The ECA’s Statement of Assurance audit of the RRF

European Court of Auditors
Published in
11 min readFeb 15


By Nikolaos Kylonis and Judit Oroszki, Financing and Administering the Union Directorate


Over one year ago, in our ECA journal on strategy development, three ECA colleagues responsible and involved in developing an audit methodology for the ECA’s Statement of Assurance (SoA) on the Recovery and Resilience Facility (RRF), provided insights into first reflections on how to design the compliance audit of the RRF. During the time that has passed since the publication of that article, the ECA has issued its first opinion on 2021 RRF payments and is in the process of carrying out its SoA audit of 2022 RRF payments. Based on this experience, Judit Oroszki, Principal Manager, and Nikolaos Kylonis, Head of Task, provide further insights into reflections and challenges in the process of designing a methodology for the ECA’s SoA for the RRF. They also cover some key features of the RRF and how these impact on the ECA’s methodology for its compliance audit work.

RRF is part of NGEU but is distinct in its spending model

The NextGenerationEU (NGEU) is the EU’s temporary fund worth €806,9 billion (current prices) to support to Member States in reducing the socio-economic impact of the COVID 19 pandemic and getting back on track to sustainable growth. The Recovery and Resilience Facility (RRF), established in February 2021 by Regulation (EU) 2021/241, is the main implementing tool of the NGEU. It is composed of €338 billion of non-repayable support (grants) and €385.8 billion of loans. As a result of the adoption of the NGEU package, and in particular the RRF, over the period 2021–2027 EU spending will nearly double (see Figure 1).

Figure 1 — Total EU spending foreseen for 2021–2027

The NGEU package, besides the RRF, also encompasses so-called top-ups to existing Multiannual Financial Framework (MFF) funds. The five top-up of existing MFF funds under NGEU totalling around €83 billion (Rural Development, Just Transition Fund, Invest EU, RescEU and Horizon Europe) as well as the REACT-EU (Recovery Assistance for Cohesion and the Territories of Europe), will be spent in line with the sector specific rules. Accordingly, the ECA will audit these expenditures in the framework of its ‘standard’ SoA audit approach it applies to expenditure under the MFF.

The RRF has a distinct spending model as compared to funds disbursed under the MFF. Key features of this model important for our SoA audit are the following:

  • to receive RRF funding, Member States are required to draw up national recovery and resilience plans (NRRPs) comprising of a coherent package of public investments and reforms which respond to the country-specific recommendations made in the framework of the 2019 and 2020 European Semester. Once the Council has approved its NRRP, the respective Member State may ask the Commission to release pre-financing up to 13 % of the financial contribution of the approved grant, or of the amount of loan;
  • after the pre-financing payment, RRF payments are conditional on the ‘satisfactory’ fulfilment of predefined milestones or targets set out in the annex to Council Implementing Decision (CID) approving the Member State NRRP. The satisfactory fulfilment of these milestones and targets is the principal condition for a payment to be considered regular under the RRF. A further condition is that earlier achievements of targets or milestones must not have been reversed;
  • compliance of investment projects with EU and national rules, such as procurement or state aid rules or provisions defining eligible reimbursable costs are not a condition for the Commission when making the payment to a Member State;

Member States may request disbursements twice in a year, if they provide sufficient justification for the satisfactory fulfilment of the related milestones and targets. However, the amount of instalment laid down in the Council Implementing Decision is not necessarily based on the estimated costs for achieving the milestones and targets included in the payment request, but rather a result of the negotiations with the Member State in question.

In our special report 21/2022 we highlighted that the fact that the instalment amounts were the result of negotiation might later pose challenges for the Commission to decide on the reduction it should apply in case it finds that a milestone or target was not satisfactorily fulfilled; and the Commission manages RRF spending directly, with Member States as beneficiaries. This means that, as opposed to EU funds implemented under shared management, where responsibility is shared between the Commission and Member States, the Commission is directly responsible for ensuring that RRF payments meet the payment conditions laid down in the RRF regulation.

The Commission has set-up a system that provides for ex ante verifications of all Member State payment requests and all milestones and targets included therein. It assesses payment requests on the basis of data and information provided by Member States and provides its preliminary assessment to the Council’s Economic and Financial Committee (EFC) for its opinion (see Figure 2). The Commission takes the final decision on whether to authorise the disbursement of funds, after taking into account the EFC opinion.

