Report from the Commission to the European Parliament and the Council: Annual report to the Discharge Authority on internal audits carried out in 2017
1. This is a report from the Commission to inform the European Parliament and Council of the work carried out by the Commission’s Internal Audit Service (IAS) in 2017. The report contains a summary of the number and type of internal audits carried out, the recommendations made and the actions taken in response to these recommendations.
2. In 2017, the IAS carried out 148 engagements, including 54 audits, 90 follow ups, 2 reviews and 2 consulting assignments. The IAS issued 199 recommendations in 2017, of which one was classed as ‘critical’, 71 were classed as ‘very important’, 126 as ‘important’ and one as ‘desirable’. 197 recommendations were fully accepted and two were partially accepted.
3. As of January 2018, the IAS reports that 1,476, or 80% of accepted recommendations made between 2013 and 2017 have been reported as implemented, leaving 359, or 20%, still in progress. Of these 359 recommendations, still in progress, one is rated as ‘critical’ and 133 as ‘Very Important’. 121, or 6.6% of total accepted recommendations, are overdue. 1,296, or 95%, of accepted recommendations made between 2013 and 2017 have been closed by the IAS. Overall, the IAS regards this as a satisfactory state of affairs.
4. Several IAS audits focused on performance management and governance processes and found that weaknesses exist in various governance arrangements at both corporate and operational levels within the DGs, Services, and Executive Agencies. For example, DG Energy manages IT systems that handle classified information under EURATOM safeguards and for which significant issues need to be addressed. Consequently, the IAS identified the need for proportionate improvements of the current IT security governance arrangements.