 1981 as an official of the German administration and continuing thereafter in Brussels as a young official in DGs Agriculture and Rural Development and Employment, Social Affairs and Inclusion – has been one of marked success. In 1988, he joined the European Court of Auditors, gaining important experience and rising in the ranks before, in 2008, taking over the position as Director of the Directorate ‘Audit and Audit Supervision – Financial and Compliance Audit’. In 2012, Manfred returned to the European Commission as Deputy Director-General of DG Budget and Accounting Officer of the Commission.

Reflecting his interest in the continued development of public-sector accounting and audit, from 2007 to 2012 he was a member of the subcommittee on compliance audit of the International Organization of Supreme Audit Institutions. Moreover, and reflecting further his expertise in the area, from 2013 to 2017, he collaborated with the International Public-Sector Accounting Standards Board, first as an observer and later as a member of the Consultative Advisory Group.

Besides his professional career, Dr Kraff (he successfully completed a PhD while working with the European Court of Auditors!) has been a lecturer at the University of Trier, Germany, and has authored several publications in the domains of public finance and audit.

Manfred Kraff, nominated on 1 March 2017, is the fifth Director-General of the IAS, in its 20th year.

Following in the footsteps of Brian Gray and Philippe Taverne, Manfred arrived at the IAS after a distinguished career as a senior manager as part of the audit, accounting and financial management of the budget of the European Union.

Having acquired experience in European public finance and external, rather than internal, audit, Manfred had to become familiar with the very particular role and responsibilities of an internal auditor working with management as part of an effective system of internal control in the European Commission.

On arrival as Director-General, Manfred was already aware of the IAS as a highly respected and professional internal audit service. At the same time, he had to recognise a number of challenges that he would have to address as the Internal Auditor of the European Commission and of the EU agencies and other autonomous bodies, for whom he also fulfils this important role (¹⁵).

Indeed, reviewing the horizon, Manfred recognised that there was an ongoing shift in the world from ‘normal’ to (what Manfred now refers to as) a ‘no longer normal … or new normal’.

Manfred observed that many issues that had arisen in recent years had already created important challenges that the Commission was working to address. The impact of the environmental and climate crises, the ongoing financial crisis, the complications to the budget caused by Brexit (¹⁶) and the rapidly changing technological environment were already important issues. However, all of these have been overshadowed in 2020 by the impact of the COVID-19 crisis.

There is no ‘stable state’ for the European public service, and Manfred realised that there needed to be an adaptive and flexible internal audit service that could provide management with advice and assurance in this new world – the new normal!

Manfred notes that the European Commission, in dealing with this series of complex challenges, was already, even prior to COVID-19, developing new targeted strategies and priorities that involved a more integrated political and administrative operating structure.

In particular, and with a direct impact on the Internal Auditor’s responsibilities, the higher level of interconnections between EU policies and the entities contributing to the design and implementation of Commission strategies, crucially increased the necessity for effective cooperation between the various key players. Policies such as the European Green Deal, for example, demonstrate the EU’s increasing reliance on both Commission services and other EU agencies and autonomous bodies to deliver elements of a common policy.

Manfred recognises that tackling the delivery of policies by a range of bodies with different governance, risk and control environments is further complicated when the processes of accountability for the use of funds and effective delivery are currently not always harmonised. These elements add to the political and operational challenges for the IAS, the APC and the Commission as a whole.

Furthermore, both the recognition of the importance of evidence-based policies and the need for the European Commission to more systematically embrace the concept of foresight, required that the planning, the monitoring of the implementation and the evaluation of the delivery of these policies should be strengthened.

As regards the reliability of the EU financial statements, the 12th ‘clean bill of health’ in a row from the European Court of Auditors indicates clearly to Manfred that existing risks are well-managed. In the area of compliance with the rules, the change from adverse opinions (which were issued from 1994 for 22 years) to qualified opinions (which have been issued since 2016) proves that progress has been made. However, further improvements are required, in particular for programmes that are based on the reimbursement of eligible expenditure.

The European Court of Auditors, which is responsible for providing the European Parliament and the Council with an annual report and special reports on the results of its work, has moved beyond the focus on the statement of assurance on the legality and regularity of the transactions underlying the EU accounts. It increasingly focuses on the extent to which the European Commission has met the broader principles of sound financial management, or value for money, in ensuring the economic, efficient and effective use of the EU funds.

Manfred considers it key that the IAS is proactive in carrying out consulting engagements so that it is not just a ‘watchdog’ to the Commission, but instead provides advice on issues identified by management to bring the organisation as a whole to a higher level of compliance and overall efficiency and effectiveness in its operations.

Manfred has further encouraged the use of the performance audit approach, often as part of a comprehensive audit, to provide management with findings, conclusions and recommendations related to sound financial management that result in improvement in the effectiveness, efficiency and economy of these increasingly complex Commission policies and programmes.

This strengthens the position of the representatives of the European Commission in the context of the discharge procedure, with performance in recent years becoming, in addition to compliance, a fully-fledged second pillar.

Finally, Manfred as part of his familiarisation with the internal audit profession, also observed that, while providing assurance would always be the primary function of internal audit, the profession was increasingly under pressure to act as a ‘trusted advisor’.

It was, in particular, the concept of the chief audit executive being a ‘trusted advisor’ to his/her auditees, senior management and key stakeholders that inspired Manfred to define a strategy for his time in office.

Manfred is very open about the source of ideas and initiatives that are driving the IAS and helping it to meet existing challenges on a daily basis. Since 2017, Manfred has organised three large annual IAS international conferences(¹⁷).

The conference agendas are designed to facilitate high-level debate and exchange between academics and senior practitioners on key areas that internal auditors will be required to focus on to ensure that they are keeping pace with change.

These conferences, whether embracing the challenges of the future, reviewing innovation and creativity, or questioning how the internal auditor can contribute to foresight, have served to inspire Manfred and his senior management team on how to lead the IAS into the future and motivate middle management and staff to contribute to implementing innovative ideas in practice.

Moreover, these conferences, in tandem with Manfred’s openness to discuss new initiatives with key audit practitioners and his decision to work more closely with the Institute of Internal Auditors (globally, in Europe and with the Belgian associates), have strongly contributed to some of the actions that Manfred is focusing on in the ‘new normal’.

Based on the feedback from the conferences, it was clear that keeping pace with technological developments was something that the IAS could not afford to ignore. In 2018, Manfred requested a preliminary analysis of the new trends and technologies for responding to these challenges. In 2019, he set up a dedicated working group on innovation and digital auditing (¹⁸). The role of this group was to conduct research on key technologies, analyse how they can affect and improve the IAS’s auditing procedures, and progressively build up the necessary audit capacity. The most promising areas identified were data analytics, artificial intelligence, block chain, data visualisation techniques, and enhanced digital publishing of audit documents.

Based on the thoughts of a key practitioner and contributor to IAS conferences, James Paterson, Manfred has also sought to benefit as far as possible from the use of ‘lean’ and agile principles to drive added value in audit work and improve efficiency and productivity. Recognising that James’s work (¹⁹) reflects a modern progressive approach to auditing, seminars have been organised to promote these principles among IAS management and staff (²⁰).

Manfred recognises that it is important for the IAS to have flexible structures in place that ensure the effective exchange of information and knowledge sharing to provide useful input to key steps of the IAS’s work. In 2020, Manfred launched the concept of ‘knowledge clusters’. Calling upon resources across the IAS directorates and units, the purpose of the ‘knowledge clusters’ is to pursue a more integrated and cooperative approach within the IAS. They are set up around specific themes and aim, as far as possible, to reflect all relevant political priorities, multiannual financial framework headings and policy domains (²¹).

The IAS under the stewardship of Manfred continues. He shares some interesting thoughts on developments as the IAS moves into its third decade in his conclusions (²²).

However, it is already clear that the IAS has a man in charge who recognises and understands the need for change, and uses his professional experience and instinct, sensing what is needed in the Commission’s political environment. This seems like an excellent basis on which to take the IAS forward.

The impact of centralisation and reorganisation on the IAS

The two organisation charts below demonstrate the nature and extent of the organisational change that the IAS went through in 2015, following the Commission Decision in November 2014.
The first chart shows the IAS organisation in 2014, prior to the Commission decision.
The second chart shows the new IAS structure in September 2015, having implemented the Commission Decision.
Overleaf, the final chart shows the IAS today

Governance and organisational change in the second decade

2.1. Centralisation and reorganisation

Changing the model for the delivery of internal audit assurance and advice in the European Commission

Perhaps the most significant event in the second decade of the IAS, and in its history to date, was the Commission’s decision on 5 November 2014 to reorganise the internal audit function within the European Commission and executive agencies through its centralisation within the IAS from 1 January 2015 onwards.

Because of this, the internal audit activity within the DGs was to be gradually phased out and the Internal Audit Capabilities’ core business files handed over to the IAS at the beginning of March 2015.

This was a significant change to the existing governance architecture for internal audit in the Commission. The opening chapters of our first history book (²³) document the difficult circumstances and the urgent reviews undertaken by the Committee of Independent Experts set up by the European Parliament following the resignation of the Santer Commission in 1999.

The second report prepared by the Committee of Independent Experts (²⁴) recommended, firstly (²⁵), the creation of a professional and independent audit service reporting directly to the President of the Commission. It also created, for each DG and service, an IAC (²⁶).

The IACs provided a key aspect of the support required by their directors-general in providing assurance to support the service’s annual declarations of assurance in their annual activity reports (AARs).

Under the authority of the then First Vice-President Timmermans, Director-General Philippe Taverne was responsible for overseeing the complex process of delivering on the Commission’s centralisation of the internal audit functions, and adapting and reorganising the IAS appropriately.

Overall, the impact of the reduction of the IACs resulted in a notable saving in resources for the Commission. For the IAS, however, the centralisation process itself required a significant increase in resources for it to proceed operationally in a manner that would allow it to address the enlargement of its audit universe.

Within one year, as is summarised in our chapter on Philippe and on his achievements as DG, he and his team had significantly reorganised the IAS and recruited the additional auditors required. In particular, following the Commission decision, he created an additional director role (for Commission audits), appointed two new directors and a number of heads of unit some of whom were recruited from the former IACs.

First Vice-President Timmermans later expressed his satisfaction with the reorganisation of the IAS in the Commission, ‘which brought with it both efficiency gains and higher quality’ (²⁷).

This increase in resources also brought an increase in the IAS’s outputs and reports. The APC noted (²⁸) that, ‘following the centralisation of the audit function within the IAS in 2015 the number of audit reports issued by the IAS gradually increased from 38 in 2014 to 57 in 2015, and 68 in 2016’.

The APC also welcomed the measures taken by the IAS to ensure that the centralisation of the internal audit function did not lead to any gaps in the effective follow-up of internal audit recommendations. This included a screening exercise covering all open IAC recommendations and the integration of follow-ups to IAC audit engagements in IAS planning.

Thus, 2015 was a very important year in the establishment of the IAS as the Commission’s central, and only, internal audit service. The centralisation of the IAS in the Commission, combined with a reinforcement of its staff and a structured reorganisation, gave the IAS an opportunity to continue the evolution of professional internal audit in the Commission.

In the present day, in the context of the new multiannual financial framework and the management of funds to assist recovery from COVID-19, the Commission has to deliver new and complex policies in partnership with decentralised agencies and other bodies.

The recognised challenges of auditing more complex policies in partnership with a large number of increasingly important decentralised agencies has already required Manfred Kraff to consider how to both improve the effectiveness of his strategic audit planning and determine the most effective manner in which to use the expertise and knowledge in his organisation.

On the basis of the work undertaken by Manfred and his senior managers, and following consultation with the staff, the Commission adopted a decision(²⁹) on 28 October 2020, that will lead to another reorganisation of the IAS in 2021.

The outcome of this and any further decisions on the reorganisation of the IAS to provide an even more effective support to management ... will be for the next book.

2.2. Stepping forward with knowledge clusters

Re-evaluating the audit environment and auditing complexity with joined up intelligence and flexibility

The world has become increasingly interactive and issues have become increasingly cross-cutting. Similarly, the audit environment has become more complex. Staying ahead, staying relevant and being a ‘trusted advisor’ requires the IAS to fundamentally review its strategic risk and planning approach to be able to provide more effective and holistic assurance and advice to management across the Commission. Meeting the political and stakeholders’ expectations of a modern internal audit service also requires flexibility in order to stay relevant and maximise our added value.

These interconnected and cross-cutting issues arise from DGs and other bodies working together more than previously, for example as part of the European Green Deal. The overall impact of the successful delivery of such policies is very important. As is shown, overleaf in the two illustrative diagrams of the organisation and structure of the European Green Deal, complexity comes from the layered conceptual design, the comprehensive approach, and the coordinated implementation and reporting on the performance of different players. On top of this, each participant has their own responsibilities for reporting and accountability, for performance and for efficient delivery.

Within the context of the political guidelines of the 2019-2024 European Commission, and the multiannual financial framework 2021–2027 being under active discussion, the knowledge clusters project was launched in the first quarter of 2020. The importance and timeliness of the exercise was confirmed in July 2020 when the European Heads of State or Government agreed a comprehensive package of EUR 1 824 billion for the multiannual financial framework 2021–2027 and the ‘Next Generation EU’ recovery plan.

Thus, taking into account the new challenges and risks arising from the adoption of the multiannual financial framework and the EU recovery plan, along with the increased interconnections between EU policies and the range of different Commission services and other bodies contributing to their design and implementation, the IAS’s ‘audit universe’ in its third decade will become considerably more complex.

In particular, the IAS is responsible for the audit of 90 different auditees, the European Commission’s DGs and EU agencies. Some 45 of these bodies are decentralised agencies. These agencies vary greatly in their numbers of staff and levels of budget. Most importantly, they are responsible for the delivery of an increasing number of important and sensitive EU policies. The planning, undertaking and reporting of these audits by Directorate A (³⁰) of the IAS has increasingly been done in coordination with the work completed on the audits of the lead DGs in the Commission services.

Manfred recognised the need for more coordination in relation to the audits of the new policies, which often involve a mix of different agencies and Commission services.

In essence, the ‘knowledge clusters’ will provide the basis for allowing the IAS to proactively aggregate information, evidence, and assess the environment related to both budgetary and political frameworks. Moreover, they will allow the service to match the headlines, policy clusters, programmes and/or special instruments of the multiannual financial framework 2021–2027 with the headline ambitions and the horizontal corporate objectives of the Commission’s standards of professional practice documents and the sustainable development goals of the United Nations.

Previously, the IAS has grouped ‘clusters’ of policies or families of DGs in single IAS units. Under the newly established ‘knowledge clusters’, the approach is based on political and/or budgetary priorities, bringing together auditors across all three of the IAS directorates and units. This will ensure knowledge sharing, analysis of related risks and contributions to planning and implementing audits, as well as to reporting their results on cross-cutting issues.

The ‘knowledge clusters’ are cross-functional IAS teams set up around specific themes, and aim to reflect the range of key political priorities, multiannual financial framework headings and policy domains for those particular themes to the greatest extent possible. The teams are designed to reflect the fact that the current and upcoming Commission policies, initiatives and areas of intervention are wide-ranging and affect a number of different domains.

I am convinced that in a changing environment it is important to bring different work and perspectives together and to share the wealth of knowledge in the IAS.

Although this was initially a challenging exercise for the IAS, the current process is not the end result. Instead, it will, over the years, improve and be recognised as being innovative, bringing both insight and foresight that will add value to future policy and planning.

More importantly, the knowledge clusters are intended to contribute to the in-depth risk assessment and will be the foundation for the IAS’s new strategic audit plan 2021–2023. The new process should result in a more relevant strategic audit plan, further focusing on high, cross-cutting risks.

This initiative launched in April and implemented since June 2020 will require additional consideration in the context of the reorganisation of work across the directorates and units of the IAS.

Nevertheless, it has the potential to be the most effective implementation of the existing knowledge and expertise in the IAS in future years.

Streamlining and standardising the audit of the EU agencies and other autonomous bodies

With Rein van der Zee as Director and Ilian Komitski and Friedrich Braeuer his Heads of Unit, the IAS book team interviewed the managers in the IAS responsible for the audit of the EU agencies and other autonomous bodies for almost a decade.

It can perhaps sometimes be overlooked that the IAS’s audit mandate extends beyond its responsibilities as the internal auditor in respect of the Commission’s DGs and services!

Speaking to these three motivated managers, they easily communicate the level of commitment, motivation, and excellent team spirit required to audit and provide assurance to no less than 45 different legal entities.

It is clear that there is a great deal of professional pride in the added value and support that Directorate A provides to these increasingly important bodies in the EU policy delivery sphere.

The significant growth and diversity of EU Agencies

Decentralised EU agencies play an important role in the European Union. They help make Europe more competitive and a better place to live and work. In general, the agencies were set up by the European Council to perform technical and scientific tasks to help the EU institutions implement policies and take decisions.

There has been a steady and spectacular growth in the number of EU decentralised agencies. The majority of agencies were created in two particular phases at the turn of the century and at the beginning of the second decade. The agencies are located in 23 of the 27 Member States.

Since 2003, following a revision of the Financial Regulation, the IAS received the responsibility under its mandate to audit decentralised EU agencies receiving a contribution from the EU budget. Initially 15 agencies, the number of agencies and other autonomous bodies audited by Directorate A is now 45, including five categories of decentralised agencies.

These audited EU agencies are categorised in different domains. The majority of them deal with competitiveness for growth and jobs. Other large categories include decentralised agencies on security and citizenship, joint technology initiatives, and joint undertakings.

While a few audited entities, with relatively small numbers of staff, are located in Brussels(³¹), the largest agencies audited by Directorate A are based in different Member States; they are the European Border and Coast Guard Agency (Frontex - Warsaw), the European Medicines Agency (EMA - Amsterdam) and the European Aviation Safety Agency (EASA - Cologne), each with over 800 staff.

By virtue of the Framework Financial Regulation and Model Financial Regulation, the Internal Auditor of the Commission is also the internal auditor of the EU bodies set up under Article 70 or Article 71 of the Financial Regulation. In addition to the services of the IAS, some of the larger agencies (³²) have their own internal audit capabilities who can complement and add to the IAS role. A range of others may also use external contractors to provide specific internal control related services in addition to the audits carried out by the IAS.

The agencies are therefore very aptly described as a mixed bag in terms of their age, location, size, budget, and level of expertise in internal audit.

All the entities are legally independent bodies and have independent management or governing boards. Almost all of them require their own budget discharge, and the European Court of Auditors is their external auditor.

The effectiveness of the EU agencies – A unique place in the Commission’s corporate governance

These agencies are increasingly acting in areas of significant importance to the welfare, security, and health of citizens. Any potential gap in governance oversight can create issues concerning the accountability of, and the reputational risk to, the Commission.

Although the European Commission has a place on all the management boards of these agencies and the relationship between partner DGs and agencies has become closer, Rein recognises that the Commission usually only has one board member among all Member States’ board members. Therefore, its ability to steer the activities of the agencies, including the implementation of audit recommendations, can sometimes be limited.

As the IAS looks forward to its third decade, Manfred and Rein have recognised that the agencies play an increasingly important role, with Commission services, in the delivery of the President’s policy priorities.

The IAS’s ability to provide a more holistic and constructive input to the Commission’s management, through the APC to the College, and to the management and boards of EU bodies, is an essential role for the modern internal audit service.