Figure 2 — The Commission’s control framework for checking the satisfactory fulfilment of milestones and targets

The ECA’s Statement of Assurance approach for RRF expenditure — key methodological aspects

Through our SoA, and in line with international auditing standards, we provide our independent assessment of whether transactions underlying the accounts are legal and regular in all material respects. A main goal of the ECA’s 2021–2025 Strategy is to continue providing strong assurance, based on our Treaty mandate and in full accordance with international public-sector audit standards. Our SoA on the legality and regularity of MFF expenditure provides reasonable assurance (a high level of assurance) — this means obtaining sufficient appropriate audit evidence to reduce audit risk (i.e. the risk of providing an inappropriate conclusion) to an acceptably low level.

Against this background, we have planned our 2021 and 2022 SoA work on the RRF with the objective to provide reasonable assurance. However, due to the specific model of the RRF, we needed to define how to gather sufficient appropriate audit evidence on the legality and regularity of RRF expenditure. Additionally, we also needed to determine what the concepts of transactions underlying the accounts; criteria to assess the regularity of RRF payments; definition and assessment of the impact of an error; materiality and sufficient appropriate evidence mean in the framework of the RRF.

Timing and gathering of sufficient and appropriate evidence

For our SoA audit of the ‘traditional’ MFF expenditure, in line with our long tested assurance model, our assurance mainly comes from the checking a large enough sample of randomly selected transactions for the different MFF headings and extrapolating the sample results to our audit population. Due to the specific characteristics of the RRF delivery model — Member State specific milestones and targets decoupled from costs — statistical sampling and subsequent extrapolation of the results was not considered as an appropriate approach.

For the RRF, the Commission verifies ex-ante the satisfactory fulfilment of every target and milestone included in a payment request. Due to the extensive work already performed by the Commission, the ECA decided that at least in the first years of RRF implementation our assurance will mainly come from our review of the Commission’s ex-ante verifications for a significant number of RRF payments, combined with on-the-spot checks. In practice, this means covering all payments made in 2021 and 2022 and to select a minimum sample of 30 milestones and targets per payment based on our assessment of risks. This work performed at the level of the Commission will be complemented by on-the-spot checks and systems work at the level of Member States.

For the MFF, in line with our definition of transactions underlying the accounts, we examine expenditure at the point when final recipients of EU funds have undertaken activities or incurred cost — this means that we check pre-financing payments at the moment they are cleared and not when they are paid. This implies that the underlying transaction relevant for the RRF would therefore be a grant payment to the Member State (the beneficiary) or a clearing of a previously made pre-financing’.

Compliance — to what extend going beyond milestones and targets

In line with the RRF regulation, the key condition for the Commission to make payments is the satisfactory fulfilment of milestones and targets. In addition, measures related to previously fulfilled milestones and targets must not have been reversed. As a result, these are the main criteria to assess whether RRF payments were made in compliance with the payment conditions laid down in the RRF Regulation, i.e. they are legal and regular. Member States have to make sure that RRF spending complies with all relevant EU and national rules and declare it in their management declaration accompanying the payment request. However, non-compliance with EU or national rules, with the exception of fraud, corruption, conflict of interest or double funding (so-called serious irregularities) will most likely not have an impact on the amount of RRF funds paid out through the application of financial corrections by the Commission.

An error in our SoA approach for MFF expenditure means that money paid out was not in compliance with the applicable rules and regulations. We focus on those errors, which have a direct financial impact on the payment, i.e. where the Commission’s or other bodies’ decision on the amount of payment would have been different if the correct rules would have been applied. For the RRF this means that demonstrated non-compliance with the main condition for payment — the satisfactory fulfilment of milestones and targets — will result in errors impacting our audit conclusion and opinion.

Although through our audit of RRF payments we may come across obvious cases of non-compliance with EU or national rules (such as for example the ‘do no significant harm’ principle or public procurement rules), we will report on these ‘compliance issues’, but these will not have an impact on the condition for making an RRF payment. On the other hand, if we detect individual cases of fraud, corruption, conflict of interest or double funding, we will assess how these ‘serious irregularities’ impact on the RRF payments.

