TheLawyer.sh
Tilbage

Commission Decision (EU) 2025/2570of 18 December 2025establishing the mission charter for the Internal Audit Service of the Commission

Den Europæiske UnionAfgørelse2025

European Union

Commission Decision (EU) 2025/2570 of 18 December 2025 establishing the mission charter for the Internal Audit Service of the Commission THE EUROPEAN COMMISSION, Having regard to the Treaty on the Functioning of the European Union, Having regard to Regulation (EU, Euratom) 2024/2509 of the European Parliament and of the Council of 23 September 2024 on the financial rules applicable to the general budget of the Union OJ L, 2024/2509, 26.9.2024, ELI: http://data.europa.eu/eli/reg/2024/2509/oj. , and in particular Articles 118(10) and 117(4) thereof, Whereas: (1) The Internal Audit Service (IAS) of the Commission was established on 11 April 2000 SEC(2000) 560 of 11 April 2000 The Reform of Financial Management and Control in the Commission. . The IAS works under the direction of the Internal Auditor, who is a Director-General. (2) The mandate of the Internal Auditor as laid down in Regulation (EU, Euratom) 2024/2509 is to advise the Commission on dealing with risks in relation to all Commission activities and departments concerned. (3) The independence of the Internal Auditor is guaranteed by Regulation (EU, Euratom) 2024/2509 and reinforced by the Global Internal Audit Standards Complete Global Internal Audit Standards, as published by the Institute of Internal Auditors. set by the Institute of Internal Auditors, which specify that the internal audit function is most effective when it is independently positioned with direct accountability to the highest level of governance in an organisation. (4) In order for the IAS to fulfil its role and ensure an efficient audit process, the full and unlimited access to all information referred to in Article 118(2) of Regulation (EU, Euratom) 2024/2509 should be facilitated by the Commission, executive agencies and European offices. (5) The scope of mission of the Internal Auditor and the objectives and procedures for the exercise of the internal audit function should be aligned with the provisions of Regulation (EU, Euratom) 2024/2509 and the Global Internal Audit Standards. The Global Internal Audit Standards are to be complied with pursuant to Article 117(1) of Regulation (EU, Euratom) 2024/2509. (6) Pursuant to Article 118(10) of Regulation (EU, Euratom) 2024/2509 the Commission should provide its Internal Auditor with the resources required for the proper performance of the internal audit function, while it remains the responsibility of the Internal Auditor to ensure that they are appropriate and effectively deployed. To that aim, the IAS should include in its work programme a resource management plan. (7) In order not to undermine the purpose of internal audits, and unless there is an overriding public interest in disclosure, the reports and findings of the Internal Auditor should be accessible to the public only after the validation by the Internal Auditor of the action taken for their implementation. (8) By Commission Decision (EU, Euratom) 2025/369 Commission Decision (EU, Euratom) 2025/369 of 21 February 2025 establishing the role of the Chief Risk Officer overseeing the financial risks arising from the Union’s financial operations (OJ L, 2025/369, 25.2.2025, ELI: http://data.europa.eu/eli/dec/2025/369/oj).

the Commission has established, within the Commission’s risk management and compliance framework for financial risks arising from the Union’s financial operations, the independent function of Chief Risk Officer, to act as the second line of defence at a corporate level, complementing the role of the Directorates-General responsible for the Union’s financial operations as the first line of defence. The third line of defence should be the IAS which should exercise its role in accordance with Article 118 of Regulation (EU, Euratom) 2024/2509. (9) Pursuant to Article 123 of Regulation (EU, Euratom) 2024/2509 the Commission is to establish an internal audit progress committee to ensure the independence of the IAS, monitor the quality of the internal audit work and ensure that internal and external recommendations are taken into account and followed up by services of the Commission, executive agencies and European offices. The Audit Progress Committee was established by Communication SEC(2000) 1808/3. To fulfil its role, information should be provided to the Audit Progress Committee such as incidents where the independence of the IAS may have been impaired and the actions and safeguards employed to address the impairment, the impact of resource limitations on the audit plan and, if objectivity was impaired in fact or in appearance, the details of the impairment. (10) When the Internal Auditor of the Commission provides, under the specific legal basis, the internal audit function to other Union institutions, Union bodies and agencies, and to other bodies, the Internal Auditor should be accountable to those institutions and bodies. (11) The IAS and the European Anti-Fraud Office (OLAF) cooperate in order to contribute to a better protection of the European Union against fraud and illegal acts. The basic principles of this cooperation are set out in the Communication to the Commission C(2018) 7705 Communication to the Commission C(2018) 7705 final on revision of administrative arrangements on cooperation and a timely exchange of information between the European Commission and the European Anti-Fraud Office. . (12) The Member of the Commission responsible for the IAS under Decision of the President of the European Commission P(2024) 6 Decision of the President of the European Commission P(2024) 6 of 1 December 2024 on the organisation of responsibilities of the Members of the Commission. shall exercise towards the IAS the tasks foreseen in the Decision of the President of the European Commission P(2024) 5 Annex I Principles governing working relations between the Members of the Commission, their cabinets and the services of the Commission of the Decision of the President of the European Commission P(2024) 5 of 1 December 2024 on the working methods of the European Commission. . The practical working arrangements between the Member of the Commission, his/her cabinet and the Internal Audit Service shall take into account the role of the Audit Progress Committee and the independence of the Internal Auditor.