As highlighted elsewhere in the book, the IAS is currently working to improve its risk assessment and strategic audit planning processes by combining in ‘knowledge clusters’ (³³) the knowledge and expertise of auditors of the Commission and EU bodies alike.

Streamlining and standardising

In practice it is as if Directorate A has 45 mini European Commissions to audit!

Each agency needs a bespoke service from their internal auditor, who has the responsibility to provide assurance on an annual basis respecting the professional standards of the IIA and the internal quality assurance standards of the IAS.

As the internal auditor of these agencies and autonomous bodies, the IAS reports separately to each of the respective management boards.

Unlike their colleagues auditing the Commission, the teams in Directorate A do not have to produce an overall opinion on the financial management in each agency. Their audit work is driven by a risk-based audit plan on a four-year cycle, starting with a comprehensive risk assessment in the first year of the cycle. The risk assessment undergoes a light update at the end of each year. Additionally, an annual report on significantly delayed recommendations for each body may be issued, if applicable.

The number of audited agencies is split evenly between the units of Ilian and Friedrich. The number of these bodies, and their geographic spread, places a considerable planning and logistic burden on the managers.

Ilian Komitski, leading Unit A1, audits Regulatory agencies and Employment and Social Affairs decentralised agencies. The expanding portfolio of his unit is composed of fifteen agencies with a regulatory profile (³⁴) and seven agencies with a cooperation/networking and service profile (³⁵). All of Ilian’s audit clients are based outside Brussels and this creates a range of particular and additional challenges for his teams of auditors, who before the recent limitations arising from the pandemic, had to go ‘on mission’ (³⁶) to their audit clients for each engagement.

The second unit, Unit A2 led by Friedrich Braeuer, audits Justice and Home Affairs agencies, joint undertakings and other EU bodies. The very diverse portfolio of the unit is composed of nine joint undertakings (³⁷); the European Institute of Innovation and Technology (EIT), three EU institutions (³⁸), one intergovernmental body (the European Schools), six agencies under the supervision of the Directorate-General for Migration and Home Affairs (³⁹) and three agencies under the supervision of the Directorate-General for Justice and Consumers (⁴⁰).

For Rein arriving to take up his post in 2014, the only way to keep up with the number of agencies and the breadth of their activities was by streamlining and standardising the audit process of his directorate.

He underlines that it is important to plan, schedule and deliver audits with some flexibility, but using a standard timeline for all audit phases as a strong guiding principle. The wide diversity of decentralised agencies results in varied risks to be audited by the units. Directorate A uses the concept of portfolio risk to allocate the resources of auditing each decentralised agency and other autonomous body, on a scale ranging from two to five. The risk rating determines the coverage requirements and the number of planned audit engagements for the decentralised agency or other autonomous body concerned. The selection of audit topics is based upon a strategic risk assessment per agency. During the years when most agencies were newly established and growing, the IAS applied a maturity model, auditing processes when they were deemed mature. Since 2019, most agencies are considered to be well established and therefore the choice of topics is only risk based, using a similar methodology as the one used for the Commission services.

The managers ensure that, even with the significant differences in the sizes and budgets of the agencies, the number of audits and the frequency of their visits is both satisfactory to provide the required assurance, and does not disrupt the day-to-day operations of the clients.

The scope of the audit work to be carried out ‘on mission’ is carefully monitored to maximise the work that can be conducted on a preliminary basis before travelling.

The three managers confirm that the audit approach is principally performance-based, and/or an integrated approach with compliance elements. In recent periods, the emphasis has been on auditing administrative processes such as human resource management, contract management, procurement and grant management, as well as operational processes, covering both compliance and performance aspects.

Ilian in particular emphasises the challenges of auditing complex operational processes of the regulatory agencies, and the gratifying sense of adding value by improving the effectiveness and efficiency of these processes, with a direct impact on the lives of the European citizens in key areas. For example in aviation safety, chemicals, medicines and food safety.

Directorate A produces a large number of audit reports, with 30 to 40 audits and risk assessments each year.

Best practice from Directorate A

As part of the exercise to streamline and standardise their audit approach, the directorate uses the same audit management software (TeamMate) as the rest of the IAS and completes its risk analysis and audit reports in a consistent fashion.

However, there is one particular approach that Directorate A has retained that Rein and his team see as potentially adding value to their colleagues auditing the Commission services.

Before finalising reports with all their clients, the auditors have a full and transparent dialogue based on an Advance Draft Audit Report (ADAR). This is a full and complete audit report with all the findings and recommendations, shared with the auditees before the Draft Audit Report and eventually the Final Audit Report are issued. Rein and his colleagues confirm that this process is very much appreciated and that it often allows a quicker agreement of the findings and recommendations during the subsequent reporting phases, and a timelier submission of an action plan.

Although the agency management boards, and in some cases the agency audit committees, support and monitor the implementation of the IAS recommendations, the best way to ensure a swift implementation is if the quality of the report and the transparency of the dialogue can convince the different agency directors.

The three managers, stressing that their recommendations must be credible, robust and speak for themselves, proudly confirm that the level of implementation of recommendations is very high.

Our discussions with Friedrich and Ilian confirm the excellent reputation of the units considering the very positive feedback received from their clients in the satisfaction surveys.

Life is tougher in Directorate A

Rein, Ilian, and Friedrich are aware of the unique challenges that they as managers, and their staff, face on a day-to-day basis. In many ways they are proud to emphasise that ‘life is tougher’ for the auditors in Directorate A, and that the personal and professional challenges faced by them are different from those encountered by those auditing the Commission services.

They emphasise the particular flexibility, dedication and resilience of staff.

Considerable flexibility is required in the planning of the work, and the staff of Directorate A accept and embrace a range of professional and personal qualities that their colleagues in the rest of the IAS might not fully appreciate. A very intense programming and scheduling of audits in each unit, fixing mission dates many months in advance, requires significant pre-planning and coordination before, during and after the audit missions. The focus and teamwork to ensure that on-the-spot fieldwork is completed within five days is a very impressive characteristic according to the managers. Although the teleworking period that started in 2020 has stopped the missions, where possible the teams have maintained the fixed schedules and condensed fieldwork weeks for remote auditing as well.

With none of the audited agencies being located in Brussels, Unit A1 used to be the most travelled unit in the IAS, until 2020.

The travelling is for some colleagues very rewarding and teams develop strong bonds. The missions allow auditors to connect with auditees in a different manner from the colleagues on the Commission side. The staff are the face of, and represent, the IAS. This visibility can bring added pressure too in the course of the mission for team members. Overall, the auditors are engaged with agencies for a longer period, which builds a strong relationship, which is reflected in the auditee satisfaction surveys.

The next chapter

Looking forward, beyond the impact of COVID-19, the positive experience with remote auditing will allow further review of efficiencies in the work of the directorate. However, whilst preliminary interviews can increasingly be performed online, the managers underline that the audit visits to clients will continue to be important in the future concerning broader audit objectives.

Rein and his team acknowledge that the current initiative of Manfred to bring together the experience and expertise of their teams of auditors with those of colleagues in the IAS auditing the partner DGs and services, is the way forward.

The work to bring about a more holistic and appropriate governance perspective on the use of European funds to achieve the Union’s policy objectives will support the reflection on a re-organisation of audit work in the IAS.

The risks, challenges and rewards of auditing the EU decentralised agencies and other autonomous bodies is unlikely to change. However, the next step in the standardisation and streamlining of the processes might mark an important step forward for both audit in the Commission and the agencies, as the work and the staff are brought closer together.

It seems appropriate that at the end of the second decade, and after a period of significant growth in the importance and influence of the agencies, our book recognises and records the work of Directorate A.

This team in the last decade has brought the audit of the EU decentralised agencies and other autonomous bodies to the point that their full and appropriate integration into an IAS ‘one-audit’ approach is imminent.

Perspectives on the work of the Audit Progress Committee

The Audit Progress Committee

The APC assists the College of Commissioners in fulfilling its obligations under the Treaties, the Financial Regulation and other statutory instruments:

• it ensures the independence of the IAS;
• it monitors the quality of internal audit work;
• it ensures that internal and external audit recommendations are properly taken into account by the Commission departments, and that they receive appropriate follow-up.

Thus, the APC contributes to the overall further improvement of the Commission’s effectiveness and efficiency in achieving its goals and facilitates the College’s oversight of the Commission’s governance, risk management and internal control practices.

The APC informs the College on a timely basis of any issues arising from its work.

Current membership of the APC

The APC has nine members, comprising six Commissioners, including the APC Chair, and three external members with proven professional expertise in audit and related fields.

Half of the Commission membership of the APC is rotated halfway through the mandate.

APC Chair Commissioner Didier REYNDERS Justice APC members – whole mandate Commissioner Johannes HAHN Budget and administration Commissioner Mariya GABRIEL Innovation, research, culture, education and youth Commissioner Elisa FERREIRA Cohesion and reforms External member Michael SCHRENK External member Jean-Pierre GARITTE External member Jean FOSSION

APC members – first half of mandate (to end of July 2022) Commissioner Thierry BRETON Internal market Commissioner Ylva JOHANSSON Home affairs APC members – second half of mandate (from August 2022) Commissioner Adina VĂLEAN Transport Commissioner Jutta URPILAINEN International partnerships Cabinet members Members of the APC appoint members of their cabinets to assist them in their work.

Standing participants The IAS, DG Budget and the Secretariat-General, as well the Directorate-General for Informatics, hold standing invitations to attend the committee meetings. APC Secretariat Ms Migle HALAUKO – Head of the APC Secretariat Mr Stefan DEN ENGELSEN Ms Lola MUNUERA MONTERO Ms Dace LAPINA

4.1. Chair of the Audit Progress Committee: Commissioner Didier Reynders

Commissioner Didier Reynders is a Belgian lawyer and respected politician who has always been active in the public domain, as well as in academia. Following his studies at the University of Liège, Belgium, he became a member of the Liège Town Council and, later, Chairman of the National Railway Company of Belgium and the Chairman of the National Society of Airways.

In 1992, Didier Reynders became a Member of the Belgian Parliament and served as Federal Minister of Finance from 1999 to 2011. He was also appointed Deputy Prime Minister in the government of Prime Minister Guy Verhofstadt in 2004 and, in the same year, became Chairman of the Mouvement Réformateur (liberal party alliance) until 2011.

Among many other prestigious roles, his latter appointments to the government of Belgium included Minister of Finance from 1999 to 2011, Minister of Foreign Affairs, Foreign Trade and European Affairs from 2011 to 2019, and Minister of Defence from 2018 to 2019.

On 1 December 2019, he was appointed Commissioner for Justice, in charge of the rule of law and consumer protection, as part of the European Commission led by President von der Leyen. His portfolio includes the Directorate-General for Justice and Consumers and the responsibility for the Internal Audit Service. He is also the Chair of the European Commission’s Audit Progress Committee.

4.2. Bringing a new dynamic to the Audit Progress Committee

Previously she was member of Cabinet to President José Manuel Barroso, leading on the response to the financial crisis, taxation, the digital agenda, justice and home affairs, and relations with the European Council. She has also served as Deputy Head of Unit in the Secretariat-General, as member of Cabinet to Competition Commissioner Neelie Kroes, and as Assistant to the Director-General in DG Justice, Freedom and Security.

Michelle graduated from Warwick University in 1996 with a first class honours degree in French and international relations, and joined the European Commission in 2001 after five years leading on European policy in the UK Home Office and Cabinet Office.

She is currently back in the Secretariat-General, coordinating the use of the €2.7 billion Emergency Support Instrument in response to the coronavirus pandemic.

I first came across the Internal Audit Service (IAS) and the Audit Progress Committee (APC) in January 2000, from a musty and cramped office in 70 Whitehall, the sole selling point of which was the view onto the Number 10 gardens.

The IAS and the APC were nascent ideas at the time, from the Wise Men’s second report and the European Parliament’s Van Hulten report respectively. They would only become concrete proposals in the Reform White Paper later that spring.

As the EU institutions desk in the Cabinet Office, Commission reform was among my top priorities. After the fall of the Santer Commission, Prime Minister Tony Blair was working for a ‘step change’ in the UK’s relations with the EU, and a first step had to be to restore public confidence in the effectiveness as well as the regularity of the way the EU used its resources.

Blair had already raised the crucial role of effective internal audit and financial controls in the House of Commons back in spring 1999. Now he threw his weight behind the efforts of President Romano Prodi and Vice-President Neil Kinnock to put accountability and performance at the heart of reformed Commission governance.

Fast-forward to January 2015. I’m on the 12th floor of the Berlaymont, in the office next door to Frans Timmermans - whose intelligence, experience and political savoir-faire had earned him the post of First Vice-President of the Commission and an awesome portfolio ranging from better regulation to justice and home affairs, the rule of law, inter-institutional relations – and audit.

We are two months into the Juncker Commission – there is an ambitious annual work programme to implement, Charlie Hebdo has just been brutally attacked by terrorists and the first of over a million people are moving to Europe to escape the fighting in Syria. And then there are the ominously thick hand-over files in my in-tray marked ‘IAS’ and ‘APC’...

Back in 2000, the reform had faced bitter opposition from those who feared an Anglo-Saxon cultural takeover. Chairing the first of 36 meetings of the Preparatory Group – where the detailed work underpinning the APC meetings is done - it was quickly clear that the Commission’s governance model had bedded down well. Indeed it had proven so effective that the APC risked becoming a victim of its own success, in the sense that the high implementation rate of internal audit recommendations meant individual reports rarely gave rise to substantive discussion, and agendas tended to be dominated by procedural and information points and a complex array of follow-up and other monitoring reports. The operation of the APC had become so much the routine that the secretariat had been moved to the IAS and reduced to a minimum.

At the same time, there were some tasks identified in the APC Charter since 2005 – such as follow-up to external audit findings and audit-related matters arising in the discharge – which were not being given the necessary attention. And the centralisation of internal audit work in the IAS meant that the output of the internal auditor and hence the workload of the APC were set to increase.

This came against a background of increased scrutiny from both the European Parliament and the European Court of Auditors. There were calls to fully externalise the APC and align its role to that of audit committees in the private sector, despite the unique nature - and hence governance needs - of the Commission even by comparison to other international public institutions. As it turned out, that particular discussion only concluded when the 2018 revision of the Financial Regulation established requirements for audit progress committees in all EU institutions which are fully consistent with the model chosen by the Commission.

So early on in the mandate, I put it to Frans Timmermans that under his tenure the APC should not rest on its laurels, and was grateful that he backed me with a mandate to focus the APC’s work on performance, horizontal risks, and corporate added value, whilst making working methods more engaging and ensuring that all of the tasks set in the Charter were fulfilled.

In his article, Frans has set out the numerous improvements made during his tenure, which have ensured the APC remains fit and active as a mature and effective actor in the Commission’s governance structure. Migle Halauko describes(⁴¹) how a renewed secretariat now supports the APC in its work, and I am grateful to her, to Niina Lehtinen before her, and to all the team.

I would add just four personal observations.

Firstly, the move from following individual audit reports recommended for discussion by the IAS to a proactive and more strategic examination of internal and external audit findings and their follow-up, based on clearly-identified priority themes, proved very valuable, as Pascal Leardini reflects in his article. Thematic discussions in key areas such as anti-fraud, financial instruments, IT governance and security, performance management systems, and the management of human resources allowed the APC to draw horizontal conclusions with wider value for the institution as a whole, feeding into important policy developments and identifying cross-cutting risks as well as promoting good practices. Individual audits were not neglected though: for example, when fundamental internal control weaknesses in an executive agency were identified by the IAS, continuous pressure from the APC (including, given the urgency, in the committee’s first ever meeting in Strasbourg) ensured that the necessary remedial measures were quickly taken, starting with structural changes at leadership level.

Secondly, a crucial function of the APC is to ensure the independence and quality of the internal auditor’s work. Given the very high levels of acceptance of its recommendations by DGs, a recurrent point of scrutiny was to check that the IAS had not been under pressure of any sort to ‘soften’ its findings. The fact that at the APC’s initiative the College invited the IAS to audit the institution’s own governance structures was a significant step, demonstrating – as was also the case with the IAS consulting engagement on the handling of parliamentary questions by Cabinets - that no areas, even the political level, are off-limits to the Commission’s internal auditor.

Thirdly, the role of the APC as a two-way guarantor that both internal auditor and auditee are subject to fair and equal scrutiny is hugely important. On the one hand, to ensure the IAS can be fully objective and operationally independent in reaching its findings; on the other, to ensure that these can be challenged where justified. Whenever recommendations were not accepted, the APC systematically sought to understand the reasons why, and often successfully encouraged a management re-think. But on a few occasions, the APC supported management in their assessment that a specific recommendation would not be effective or efficient, provided that the residual risk was accepted and mitigating measures were in place. One example was a recommendation to streamline supplementary controls on expenditure; the DG concerned convinced the APC that the additional resource use was justified by the particularly difficult control environment in a third country.

Finally, as all such bodies, the APC works best when it is nimble - as Frans says: “able to navigate between auditors, auditees and politicians”. The fact that many fellow Deputy Heads of Cabinet sat in the Preparatory Group and that Sandra Kramer as Director in President Juncker’s Cabinet was a regular observer helped enormously, given the various other channels in which we worked together in parallel and the relationships of trust which flowed from that. The new format for meetings took committee members’ questions as the starting point, leading to more substantive dialogue, and more insightful conclusions, whilst written procedures allowed more routine business to be dealt with efficiently. Behind-the-scenes contacts between formal meetings – the occasional but timely call to a Head of Cabinet or Director-General – also mattered in terms of getting things done. That proved particularly the case in following up the three critical recommendations the IAS issued during this period, relating to the nuclear decommissioning funding programme and to the case of the executive agency mentioned above.

The APC’s external members – Caroline Mawhood, Irena Petruškevičienė, Jean-Pierre Garitte and Michael Schrenk – were instrumental in supporting the APC’s development over the last years. Their service to the institution, personal commitment, and capacity to ask the most challenging of questions were all exemplary. Pascal Leardini and Rosa Aldea Busquets and their teams from the Secretariat-General and DG Budget were invaluable in bringing their experience, constructive criticism and insights from a corporate perspective, as well as providing a bridge to management structures such as the new Corporate Management Board. Inviting DG DIGIT as a standing member raised a few eyebrows at first, but as a key partner for many DGs implementing IT-related audit findings, this soon showed its merits thanks to Gertrud Ingestad and her team at the time.

I was invited to focus this article on the work of the APC. But it would be remiss to close without briefly wearing my ‘other hat’: advising Frans in overseeing the management of the IAS, in full respect of its operational independence. The renewed IAS leadership team – Manfred Kraff, Jeff Mason, Cristiana Giacobbo and Rein van der Zee – and indeed everyone in the IAS family deserve sincere thanks for the consistent quality of their work and the professionalism with which they interacted with the APC, but also congratulations on the numerous and very positive ways in which the IAS itself has evolved in the past few years, as is reflected throughout this book.

Bringing a new dynamic to the work of the APC was sometimes challenging but will remain one of my most rewarding professional experiences. It was a privilege to be able to contribute to the constant improvement of the Commission’s governance structure, grounded on the fundamentals set out in the reform of twenty years ago and which have since consistently proven their worth. Here’s to the next 20 years of the IAS and the APC!

