NextGenerationEU — a game changer for audit authorities?
The launch of the NextGenerationEu initiative has added an extra dimension to the audit of EU expenditure. Not least for the national audit authorities, who not only have to cover significantly more money in their audit activities, but must also tailor their assessment procedure to the different payment conditions created. Nata Lasmane is Director of the Audit Department for EU funds at the Ministry of Finance of the Republic of Latvia. She has been involved in auditing EU funds since 2003 and has consequently had a front‑row view of evolving EU payment modalities, first for cohesion expenditure and now for the NextGenerationEu initiative, including the Resilience and Recovery Facility. Here, Nata Lasmane explains that the new instrument will involve numerous challenges and opportunities at both Member State and EU level, including for auditors.
By Nata Lasmane, Audit Authority, Latvian Ministry of Finance
Results as primary criterion
Since 2003, I have been involved in auditing EU funds. Initially I led the internal audit unit in the paying agency for agriculture, moving on to my current role with responsibility for auditing Structural Fund and Cohesion expenditure, the Fund for European Aid to the Most Deprived (FEAD), the Asylum, Migration and Integration Fund (AMIF), the Internal Security Fund (ISF), and other funds. Since 2021, we have faced a new challenge — auditing the Recovery and Resilience Fund (RRF) in line with NextGenerationEu (NGEU) principles. According to these principles, eligibility is entirely connected to outcome, not actual expenditure, so we must learn how to audit outcomes instead of invoices and contracts.
In my early days in this area, the accreditation criteria for the paying agency were described in one and a half pages! To be honest, I very much liked the regulations of that time. Of course, as more players come into the game and larger amounts are allocated for different types of support, the rules of the game also become more complicated. Consequently, the game becomes more regulated.
Now it is time to look back and make an assessment in order to avoid unnecessary formal controls or inefficient controls. All the more so as the final beneficiaries have indicated that the administrative burden is too high. It is clear that we must take radical steps to prevent frustration among beneficiaries and recipients who have made clerical or formal errors. Ultimately, the focus should be on the results of the investments. In this respect, we can follow the example of private sector investments, where the investors’ primary focus is on the results rather than the process.
How can we best achieve this? How can we ensure control over EU funds and at the same time achieve the necessary results? It was decided that in the case of the RRF — see Figure 1 for the areas and amounts in Latvia — no specific new management and control system would need to be established. Instead, the idea is to use the management and control systems that already exist in the Member States. That works for Member States where such a system already exists and functions well. But what if this is not the case? Then the winners will be the Member States that did their homework in advance and established reliable management control systems in the public sector. Other Member States will probably have to speed up this aspect to bring their systems into alignment for the implementation of the RRF.
Figure 1 — Structure of RRF allocation in Latvia
Latvia’s recovery and resilience plan consists of 60 investments and 25 reforms. These will be supported by €1.8 billion in grants.
The Audit Authority’s role
The profession of certified financial auditor is often considered to be a rather conservative profession since we normally do our job a year or more after the event has taken place. When auditing, we are expected to comply very strictly with the rules and we may seem to lack flexibility. In my opinion, this is a myth. It very much depends on the strategy of each individual audit body, which may aim to safeguard historical values or drive various innovations. My department — Latvia’s Audit Authority — aims to drive innovation. We support new ideas presented by the EU through the NGEU initiative and we also understand that it is not an easy process.
The global market and our related economies require the efficient use of resources through straightforward administration and the use of IT and even artificial intelligence (AI) tools. All to focus more on the achievement of objectives rather than mere compliance with the process. For example, by using e‑Cohesion (1) we have already facilitated multiple processes by means of information technologies. Using IT controls, which are mostly automated, should ensure compliance with the process and enable auditors to focus on the results achieved.
The use of IT controls also requires different skills and knowledge from auditors. Analytical and IT skills are now seen as a top priority for both auditors and administrative staff. If all invoices, contracts, construction and procurement documentation were in digital form, various savings could be made in handling all the procurement documentation, etc. My dream is that in the near future we will have AI team members who will fill in our checklists. And this is not in the distant future. For example, our paying agency in agriculture already uses AI for area controls. The ‘AI controller’ has learned a lot and is now more precise in identifying different types of crops. During my secondment to the ECA some years ago, I picked up the idea of establishing a task force to address and develop issues related to digital audit.
Differences between RRF and traditional cohesion funding
While there are complementarities between the more traditional cohesion funds and the new RRF, there are also substantial changes that are highly relevant for audit authorities in the Member States. They not only relate to the management control systems (MCS) used, but also for example to the disbursement conditions set for the RRF. For the new instrument, these conditions are very much performance‑based, with payment conditions relating to the achievement of milestones and targets. Table 1 reflects a number of key differences between the RRF and our traditional (mainstream) approach to EU funding.
Table 1 — Key differences relating to cohesion and RRF funding
Most Member States have indicated that they will use the same management control systems as for cohesion expenditure. The question that arises is whether this will work out well in practice, considering the multiple differences and the impact it will have on the approaches to be employed.