regnskab

(13) The human and financial resources of the IAS are allocated by the Commission annually. The recruitment, performance evaluation and expenses of the Internal Auditor are decided in accordance with the relevant Commission acts in force for Directors-General SEC (2004) 1352/2 of 26 October 2004 Synoptic document on the policy concerning the civils servant of higher framing, Regulation (EU, Euratom) 2024/2509 of the European Parliament and of the Council, Commission Decision (EU) 2024/3080 of 4 December 2024 establishing the Rules of Procedure of the Commission and amending Decision C(2000) 3614, Decision of the President of the European Commission P(2024) 5 of 1 December 2024 on the working methods of the European Commission. . (14) The Global Internal Audit Standards guide the worldwide professional practice of internal auditing and serve as a basis for evaluating and elevating the quality of the internal audit function. The Global Internal Audit Standards recognise that internal audit functions in the public sector must consider specific laws and regulations, as well as governance, organisational, and funding structures that are only relevant in the public sector or government context and that the nature of these conditions may affect how public sector internal audit functions apply the Standards to achieve conformance. (15) In accordance with the Global Internal Audit Standards, the purpose of internal audit should be to strengthen the organisation’s ability to create, protect, and sustain value. (16) Also by the Global Internal Audit Standards, the internal audit function in the public sector enhances the organisation’s successful achievement of its objectives; governance, risk management, and control processes, reputation and credibility with its stakeholders, and its ability to serve the public interest. (17) In accordance with Regulation (EU, Euratom) 2024/2509 and the Global Internal Audit Standards, and to ensure that audits are unbiased, internal auditors should be free from undue influence and committed to making objective assessments. HAS ADOPTED THIS DECISION: CHAPTER 1 MISSION OF THE IAS

Article 1

Subject matter and scope

  1. This Decision shall apply to the IAS work within the Commission, executive agencies and European offices.
  2. The Internal Audit Service (IAS) shall provide the Commission with independent, risk-based, and objective assurance, advice, insight, and foresight.
  3. The IAS shall: (a) perform an independent assessment of the effectiveness of governance, risk management, and control processes for operations, activities and financial transactions (assurance services); (b) provide advice, insight and foresight (non-assurance services).

Article 2

Assurance services

  1. The purpose of the assurance services performed by the IAS shall be to confirm or verify that: (a) risks are appropriately and continuously identified, assessed and managed; (b) significant financial, managerial and operating information is accurate, reliable and timely;

(c) the Commission’s policies, procedures and applicable laws and regulations are complied with; (d) the Commission’s objectives are achieved effectively and efficiently; (e) the development and maintenance of high-quality control processes are promoted throughout the Commission. 2. The assurance services delivered shall allow the IAS to: (a) provide an independent conclusion/opinion in each audit report; (b) make recommendations for improving the efficient and effective management, performance and accountability within the Commission and its departments, executive agencies and European offices.

Article 3

Non-assurance services

  1. Without prejudice to Article 9(2), the IAS may provide advice, insight or foresight in the areas where it has expertise.
  2. The advice may take the form of an advisory engagement, or another form, as appropriate.
  3. The advice, insight or foresight may be provided at the request of the relevant Directors-General, Heads of Service and Directors of executive agencies (senior management) or on the IAS’s own initiative.
  4. The nature and scope of a senior management-requested service shall be agreed with senior management.
  5. When the IAS provides a service on its own initiative, the nature and scope of the service shall be discussed with the relevant senior management. CHAPTER 2 ACCOUNTABILITY AND INDEPENDENCE

Article 4

Organisation and accountability

  1. The IAS shall work under the direction of the Internal Auditor who shall be accountable to the Commission.
  2. The IAS shall report to the Audit Progress Committee reflecting the Audit Progress Committee’s role, purpose and responsibilities as outlined in Communication to the Commission C(2020)1165 Communication to the Commission C(2020)1165 Update of the Charter of the Audit Progress Committee of the European Commission. and Article 123 of Regulation (EU, Euratom) 2024/2509.