4.3. The magicians behind the scenes: the work of the APC secretariat

In November 2019, Commissioner Reynders was invited by President von der Leyen to chair the APC and to take political responsibility for the IAS. With the six new members of the Committee in place, a new APC Charter was agreed in February 2020 and the new Committee was ready to go.

The Commissioner and his Committee took over the reins of the APC from former First Vice-President (now Executive Vice-President) Timmermans who was responsible from 2014 to 2019.

The APC under then First Vice-President Timmermans (⁴²) developed its role and increased its mandate. The centralisation of internal audit in the Commission, the strengthening and enlargement of the IAS and the implementation of recommendations following the European Court of Auditors and IAS audits related to the governance at the Commission, led to the College modifying the APC Charter (⁴³). In turn, this also led to changes in the Committee’s focus, working practices, role, and composition.

Migle Halauko took charge of the secretariat of the APC at the start of this important period for the APC in 2016. Migle gives us an inside perspective on the responsibilities and independence of the secretariat.

Migle confirms that a close and effective working relationship, formerly with Michelle Sutton (⁴⁴) and now with Luc De Lobel (⁴⁵), as the Chairs of the APC Preparatory Group, has been a key element in her team’s success in providing effective support.

Critically for Migle and her team, the changes to the APC Charter in 2018 have resulted in the Committee now being supported by a reinforced secretariat, which although located administratively within the IAS, is functionally independent from it. The direct reporting link to the Chair of the APC Preparatory Group is also seen as an important development to ensure functional independence.

The APC holds at least three meetings per year. Minutes are taken of all meetings and are provided to the Members of the College. Preparatory Group meetings prepare for the Committee meetings by considering all agenda points and ensuring that discussion in the Committee focuses on the most relevant matters and that the most effective input and added value can be obtained from the meetings.

The APC has developed a strategic approach for its work by setting out a series of priorities and focusing on cross-cutting themes arising from audit work. Using this approach, it is able to provide horizontal conclusions of relevance for the institution more widely. A notable development has been the increased focus on the external audit findings of the European Court of Auditors in addition to the internal audit findings of the IAS.

The APC secretariat’s work involves frequent contact with the Cabinet responsible for audit, other Cabinet members in the APC Preparatory Group, APC external members, senior management in DG Budget and the Secretariat-General, the IAS and auditees.

The team members have to exercise their professional judgement in looking at critical and very important findings, identifying thematic discussions with a strategic value, and working to effectively ensure that the European Court of Auditors’ and IAS’s observations are most effectively tackled by the APC in areas of mutual concern, or with common risks.

Migle underlines the important role played by both the external members and the standing members of the APC in its discussions.

The Committee’s external members bring proven professional expertise in audit and related matters to the Committee. The number of APC external members was increased to three in 2017 (⁴⁶). The external members are highly respected and their contributions bring a lot of added value to the Committee’s discussions.

The standing participants, in addition to the IAS, are DG Budget and the Secretariat-General, as well as DG Informatics. Migle reflects that with the increasing focus on strategic, thematic or horizontal issues the participation and contribution of these key DG members of the Commission’s Corporate Management Board are particularly enriching. Their proactive and constructive contributions to debates and discussions are leading to an even more effective implementation of recommendations that have a wider impact across the Commission.

The secretariat also drives all APC planning, taking care of all logistical aspects of meetings, drawing up preparatory documents for meeting discussions, and drafting minutes.

Their activities also include drafting the APC’s annual report to the College. Since 2016, the summary of the APC’s conclusions for the year has been included in the annual management and performance report, acknowledging its role in the overall assurance-building process and making the APC’s work more transparent.

Looking forward, Migle sees a busy and challenging period for the APC and her team. Having just organised the first APC meeting by teleconference during the Commission lockdown during the COVID-19 pandemic, the team has developed a way of working that is now part of the APC process going forward.

The APCs team of Migle, Lola, Dace and Stefan is small in size, but dedicated and closely-knit. The team’s work to underpin and support the work of the Committee as a mature and effective actor in the Commission’s governance structures is very well recognised and welcomed by all.

Quality counts

5.1. Staying ahead of the game: quality assurance in the IAS

The IAS has been recognised as operating in general conformance with the International Standards for the Professional Practice of Internal Auditing of the Institute of Internal Auditors since 2008. This status has been confirmed by subsequent external quality assessments (⁴⁷).

In parallel with the significant changes that the IAS was undergoing in 2015 (⁴⁸), Philippe Taverne established a central unit, Unit 01, ‘Quality assurance, resources, administrative coordination and communication’, and adopted a formal quality assurance programme that covered all audit activities. Unit 01 performs its activities independently under the direct supervision of the Internal Auditor.

Sunil Beersing confirms that the quality assurance team of Unit 01, led by his experienced colleagues Jessica Kestermont and Stefan Bonne, oversees many areas, including:

• the design and update of the IAS quality assurance and improvement programme;
• the coordination, administration and monitoring of the activities needed for a successful quality assurance and improvement programme (in particular, internal and external assessments);
• the independent continuous quality review of all key audit documents produced by the IAS directorates;
• the design and update of methodological guidance;
• contributing to the monitoring of management information on audit progress, planning and the use of resources.

The team also plays a key role in the effective implementation of the audit software and in fulfilling key IAS reporting obligations to the College and the APC. In doing so, the team provides essential support and advice to IAS management and auditors and contributes to the production of high-quality deliverables that add value to its stakeholders.

The primary objective of the IAS quality assurance programme is to promote continuous improvement. It was established in line with international standards (⁴⁹) and focuses on periodic internal and external assessments, including ongoing internal monitoring. It should ensure the professionalism and quality of the IAS approach and conformance with the mandatory international internal audit guidance.

Over the last 10 years, a range of improvement initiatives and audit processes have been adopted or updated as necessary to ensure that the service remains ‘ahead of the curve’ and delivers the best and most professional advice and assurance.

These developments have taken place against a background of the centralisation of internal audit services in the Commission and the improvement of the IAS’s contribution to, and coordination with, the institution’s reports on performance and governance.

In 2010, under Brian Gray, the IAS started to produce an overall opinion on financial management in the European Commission on an annual basis. Sunil explains that, as the decade has evolved, the IAS further refined the approach, in particular by taking into consideration the quantitative impact of the corrective capacity of the multiannual supervisory and control systems on the amounts at risk at payment and at closure. As Jessica confirms, this is an important and thorough exercise.

Using guidelines and key statistics prepared by the quality assurance team, the opinion is built up, based on the input of the audit directorates and their DG clients.

Sunil adds that the overall opinion and the annual report from the internal auditor on the internal audits carried out during the year now represent an integral part of the European Commission’s integrated financial reporting package to the discharge authority. This input is now a key element of the assurance and accountability chains of the European Commission. The IAS is regularly invited to conferences and seminars organised by the IIA at global, European and national levels, as well as authorities in the Member States, to make presentations on the methodology and added value of this exercise to stakeholders.

Another change was introduced with the abolition of the IACs in 2015. A gap was created in the DGs, which the IAS addressed by providing a limited conclusion on the state of internal control, in support of the AARs of every DG. These conclusions are based on audit work completed in preceding periods (⁵⁰) and take into account the open recommendations from both the IAS and the former IAC audits. In certain cases, the IAS concludes that the DGs should issue reservations in their AARs based on the open issues and the associated risks. The formulation of the limited conclusions has been frequently revised over the years, and further progress is possible in providing insight to the auditees. Nevertheless, its key function remains to assist the authorising officers in their annual assessment of their system of internal control.

The team reminds us that, even prior to the centralisation of the internal audit functions in the Commission, and now in a more structured manner, the IAS also contributes to the preparation of the AARs of the DGs. The AAR instructions require DGs and services to summarise the audit work including the recommendations already reported as implemented by management or even closed by the IAS during the reporting year. Sunil’s team coordinates the contribution of the IAS directorates to the ‘peer review’ exercise.

Under Brian Gray, the IAS noted that a further, more structured and systematic audit task was required to support the IAS’s work on assurance. Staff members noted that, in the AARs, the authorising officers based their conclusions and reservations on the error rates that they calculated. The IAS therefore started to assess the DGs’ calculation and disclosure of the residual error rates in the AARs. This exercise was initially carried out on the DGs with high values of expenditure. It was considered helpful in providing stakeholders with a more realistic view of the value of the residual error rates and how they are estimated. Over time, the recommendations and advice of the IAS in this area have led to extensive corporate guidance issued by the central services on the calculation of error rates. Accordingly, and reflecting the reduced risk, these exercises are no longer routinely undertaken.

Another important exercise that the quality assurance team plans and coordinates is the preparation of the IAS strategic audit plan, and its annual updates. Sunil confirms that the nature of the exercise has not changed significantly over the IAS’s second decade. However, in the last few years, the IAS has made progress in mapping the strategic risks identified by management at the level of the Commission and the strategic risks identified by the IAS.

The key themes and risks identified by managers in the Commission complement the IAS’s internal audit risk assessment and eventually result in the selection of audit topics. Following the IAS audit on the Commission’s governance (⁵¹), the Corporate Management Board now oversees the Commission’s risk management process. In particular, it now transmits consolidated information on the list of critical risks and possible additional comments to the IAS, which transmits it to the APC in the context of its consideration of the audit plan.

As noted in Chapter 2, Adrian Mircea is currently coordinating an exercise on ‘knowledge clusters’. The outcome of this key work should allow the IAS to enhance its risk assessment and strategic audit planning processes and to better address the increasingly complex risks to which the Commission is exposed.

As in the past, the IAS structures its audit plan principally along two main strands: audits addressing compliance/financial risks and audits addressing performance risks (or audits covering both elements, which are referred to as comprehensive audits). In addition, the IAS performs IT audits (usually also performance audits), limited reviews, follow-up audits and consultancy engagements.

One of the key measures of the overall impact and added value of the IAS, which are regularly used by the APC to assess the IAS’s impact and added value, are statistics on the acceptance and implementation of IAS recommendations. Based on the guidelines and templates issued by staff members of the quality assurance team, the service reports quarterly on these matters to the APC. These reports can be prepared based only on an effective strategy for the follow-up of recommendations. Stefan outlines the key changes that emerged from an IAS follow-up strategy review, which he concluded in 2017.

The strategy was redesigned following five key principles:

• it is useful to take note of the actual implementation of IAS recommendations, ensuring timeliness of the follow-up work and of the implementation of recommendations by the auditees;
• simplification and harmonisation of the process and reduction of the administrative burden should take place, where possible;
• there needs to be flexibility in the follow-up approach;
• subsidiarity in management, monitoring and the supervision of follow- ups is required, with the head of unit having a key role in the process;
• clear communication and reporting to the stakeholders are vital.

No less than 98% of the recommendations issued during the period 2015– 2019 (⁵²) were effectively implemented by the auditees.

In closing our interview with Sunil, Jessica and Stefan, it must be emphasised that the importance of an excellent quality assurance and improvement programme cannot be understated if you wish your service not only to conform to international standards but also be a benchmark for the practice of internal audit in the public sector. Maintaining a high level of quality in audit and assurance is essential to maintain the confidence and support of the IAS’s clients and key stakeholders in its work.

The quality assurance team of the IAS continues, with colleagues in the audit directorates, to deliver most effectively on all of these fronts.

In the following sections, we feature some more of the key initiatives that continue to drive and raise not only the service’s professional and technical proficiency, but also the morale and investment of the staff in this important work.

5.2. Performance audit in the IAS

Improving the effectiveness, impact and value of IAS assurance advice

In recent times, the European Commission has always looked towards achieving its objectives with ever more scarce resources. Similarly, there has been an increased focus of the external audit body (the European Court of Auditors) and European Parliament (⁵³) on performance management and performance measurement in its use of the budget.

On the audit side, it is clear that the European Court of Auditors has moved its attention away from the pure financial element towards performance and value for money. With performance as the ‘second pillar’ of the European Court of Auditors’ statement of assurance, the IAS was aware that it had to be prepared to provide assurance and advice to management on these elements.

In the annual internal audit report, the internal auditor, in addition to summarising the audit production in the year, focuses particularly on the overall compliance with the principles of sound financial management and performance by providing an overall conclusion on performance audits (⁵⁴).

Thus, in the course of its second decade, in order to meet the needs of its key stakeholders, the IAS has significantly increased its focus on audits that address performance issues separately or audits that include important performance elements (comprehensive audits).

In 2014, 12 audit reports completed by the IAS were categorised as performance and comprehensive audits (⁵⁵). This number peaked at 43 in 2017. In the period 2015–2019, these two categories of audit approach made up between 90 % and 95 % of the total IAS output in an annual reporting period.

It is widely recognised that Cristiana Giacobbo is the ‘mother’ of performance audit in the IAS. She is quick to point out that she was not the only one to have contributed towards its success. Without Caroline Chamoux, now working in the European Parliament, the performance audit project would never have been delivered. Cristiana confirms that Caroline's input was fundamental.

Although Brian Gray had launched the performance methodology project in the IAS in 2011, it was under Philippe Taverne that the project was relaunched and Cristiana was asked to bring the task to fruition.

Using Brian Gray’s original guidance note, the whole project was designed and managed using a very strict project management methodology. The strong project management approach followed was, according to Cristiana, the key factor in the project being delivered within 6 months, by July 2014.

In researching the project, the national audit offices in both the United Kingdom and Sweden were consulted by Cristiana and her team. However, the closest reference found for the needs of the service was the guidance used by the European Court of Auditors.

It was key that the concept of the IAS performance audit, however, be adapted to the Commission context, taking into consideration how the Commission is organised and its functions. Cristiana and her team clarified the IAS’s definition of performance audit, in line with its mandate, not going beyond the boundaries of the Commission, and without any evaluation notion or conclusion as to whether or not the Commission activities had achieved their final objectives, or of the impact and results.

A key feature of Cristiana and Caroline’s project was regular communication and reaction to feedback from auditors. In particular, the new methodology was trialled live in the conduct of a performance audit in a DG. Cristiana recalls that the methodology was still a hybrid at that stage and that this was an important ‘road test’ for the new methodology.

The result was comprehensive methodological support and guidance on all steps of performance audit. This enables auditors in all units to examine if, and how, management in the Commission or decentralised agencies has set up control systems to assess and provide assurance on the performance (efficiency and effectiveness) of its activities.

When answering the question as to whether performance audit was a new approach for the IAS, Cristiana recognises that the performance audit methodology was a natural evolution of the IAS work.

She is very keen to underline that, as early as 2008, the IAS was already undertaking ‘performance-type audits’, often involving several DGs involved in corporate process. One of the first horizontal ‘performance-oriented’ audits was on the Recovery process in the Commission carried out in 2008, which looked for the first time to a corporate process from two perspectives, the corporate dimension and the implementation at the operational level. This opened the door to all the multi-DGs audits that have been conducted since then and looked at increasingly complex key corporate processes and governance- related aspects.

The methodology was, Cristiana confirms, a key step toward a more professional and transparent structure which allowed the IAS to demonstrate that it was taking a very positive and proactive approach to meeting the needs of the stakeholders for increased assurance on performance in many different areas, including risk management, human resource management, and internal performance measurement system. Moreover, the new approach has been used by the IAS to more effectively address risks and make positive and constructive recommendations for audit on some key and significant horizontal and ‘cross-cutting’ risks in the Commission.

In many ways, the important work on the development of the performance audit methodology reflects the focus on the improved professionalism and quality of IAS procedures that has been a highlight of the service’s development in its second decade.

Moreover, the increasing focus of the audit work on the way the services perform represents the IAS contribution to the achievement of a modern, high-performing and sustainable European Commission. Looking forward to future challenges, the IAS will have to adapt the way it delivers the assurance on performance to the increasingly complex Commission policies and programmes in order to continue to meet its objective to add value to the Commission.

5.3. Keeping it agile: lean audit working groups

Lean is a valuable concept, because it forces you to think about the bigger picture. It’s a way of thinking; it’s a mindset, with interrelated tools and processes behind it.
Norman Marks, from Paterson, J.C., Lean Auditing: Driving added value and efficiency in internal audit, December 2014

To my mind being prepared to ‘rock the boat’ is a necessity if we want to put internal audit on the right path to being acknowledged as a key ingredient for sustainable organisational success. James C. Paterson, from Paterson, J.C., Lean Auditing: Driving added value and efficiency in internal audit, December 2014

Lean auditing working groups bring together colleagues with different views and expertise. This ignites creative thinking that otherwise would not have been explored. Kristiana Rume, IAS

Capitalising on the experience and expertise of colleagues: the IAS actively embraces the concepts of ‘lean auditing’

For Manfred and his managers, the challenge of being able to identify and focus on the completion of the most key elements of work at a time when there is pressure on the use of resources has become a key factor in their strategy.

The IAS has had a close cooperation with James Paterson for a number of years. The author, consultant and former chief audit executive has been both a presenter at, and the moderator of, the IAS conference in recent years.

In 2014, James published a book, Lean Auditing: Driving added value and efficiency in internal audit. In his book, and in a seminar delivered to the IAS on his approach, James explains the concept of ‘lean’ auditing.

James’s ideas are relevant to organisations like the IAS that want to develop their own capabilities and the efficiency and effectiveness of the wider organisation in which they work. He emphasises that auditors should focus their efforts on only the most valuable internal audit work.

Talking to Adrian Mircea, who is coordinating the work of the IAS’s five ‘lean audit working groups’, it is clear that management saw scope to review better ways of approaching how the IAS plans, conducts, documents, and reviews its work.

Adrian confirms that the complex audit universe of the IAS, in particular working in the public sector and with over 90 different audit entities, could not take on board all the ideas and initiatives in James’s book. However, Manfred and his senior managers decided to take up the challenge.

The overall objective of this initiative is to look into different aspects of the implementation of the IAS methodology and working practices to streamline them and make the most of available resources.

Manfred invited staff to participate in five working groups that would address areas in which a review might indeed lead to improvements and contribute to the IAS becoming more ‘lean’ in its audit processes and procedures.

The five groups and their corresponding aims that were set up in September 2019 are:

• Working group 1: ‘Auditor’s toolbox’ – to develop standard audit criteria and programmes for standard audits processes which are regularly audited by the IAS. Lead: Inês de Oliveira Magalhães.
• Working group 2: ‘Pit stop methodology’ – to propose a methodology for ‘stop-and-go’ checks during the engagement to timely assess the added value of the audit, based on the risks and preliminary findings identified. Lead: Frank Ryckewaert.
• Working group 3: ‘Revamping the content and format of audit deliverables’ – to clarify key messages. Lead: Kristiana Rume.
• Working group 4: ‘Sampling guidance’ – to further develop the IAS methodology and ensure knowledge sharing in this area. Lead: Ana Garcia Lanza.
• Working group 5: ‘Root cause analysis’ – to provide tools and techniques that can be used by the auditors to enhance audit effectiveness, strengthen audit observations reported, and facilitate deeper discussions with management. Lead: Georgiana Van Rompuy.

The key to the success of the initiative relies on the participation and contribution of more than 40 staff from all directorates and units of the IAS.

The quality assurance team, in Unit 01, also offers its support by providing encouragement and any necessary technical input. The contributions of Jessica, Stefan, Zuzana and Georgiana have been appreciated by their respective groups – and by senior management too.