Basic principles to consider for these ‘new’ audits
In my opinion, the biggest challenge we face relates to auditing the Member State systems involved in properly implementing RRF projects. Several elements come into play: we must provide assurance to the European Commission that management control systems at Member State level are free of material irregularities, double funding risks and corruption/fraud, and that any conflict of interests is detected and managed at the proper level (see Figure 2).
Figure 2 — Topics to be audited
As the plan is to use the Member States’ existing control systems, there is no provision for recruiting additional staff to control expenditure. Consequently, we at the audit authorities must be inventive in finding resources for the RRF and using them economically. Fortunately, we are allowed to use work by other bodies and make that part of the assurance model.
Building blocks for our summary report
First of all, we must have a clear picture of the sources of information we can use to arrive at our conclusions in our Summary Audit Report (see also Table 1). At the moment, we have identified a number of possible sources for assurance and possible partners for cooperation, which are reflected in Table 2.
Table 2 — Potential sources for assurance
The above organisations are independent institutions with or without (private companies’) periodic supervision by ministries and outside the scope of the work by the ministries‘ internal audit units. Some of these institutions have their own internal audit unit. As an audit department for EU funding, we are going to establish a cooperation and information exchange channel with each one.
Databases — access is key
When it comes to identifying conflict of interest and double funding cases, we believe the presence of appropriate databases, and good access to them, will play a critical role. Figure 3 reflects the key IT systems we have identified for our work.
Figure 3 — Key IT systems and tools
At the moment, only our intermediate body — the Central Finance and Contracting Agency — and the Audit Authority have access to relevant databases. The challenge for the future will be to give access to all pertinent databases to all bodies with a relevant role, while observing data protection principles.
Future challenges of RRF implementation
Beyond the above issues that we need to tackle as an audit authority, I can see various other challenges for the implementation of the RRF:
- how to stimulate strong coordination, not only between national authorities but also with European Commission services;
- if results are not achieved: how to apply financial corrections if the money is not linked with a particular supporting measure;
- how to obtain proper assurance about efficient nationally‑established MCS, including for complicated areas such as state aid and public procurement;
- how to accelerate digitalisation and automatisation of routine controls.
In relation to the last point, I would like to highlight an indirect challenge. One of the typical support measures in all Member States is digitalisation, with an agreed target of 20 % for digital spending in each Member State plan, and more than 26 % on the digital transition across the 22 National Recovery and Resilience Plans (NRRPs) approved so far (2). For instance, in Latvia’s RRF plan, more than 20 % is allocated to digital objectives.
Latvia’s recovery and resilience plan supports the digital transition through investment in the digitalisation of public administration and public services (€129 million), by supporting the digital transformation of businesses, and by creating a better environment for research and innovation with measures to improve the digitalisation of small and medium‑sized enterprises (€125 million). Other measures in the plan relate to deploying high‑speed broadband, which should help further improve digital infrastructure (€12.5 million), and reforms to improve the basic and advanced digital skills of citizens, enterprises and public administration (€95 million). Our ministries are concerned over whether the EU and the Member States will be able to find the necessary number (and quality) of information system programmers to satisfy the needs of all the Member States at the same time.
Specific challenges for the ECA
Another challenge that might specifically arise for the ECA could be the sampling of units for its Statement of Assurance audits. Although RRF measures are not directly linked to finances, the EU financial statements will comprise lines of expenditure.
For instance, Latvia plans to request €500 million in 2023. This request is linked with 45 milestones and four targets. There are cases where we can identify the project amount for each milestone and target, but what if the milestones are related to soft objectives and money is an additional contribution in the national budget (approval of laws, implementation of reforms, etc.)?
While clearly the ECA could pinpoint payments to Member States and select a sample, its methodology for assurance would most likely be totally different. This leads onto the next challenge for the ECA: how to build a single audit model, and how to rely on work by national audit authorities — those who prepare audit summaries. It is a very different system from the traditional situation where you can trace all the expenditure.
For auditors: same role, but different rules
With the unfolding of the NGEU, and with it the RRF and the NRRPs, it is clear that existing management and verification structures will need to adapt. The current system for spending EU funds with eligible costs as the main criterion acquires a sine qua non dimension: the contribution to the efficiency of EU funds, with the achievement of objectives as a key criterion. Member States receive funding based on the achievement of milestones and targets in implementing reforms and investments, rather than to reimburse costs.
In principle, this should change the rules of the game substantially. Not only for implementing authorities when selecting projects, but also for auditors when assessing them. The new criteria open up opportunities, not least for us as auditors, to look for new, viable and innovative audit approaches. This is all the more necessary given the role envisaged for auditors in the final allocation of EU funds, in view of the achievement of the objectives initially projected. The auditor’s role of maintaining trust in the system has not changed, but the rules for achieving this assurance are very different.
(1) An electronic data exchange system which allows the secure exchange of natively digital documents or scanned documents from system to system via standardised interfaces between the Managing, Certifying and Audit Authorities as well as Intermediate Bodies, on the one hand, and the beneficiaries, on the other hand.
This article was first published on the 1/2022 issue of the ECA Journal. The contents of the interviews and the articles are the sole responsibility of the interviewees and authors and do not necessarily reflect the opinion of the European Court of Auditors.