370 likes | 427 Views
FRAUD RISK ASSESSMENT AND ANTI-FRAUD MEASURES ESIF 2014-2020. Mr Leif HÖGNÄS, Fraud Prevention Officer DG Regional and Urban Policy. New obligations 2014-2020. Managing authorities : 1) Put in place a minimum set of effective and proportionate anti-fraud measures
E N D
FRAUD RISK ASSESSMENT AND ANTI-FRAUD MEASURES ESIF 2014-2020 Mr Leif HÖGNÄS, Fraud Prevention Officer DG Regional and Urban Policy
New obligations 2014-2020 Managingauthorities: 1) Put in place a minimum set of effective and proportionateanti-fraudmeasures 2) Carry out a fraudriskassessment Audit authorities: 3) Verifywhether the MA'sfraudriskassessmentiscredible and provides a true and fairassessment of the risks and verifythatadequateanti-fraudmeasures are in place to mitigateagainst the risks
Minimum anti-fraud requirements are set out in Article 125.4 c) of Regulation 1303/2013 "As regards the financial management and control of the operational programme, the managing authority shall put in place effective and proportionate anti-fraud measures taking into account the risks identified"
Related requirements in Regulation 1303/2013 The management and control systemsshallprovide for the prevention, detectionand correction of irregularities, includingfraud(Article 72) Member States must notify to OLAF all irregularitieswhichexceed EUR 10 000 in EU contribution (Article 122)
Commission's guidance on fraud risk assessment and anti-fraud measures is available: - on the anti-fraudplatform of SFC - transmission to all Permanent Representations - contact us: e.gleif.hognas@ec.europa.eu
Other anti-fraud guidance on SFC - Information note on fraudindicatorsfor ERFD, ESF and CF (COCOF 09/0003/00-EN) - compendium of anonymised cases - OLAF'spractical guide on conflict of interest - OLAF'spractical guide on detection of forged documents - forthcoming guides from OLAF in 2014: • 1) on anti-fraudstragies and 2) the role of auditors in anti-fraudwork
Key anti-fraud principles - zero tolerance to fraud - the right tone from the top - a proactive, structured and targeted approach to managing the risk of fraud - main objective: proactive and proportionate anti-fraud measures with cost-effective means DUTY TO PROTECT TAXPAYERS' MONEY !
Guidance on minimum requirements for effective and proportionate anti-fraud measures The anti-fraud cycle: prevention, detection, correction and prosecution
Guidance on minimum requirements for effective and proportionate anti-fraud measures Anti-fraudpolicy: • strategy for the development of an anti-fraud culture • allocation of responsibilities for tackling fraud • reporting mechanisms for suspicions of fraud • cooperation between the different national actors
Guidance on minimum requirements for effective and proportionate anti-fraud measures Prevention: - commitment to combat fraud and corruption - raise awareness internally and externally about preventative and detective controls - transmit cases to the competent authorities for investigations and sanctions - state the anti-fraudpolicyvisibly: DETER FRAUDSTERS! - template for anti-fraudpolicy in the guidance (Annex 3)
Guidance on minimum requirements for effective and proportionate anti-fraud measures Detection: - obviously, preventative techniques cannot provide absolute protection against fraud - complement your risk assessment and detect suspected cases timely (use e g the ARACHNE tool) - develop an appropriate mindset - embed fraud indicators in checklists (red flags)
Guidance on minimum requirements for effective and proportionate anti-fraud measures Reporting mechanisms: - mechanisms should facilitate the reporting of both suspicions of fraud and control weaknesses that may increase the MA'ssusceptibility to fraud - sufficient coordination on anti-fraud matters with the audit authority and competent investigative authorities in the Member State, including anti-corruption authorities
Guidance on minimum requirements for effective and proportionate anti-fraud measures Communication and training with staff about reporting mechanisms must ensure that staff: - understands where they should report suspicions of fraudulent behaviour or control weaknesses - are confident that they can report in confidence and that the organisation does not tolerate retaliation against any staff member who reports suspicions
Guidance on minimum requirements for effective and proportionate anti-fraud measures Investigation, correction and prosecution: - refer cases for investigation in accordance with internal and EU requirements (report to national competent body and OLAF) - recoveraffectedamountsafterknownfinancial impact and reimburse to the EU budget - criminalprosecution, as relevant
Guidance on minimum requirements for effective and proportionate anti-fraud measures Whydid the fraud case occur? Learn the lessons! Objective and self-critical examination which should result in clear conclusions about perceived weaknesses and lessons learned, with clear remedial actions as necessary, responsible individuals and deadlines