The clear commitment of Manfred, Adrian and the senior managers to the potential implementation of some of the recommendations resulting from the work of the groups has also been one of the main drivers of the success of this initiative.

The members of the different groups interviewed for this book confirmed that all the volunteers were very motivated, not only by the objectives of the lean auditing project, but also by the fact that this work was challenging and interesting and could have a real impact on the work of the service. In particular, everyone welcomed the opportunity to meet and discuss professional audit matters with their colleagues working in other areas of the IAS.

Some of the groups, in particular working group 4, discussed their methodological challenges with colleagues from other DGs with expertise in the domain, with other institutions (for example the European Court of Auditors), or with external experts in the field (for example the Institute of Internal Auditors, and various universities and companies).

The working groups were launched in September 2019 and, in November, each group was already presenting its progress and a roadmap to senior management. Some groups have been able to deliver earlier than others, but this initiative is already an unequivocal success.

Although the working groups deliver important results and improvements, all participants recognise that it is an exercise that they complete on top of their core responsibilities. In addition, the recent period has been marked not only by COVID-19 but also by the important tasks on current IAS priorities, notably the work on knowledge clusters and on COVID-19-related risks.

Accordingly, the work that started so well has had to be paused. Nevertheless, senior management has re-emphasised its support for the working groups to continue.

One of the first groups to deliver its results, in November 2019, was working group 5, on root cause analysis. Georgiana confirms that the group’s proposed actions: to update the IAS audit manual and methodology, and the finalisation of training material for a training course available to Commission auditors, were accepted by senior management. Not surprisingly, senior managers have confirmed that the work is highly relevant and should continue. The first training on root cause analysis will be delivered in November 2020.

Working group 1, on the auditor’s toolbox, led by Inês: was tasked to design standard audit programmes for operational processes initially focusing on procurement and grants (including tendering, call for proposals, contract management and grant management). Inês confirms that they will soon be able to present their first results to IAS senior management. Inês also thinks that working towards the group’s objectives so far has been very rewarding to all the members. However, as a voluntary task, it has sometimes been difficult for members to allocate as much time as they would like. Although there have been some delays compared to the initial timeline, Inês confirms that the work concluded so far represents an important step towards standardising audit programmes on recurrent audit topics and that this should be reflected in improved efficiency in the next audits in these topics.

Frank Ryckewaert leads working group 2, ‘pit stop methodology’. He outlines their objective: to propose a methodology for ‘stop-and-go’ checks during audit planning, fieldwork, and reporting phases to decide on whether to continue an audit or not, based on risks and preliminary findings. Looking initially at the pit stop before finalising the performance audit matrix and drafting the engagement planning memorandum, Frank confirms that the group’s work considered, in developing a methodology, elements such as ‘recent practices in IAS (closing notes after preliminary survey)’. Frank emphasises that the group is seeking an output that will be both lean and quick, involving short standard checklists to aid management and team leaders in reaching these critical and potentially resource-saving decisions quickly.

Kristiana explained that the working group 3, ‘revamping the content and format of audit deliverables’ aims to achieve two interlinked objectives. First, the working group explores the need to further streamline and enhance the key audit deliverables in terms of their content and review process, for example by introducing simplified templates or updated instructions. The group’s second target is to identify and propose new, visually appealing reporting formats. These ideas have been in the air for a while, first materialising two years earlier when ‘revamping audit deliverables’ was proposed as a workshop topic for the IAS Away Day. To meet these ambitious objectives, Kristiana confirms that the group established a roadmap and set up four subgroups. The group presented its first proposals to IAS senior management in October 2020.

For working group 4 on sampling guidance, Zuzana Scheinerova stepped in to give us an update. The objective of the working group was to further develop the IAS methodology for audit sampling and ensure knowledge sharing in this area. The working group now proposes to update the IAS audit manual on sampling methodology to make it more relevant to the current IAS audit work and approach (including performance audit methodology), and to streamline earlier existing sampling guidance as much as possible. Furthermore, a specific training course and training material will be developed as soon as the new sampling methodology is approved.

The key objective of the lean audit initiative for the IAS is to look into different aspects of the implementation of the IAS methodology and working practices, to streamline them and make the most of available resources. Even with some slight delays encountered by the working groups along the way, it is clear that this approach will bring benefits to the IAS in the long term.

Perhaps of equal importance is the fact that the working groups have clearly been a success also in terms of motivating and encouraging staff to share their expertise in a management-supported initiative. Bringing together colleagues from all different parts of the service, each with their own professional input and knowledge, has been a huge success.

Looking forward, the working groups appear to indicate a rich and talented base of expertise that management can count on in the next decade, as they work to address multiple and complex challenges to come.

5.4. Facing the challenges of the future: Innovation and digital auditing

Working outside our comfort zone

The reorganisation of the IAS has had a significant impact on its development since 2015.

Along with the creation of a central unit focused on quality assurance, another unit with the responsibility to manage and deliver IT services to the DG, Unit B1, was also established.

One of the principal reasons for this focus on IT was a clear recognition of the necessity to increase the number of staff in the IAS with specialist qualifications and experience in IT. It was seen that these skills and competencies were needed to allow the IAS to provide specialist guidance and advice to auditors, and to assist in the completion of larger and more complex IT audits.

While IT auditing existed before the creation of this unit, the goal of setting up the unit was to centralise IT auditing and to improve, together with the operational units in the IAS, the recognition and effective audit of IT risks in the Commission.

Our discussion with Carlo Billi, Head of Unit of IAS.B1, and Felipe Castro Barrigon, IT auditor, gives an insight into how they manage the contribution of their core tasks in IT auditing to the organisation, as well as how they support and deliver IT services, such as TeamMate AM (⁵⁶), to the IAS in an agile manner.

Systematically, the unit has been taking steps to organise an organic approach to identifying the areas where the IT risks are higher in the Commission. Felipe, who was recruited for his specialist IT knowledge, has carried out a lot of work since 2014 in this area. In particular, he has completed many audits across different Commission services focusing on IT risks.

Another colleague in the unit is highlighted by Carlo. Luka Varenina has also contributed to these innovation initiatives. He not only directly applies them on the job but he also puts time, effort and new ideas to the different initiatives. He has been a good example of how an open minded attitude to new ways of doing things can unlock their potential. Luka has particularly contributed to further developing and making more accessible to audit colleagues the full range of the IAS remote auditing techniques during the year of COVID-19.

The exercise to support integrated or comprehensive audits that take a more appropriate holistic approach to all business risks (IT and non-IT) is supported by two training courses highlighted by Carlo and Felipe, one on IT audit for non-IT auditors, and another that promotes the use of integrated audits.

Manfred Kraff openly admits that the exchange of ideas and best practices on IT auditing at recent IAS annual conferences has been a key factor in the development of his forward-looking ideas and practices to ensure that the IAS can meet the audit challenges of the future.

In particular, the IAS conference in 2018 (⁵⁷) focused on the challenges confronting internal auditors in the face of fast-changing technologies as a part of the fourth industrial revolution. This was a wake up call for the IAS.

Shortly after the conference, Manfred invited Carlo to prepare a structured IT strategy that would allow the IAS to move towards a digital auditing approach to enhance the capacity to perform audit work. He wanted the exercise, based on a thorough appreciation of best practice in the Commission and benchmark organisations, to identify the maximum cost/benefit from available tools and techniques in order to identify gaps in competencies and specialist knowledge. On this basis, Manfred looked towards taking forward a strategy that allows the IAS to keep pace with fast-moving technologies and ensure that the service is best placed to add value to an increasingly digitalised Commission.

Recognising gaps in competencies and in specific fields, there was an openness to invite and connect with people from the outside to learn from their areas of expertise. In particular, Carlo and his colleagues have held meetings with the internal auditor of the Dutch government and with the European Court of Auditors. Even now, staff are in discussion with the Institute of Internal Auditors (at a global level) to review opportunities for cooperation with the professional body that is leading and advising the internal auditor profession.

With a phased action plan now in place, the unit is currently in an explorative learning phase. One area under consideration is that there may be a need to develop or recruit certain profiles of staff that the IAS does not currently have, such as data scientists, to open specific profiles in certain domains.

One of the key strategies behind the work of Carlo and his team is to increase the knowledge, competence and confidence of non-IT auditors to tackle the increasing number of risks in this area in the Commission. Having established the lean auditing working groups in 2019, the innovation and digital auditing working group was also created to develop a plan and related audit tools and techniques. Both groups, together with colleagues, effectively link the IT and business sides of the IAS.

Carlo and Felipe confirm that auditors need to understand Commission processes that are supported by new technologies in order to adequately assess them. With business processes having automated workflows, the assessment of performance may require collecting, sharing, mining and analysing data. It can require a thorough understanding of the business process and advanced data analysis to gain insights into these data, and to determine and assess relevant trends.

More practically, the adoption of some of these techniques could allow auditors to gain quicker, structured and automated access to relevant documents in areas where they currently have to depend on the auditees. It could also help work to be more targeted with better use of available data to identify and assess risks. Audits could be better scoped, and the audit risk could be reduced through more representative samples using the best criteria for determining sampling populations.

The areas that the innovation and digital auditing working group and the lean audit working groups have focused on are data analytics, artificial intelligence, block chain, data visualisation techniques and enhanced digital publishing of audit documents, and the use of sampling methodologies.

Carlo and Felipe recognise, and welcome, that the process seems to be going in the right direction towards the IAS building its own broader base of staff with competencies and capabilities in digital auditing. They acknowledge that they are seeing an increase in the number of findings and recommendations arising from the audit of specialist IT risks by operational units.

Through attending conferences and networking with colleagues in the public and private sectors, the auditors in the IAS are indeed becoming increasingly aware of the risks and challenges they are facing to develop their audit approach and techniques.

Reflecting on the impact of COVID-19 on the IAS, the two IAS specialists feel that the service has increased its ability to use more collaborative tools (such as Skype and WebEx) to hold meetings, perform audits and reduce the number of on-the-spot missions carried out. They suggest that the Commission was already moving in this direction and that the pandemic has only accelerated this transition.

Having previously been more prudent in adopting new ideas, the IAS is now opening up more to the external world, looking at a wider range of technologies. However, Carlo and Felipe recognise some genuine technology barriers to artificial intelligence and block chain. The IAS is ready to do the best it can to support the use of these technologies. The more the organisation does, the more it can build on the lessons learned.

Our IT experts are comfortable with learning from organisations that are more advanced and leading the way in certain domains. However, although the IAS is not so far behind other organisations, Carlo and Felipe stress that if we are going to learn about, and adapt to, new technological developments in innovative and digital auditing, we really do have to ‘be working outside our comfort zone’.

5.5. Keeping our ducks in a row with the IAS audit management system

As a modern professional audit service, it is essential that both management and staff have available to them an audit management system that allows them to effectively plan, manage, document, review and follow up work undertaken in the life cycle of every audit assignment.

Audit management software is used by audit organisations in both the public and the private sectors as an essential part of their internal control systems to both comply and demonstrate compliance with the comprehensive and detailed requirements placed on them by relevant professional standards.

The current system used by the IAS has about 150 IAS users and over 300 issue coordinators from audited entities. It documents over 600 audits and other engagements, and tracks more than 3 600 recommendations in no less than 91 entities.

Since 2017, the IAS has been using TeamMate AM, an ‘off-the-shelf ’ comprehensive audit management system. This system has five modules and, as the diagram shows, covers the entire life cycle of an audit engagement. It covers audit creation and planning, documentation, monitoring, reporting and follow-up on all audits and other engagements.

The development, maintenance and essential day-to-day advice to auditors on the use of audit software has been supplied by a unique group of IAS staff composed of a mix of IT specialists, experienced auditors with developed IT skills, and members of the quality assurance team.

Wojciech Korycki is the Information and Resource Manager of the IAS. Working with Sunil and colleagues in Unit 01, he is responsible for providing support and advice to users on the current TeamMate system.

Having worked as an IT professional and IT auditor in the pharmaceutical industry, Wojciech joined the European Commission in 2005. He worked for 11 years in the Directorate-General for Employment, Social Affairs and Inclusion, moving into its IT unit and working as the project and support desk manager for a number of key applications in the DG. Wojciech joined the IAS in 2016 and initially worked as an IT auditor. He was happy to be able to move back into the IT field when he became the Information and Resource Manager, and reflects that he can, based on his professional experience, bring both an IT specialist’s and an auditor’s perspective to the management and improvement of the system.

Wojciech had been involved in the system used by the IAS before TeamMate, the Paisley governance, risk and compliance (GRC) system, only as a user when working on the audit side. He outlines that the main reason for the software change was the performance issues with the GRC system following the migration from a local application to a web application.

The main person responsible for the migration from the GRC system to TeamMate was Adam Barta (⁵⁸). Rudi Dries, a very experienced business manager and auditor with significant IT expertise who had also been closely involved in the establishment and operation of the GRC system, helped evaluate the tools and develop the comprehensive and easy-to-use TeamMate guidelines for IAS staff.

Wojciech recognises the significant work carried out by both Adam and Rudi, without whom the current system might not be in place. In addition, he gives a lot of credit to Cristina Burja and Jose Benito Prieto, the key members of the TeamMate support team, who helped to establish and maintain the support service.

Jessica Kestermont was also significantly involved in the project, identifying the reporting needs of TeamMate, and in the preparation of comprehensive risk management guidelines for one of the new systems key modules, Team Risk. Following Rudi’s retirement, Stefan Bonne took over the delivery of the training on the system to new auditors and updates for those who needed them.

To provide different elements of support at key stages in the audit life cycle, the IAS is using all functionalities and modules of TeamMate AM. In this regard, the IAS can be seen as a ‘super user’ of the TeamMate AM package.

The diagram on the previous page shows the modules used by the IAS and the range of tasks covered by each module. Wojciech confirms that not all these modules were brought on board at once, and that they are a patchwork of web-based and local applications.

The main module used by auditors is TeamMate Electronic Working Paper (TeamEWP). This tool allows all auditors to document their audits comprehensively from the moment of their creation through to the review and approval of documentation.

One key requirement of the auditors, having followed a comprehensive training course and using detailed guidelines, is to upload regularly and systematically all documentation into the software tool. Wojciech confirms that the timing and completeness of these uploads can vary by audit. This can limit the traceability of documents to support findings and is perhaps the key area that he sees as one for improvement.

No system can be perfect, but Wojciech assures us that the performance of the system is assessed as satisfactory overall.

However, IT advancements and upgrades never stop and the supplier will stop supporting TeamMate AM at the end of 2023.

TeamMate AM, following the Paisley GRC system and the original audit management system, is the third audit management system adopted and used by the IAS. All systems have their advantages and disadvantages. Wojciech confirms that the IAS has already undertaken significant work to balance all the costs and benefits in any decision taken to replace the current system.

It is these costs and benefits that the IAS will have to identify and evaluate to ensure that the audit management system continues to support and facilitate the work of the IAS as it moves into its third decade.

The views of six inspirational women in the IAS

6.1. Introduction

Given the increasing number of women working in the Commission, we interviewed six inspirational women in the IAS.

Each of these women is unique and each has been successful in their own right.

We invited them to provide their views and opinions on initiatives being taken that could contribute towards their professional and career development, as well as their feeling of wellbeing in the service.

Their reactions and outlook on the future are bright, and their belief and pride in their contribution to the Commission today is nothing short of inspirational.

6.2. Cristiana Giacobbo

Cristiana Giacobbo has had an exceptional career in the Commission (⁵⁹).

Cristiana has always felt confident in her own abilities to meet the responsibilities of all the posts that she has applied for and has been appointed to.

The IAS’s only female member of the senior management team shares her views on quotas for female appointments to management posts, on the female management development programme, and on the extent to which the IAS is an environment where all auditors, regardless of gender, can have a rich and interesting career.

She feels that the increasing focus on the career of women is a positive achievement in a modern forward-looking organisation such as the Commission, but is at the same time a complex subject.

Cristiana regrets that initiatives that focus on the promotion of women can sometimes contribute to a perception that women progress in their career not because of their merit, but because of their gender.

Cristiana reflects also that a negative aspect of quotas is that promoted women might feel, unfairly, that they have to demonstrate that they ‘merited’ the post. Men might not feel this pressure.

Never having felt a sense of discrimination during her career, Cristiana admits she was lucky. She does not deny the fact that quotas might have affected positively her own career, but she also feels that she had the necessary background and experience to assume increasing responsibilities. The right person at the right moment, Cristiana believes that her appointment as a Director was a good thing for women in the IAS. She is very happy to say that the IAS offers an excellent working environment for women and opportunities for a rewarding career.

Always available to give advice and support to her female colleagues in the IAS and more in general in the Commission, she was one of the mentors in the 2019 female talent development programme (FTDP), and will certainly do the same for the 2020 edition. As a mentor to colleagues on the programme, Cristiana found it a very interesting experience and hopes her mentees did too. Gladly, they still stay in touch, even after the training.

However, Cristiana believes that such programmes should be open to both men and women. She sees that men also need the many excellent advantages that the structured management programme can bring and that, ‘we all need support as managers’.

Cristiana feels that there should be continuous support for all her colleagues, both male and female, in their careers. Any official should have access to all career possibilities if he or she merits moving up, and if that is what he, or she, wants.

The pyramid structure of the Commission simply does not enable all of the organisation’s talented staff to have an opportunity for vertical progression in their career. Moreover, Cristiana points out that not every woman (or man) wants to become a manager. The weight of responsibilities can be particularly challenging.

As a senior manager, Cristiana feels it is important to have an open dialogue with colleagues and explore with them options to enrich their professional journey within the Commission, not necessarily through managerial positions. She sees supporting all colleagues in their professional development and career progression as one of her responsibilities.

The role of a manager, Cristiana believes, is to detect talented colleagues and allow them to grow by giving them opportunities and challenging engagements, and supporting and advising them.

Cristiana confirms that colleagues often approach her for advice and counsel. 77 She confirms, ‘I always share my story if asked but always invite colleagues to carefully consider whether they want to become a manager’. Cristiana especially highlights the sacrifices that might be necessary in their work–life arrangements.

Referring to her own career, Cristiana is very direct. The volume of work required increases with changes in seniority and she admits that she has had to adapt her work–life balance.

The workload is sometimes huge with tight deadlines and often work can continue into the evening.

Concerning work-life balance, the expectations are diverse depending on the expectations of the manager, as some are more demanding than others.

Cristiana is forward-looking and optimistic on the establishment of a more balanced contribution of women in society. She reflects on the impact of the COVID-19 crisis on working lives. In particular, the significant opportunities offered by flexible home working to both women and their partners might provide an extra chance for women, if they wish, to consider further developing their careers in the IAS and in the Commission.

6.3. Celeste Calicante

Celeste studied at the University of Bologna, leaving with a Bachelor’s degree in international relations and diplomatic affairs and a Master’s degree in law and economics. During her studies, she also took part in five European Action Schemes for the Mobility of University Students (Erasmus) projects, which took her to Vienna, Budapest, Warsaw, Brussels and Lisbon. Following her studies, she started a six-month traineeship in the risk assurance team at PricewaterhouseCoopers (PwC) Italy and, after that, becoming a risk assurance associate. Celeste started her career in the Commission as a Blue Book trainee in the IAS in 2018. Since then, she has been awarded a place on the Commission’s human resources junior professionals programme (JPP) and has worked in the Directorates-General for Regional and Urban Policy and for Financial Stability, Financial Services and Capital Markets Union; she is now completing her final year in the IAS as an internal auditor in IAS.C1.