Article 5

Independence and objectivity

  1. No authority may interfere in the conduct of IAS work or ask the IAS to make any alterations to the content of audit reports.
  2. The Internal Auditor and staff of the IAS shall: (a) preserve independence and objectivity in relation to the activities and operations they review; (b) ensure objectivity in their judgement; (c) avoid conflict of interest and in case they arise act in line with Article 11a of the Regulation No 31 (EEC), 11 (EAEC) Regulation No 31 (EEC), 11 (EAEC), laying down the Staff Regulations of Officials and the Conditions of Employment of Other Servants of the European Economic Community and the European Atomic Energy Community (OJ 45, 14.6.1962, p. 1385/62, ELI: http://data.europa.eu/eli/reg/1962/31(1)/2024-01-01). .
  3. Where the objectivity of the Internal Auditor and staff of the IAS is impaired in fact or appearance, the Internal Auditor shall disclose the details of the impairment to the Audit Progress Committee.
  4. Where the Internal Auditor considers it necessary, he or she may contact directly the President of the Commission.

Article 6

Interinstitutional arrangements and confidentiality The IAS shall retain the confidentiality of information it handles, in line with the provisions of the Commission Decision (EU, Euratom) 2015/443 Commission Decision (EU, Euratom) 2015/443 of 13 March 2015 on the security in the Commission (OJ L 72, 17.3.2015, p. 41, ELI: http://data.europa.eu/eli/dec/2015/443/oj). and of the Global Internal Audit Standards. CHAPTER 3 TASKS AND POWERS OF THE INTERNAL AUDITOR

Article 7

Tasks The Internal Auditor shall be responsible for organising and managing the work of the IAS in accordance with this Decision and Regulation (EU, Euratom) 2024/2509. In particular, the Internal Auditor shall: (a) develop and implement an internal audit strategy that supports the strategic objectives of the Commission, as set out in Article 10; (b) develop and establish the IAS audit methodology and procedures; (c) ensure communication with Directors-General, Heads of Service and Directors of executive agencies, the audited services, and relevant stakeholders; (d) ensure that the IAS resources are appropriate and effectively deployed to meet the requirements of the annual work programme; (e) ensure that confidentiality is respected with regard to the information gathered by the IAS in the course of its work.

Article 8

Oversight and horizontal reporting

  1. The Internal Auditor shall: (a) report to the Audit Progress Committee significant issues related to the audited activities of the Commission, executive agencies and European offices, including potential improvements to those activities; (b) report to the Audit Progress Committee significant risk exposures and control issues, corporate governance issues and other matters needed or requested by the Commission; (c) formally communicate in writing to the Director-General, Head of Service or Director of executive agency and the Audit Progress Committee where the Internal Auditor believes that the Director-General, Head of Service or Director of executive agency has accepted an unreasonably high level of risk.
  2. The Internal Auditor shall report, at least annually, to the Audit Progress Committee: (a) on the IAS mission, authority and responsibility; (b) on the organisational independence of the IAS, including, if appropriate, incidents where independence may have been impaired and the actions and safeguards employed to address the impairment; (c) on the update of the internal audit strategy; (d) its annual audit plan and its performance in relation to this audit plan; (e) the impact of any resource limitations on the audit plan and its execution including the IAS ability to cover high risks and express an overall conclusion on the state of financial management in the Commission; (f) any failing or inability to meet and comply with the requirements of this Decision; (g) if objectivity was impaired in fact or in appearance, and the details of the impairment; (h) on the results of the internal or external quality assessment, as appropriate.
  1. The Internal Auditor shall: (a) submit an annual internal audit report to the Commission, indicating the number and type of internal audits carried out, the principal recommendations made and the actions taken on those recommendations, in accordance with Article 118(4) of Regulation (EU, Euratom) 2024/2509; (b) provide annually, on the basis of the work of the IAS, an overall conclusion on the state of financial management in the Commission.
  2. The Internal Auditor shall, in accordance with Article 22a of the Staff Regulations, inform without delay as appropriate either the Director-General or Head of Service or Director of executive agency concerned, or the Secretary-General, or persons in equivalent positions, or the European Anti-fraud Office (OLAF) directly in accordance with Commission Decision 1999/396/EC, ECSC, Euratom Commission Decision 1999/396/EC, ECSC, Euratom of 2 June 1999 concerning the terms and conditions for internal investigations in relation to the prevention of fraud, corruption and any illegal activity detrimental to the Communities’ interests (OJ L 149, 16.6.1999, p. 57, ELI: http://data.europa.eu/eli/dec/1999/396/oj). and Commission Decision C(2002)845 Commission Decision C(2002) 845 of 5 March 2002 on raising concerns about serious wrongdoings. or the Audit Progress Committee, of any suspected fraudulent activities.