Commission's guidance provides a tool which can mitigate fraud risks 1) Managing authorities are asked to assess the degree of exposure to specific fraud risks using the assessment tool provided by the Commission already at designation stage 2) The type of additional anti-fraud measures to be put in place should take into account already existing mitigating controls 3) Proportional and effective: a higher fraud risk requires that anti-fraud measures are stepped up 4) During the programming period, the fraud risk assessment should be carried out annually or every second year
The tool focuses on fraud risks in relation to three key processes 1) Selection of applicants 2) Implementation and verification of the operations (including public procurement-related fraud risks) 3) Certification and payments
Assess and mitigate against e g the following specific fraud risks: - Undisclosed conflict of interest, bribes and kickbacks at project selection stage - Deliberate avoidance of competitive procedures in public procurement (e g unjustified single source award) - Manipulation of public procurement procedures (e g rigged specifications) - Collusive bidding - False or inflated invoices
Basic steps 1) assess the ‘gross’ risk (= impact x likelihood) of specific pre-identified risks occurring under each of the three key processes (plus add any other identified risks) 2) identify and assess the effectiveness of controls already in place to mitigate against the identified specific fraud risks 3) assess the net risk 4) as necessary, put in place any further mitigating controls
Practical example (cont.) CALCULATE GROSS RISK OF EACH SPECIFIC FRAUD RISK - the total risk score will be automatically calculated by the tool by multiplying the score given by the assessment team to risk impact and risk likelihood ASSESS EXISTING CONTROLS IN PLACE FOR EACH SPECIFIC FRAUD RISK- assess effect of existing controls on risk impact and risk likelihood (i e gross risk) by providing a score for each ASSESS NET RISK AFTER CONTROLS- the net risk score (i e the risk after current controls) is automatically calculated by the tool
Practical example (cont.) ACTION PLAN- when necessary, introduce a mitigating control against a specific net risk which is significant or critical - E g suggested control to mitigate against product substitution (Annex 2): requirement by MA for beneficiaries to request works certificates or other forms of verification certificates, awarded by an independent third party, on the completion of the contract. TARGET FRAUD RISK LEVEL- target risk is automatically calculated by the tool
How to use the tool (Annex 1 of the guidance provides a manual)
Audit authorities' verification of the fraud risk assessment –checklist provided in Annex 4 of the guidance • - designation phase: report and opinion of an independent body (canbe audit authority) - compliancewith Article 125.4 c) during 2014-2020
Audit authorities' verification of the fraud risk assessment - in connection with audits on the functioning of the management and control systems, the audit authority should carry out verifications of the effective implementation of the anti-fraud measures by the MA as early as possible in the programming period. - depending on the results of such audits and on the identified fraud risk environment, follow-up audits may be carried out as often as necessary
Audit authorities' verification of the fraud risk assessment Does the fraud risk assessment cover the specific fraud risks in relation to - the selection of applicants? - the implementation and verification of the operations? - the certification and payments?
Audit authorities' verification of the fraud risk assessment Process of the risk assessment: - was the assessment team appropriately composed of members from representative departments? - is there evidence that sources of information such as audit reports, fraud reports and control self-assessments were taken into account during the risk assessment process?
Process of the risk assessment cont.: - was the self-assessment process clearly documented, allowing for clear review of the conclusion reached? -is there evidence that senior management had adequate oversight and/or involvement in the process and that approved the net level of risk exposure?
Verification of the assessment of the gross risk Review a sample of risks from the assessment tool: taking into account the results of the assessment of the gross risk of fraud, does the assessment seem credible? Has the total gross risk been calculated correctly and has it been correctly graded (tolerable, significant, critical)?
Verification of the assessment of the net risk Review a sample of risks from the assessment tool: taking into account the results of the assessment of existing controls in place to mitigate against the gross risk, does the assessment seem credible? Has the net risk been calculated correctly and has it been correctly graded (tolerable, significant, critical)?
Putting in place additional controls, as necessary Review a sample of risks from the assessment tool: when the net risk is higher than significant or critical, has this lead to putting in place appropriate additional controls in order to reduce the target risk to a tolerable level?
Verification of adequate frequency of the fraud risk assessment Is there an adequate procedure in place ensuring that the risk assessment is repeated during the programming period, its frequency depending on risk levels and the actual instances of fraud?