Celeste always knew that she wanted a career with a multinational dimension. Although she considers her experience in external control with PwC Italy to have been formative, she started looking for new opportunities abroad and finally accepted the offer of a traineeship at the Commission with the IAS. During her six months as a trainee, she was involved in delivering a large variety of communication responsibilities, including assisting in the management of the intranet, the organisation of the IAS annual conference in 2018 and compliance with the General Data Protection Regulation (GDPR). Meanwhile, she applied for a place on the JPP in June 2018 and, in September, she was accepted on the programme. The main purpose of the programme is to provide the possibility and opportunity for young professionals with varied backgrounds to have work experience in three different DGs over two years.

In the first six months, Celeste worked in the evaluation and European semester unit of DG Regional and Urban Policy. This was followed by six months in DG Financial Stability, Financial Services and Capital Markets Union, where she worked in the policy unit monitoring the financial systems of the EU/euro area, being involved in various research streams. As part of the JPP, Celeste worked on a cross-DG consultancy project sponsored by the Directorate-General for Communications Networks, Content and Technology, which aimed to identify good practices and opportunities to improve the way the Commission works with data for better evidence-based policymaking. The final report was presented in October 2019.

Celeste’s final year in the programme has been spent back in the IAS, where she has once again assisted with the organisation of the annual conferences, the AAR and the strategic plan, and with the production of this IAS History Book. She has also been given the opportunity of working in an audit team in Unit IAS.C1.

Overall, Celeste has really appreciated and valued being on the JPP and working with colleagues in the IAS. The experience has offered her the possibility of stepping outside her comfort zone and being able to integrate into different teams. She has realised the importance of communication, of the support and trust of colleagues, and of being able to speak up and express herself – above all it has been a wonderful opportunity to build a community of experts around her and have contact points in other DGs. She feels that the different working environments in the Commission are very challenging and would like to see people being steered more in their career, to allow them to feel more connected with the strategies and policies of the Commission. She is also interested in the different management styles she has experienced so far and recognises the importance of teamwork and the benefits of professional exchange between colleagues on a daily basis.

The programme will end in October 2020 and Celeste plans to sit an internal competition.

We all wish Celeste the best of luck!

6.4. Apostolia Skourti

After her studies in accounting and finance, Tolina started her career in PwC Greece, where she worked as an external auditor for the financial services industry for more than three years. She then moved to Assicurazioni Generali to work in its internal audit function for three years. Having succeeded in the 2016 European Personnel Selection Office competition, Tolina joined the IAS in 2018, where she became a member of the unit in charge of auditing the economic, fiscal and financial policy DGs, Eurostat and the European Anti-Fraud Office (OLAF). In her current role, she has been involved in audit work in the Directorate-General for Competition and the Joint Research Centre (JRC).

Tolina has always been ready to take up new challenges and training opportunities. She is a certified chartered accountant member of the Association of Chartered Certified Accountants. With the support of the IAS, she has recently obtained a diploma in the audit of public administration and policies, and is now pursuing a Master’s degree in the management of public organisations.

Both of these courses are offered by the University of Lorraine, France, in partnership with the European Court of Auditors. During this period, she has had the opportunity to meet colleagues from the European Court of Auditors, and other professionals on the course. Sharing useful insights with them, she recognises that different organisations face similar challenges, all of which offered good ground for fruitful exchanges with her peers.

In the IAS, she is a member of a lean audit working group(⁶⁰), the audit correspondent for DG Competition, and a coordinator of one of the IAS knowledge clusters (on economic, monetary, fiscal and financial policies, European strategic investments, statistics and OLAF).

Tolina enjoys the possibility of mobility within the IAS and welcomes the opportunity to contribute to audits across the DG. She finds this especially interesting from the point of view of her professional development, working on diverse audits between directorates, understanding how audit teams are structured, and learning from the experience of other auditors. In the short term, one of her main challenges will be contributing to the effective functioning of the knowledge clusters (⁶¹), making the most out of the information available (by processing and sharing what is relevant at the right time). These will both facilitate discussions with auditees and strengthen the value-added of the activities performed by the IAS.

Tolina’s curiosity and ability have clearly helped to increase her level of responsibility in the IAS. She believes that the support and openness of the hierarchy around her, and the importance of cooperating with her colleagues from other units and directorates, have been major factors in her achievements so far. Only being at the beginning of her career in the Commission, Tolina is looking forward to the variety of opportunities offered by our diverse institution. Through her varied experience so far, she has tried to see only the good elements in every person, professional challenge and working environment, and then focusing on the margins for improvement.

6.5. Elena Climent Vano

Elena is an experienced auditor. She worked for 10 years in PwC and, after becoming senior manager, she moved to Brussels where her career in the European institutions began in 2003. While working in the Central Financial Service of the Commission, she got to know many personalities who then contributed to the successful establishment and functioning of the IAS – Philippe Taverne, Francisco Merchan Cantos and Jeff Mason to name but a few. Elena joined the IAS to work in the unit responsible for audit in external aid. Since 2019, she has been head of the IAS unit responsible for auditing corporate and central services and the offices of the Commission.

In 2010, Elena was seconded from the IAS to the Fuel Cells and Hydrogen Joint Undertaking. There, she worked for five years as the controlling and audit manager, providing advice and assurance services to the Joint Undertaking’s executive director, and reporting to the Joint Undertaking’s governing board.

Working in the Joint Undertaking offered her great management opportunities in different areas, not only audit related. Her tasks involved carrying out a wide range of consulting engagements, working in a set-up rather different from a Commission DG, and further developing her managerial skills. Elena reflects that the management skills learnt there have been key to her successful career to date in the IAS.

Following the centralisation of the internal audit function in the Commission, the IAS was building its audit capacity. Elena was invited to return in 2015. She came back to work in the IAS unit responsible for audits in shared management DGs.

Elena’s reintegration into the IAS in 2015 was very smooth. She confirms that her time was filled with interesting and challenging work, and she is grateful to the IAS for the opportunities they offered to develop her career. She has further developed her skills by leading interesting audits such as the governance audit, and others on the management of European structural and investment funds.

Recognising the broad support she has received from IAS management during her career, Elena believes that, in particular, two Commission-wide initiatives have definitively triggered a change in her career in the Commission. The first one was the conference ‘Women in management – is it for you?’, which she attended in December 2017, and the second was the FTDP, which she attended in 2019.

Although the FTDP arrived perhaps a little late (only two months before a vacancy for Head of Unit became available in the IAS), it was very useful. A lot of support was available in terms of coaching, mentoring and dedicated training. Elena believes the FTDP is an effective way of passing on knowledge to women who are trying to reconcile their professional life with an often very busy personal life.

Elena confirms that the programme she joined for newly appointed heads of unit has been very interesting for her. It provided an opportunity to share views, concerns and experiences with other officials in similar circumstances to her own.

Throughout her career, both in the private sector and in the Commission, Elena has never felt that she was treated differently, either positively or negatively, because she was a woman. Overall, she believes that the Commission and the IAS, in particular, can be considered reasonably modern and fair organisations.

However, she believes that some steps are still needed.

Elena clarifies that being a modern organisation is about being diverse, integrating and offering fair and equal opportunities to everybody regardless of gender, age, disabilities and marital or parental status. As far as gender is concerned, it is not necessarily about establishing ‘quotas’ but about creating an adequate framework allowing women to apply for management positions under the same conditions as men.

She feels that there are still (too many) women in the Commission struggling to cope with their private and professional lives.

Elena believes that work-life balance cannot be just a ‘buzzword’; it needs to be implemented in practice. In this context, she believes that an effective human resources policy focused on flexible working arrangements and performance- based assessments is key.

These changes would, for Elena, help the organisation to both recognise merit and ensure that it is working with the best people.

6.6. Eleni Belesi

Eleni has worked in the Commission for 15 years. Her career began as an external auditor in the Directorate-General for Agriculture and Rural Development, after which she moved on to OLAF as an external investigator in anti-fraud. In 2010, she joined DG Competition as a member of its IAC team. She then moved to the DG Regional and Urban Policy IAC team and into external audit coordination. Eleni joined the IAS as an internal auditor in 2015.

Eleni believes that a crucial element in building well-performing organisations is the development and professional growth of their staff. It is when competence meets ethics that staff find the motivation to work effectively and contribute in their best way possible to the achievement of their organisation’s objectives, driving it to excellence.

In the IAS, she enjoys the freedom and responsibility to achieve and contribute to the Commission’s work. This is, she feels, thanks to the trust shown and encouragement given by IAS management. She finds that the IAS provides the space and opportunities for staff to develop their skills and abilities. Her selection for, and participation in, the Commission’s FTDP in 2019 was one of these opportunities.

The FTDP is a year-long training programme inspired by the Juncker Commission’s decision to increase the percentage of women in management posts to at least 40%. It provides the participants with a tool to learn, network, further develop their management skills and grow professionally. It is a joint effort by colleagues with a common interest in promoting the talents of staff members who, through their diversity, can contribute to a modern and high-performing Commission.

Offering a wide range of activities and involving the commitment and enthusiasm of many colleagues, the 2019 FDTP provided Eleni with the opportunity to promote her strengths and identify scope for improvement. Self-assessment tools, as well as coaching and mentoring, were also part of the programme.

Eleni was also fortunate to have a motivated and dedicated senior manager as a mentor, who was ready to listen and provide advice and inspiration. Furthermore, via specialised ‘leadership labs’, she increased her ability to self-manage and, further down the line, to manage teams. Most importantly, Eleni confirms that the programme brought participants together and offered a platform for sharing ideas and experiences and learning from each other, which she found an especially rewarding experience.

Eleni believes that sharing knowledge and networking with colleagues both within and outside the IAS is key for providing high-quality services. Building platforms for exchanging ideas such as TED talks can be a flexible and valued way of passing on experience and demonstrating how to apply it in the workplace. Seizing opportunities to share her knowledge and provide advice, especially to newcomers, empowering them from the start, is something to which she is particularly devoted.

Embracing talent, providing equal opportunities and sharing the same values is what Eleni feels is the cornerstone of success for a high-performing and inspiring workplace. She feels that serving the EU citizens as a Commission official and an IAS staff member is a highly rewarding experience.

6.7. Doriane Givord-Strassel

Doriane joined the European Commission as a trainee in 1994. Having successfully passed a competition, she was recruited to DG Agriculture and Rural Development to work in international trade. Moving to Paris in 2001 as part of an exchange programme for civil servants, she was in charge of the control and clearance on all accounts for France vis-à-vis the Commission, and the European Court of Auditors. After a short career break in Berlin in 2004, she returned to DG Agriculture and Rural Development to work on trade matters, including the organisation of the World Trade Summit in Hong Kong. Later in her career, Doriane worked as Assistant to the Director-General of the Directorate-General for Research and Innovation, and the Director-General of DG Agriculture and Rural Development, where she also became Head of Unit in charge of standards of professional practice, internal control and relations with the European Court of Auditors. Since February 2015, Doriane has been the Head of Unit in the IAS unit responsible for auditing agriculture, health and safety, climate and environment DGs.

Doriane has always been very self-motivated as far as her own career and other work-related aspects are concerned. Her present director has accepted her suggestions on ways of working which are not necessarily traditional in the IAS in terms of lifestyle and work-life balance.

Doriane has embraced the opportunity to work in a participatory management style. She has largely been given freedom of choice in the recruitment of her team. She has ensured that those selected for her unit have had a diverse career experience, including some with veterinary, pedagogical, IT and diplomatic backgrounds, as well as pure auditors.

Having undertaken leadership training at the Harvard Kennedy School as part of the Commission’s external management training scheme, Doriane continues to remain in contact and network frequently with many of her colleagues in senior management, both internal and external to the Commission. As part of this network, Doriane has kept herself aware of significant developments outside the IAS. She looks forward to new opportunities in the IAS that might lead to the continued increase of knowledge and professional exchange in the service.

Doriane encourages giving opportunities to young, prospective female managers, to develop their talents further so that they are ready and well prepared to take the lead in the future. She is always pleased to sponsor potential managers to follow any training such as the FTDP, which offers the possibility of gaining valuable experience in mentoring, coaching and guidance.

She encourages working and developing knowledge and experience outside the workplace. In her view, for upcoming managers, having a mentor who is committed to helping you get the most out of your management skills, is a must.

For those starting off as heads of unit, she would recommend training with five or six other colleagues in the same position together with a coach for two or three days to discuss performance and give advice. Then, she suggests meeting up again three or four months later to exchange views, seek solutions to any issues and report on the progress made.

Doriane has some key tips for young managers. She emphasises the importance of thinking outside the box, making the most out of networking opportunities and feedback, learning from colleagues’ backgrounds, and investing in new resources and knowledge sharing.

Another recommendation shared by Doriane is to work with the most recent recruits and offer opportunities for them to discuss new ideas and challenges right from the start.

Doriane also thinks that it is important to present new staff members to other audit units. Using the experience of colleagues, Doriane explains, should help ensure a more successful integration of staff members into their new roles.

Modernising the IAS

7.1. The Staff Engagement Committee: good communication and staff involvement at the heart of the service

The IAS Staff Engagement Committee (SEC) was created in May 2018 as an effective forum for discussion and interaction between all levels and grades of IAS staff. With Rein van der Zee as its Chair, the Committee is composed of representatives from all units.

One immediate impact of the SEC is the clear interest and willingness of colleagues to become involved. IAS staff regularly propose and discuss new ideas and varied actions in the meetings of different SEC subgroups.

With the full support of Manfred Kraff, the SEC developed a rolling action plan aimed at increasing staff satisfaction. This action plan has so far included numerous activities across several key areas:

• career management: a job-shadowing programme and an international exchange programme, piloted and rolled out with the support of the human resources business correspondent team;
• professional development: AudiTED talks (⁶²), offering an effective form of training and an opportunity to increase the appreciation of the work of our auditors, while also creating an environment that encourages open discussions on audit issues, initiatives on methodological matters and exchange of experience among trusted colleagues;
• health and Fit@work initiatives:
• the VéloMai cycling campaign (⁶³),
• the IAS running team (⁶⁴),
• the IAS table tennis team,
• regular visits of the Commission ergonomics experts,
• two IAS in-house yoga teachers for classes within the Commission premises;

IAS green initiatives are another reason to be proud of being part of the IAS. Protecting the environment can go handin- hand both in our working and personal lives. From 2020 the newly created IAS green ambassadors team will work on the implementation of a plan on IAS green initiatives and exchanging best practice!

• corporate communication: updates to the ‘IAS in a nutshell’ leaflet and banners advertising the work of the service for both IAS and corporate events;
• internal communication: weekly IAS newsletter and a longer and more detailed biannual version;
• IAS Green Group: in support of the Eco-Management and Audit Scheme (EMAS) and the new environmental initiatives of the Commission;
• team building: some of the most recent IAS away days have been organised around voluntary initiatives chosen by the staff themselves with huge satisfaction and success.

With a constant review of its progress, IAS management approved these new initiatives and activities, and IAS staff quickly implemented them with significant positive results.

Two of the most recent and promising activities of the SEC are the job shadowing and international exchange programmes. The IAS has established links with a group of international bodies that expressed interest in being open to international exchanges. The five-day exchange programme takes place at the premises of an international partner organisation within Europe and, if successful, will lead to offers for further exchange opportunities.

These exchange activities have the biggest impact on enhancing the capacity of auditors and have proved to be a very popular initiative. Migle Halauko, of the APC Secretariat, was the first IAS colleague to participate in one of these exchanges. All members of the IAS were able to listen to a presentation of her trip during the lockdown via Skype. Her account summarised her experience and lessons learnt on her exchange with the United Nations Industrial Development Organization in Vienna. Cut short in 2020 by COVID-19, this sought-after programme will be continued as soon as the working arrangements allow it.

The job-shadowing programme also started in 2019. Three colleagues from other DGs joined the IAS for a couple of days to learn more about our approach, and two IAS colleagues moved for a few days to other DGs to learn about their structure and activities. The evaluation of the programme has already taken place and a formal job-shadowing strategy has been developed and rolled out.

The rich variety of actions developed by the SEC, and especially the effort of its members working on their implementation, have greatly increased the participation of other IAS staff members in the new activities. This is highly appreciated by Manfred, who has seen that the actions taken have already led to happier and friendlier IAS staff. The positive impact on staff as a whole can also be noted in the results of the 2018 staff survey, which clearly demonstrate the added value that the SEC initiatives have brought to the organisation.

After a three-year assignment in the Directorate-General for Human Resources and Security, Anna Litwinska rejoined the IAS human resources business correspondent team and recognised the change for the better. In her opinion, the SEC is a large part of this improvement. She is happy to explain to other DGs how the creation of the SEC and staff’s positive engagement might contribute to more satisfactory staff survey results, above the Commission average.

7.2. Debating new challenges and ideas with the profession – the IAS annual conferences

The IAS annual audit conference is an event that has built a strong reputation in the global audit and GRC community (⁶⁵). As an event, it has contributed greatly to the reputation and standing of the IAS as a benchmark for the profession of internal auditing.

Taking place annually in Brussels with at least 500 delegates in attendance, the events are also web-streamed live to groups of key stakeholders meeting remotely and to many individuals whose applications to attend in person could not be met due to overbooking.

Participants come from various countries. Although they come mainly from Belgium and from most other EU and neighbouring countries, they also visit from the Middle East (Oman, Palestine, Saudi-Arabia, etc.), Asia (Japan, 91 Kazakhstan, Hong Kong, etc.), Africa (Côte d’Ivoire, Gambia, South Africa, etc.), and the United States and Canada.

The IAS has held an annual conference for many years. From the first conferences held by Jules Muis, the first Director-General of the IAS, to the latest events hosted by Manfred Kraff, the importance of these conferences for the IAS, and for those attending, has never been in question.

Guest speakers are always considered VIPs. They are selected by the conference team based on reputation and their recognised contribution in their fields of expertise in internal audit. Our guest speakers come from all sectors and industries in which the challenges facing internal auditors are shared, with each speaker having a unique and often valuable insight to share. VIP speakers have included senior members of the Commission, the European Court of Auditors and the European Parliament.

As guest participants we welcome senior practitioners from both the public and the private sectors. Senior officials and board members of the IIA and other professional accountancy bodies also regularly attend. In recent years, we have been pleased to welcome Richard Chambers, the Chief Executive Officer and President of the IIA, along with a number of the Chairs of the Global Board of the IIA.

The conference team always ensure that the delegates are provided with one keynote speaker who is often a well-renowned and recognised motivational public speaker. In recent years, delegates have enjoyed the presentations and perspectives of historians and futurists. The unique styles and effective communication of our keynote speakers have an impact in areas that influence the management of change and innovation and adapting to the broader challenges of new technologies. These are truly standout events within an already high-level agenda.

Each year the conference focuses on a different theme relevant to the audit world. The theme of the 2017 conference was ‘Innovation and creativity in internal audit: myth or reality?’, and this included looking into the roots of the accounting and auditing profession from the Italian Renaissance right up to the present day. It also provided much coverage on technological advances in audit techniques and examined softer audit topics such as culture.

The 2018 conference, ‘Internal audit: embracing the challenges of the future’, examined the current environment in which we operate and looked to the future, trying to identify the direction that internal audit needs to take in order to remain relevant.