Article 9

Powers

  1. The Internal Auditor and staff of the IAS acting on his or her behalf shall be authorised to: (a) have unrestricted and facilitated access to all functions, information systems, data, records, property and personnel within the Commission, as considered necessary for the fulfilment of their duties; (b) obtain the necessary assistance of Commission’s staff in all Directorates-General, Services and executive agencies; (c) allocate resources, select subjects, determine the scope of work and apply the techniques required to accomplish audit objectives; (d) be informed at an early stage about the development of new systems and changes to existing systems that may substantially affect the Commission’s internal control system.
  2. The Internal Auditor and the staff of the IAS may not: (a) perform any operational duties for the Commission or take management responsibility for any function other than the internal audit function; (b) initiate or approve financial transactions, except within the allocation for the functioning of the IAS; (c) direct the activities of Commission staff not employed by the IAS, except to the extent such staff members have been appropriately assigned to auditing teams or to otherwise assist the IAS. CHAPTER 4 PERFORMANCE OF THE INTERNAL AUDIT SERVICES

Article 10

Internal audit strategy

  1. The internal audit strategy shall outline the vision and strategic objectives for exercising the internal audit function.
  2. The Internal Auditor shall develop and implement initiatives supporting the internal audit strategy that cover all IAS audit activities, and continuously monitor their effectiveness.
  1. The supporting initiatives shall include: (a) a quality assurance and improvement programme; (b) a human resources strategy; (c) a digital auditing and transformation strategy.
  2. The Internal Auditor shall develop a mutual expectations paper as a guidance document that describes the relationship between auditor and auditee to clarify responsibilities and align mutual expectations so that audits are efficient and effective.

Article 11

Work programme

  1. The Internal Auditor shall adopt annually the work programme, containing the audit plan and resource management plan.
  2. The Internal Auditor shall: (a) carry out a risk assessment at least on an annual basis, that will consider any risks identified by management and, where relevant, the independent assessment by the Chief Risk Officer of the financial risks arising from Union’s financial operations; (b) develop an audit plan, aligned with the priorities of the internal audit strategy, indicating the engagements planned for the next two years and consulting with the Directorates-Generals and Services for the purpose of providing optimal audit coverage and including as appropriate any special tasks or projects requested by the Audit Progress Committee, Directors-General, Heads of Service and Directors of executive agencies; (c) submit the audit plan to the Audit Progress Committee for consideration; (d) adopt the audit plan and submit it to the Commission; (e) update the audit plan as needed to take into account new and/or emerging risks that could impact the organisation, or any requests by the Commission to carry out audits after informing the Audit Progress Committee; (f) ensure audit coordination with the European Court of Auditors as appropriate.
  3. The Internal Auditor shall: (a) ensure that the work programme is properly implemented; (b) ensure that audits are performed in line with the mutual expectations paper; (c) ensure findings are promptly validated and recommendations are discussed with the auditee, with the auditee’s position reflected in the final report, particularly in the case of disagreement; (d) ensure a continuous dialogue with the auditee is in place, to ensure the relevance of the findings and the quality and feasibility of the recommendations for action to be taken; (e) effectively and in a timely manner communicate the results of assurance and non-assurance engagements to Directors-General, Heads of Service, Directors of executive agencies and the Audit Progress Committee; (f) establish a follow-up process monitoring that recommendations have been implemented and inform the Audit Progress Committee accordingly, with special attention for the overdue recommendations and the related risks.

Article 12

International internal audit standards

  1. The Internal Auditor shall ensure conformance with the Global Internal Audit Standards and, for its assurance services, with Topical Requirements issued by the Institute of Internal Auditors, subject to paragraph 3.
  2. The Internal Auditor shall ensure that an independent external quality assessment is performed at least every 5 years.
  1. Requirements originating from Union law shall take precedence over the Global Internal Audit Standards and Topical Requirements.

Article 13

Access to documents No access to documents being part of internal audit engagements shall be granted, unless the applicant demonstrates an overriding public interest in providing access prevailing over the interests protected by Article 4(2) of Regulation (EC) No 1049/2001 of the European Parliament and of the Council Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ L 145, 31.5.2001, p. 43, ELI: http://data.europa.eu/eli/reg/2001/1049/oj) .

Article 14

This Decision shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union. Done at Brussels, 18 December 2025. For the Commission The President Ursula von der Leyen

Metadata

Type
Afgørelse
År
2025
Ikrafttrædelsesdato
1. januar 1970