The 2019 conference, ‘From hindsight to insight and beyond: how internal audit may contribute to foresight’ provided – in the context of the hindsight, insight and foresight theme – a full and rich programme. Delegates heard presentations on the most current issues being addressed by the profession, as it seeks to adapt its professional standards and operational relations with management to both changing technologies and the expectations of managers and stakeholders.

In the year of our 20th anniversary, the IAS conference has had to be postponed due to the coronavirus pandemic.

The conference focussing on the theme:'Moving into the next decade: seasoned reflections on internal control and audit', will take place in 2021. The aim of the conference will be to assess the world in the post-COVID-19 era from a political, economic and historical perspective, and to determine how the EU can move forward towards recovery and long-term growth.

Looking to also cover the role of the Commission, its control systems and the auditors in the ‘new normal’, this conference will once again tackle the most urgent issues facing the profession.

The conference satisfaction surveys confirm that delegates are very impressed by these conferences, and general feedback from attendees reflects this too. The investment and value of the conferences is also recognised by the IAS. In particular, Manfred Kraff has confirmed that he sees these conferences as an opportunity to use the best practice initiatives and ideas presented to shape some of his own ideas to modernise the IAS and improve the quality of its work.

Following the most recent conferences, several projects that are designed to develop key skills and competencies in the IAS have been launched. These include projects on lean auditing (⁶⁶), on using ‘knowledge clusters’ to improve the effectiveness of risk analysis and planning (⁶⁷) and, perhaps most importantly, on the development and implementation of an innovation and digital auditing strategy (⁶⁸).

7.3. Our relationship with the internal audit world

Over the years, the IAS has developed a strong relationship with partners in the internal audit profession. Not only has this allowed the service to share and benefit from a wide range of professional best practice advice and ideas in key areas, but it has also allowed our internal auditors to benefit from networking with their peers across the internal audit profession in both the public and private sectors all over the world.

In the last decade, representatives of the IAS have participated in many international seminars and conferences. As well as in Brussels and within the European Union, staff have participated in global conferences and events in California, Dubai, New York and Sydney, to name but a few.

Often, the IAS is invited to participate in and provide key speakers for these events. The increasing number and importance of these events reflects the growing recognition and awareness of the IAS’s status as a benchmark for internal auditing in the public sector.

In accepting these invitations, the IAS has ensured that the opportunity to attend conferences has been extended to include a number of selected auditors who have been asked to represent the service and to provide their colleagues with feedback on the key issues and ideas discussed.

Whether they are speaking about ‘Strengthening the oversight in risk management’ (Manfred Kraff in Dubai), or ‘Auditing with insight and foresight’ (Cristiana Giacobbo at an event of the United Nations Representatives of Internal Audit Services (⁶⁹)), audiences always welcome the knowledge and expertise delivered by experts from the IAS.

The IAS’s invitations to attend such events have largely reflected the significant impact and success of the IAS’s own international conferences. Based on the critical success of the IAS conference in 2018, particularly the interest stimulated in the practical initiatives on how the IAS might evolve over the next decade, Manfred was invited by the President and Chief Executive Officer of the IIA to address the IIA Global Conference in Anaheim in July 2019.

This was a unique opportunity at the largest and most prominent conference on internal audit, not only to showcase the contribution of the IAS to the debate on the future of internal auditing, but also for Manfred to network with internal audit professionals and academics at the top of the profession.

All auditors in the IAS are members of the Institute of Internal Auditors (IIA). As an organisation with a large number of members, it is important that we maintain excellent relationships with the Institute at all levels. Prominent persons in the profession such as Richard F. Chambers (President and CEO of the IIA), Jenitha John (Chairman of the Global Board of Directors of the IIA), and Paul Sobel (Chairman of the Committee of Sponsoring Organizations of the Treadway Commission) regularly present at IAS events, such as our annual conference.

The IAS is a member of IIA Global via its Belgian chapter, with which we have a regular and close working relationship. We also liaise with other Commission services, EU agencies and other institutions through their membership with the IIA.

For example, in 2019, the IAS hosted a joint roundtable of senior internal auditors with IIA Belgium. The focus of this meeting was applying and interpreting professional internal auditing standards and, in particular, assessing their relevance in today’s world in respect of future audit and advisory work.

Furthermore, each year we participate in a range of activities facilitated by the IIA. These are organised both to support and develop the profession of internal audit and to provide continuing professional development for IIA members.

The European Confederation of Institutes of Internal Auditing (ECIIA) conference is hosted in a different country each year. In 2019, the IAS took advantage of the proximity to allow a large number of its staff to attend the event in Luxembourg. In 2021, the ECIIA conference will be held in Brussels. It is hoped that, again, this excellent event will be supported and attended by IAS staff.

Examples of initiatives that the IAS and its staff have participated in, and benefits they enjoy, include:

• an annual survey on risk in focus entitled ‘Hot topics for internal auditors’,
• attending annual general meetings and conferences,
• having privileged access to the Institute’s member website,
• close involvement with the ECIIA Public Sector Committee,
• attending the annual ECIIA conference.

The IAS joined the Heads of Internal Audit in International Organisations in Europe (HOIA) in 2006. Each year, a different member of the group hosts the meeting; for example, the World Intellectual Property Organization hosted in Geneva in 2014. Three organisations, the Food and Agriculture Organization, the International Fund for Agricultural Development and the World Food Programme, jointly hosted in Rome in 2019.

In 2018, the annual meeting of HOIA was hosted by the IAS, with 35 organisations in attendance, to discuss best practices in governance, audit, control and risk management. This event once again allowed the presentation and exchange of best practice with some of the key managers in the internal audit profession.

In the challenging years ahead, the IAS will continue to discuss and exchange ideas with audit professionals around the world to help address the complex and technical challenges that will increasingly affect the internal audit profession.

7.4. IAS away days: it's what you make it!

The IAS away days may still be formal occasions, but they are valuable and welcome opportunities for colleagues to meet and get to know each other at an event outside the workplace.

The audit profession is specific in nature, often centred on the organisation and technical analysis of information gathered from auditees, culminating in well-structured, value-added, quality-driven reports within tight deadlines. Although, increasingly there are opportunities to work on audits in other units of the DG, IAS auditors normally work on audits for a limited range of clients in small teams from within their units.

Auditors do welcome these opportunities as they broaden their experiences and competencies, allow them to exchange best practice, and develop their network of colleagues within the DG. However, it has been recognised that there are particular occasions when staff across the whole service should be encouraged to meet and mingle with all of their colleagues.

The away days are aimed at successfully building cohesion between the different members of our audit teams including support staff. Themes include elements such as communication, enhancing the work environment, and improving team building, and working methodologies.

In previous years, the away days have had different themes and formats. These have all allowed colleagues, in a relaxed and enjoyable setting, to exchange ideas on a wide range of initiatives that are always carefully prepared to ensure 97 that they have a positive impact on the working life of staff.

We can perhaps look at a few examples in the last decade.

Inspired by the Commission’s campaign on clear writing, the IAS dedicated its 2010 away day to communication. To explore auditors’ creativity (yes, this is an important skill for an auditor too!), the participants were asked to paint frescoes on various communication themes such as clarity, brevity, accuracy, assumption, language and jargon. Our works of art are still displayed in our offices in Tour Madou, Brussels.

At another away day, a staff seminar held at the Management Centre Europe in Brussels was dedicated to enhancing our workplaces through fostering a feeling of unity and working together in a complementary way. On this occasion, we were honoured to be joined by our Commissioner, the then First Vice-President Frans Timmermans, who also made a presentation to staff on the day.

In 2016, another great event at the Commission’s sports and social centre in Overijse, facilitated a rich discussion following the centralisation and reorganisation of the IAS in 2015(⁷⁰). The event recognised the need to foster a common vision and unity across the IAS, develop measures to integrate new staff members and improve the ways in which we work together.

Some studies suggest that volunteering lifts the spirits and improves wellbeing. Therefore the IAS away days in 2018 and 2019 included volunteering opportunities. Staff, given a choice on the type of activity for their away day, chose not to have a standard workshop-based activity, but to embrace activities dedicated to voluntary work and supporting charitable causes.

Offering the chance to give a little back to society, it also gave staff the opportunity to learn new skills, enhance team building, share knowledge and enjoy the good feeling of connection with the community and stepping out of their daily routine.

Moreover, once again, we had the chance to discover that IAS staff are full of hidden talents. The ‘No audit no cry’ IAS band rocked the celebration at the end of each away day with a great selection of timeless tunes. In 2019, the festivities were coupled with a wonderful fashion show inspired by the IAS fashion designers.

None of these occasions would have been possible without the dedicated interest and involvement of IAS staff, ranging from the core group (now a part of the IAS SEC) – who start working on the project sometimes months in advance – to the coordinators, rapporteurs and all participating colleagues who make these projects such a success.

7.5. The IAS Newsletter

Auditors are famously stereotyped as being perhaps a little distant, or even boring!

Knowing that some of our colleagues are tremendously talented, the SEC had the idea to supplement and repackage the current weekly IAS Newsletter into an entertaining and effective communication tool that was also to be published biannually.

Tea Kelviser and Mercedes Valarino Alvarez have been the key energisers and coordinators of this excellent project. They have supported and encouraged the contributors to ensure that the publication stays interesting and motivational for colleagues.

The idea was that the new version could have many positive benefits such as:

• informing and entertaining colleagues;
• helping to ‘break silos’ by connecting staff at all levels and in all units of the service;
• offering the opportunity for staff to exchange information and work more closely together;
• being based solely on staff contributions, and as such having a real bottom- up approach.

The IAS biannual Newsletter is published in June/July and December.

Our colleagues, their stories and their creativity are the glue that keeps it all together – without the staff’s contribution, the newsletter would definitely not have had the success it has.

The Committee wanted the newsletter to have a few key deliverables:

• to inform staff about the most recent developments in the audit profession, reflecting recent and ongoing work initiatives in the IAS and the Commission;
• to give staff the opportunity to reveal their interesting life stories and experiences;
• to allow staff to connect and relate on a more personal level, and not only on a professional basis.

In its first editions, the newsletter has covered many diverse topics including:

• the latest Commission news on professional development, including news from IIA Global, conferences attended by IAS staff, Auditors’ Forums and AudiTED talks;
• the latest news on audit methodologies being researched by dedicated staff volunteers such as in the lean auditing working groups;
• tips and advice on career management, for example: female leadership, the JPP, and assistance with internal certification;
• views and details on fitness with all its challenges and initiatives such as VéloMai and the IAS running team;
• professional advice on teleworking and encouraging news on the European Green Deal initiatives transmitted by EMAS (including our own Green Ambassadors);
• inspirational stories and hobbies of staff;
• a section dedicated to the social events organised by staff, as well as reporting on parties or receptions organised by nationality groups;
• the unforgettable IAS Christmas parties – including performances from the IAS choir and the IAS band.

Giving staff a good degree of editorial freedom has ensured that we have plenty of volunteers coming with ideas and proposals for articles. The editing team accept all offers and then tries to organise the edition so that it all fits together. Management has joined in by contributing their own articles on their hobbies, as well as on their reading and music choices.

On a lighter note, and always keen to help meet the new Commission political priorities, a special and sometimes very creative effort is made to ensure that some of our articles demonstrate our good intentions:

• in terms of ‘going green’ and ‘going digital’, the Newsletter has been and will continue to be published only as a PDF and distributed to IAS colleagues via email;
• the ‘social corner’ articles on events organised by different nationality groups in the IAS demonstrate that we are ‘promoting our European way of life’ and show that we are ‘united in diversity’;
• since our Commissioner, Didier Reynders, is also responsible for justice, there is no better counterpart than a member of his Cabinet to discuss and present Commission initiatives for ‘a new push for European democracy’;
• the contributions already planned from our colleagues on their travels across the globe will show how there should be ‘a stronger Europe in the world’;
• from an auditor’s perspective, there is no better way to convince citizens that the EU has ‘an economy that works for people’ than to provide them with assurance on the legality, regularity and performance of the EU budgetary expenditure, which is exactly what the IAS does.

At the time of writing, eight months into the COVID-19 pandemic, all IAS staff are largely working from home. It has been a difficult period for staff, as it has been hard to maintain morale and a genuine sense of still being part of a modern, professional IAS.

However, the newsletter team, and the many creative and ingenious staff of the IAS have all played a key role in ensuring that the high levels of work during the COVID-19 crisis have been completed to a high professional standard – and of course ensuring that we have all felt part of one team.

Boosting our know-how

8.1. Auditors’ Forum and AudiTED talks

The level of professionalism in the IAS strengthens the credibility and trust in our auditors among clients and stakeholders, and increases their leverage in obtaining acknowledgement and acceptance of the IAS’s recommendations.

The IAS actively keeps its auditors and other staff abreast of recent developments in the internal audit profession as well as in the Commission. This includes the promotion of the regular AudiTED talk sessions by IAS staff for their colleagues throughout the year.

Inspired by the TED slogan ‘ideas worth spreading’, at the end of 2018 the IAS launched its very own IAS AudiTED talk series, with the purpose of sharing knowledge, ideas and experiences from, and about, different audit topics.

As part of the series of initiatives by the IAS SEC (⁷¹), the AudiTED talks are an important part of today’s evolution of learning in the IAS. The AudiTED talks provide an effective form of training and allow for increased appreciation of the work of our auditors.

At the same time, they also offer a cordial environment, which encourages open discussions on audit issues, initiatives on methodological matters and the exchange of experiences among trusted colleagues.

Since their creation, there have been many notable AudiTED talks organised, covering themes such as data mining and analytics, block chain, conflict of interest and ethics, and the European Green Deal.

It is hoped that the AudiTED talks will continue to offer auditors the possibility of sharing, in an open and constructive manner, the lessons learnt from and positive experiences of their work.

The IAS Auditors’ Forums, which are programmed regularly throughout the year, are also very highly regarded both within the IAS and in the wider internal audit community. They complement the IAS internal audit training programme by providing an overview of current topics of relevance for the Commission and EU agencies, and for the profession of internal auditing in general.

Offering an opportunity for high-level discussion, the forums usually cover the latest political developments in relation to finance, budget and spending, governance and internal control, and the effects of Brexit and other changes on the horizon that are also likely to affect the internal audit profession.

Since their launch, the forums have continued to develop as an essential network- 103 ing element of the service, enjoying success and calls for more frequent events.

To date, the forums’ programmes have included the new European Commission governance package and internal control framework, OLAF on fraud and ethics, the future multiannual financial framework, the IIA's international professional practices framework, the new Commission priorities, and the future strategic planning and programming cycle, to name but a few.

By inviting both internal and external experts to present on specifically selected themes, this kind of networking event provides multiple benefits, including a more joined-up approach in the development of methodologies and best practices, enhancing efficiency and effectiveness, developing strategy, and preparing for change.

The creativity and inspiration of both the Auditors’ Forum and AudiTED talks allow the IAS auditors to grow and develop both their professionalism and their awareness of, and effective response to, relevant world events.

Together, and with other initiatives being developed by the SEC, they will help maintain an already high level of professional knowledge and expertise in the profession of internal audit.

More importantly perhaps, the exchange of knowledge and expertise that these events encourage will be an essential element for staff, as they increasingly plan and conduct their work in a more complex and connected world of Commission policy management and implementation.

8.2. Internal audit training programme

The internal auditors’ vocational learning path

A decade ago, the IAS recognised that while it was recruiting excellent staff with high-level academic backgrounds not all of them were specifically trained as internal auditors. Furthermore, many of them were leaving the service after a relatively short time. At the beginning of our second decade, more than one-third of staff also had less than one year of experience in the organisation.

Following the development of a strategy by the IAS Training Task Force (headed by Bernard Magenhann, the then Assistant to the Director-General, and with the involvement of the current IAS Director, Cristiana Giacobbo), a tailor-made IAS internal audit training programme was launched in 2008. Patrick de Boom was assigned the task to implement and manage the internal audit course programme, with responsibility for the entire course organisation process.

The objective of the programme was to invest in people and to reduce the level of staff turnover while providing IAS auditors with various technical and management skills, as well as other competencies.

The newly created Internal Audit Training Steering Committee, chaired by the Director-General, oversaw the delivery of the programme. The courses covered not only the IIA’s International Standards for the Professional Practices of Internal Auditing, but also the Commission’s internal audit practices.

Over the last 10 years, the IAS’s internal audit training programme has continued to prove its worth in addressing the challenges in recruiting, training and retaining key qualified staff.

The IAS is regularly meeting its objective, namely to guarantee the continuous professional development of our internal auditors, in order to meet the professional standards as set out by the IIA. The training programme contributes to an increase in the capacity and level of professionalism of internal auditors both in the IAS and from other services and institutions.

Further and of particular note, the IAS has in recent year years met and surpassed a key performance indicator that it has established for itself of having 70% of audit staff fully professionally certified.

Careers of the modern internal auditor

9.1. Bernard Magenhann

Bernard Magenhann is a chartered accountant and registered auditor. He started his career as an external auditor working successively for Mazars and PwC. He joined the European Commission in Brussels in 2002, where he worked in the IAS, firstly as Assistant to the Director-General and then as Head of Unit of the unit responsible for the internal audit of the regulatory agencies, from 2002 to 2011. From 2011 to 2013, he was in charge of business process re-engineering in DG Human Resources and Security, before being appointed Resource Director in DG Informatics. He returned to DG Human Resources and Security in 2016 as Deputy Director-General, in charge of organisational development, talent management, and budget and finance. Most recently, on 16 May 2020, he was nominated as Deputy Director-General of the JRC. In the JRC, he is in charge of energy, transport and climate, nuclear safety and security, and support services.

Bernard joined the IAS two years after it was created in 2002 and he recalls it as being a particularly interesting and challenging period. Walter Deffaa (the incoming Director-General) had consulted with Jules Muis (the outgoing Director-General) before choosing Bernard as his assistant. Walter had limited expertise in the domain of internal audit and control (⁷²) and he wanted to have a professional auditor, both internal and external, working closely alongside him. For Bernard, working as an audit team leader with the audit supervisor Arturo Caballero, it came as a complete surprise after less than a year in the IAS. Ready for the new challenge, he accepted and worked as Walter’s assistant for three years.

Bernard confirms that from the beginning he had an excellent working relationship with his Director-General. They had a very professional relationship based on trust and confidence. One of Bernard’s main tasks was to advise Walter on how they might better place the IAS at the very centre of the Commission, and on working with the DGs to re-establish and develop the IAS’s relationship with the APC. There was a particular focus on people, how to address the in-depth audits at the time, and the ability to scope the audits in an improved way. In all these areas, he worked very closely with Francisco Merchan Cantos. As Francisco would say, that particular period could have seemed like ‘mission impossible’, but it was an immensely interesting period for the IAS.

In 2007, he applied for a head of unit vacancy in the IAS and was successful.It was the perfect appointment, as Walter appreciated that he had someone he could depend on in the post as Head of Unit for Regulatory Agencies. To build his unit, Bernard recruited an exceptionally good team of 12 staff. As a partner in PwC, Bernard had already gained experience in building and managing teams. He also realised, as an internal auditor working with so many diverse clients, that an entry point at the highest level was required to establish a successful audit relationship with them. Therefore, he focused on forming a relationship of trust with his stakeholders from the very beginning, and was aware of the importance of transparency in all the IAS’s dealings with the different agencies. He confirms that the benefit of this approach was clearly demonstrated when discussing findings and establishing good, value- added recommendations with the auditees.

When Walter moved to his next assignment as Director-General of the Directorate-General for Taxation and Customs Union, Bernard also decided to move to another post. He could have worked with Francisco, who offered him a placement in one of his units, but Bernard eventually decided to take up a new challenge in DG Human Resources and Security.

Bernard’s first responsibilities in DG Human Resources and Security were as Head of the IAC Unit and in the establishment and development of the new business process-engineering model in the DG. This remains an area of interest to him. It involves working on the management processes for recruitment, learning and career development, among others. It was extremely interesting, leading to more organised, simplified procedures and workflow. In particular, he enjoyed ‘just having to listen and come up with the solution’. Here, Bernard felt respected as a colleague with ‘a safe pair of hands’.

After two and a half years, Bernard successfully applied for a vacant post for Resource Director at DG Informatics. There, in his new position, he realised that he would need to be more focused on establishing DG Informatics in a clear business partnership with its main stakeholders. Bernard, once again, demonstrated how being open and fair with partners ultimately brings advantages.

He explains how he set up a recharging system with DG Budget based on budget planning with clear objectives, noting this as one example of how he worked to bring order into his new universe. He introduced a new planning cycle, linking people with money and establishing a proper partnership for DG Informatics with its main stakeholders.

In 2013, Bernard applied for the post of Deputy Director-General of DG Human Resources and Security and got the job. He felt that explaining his background and motivation in a transparent manner in his interviews with senior managers and the responsible Vice-President of the Commission led to his success. Bernard, arriving at the moment of the centralisation of human resources management, was active in the new Recruitment, Mobility and Performance Directorate, which was absorbing the new staff. Once again, he was able to apply his business process engineering with positive results. He worked for three and a half years managing the transformation.

Bernard was Acting Director-General when Irene Souka retired. He expressed an interest in joining the JRC and eventually the Commission decided to trust him in this new challenge.

He transferred to the JRC as Deputy Director-General, with a new portfolio, in May this year. He is extremely content that he is now bringing clear policy options to a predominantly scientific domain.

From his experience, Bernard feels that, based on hard work in developing your personal and professional competencies, there is a need and clear recognition for harmonisation, trust, transparency and good communication in the Commission.

As he says: ‘It’s the people, not the power!’

9.2 Arturo Caballero Bassedas

From the beginning, Arturo’s studies and career were affected by new technologies, particularly those linked to increases in productivity and performance. Having obtained a Master’s degree in economics and a diploma in IT in organisations, he started work in a small private advisory office specialising in accounting, tax and IT. Arturo then moved on to become responsible for the economy and the investment plan of the Government of Catalonia, working in the Cabinet of the regional government. He became a member of the Electronic Data Processing Auditors Association and was the founder of the chapter for ISACA (Information Systems Audit and Control Association) in Spain.

Arturo joined the Commission in 1988, in the team working with the Assistant to the Director-General for Financial Control. In 1995 he became Head of the Financial Control Unit. Here, he took part in two cross-cutting and pioneering modernisation initiatives under Commissioner Erkki Liikanen. The first of these, SEM 2000, involved working, together with the Secretariat-General and the Directorate-General for Human Resources, to support sound and efficient financial management in the Commission. The second initiative (MAP 2000) contributed to the modernisation of the public administration and the Staff Regulations.

Then came the creation of the IAS. Arturo recalls his participation in the setting up of the IAS as part of the Task Force White Book, analysing a variety of possible scenarios. Working with Claude Chene and Matthias Will, he recalls personally drafting the Commission Decision of 1 April 2001 which established the IAS.

In September 2002, Arturo accepted the post of audit supervisor in the IAS.

‘We were all new to the IAS. There was a very big excitement in setting up a new service but expectations were very high – there was an upside and downside; the creation of a prestigious service was very challenging, to assist both in cleaning up the house and installing a modern system. Expectations from our staff were also very high and this entailed a lot of brainstorming. There was also a more complex and very good mixture of new and young people, new blood! People already known for their innovation that fitted in well with the objective of the new service.’

At the time, he reflects, there was a mixture of feelings and reactions in the Commission to the new IAS. Under the Commission reform of 2000, the creation of the new architecture of governance in the Commission was complex, but it needed to be immediately operational. One of the mandatory tasks for the IAS in this period was to complete a thorough review of the operation of the internal control systems in all Commission services under Action 87 of the White Book implementing the reform. Auditing the top management of the Commission was no easy task. Arturo recalls a period of corporate tension for the IAS in its early pioneering days.

Arturo, with his team of 15 auditors, was responsible for all the central services of the Commission – a very large portfolio. Over the period, he delivered three major audits: the audit on the accounting framework of the institution, the treasury management audit in DG Budget and the IT governance audit (which led to the creation of DG Informatics).

In 2005, after four challenging years, Arturo, based on his interest in IT, was appointed to the post of Director of Resources in DG Informatics. In this DG, Arturo saw an opportunity to apply his practical audit-based skills in a new environment. In a DG with a strong corporate role and a special mix of professionals that provided assurance in its field to the whole Commission, he felt at home. He spent eight years working there. Among his greatest achievements was the establishment of new, challenging relationships between DG Informatics and the other DGs. When Arturo was given the opportunity to remain in DG Informatics, he proposed that he go to the Directorate-General for Education and Culture, enthusiastic to take on a new challenge.

In 2013, he moved to DG Education and Culture as Director of Performance Management, Supervision and Resources. The challenges and big issues to be dealt with there, including the doubling of the budget for the Erasmus programme, were of a different nature. He had to learn quickly about the new environment and the programmes, including Erasmus. He found the activities in DG Education and Culture extremely people-oriented, touching the lives of real citizens and showing the human face of the institution with its work in culture and values, art and music.

Arturo set about implementing his own order in the system and waterproofing the administration’s procedures, delegations, financial management, planning and budget requests. Arturo admits that working with 57 national agencies and two executive agencies (the Education, Audiovisual and Culture Executive Agency and the Research Executive Agency) requires quite a lot of supervision and performance management. However, like in all his previous posts, he took on the challenge and the work has been extremely interesting.

Arturo’s next move will be oriented towards looking for more responsibility in the management of performance, new programmes, new cross-cutting business processes and corporate governance. These areas will be affected by the innovative developments (such as data mining, artificial intelligence, and data analytics) brought about by our fast-changing, interconnected world. In all of these, IT support will be an essential technological component.

According to Arturo, the more mature the organisation is, the more likely it is that audit assignments will have to turn into assurance and consultancy services. He reflects that the seven headline ambitions of President von der Leyen, in his view, call for the IAS to move towards acting more as a strategic partner. For this, he recognises that auditors’ knowledge of IT, data mining and analytics is crucial.

For Arturo, what an auditor cannot lack is a sound understanding of corporate governance, policies and processes, and of the methodology and tools to audit them.

9.3. Christoph Nerlich

Christoph, a specialist with a passion for taxation and audit, has held a series of challenging and interesting posts in three European institutions: the European Court of Auditors, the European Parliament and of course the European Commission.

Having passed a general ‘concours’ on audit, Christoph joined the European Court of Auditors in 2006. Initially working in a specialised area in the unit responsible for the audit of borrowing and lending of EU funds, he decided to move to a horizontal unit that would give him wider exposure to different policies. Accordingly, he joined the European Court of Auditors’ central unit responsible for the DAS (Declaration d’Assurance) with Manfred Kraff as his Director.

In 2011, seeking a further opportunity to apply his specialised experience as an auditor in a more horizontal and political context, he joined the European Parliament. Taking up another challenging post, Christoph worked in the Secretariat of the European Parliament Committee on Budgetary Control. Christoph enjoyed working with Members of the European Parliament and providing policy advice to the Committee on important issues such as the discharge resolution. This was at a time when, under the Treaty of Lisbon, the European Parliament had gained significant power with the introduction of the co-decision procedure in most policy areas. It was there that Christoph more frequently encountered his future boss, Philippe Taverne, who, at that time, was the Deputy Director-General of DG Budget responsible for, inter alia, liaising with the Committee on Budgetary Control.

Upon Philippe’s appointment as the new Director-General of the IAS, Christoph felt privileged to be invited to join him as his assistant in October 2012. He recalls this time very positively. Under Philippe’s leadership, the IAS was reshaped significantly, making it more efficient and effective. He put in place effective planning, supervision and control to ensure timely delivery of high-quality audit reports. Then, two years into his tenure, Philippe successfully steered the IAS through the process of centralising the internal audit function within the Commission. This involved further developing the IAS’s business model and recruiting new staff. Consequently, the IAS grew by some 60% in terms of staff and saw an equal growth in audit output. By installing a dedicated quality assurance unit, the IAS also further improved its work in terms of consistency and quality across all audit units.

After three and a half years of working directly for Philippe, Christoph was appointed as Head of Unit. The issues involved in the management of a young team of auditors provided yet another specific, and pleasant, challenge. He recalls the very productive and committed team finalising no less than 14 audit reports in the first year. He reflects most proudly on his unit’s professional approach to, and delivery of, two very significant and challenging audit reports that had been directly requested by the College of Commissioners. One of these focused on the sensitive administrative expenditure of the Supervisory Committee of OLAF, while the other was on issues related to the governance of horizontal processes within the Commission, such as risk management (⁷³). This second audit has had a particularly wide-ranging impact within the Commission and demonstrates well the added value of the IAS to the Commission.

Now working in the Cabinet of Commissioner Schmit, Christoph was asked to reflect upon his career so far. How has he developed his professional career while working with three different institutions of the EU?

He is very honest – it is a combination of curiosity, dedication to work and the necessary bit of luck, to be in the right place at the right time.

9.4 Cristiana Giacobbo

Following her studies in economics and 1 year of experience as a chartered accountant, Cristiana started working at PwC as an external auditor where she stayed for 5 years. In 1998, she joined the European Commission. Her first assignment was in the former Directorate-General for Small and Medium-sized Enterprises (which today is the Directorate-General for Internal Market, Industry, Entrepreneurship and SMEs) as an assistant external auditor and member of a joint European Court of Auditors/Commission task force investigating cases of misconduct. When the internal audit function was created in 2000, she applied for and joined the Directorate for Internal Audit in DG Financial Control.

In the last 20 years, Cristiana has grown both personally and professionally in the IAS, progressing from team leader to Head of Unit in 2006, and then to Director of IAS.C in September 2015, responsible for audit in the Commission and executive agencies

It is always exceptional to meet a colleague who has truly ‘gone through the ranks’ to reach a senior position.

Cristiana is currently a director and senior manager in the Commission, having joined the organisation as an audit assistant in 1998. Not only did her interview give us insight into her remarkable career, but she also offered some great advice to all colleagues on how they, too, can enjoy a demanding and fulfilling career.

Joining the Commission from PwC, Cristiana was already an experienced auditor who was immediately able to undertake challenging work as part of a team of qualified auditors. Even before succeeding in a competition to become an administrator in the Commission in 2000, Cristiana always felt she was an integral and equal part of highly qualified teams of auditors.

When Cristiana joined the IAS, it was part of DG Financial Control. Working with experienced audit supervisors, she recalls that she settled into a stable and structured working relationship within the new IAS very quickly.

Cristiana was appointed Head of Unit in 2006 with the departure of Arturo Caballero and was subsequently assigned Head of Unit of IAS.B1 in 2010. Following the reorganisation of the IAS in 2015, Cristiana was appointed as the Director of IAS.C.

Cristiana is truly a modern internal auditor and manager. Not only has she managed teams of auditors in a range of complex and often innovative audits, but also, at different stages in her career, she has played a key role in driving forward professional projects that have allowed the IAS to stay ahead of the game in terms of its professional approach to internal audit.

Cristiana’s contribution over the years has supported and ensured the professionalism of the IAS and has significantly contributed to it being a ‘benchmark’ for the practice of internal audit in the public sector.

Cristiana was part of the task force that developed the IAS’s internal audit training programme (⁷⁴). She reflects that the training opportunities for auditors in the Commission were very limited, if not non-existent, when she joined. At that time, most professional development was ‘learning by doing’ and ‘learning from each other’. Cristiana has played a key role in building up a modern training programme, which offers a complete palette of courses for every level to IAS staff, from the beginner to the experienced auditor.

Thereafter, in both the world of IT audit and performance audit, she has showed her ability to manage and deliver key projects and initiatives in different fields.

Cristiana reflects ‘I already had a good background as external auditor, I developed my competencies in internal audit, I worked hard and had the chance to meet inspiring managers and colleagues from whom I learned a lot. Then I was in the right place at the right moment …’

Cristiana is able to give a very clear response when asked if, after 20 years, staying in one DG rather than changing to another has been a help or a hindrance to her career progression.

To her, internal auditing gives someone a complete toolkit to succeed in other jobs, namely the capacity to analyse processes, to identify risks and opportunities, and to find pragmatic solutions. It also enables them have a good understanding of different DGs and to identify good and less good practices.

For Cristiana, staying in the IAS for so long allowed her to get to know almost all of the DGs in the Commission from a privileged point of view, and with the necessary objectivity and distance to critically assess their functioning and to add value.

On a more personal level and reflecting on her own strengths, Cristiana notes three key elements that have been present in her career:

• investing 100 % of her energy in what she does to deliver the best result possible;
• a passion to extend her knowledge;
• being structured and pragmatic.

These qualities have characterised her career success in the IAS.

On the management of teams, as a team leader and a head of unit she notes that initially she found it easier recruiting and working with people who shared her professional outlook and approach. However, Cristiana sees the role of the director particularly as a manager of ‘all the talents’. You have to recognise and build the different attributes and skills of a large number of auditors.

On overcoming professional and personal challenges throughout her career, Cristiana gives two examples. Firstly, when reaching the Commission having worked predominantly in her mother tongue (Italian) and in French before, Cristiana invested a lot of time in improving her English to work more effectively with her first Director, who was Irish!

In terms of audit, Cristiana was able to lead a unit of IT auditors while not being a real IT auditor herself. She had to be acquainted with IT jargon and the basics of this part of the audit profession, and succeeded in obtaining the Certified Information Systems Auditor (CISA) certification.

In conclusion to an insightful interview, she feels like her career has always been a challenge but, for her, it has been an immensely interesting time.

She has learnt a lot and created good relationships with all of her bosses based on reliability, credibility and trust.

Modestly, Cristiana chooses not to answer our final question … Where next for this very talented senior manager in the Commission?

The glue: the things that keep us together

10.1. Social events

We all work hard, but we also recognise that our success and achievements depend on us sharing some relaxed, quality time with all our colleagues.

It has long been a tradition for the IAS to enjoy a good party after all the work is done, and when the occasion arises. In these challenging times when IAS staff are increasingly required to coordinate and share their knowledge and expertise while at the same time meeting tight deadlines, these occasions have become even more appreciated and successful.

Usually held on a Member State’s national day, sharing traditional food, culture and costume, or to mark the Presidency of the Council of the EU, these special events are organised by the staff themselves for all members of the IAS.

We have enjoyed the food and cultures of so many of the Member States, with these events being increasingly just as informative about the host country’s customs as the food is delicious. In recent years, Manfred, a great supporter of the initiative, has often prepared a short presentation on some of the key, but perhaps less well known and amusing facts about the countries and their inhabitants.

Particularly at Christmas time, a huge effort is made to organise traditional festivities and celebrate in style, be it in a restaurant or on our home ground. With most staff in fancy dress, there is music, poetry and other light entertainment provided by volunteers to keep spirits high!

The presence of one of our Commissioners is another key element in ensuring the success of events and making staff feel that their hard work and efforts are truly appreciated at the highest levels. This was the case at our 2019 Christmas party when Commissioner Didier Reynders joined in the celebrations.

Over the years, Commissioners Šemeta and Timmermans have also joined our staff to mark the success of an away day or an organisational change, such as at the ‘breakfast in the sky’ event, which was an initiative organised after our office move from Charlemagne to the Tour Madou.

The IAS would not be the same without the wonderful breakfasts and coffees organised on a regular basis by the directors following the finalisation of the reporting year, or even for a birthday. These occasions also offer an opportunity for newcomers to expand their circle of colleagues, and to inspire other groups to do likewise, encouraging integration and a general feeling of wellbeing and conviviality.

When staff leave, their time with the service is always marked with a dedicated moment of exchange on their valued contribution and best wishes for the future.

In recent years, our larger parties have also been complemented by the participation of the IAS band and choir. Many of these parties have ended with most members of staff on the dancefloor thanks to the IAS disk jockey, and the IAS recently hosted its own fashion show thanks to the motivation of staff members inspired by fashion design!

All staff involved in these activities receive and deserve a special recognition for their efforts and spontaneity in helping to bring joy and a feeling of belonging to the IAS family.

These social activities make the IAS what it is: a modern, professional audit service that works hard, but never forgets that its success also depends on the professionalism and goodwill of its excellent and motivated staff.

10.2. Bonding through sport

The IAS running team – Clearly not the loneliness of the long distance runner

Along with a number of the other initiatives proposed by staff, the IAS running team has proved to be a real hit with runners of all ages in the IAS.

Of course, there have always been those that chose to spend their lunch breaks, and a lot of their free time, running. However, the idea of a running team in the IAS first came from Tea Kelviser towards the end of 2018.

Along with a range of new activities and initiatives for staff as discussed in the SEC(⁷⁵), the running team was quickly brought together after a call for interest to join a 20 km run in May 2019.

A gruelling 24-week training schedule started in early 2019 with 12 members. Over the course of the weeks that followed, the distances were increased in steps to build up the fitness and stamina of the runners. Steadily and with discipline, a 2.5 km run developed into a 7.5 km run, working up to 15 km.

Running in the Parc Royale during their lunch break got the runners into the rhythm for the big run and, by April, the team switched to Cinquantenaire Park.

In the end, nine runners enrolled and ran in the 20 km road race in Brussels on 19 May 2019, celebrating quite a victory for the IAS team.

One of the more experienced runners, Edwin Croonen, leads by example and is considered a good motivator by those members who are not trained runners.

Edwin is a very keen runner, having started long-distance running as a student 40 years ago. The first time he took part in the Brussels 20 km was through an invitation from a colleague in the IAS in 2006.

Since then, Edwin has continued to train both by himself and with others in the IAS who have shown the same interest and passion for running.

Anyone can join in, and what is particularly rewarding and enjoyable is that it brings together a good mix of people from different units in the IAS that you might otherwise never see together.

Unsurprisingly, the running team is going from strength to strength!

IAS the valiant !- the VéloMai challenge

VéloMai is an annual interinstitutional cycling campaign to promote cycling as a healthy and sustainable mode of transport to commute to work.

First organised in 2017, it is normally undertaken during the whole month of May, and many IAS colleagues join others from the EU institutions in what is a fun but highly competitive challenge. In the year 2020, and not deterred by COVID-19, the event has taken place in October.

Our colleagues compete not only for individual glory but also on behalf of their service.

The IAS has a very motivated team of riders who are usually amongst the prize winners.

In the last VéloMai event, the IAS was one of the most environmentally conscious DGs and our team ended up in 4th place, with Jessica Kestermont a prize-winner.

This is all hugely popular – it’s fun and enables all competitors to contribute to an all-round healthier way of life and a better environment.

Our cyclists’ success, particularly when considered in the context of the relatively small size of the DG, has demonstrated that it’s not only in the delivery of professional audit advice and assurance that the IAS clearly ‘punches above its weight’ – IAS the Valiant, indeed.

Moving into the future - the next 10 years

Lining up the IAS to meet the challenges of the next decade

The pace of change in our society has accelerated and we are facing a range of serious issues at a global level.

Manfred considers that asking anyone to predict where the EU, the Commission and more pertinently the IAS might be in 10 years’ time is an even more difficult question than his predecessor, Brian Gray, faced 10 years ago.

However, increasingly, and not only with reference to COVID-19, internal auditors in general and the IAS in particular have to adapt to a ‘hotter’ and more challenging audit environment.

Keeping up with the impact of fast-changing technologies and the digitalisation of the Commission was always going to be immensely challenging. Furthermore, a reinforced budget and new instruments to address the post-COVID-19 crisis will lead in the coming years to a more complex world for auditors.

Manfred is currently trying to prepare the IAS to deal with all of these changes and challenges as part of what he has referred to as the ‘new normal’. Under Manfred, the IAS will therefore continue to improve its risk assessment and strategic planning processes to ensure a stronger focus on audit and consulting assignments that provide a high level of added value to the organisation.

This Director-General seeks to place a greater emphasis on integrating aspects of ‘strategic foresight’ into IAS planning and operational processes. Manfred will see it as a step forwards if the work of the IAS is able to contribute to providing sharper insights into medium-to long-term trends and to ensure that the EU legal and organisational framework is forward looking and fit for purpose in tackling upcoming challenges and opportunities.

When it comes to tackling the challenges of innovation and digitalisation (⁷⁶), Manfred identifies another key issue that he and future directors-general will have to address. Keeping pace will depend on the IAS having auditors with the right balance of skills. He and other chief audit executives recognise that the future of internal audit will require auditors to have a broader, and sometimes specifically IT-related, skills capacity. The market scarcity of these experts, and their often higher costs, also pose a challenge to the IAS.

Even before Manfred considers the question of what the maximum benefit of the IAS will be to the Commission in the future, he feels it more important to ask if the Commission itself is ready for what lies ahead.

Referring to the European Court of Auditors’ positive statement of assurance on the legality and regularity of the transactions underlying the EU accounts in recent years, Manfred cautions us that moving into the next decade ‘nothing can be taken for granted’. He does emphasise however that the IAS will still make sure that it provides assurance and advice on the legality and regularity of transactions (co-)financed by the EU budget to support directors-general in their continued efforts to address any remaining weaknesses of the management and control systems.

However, owing in particular to the high political interest and to the recent increased focus by the European Court of Auditors, Manfred considers that performance issues represent the biggest challenge for the Commission. He reflects that it is extremely important that the Commission has appropriate tools and robust methods in place to ensure the reliability of available information, as well as the techniques required to assess economy, efficiency and effectiveness. In this context, it is relatively straightforward to measure input, output and results. However, due to a whole range of external factors, he recognises that, in particular, it is challenging to determine the impact of EU policies and the EU budget.

Looking ahead, Manfred underlines that it is impossible to follow an audit trail from the level of the EU down to the level of final beneficiaries and to use classic audit techniques for measuring the effect of interventions of the Commission on political objectives, such as an increase in economic growth or a reduction in the unemployment rate. This is more the role of those in the organisation charged with evaluating, based in particular on socioeconomic models, the effectiveness of the EU budget or policies.

He considers, therefore, that there is likely to be a call for closer collaboration between internal auditors and evaluators to carry out assessments of the various aspects of sound financial management. He predicts that perhaps even comprehensive performance reports will need to be prepared jointly by internal auditors and evaluators, combining their expertise.

These factors, along with developments in improving strategic planning and foresight (⁷⁷), all underpin Manfred’s ambitions for the internal auditor to be increasingly seen as a ‘trusted advisor’ to management. Taken together, these initiatives should enable a more complete alignment of internal audit activities with the corporate political strategy. This will help in laying the keystone of a modern and successful internal audit function for the next decade, which will be able – even more fully than now – to address the needs of all the IAS’s stakeholders.

In view of the current extraordinary times, Manfred and his team have taken strategic decisions and set an ambitious course. They are confident that, in rising to these many challenges, the IAS can retain its core mission and objectives.

Based on sound professional judgement, and by continuing to benefit from the expertise and professionalism of a motivated team of internal auditors, it will continue to provide valuable assurance and advice to the Commission and remain a benchmark for high-quality internal audit in the public sector.

Taking the IAS into its third decade, Manfred is determined to maintain and enhance the IAS’s reputation for providing high-quality assurance and advice in the areas of governance, risk management and internal control.

Annex 1

Directorate A - EU Agencies and other autonomous bodies(⁷⁸)

Decentralised agencies of heading 1a – Competitiveness for growth and jobs
Name of the decentralised agency	Acronym	Location	Year of Creation
Agency for the Cooperation of Energy Regulators	ACER	Ljubljana	2009
Body of European Regulators for Electronic Communications— Office	BEREC	Riga	2009
European Agency for Safety and Health at Work	EU-OSHA	Bilbao	1994
European Aviation Safety Agency	EASA	Cologne	2002
European Banking Authority	EBA	Paris	2010
European Centre for the Development of Vocational Training	Cedefop	Thessaloniki	1975
European Chemicals Agency — Chemicals legislation(79)	ECHA	Helsinki	2006
European Foundation for the Improvement of Living and Working Conditions	Eurofound	Dublin	1975
European GNSS Agency	GSA	Prague	2004
European Insurance and Occupational Pensions Authority	EIOPA	Frankfurt	2010
European Labour Authority	ELA	Bratislava	2019
European Maritime Safety Agency	EMSA	Lisbon	2002
European Securities and Markets Authority	ESMA	Paris	2010
European Union Agency for Cybersecurity	ENISA	Heraklion/Athens	2004
European Union Agency for Railways	ERA	Lille/ Valenciennes	2004
Decentralised agencies of heading 2 – Sustainable growth: natural resources
Name of the decentralised agency	Acronym	Location	Year of Creation
European Environment Agency	EEA	Copenhague	1990
European Fisheries Control Agency	EFCA	Vigo	2005
Decentralised agencies of heading 3 – Security and citizenship
Name of the decentralised agency	Acronym	Location	Year of Creation
European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice	eu-LISA	Tallinn – Strasbourg - Sankt Johann im Pongau	2011
European Asylum Support Office	EASO	Valletta	2010
European Border and Coast Guard Agency	Frontex	Warsaw	2004
European Centre for Disease Prevention and Control	ECDC	Stockholm	2004
European Food Safety Authority	EFSA	Parma	2002
European Institute for Gender Equality	EIGE	Vilnius	2006
European Medicines Agency	EMA	Amsterdam	1993
European Monitoring Centre for Drugs and Drug Addiction	EMCDDA	Lisbon	1993
European Union Agency for Fundamental Rights	FRA	Vienna	2007
European Union Agency for Law Enforcement Cooperation	Europol	The Hague	1995EU Agency as of 2010
European Union Agency for Law Enforcement Training	CEPOL	Budapest	2005
European Union Agency for Criminal Justice Cooperation	Eurojust	The Hague	2002
Decentralised agencies of heading 4 – Global Europe
Name of the decentralised agency	Acronym	Location	Year of Creation
European Training Foundation	ETF	Turin	1990
Translation Centre for the Bodies of the European Union	CdT	Luxembourg	1994
European institute of innovation and technology
Name of the institute	Acronym	Location	Year of Creation
European Institute of Innovation and Technology	EIT	Budapest	2008
Joint undertakings under Article 70 of the Financial Regulation
Name of the joint undertaking	Acronym	Location	Year of Creation
The European Joint Undertaking for ITER and the development of fusion energy - Fusion for Energy	F4E	Barcelona – Cadarache – Garching	2007
Single European Sky Air Traffic Management Research Joint Undertaking	SESAR	Brussels	2014
Joint technology initiatives under Article 71 of the Financial Regulation
Name of the joint undertaking	Acronym	Location	Year of Creation
Bio-Based Industries Joint Undertaking	BBI	Brussels	2014
Clean Sky 2 Joint Undertaking	Clean Sky 2	Brussels	2014
Electronic Components and Systems for European Leadership Joint Undertaking	ECSEL	Brussels	2014
European High Performance Computing Joint Undertaking (EuroHPC)	EuroHPC	Luxembourg	2019
Fuel Cells and Hydrogen 2 Joint Undertaking	FCH2	Brussels	2014
Innovative Medicines Initiative 2 Joint Undertaking	IMI2	Brussels	2014
Shift2Rail (S2R) Joint Undertaking	S2R	Brussels	2014
EU Institutions / other autonomous bodies
Name of the institution	Acronym	Location	Year of Creation
European Data Protection Supervisor	EDPS	Brussels	2004
European External Action Service	EEAS	Brussels	2010
European Public Prosecutor’s Office	EPPO	Luxembourg	2017
The European Schools	ES	Belgium, Netherlands, Germany, Italy, Spain and Luxembourg	As of 1953

Annex 2

List of abbreviations

Abbreviation	Meaning
AAR	Annual activity report
ADAR	Advance draft audit report
AOD	Authorising Officers by Delegation
APC	Audit Progress Committee
APCPG	Audit Progress Committee Preparatory Group
APCs	Audit Progress Committee Secretariat
BREXIT	British exit from the European Union
CISA	Certified Information Systems Auditor
COVID-19	Coronavirus disease
CMB	Corporate Management Board
DAR	Draft audit report
DAS	Declaration d’Assurance
DG	Directorate-General
ECA	European Court of Auditors
ECIIA	European Confederation of Institutes of Internal Auditing
EMAS	Eco-Management and Audit Scheme
ERASMUS	European Action Scheme for the Mobility of University Students
EU	European Union
FAR	Final audit report
FTDP	Female Talent Development Programme
GDPR	General Data Protection Regulation
GRC Community	Professionals of Governance, Risk Management and Compliance Functions
GRC	Paisley Enterprise Governance, risk and compliance
HOIA	Heads of Internal Audit in International Organisations in Europe
IAC	Internal Audit Capability
IAS	Internal Audit Service
IIA	Institute of Internal Auditors
IRM	Information Resource Manager
IT	Information technology
ITER	International Thermonuclear Experimental Reactor
JPP	Junior professionals programme
JRC	Joint Research Centre
OLAF	European Anti-Fraud Office
SEC	Staff Engagement Committee
SMEs	Small and Medium-sized Enterprises
TeamEWP	TeamMate Electronic Working Paper
TeamMate AM	TeamMate Audit Management

Bibliography

European Commission, Proposal for a Council Regulation amending Council Regulation (EU, EURATOM) No 1311/2013 laying down the multiannual financial framework for the years 2014-2020, COM(2020) 446 final, 28.5.2020

European Commission, Next Generation EU recovery plan 2021-2024, Proposal for a Council Regulation establishing a European Union Recovery Instrument to support the recovery in the aftermath of the COVID-19 pandemic, COM(2020)441 final/2, 28.5.2020

European Commission, Annual management and performance reports, https://ec.europa.eu/info/publications/annual-management-and-performance-reports_en

European Commission, Annual Activity Reports 2012-2019, https://ec.europa.eu/info/publications/annual-activity-reports_en

European Commission, APC, Communication to the Commission from Commissioner Reynders in agreement with the President, Update of the Charter of the Audit Progress Committee of the European Commission, C(2020) 1165 final, 27.2.2020

European Commission, IAS audit on the Commission’s governance/oversight arrangements concerning risk management, financial reporting and the ex post verification/audit function, 26 January 2018 https://ec.europa.eu/info/publications/ias-annual-report_en

IAS, European Commission, IAS History Book 2001–2011, Brussels 2011

IAS, New strategic audit plan 2021–2023, Brussels 2020

Paterson, J.C., Lean Auditing: Driving added value and efficiency in internal audit, 2014

Endnotes

¹ IAS History Book 2001–2011, IAS, European Commission.

² See chapter 4.

³ IAS History Book 2001–2011, IAS, European Commission.

⁴ In Brian’s day, this was the Commission’s synthesis report. This is now the annual management and performance report.

⁵ Economy, efficiency and effectiveness.

⁶ See chapter 5.

⁷ Christoph Nerlich (October 2012 to March 2016) and Adrian Mircea (April to August 2016).

⁸ See chapter 2.

⁹ See chapter 2..

¹⁰ See chapter 5.

¹¹ Standard 1300 of the International Professional Practices Framework (IPPF) for internal auditing requires that the chief audit executive must develop and maintain a Quality Assurance and Improvement Programme (QAIP) that covers all aspects of the internal audit function.

¹² See chapter 5.

¹³ In accordance with Article 116 (2) of Commission Delegated Regulation (EU) No 1268/2012.

¹⁴ See chapter 7.

¹⁵ See chapter 3.

¹⁶ British exit from the European Union.

¹⁷ See chapter 7.

¹⁸ See chapter 5.

¹⁹ Paterson, J.C., Lean Auditing: Driving added value and efficiency in internal audit, 2014.

²⁰ See chapter 5.

²¹ See chapter 2.

²² See chapter 11.

²³ IAS History Book 2001–2011, chapters 1 and 2.

²⁴ Committee of Independent Experts, Second Report on Reform of the Commission: Analysis of current practice and proposals for tackling mismanagement, irregularities and fraud, 10 September 1999.

²⁵ recommendation 35.

²⁶ recommendation 37.

²⁷ European Parliament, Meeting of the Committee on Budgetary Control, Brussels, 3 December 2015.

²⁸ APC Annual Report 2016.

²⁹ Commission decision on the changes to the IAS organigram; taken at the 2355th meeting of the Commission (Brussels, 28/10/2020).

³⁰ See chapter 3.

³¹ See the map.

³² For example, the European Aviation Safety Agency in Cologne and the European Medicines Agency in Amsterdam.

³³ See chapter 2.

³⁴ ACER, BEREC, EASA, EBA, ECDC, ECHA, EFCA, EFSA, EIOPA, ELA, EMA, EMSA, ERA, ESMA, GSA – see also detailed list in annex 1 giving full names of all agencies and bodies audited by Directorate A.

³⁵ CdT, CEDEFOP, EEA, ENISA, ETF, EU-OSHA, EUROFOUND see annex 1.

³⁶ The name given to the audit visits, usually between two to five days, to each auditee for the audit preliminary interviews and fieldwork.

³⁷ BBI, CLEANSKY, ECSEL, EuroHPC, F4E, FCH, IMI, SESAR, SHIFT2RAIL, see annex 1.

³⁸ EDPS, EEAS and EPPO, see annex 1.

³⁹ CEPOL, EASO, EMCDDA, eu-LISA, EUROPOL and FRONTEX, see annex 1.

⁴⁰ EIGE, EUROJUST, FRA, see annex 1.

⁴¹ See below, chapter 4.3.

⁴² See EVP Timmermans introduction.

⁴³ Charter of the Audit Progress Committee of the European Commission, revisions C(2017)2225 of 4.4.2017, and C(2018) 7707 of 21 November 2018.

⁴⁴ Ms Michelle Sutton, formerly Deputy Head of Cabinet of First Vice-President Timmermans and Chair of the APC Preparatory Group, 2015–2019.

⁴⁵ Mr Luc De Lobel, expert member of the cabinet of Commissioner Reynders and Chair of the APC Preparatory Group, 2019 to present.

⁴⁶ The current APC Charter now confirms that External members are selected based on an open and transparent procedure. A third external member, Mr Jean FOSSION joined as of 1/09/2020.

⁴⁷ External quality assessments are performed once every five years and cover all IAS operations.

⁴⁸ In the light of the centralisation of internal audit in the Commission, and more particularly in the context of a significant reinforcement and reorganisation of the structure of the IAS.

⁴⁹ Standard 1300 of the International Professional Practices Framework for internal auditing requires that the chief audit executive must develop and maintain a quality assurance and improvement programme that covers all aspects of the internal audit function.

⁵⁰ This involved providing a limited conclusion on the ‘state of internal control’ in each DG or service based on the audit work carried out in the previous 3 years.

⁵¹ IAS audit on the Commission’s governance/oversight arrangements concerning risk management, financial reporting and the ex post verification/audit function, 26 January 2018.

⁵² Recommendations issued to the Commission DGs and services, and executive agencies.

⁵³ In its resolution of 10 May 2011 on the discharge for 2009, the European Parliament invited ‘the Internal Audit Service to allocate part of its resources to an examination of whether the spending by the main DGs is efficient, economical and effective and thereby completing the current financial and compliance audits’.

⁵⁴ As required by Article 118(5) of the Financial Regulation applicable to the general budget of the Union, Regulation (EU, Euratom) No 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union.

⁵⁵ Source: annual internal audit reports for 2014–2019.

⁵⁶ See section 5.5 below.

⁵⁷ ‘Internal Audit: Embracing the challenges of the future’.

⁵⁸ An IAS colleague now working in the Directorate-General for Mobility and Transport.

⁵⁹ See chapter 9.

⁶⁰ See chapter 5.

⁶¹ See chapter 2.

⁶² See chapter 8.

⁶³ See chapter 10.

⁶⁴ See chapter 10.

⁶⁵ Professionals of Governance, Risk management and Compliance functions.

⁶⁶ See chapter 5.

⁶⁷ See chapter 2.

⁶⁸ See chapter 5.

⁶⁹ An affiliation of chief audit executives of United Nations System organisations.

⁷⁰ See chapter 2.

⁷¹ See chapter 7.

⁷² Walter Deffaa would subsequently obtain a qualification as a certified internal auditor.

⁷³ IAS audit on the Commission’s governance/oversight arrangements concerning risk management, financial reporting and the ex post verification/audit function, 26 January 2018.

⁷⁴ See chapter 8.

⁷⁵ See chapter 7.

⁷⁶ See chapter 5.

⁷⁷ See chapter 2.

⁷⁸ Under IAS Scope (2020).

⁷⁹ The European Chemicals Agency belongs to heading 1a for its chemical legislation activities and heading 2 for its Biocides and Prior Informed Consent regulation activities.

COPYRIGHT

The European Commission is not liable for any consequence stemming from the reuse of this publication.

Luxembourg: Publications Office of the European Union, 2020

© European Union, 2020.

The reuse policy of European Commission documents is implemented based on Commission Decision 2011/833/EU of 12 December 2011 on the reuse of Commission documents (OJ L 330, 14.12.2011, p. 39).

Except otherwise noted, the reuse of this document is authorised under a Creative Commons Attribution 4.0 International (CC-BY 4.0) licence (https://creativecommons.org/licenses/by/4.0/). This means that reuse is allowed provided appropriate credit is given and any changes are indicated.

For any use or reproduction of elements that are not owned by the European Union, permission may need to be sought directly from the respective rightholders.

Print	ISBN 978-92-76-18849-0	10.2888/904316	NK-01-20-293-EN-C
PDF	ISBN 978-92-76-18856-8	doi:10.2888/913093	NK-01-20-293-EN-N
EPUB	ISBN 978-92-76-24741-8	doi:10.2888/31275	NK-01-20-293-EN-E
HTML	ISBN 978-92-76-18853-7	doi:10.2888/81503	NK-01-20-293-EN-Q