Clarity of milestones and targets is essential

Key for our assessment of whether a milestone or target is satisfactorily fulfilled is the precision of the definition of the milestone or target provided in the Council Implementing Decision (CID) approving the NRRPs. Milestones and targets have been set so that the Commission (and ultimately the European Parliament and Council) is able to follow-up on progress made in implementing the NRRPs and disburse RRF money based on the progress achieved. As the CID annexes (including the list of milestones and targets) were approved under time pressure, there is a risk that in some cases milestones or targets were defined in a way giving rise to several interpretations.

We draw the attention to this risk in paragraph 82 of our special report 21/2022 where we say that ‘The absence of clear milestones and targets implies the risk that these milestones and targets are difficult to assess and the related risk that the initially aimed at objective was not fulfilled.’ From a compliance audit point of view, this may result in situations where, based on our understanding and interpretation of the requirements laid down in the milestone or targets, we would come to a conclusion that the milestone or target was not satisfactorily fulfilled irrespective of the Commission’s positive preliminary assessment.

A further complex element in our checks is the concept of ‘satisfactory fulfilment’. The RRF regulation requires the Commission to assess the satisfactory fulfilment of milestones or targets, which implies a certain materiality threshold at the level of every milestone/target. On the other hand, the RRF regulation does not further define this concept. As a result, the Commission has discretion for laying down the detailed implementation rules for how it will apply this concept across the board. Although for targets with underlying quantitative indicators, this is more straightforward there can still be some discretion on the number of the achieved indicators. Moreover, for milestones with qualitative aspects to be fulfilled it entails an interpretation of what are the substantial and relevant elements defined in the measure and relevant milestone. Through our checks we will have to provide our own independent view of whether the Commission’s interpretation for ‘substantial and relevant elements’ for the given milestone is well justified.

Establishing a ‘price tag’

The audit objective of a compliance audit is to determine whether the subject matter — in our case RRF payments — is legal and regular in all material aspects. Thus, in order to come to a conclusion on the legality and regularity of RRF payments in a given year, we need to assess whether the overall impact of non-compliances affecting payment conditions we have identified through our checks — i.e. milestones and targets which have not been satisfactorily fulfilled — exceeds the materiality threshold. In line with auditing standards, the concept of materiality can be defined on a quantitative (material by amount) or qualitative (material by nature or context) basis. For the auditor it implies ‘identifying the level of non-compliance that is likely to influence the decisions of the intended user(s)’.

When approving the NRRPs and defining the amount of individual disbursement, the Commission did not define a ‘price tag’ for every individual milestone or target. Nevertheless, for its own assessment, the Commission will have to establish a methodology to define the amount to be suspended in case it identifies that a milestone or target has not been satisfactorily fulfilled. In chapter 1 of our 2021 annual report, we recommended the Commission to develop a methodology to determine the amount to be suspended in accordance with Articles 24.6 and 24.8 of the RRF Regulation. If, based on our assessment, the Commission’s methodology will be adequate, we will consider to use it also for our own assessment.

Independent assessment of satisfactory fulfilment of RRF conditions

In our 2021 annual report we have issued a separate opinion on the regularity of the RRF expenditure as part of our Statement of Assurance on the EU budget. The main reason for separating the RRF expenditure from the ‘normal’ MFF expenditure in our Statement of Assurance was to take account of the different delivery model of the RRF and that it is a temporary instrument.

In summary, our Statement o Assurance approach for the RRF has to follow the payment conditions laid down in the Regulation. Instead of checking compliance with relevant EU and national rules to assess whether projects or beneficiaries are eligible and supported by eligible incurred costs, our main audit work will consist of assessing whether the Commission has gathered sufficient and appropriate evidence to justify the ‘satisfactory’ fulfilment of milestones and targets. The RRF regulation provides a large margin of discretion for the Commission in particular when it comes to defining the concept of ‘satisfactorily fulfilment’. We, as independent external auditors, will have to make our own independent assessment. This is also the expectation of our institutional stakeholders — the European Parliament and the Council — and our overall stakeholder, the EU citizen.

This article was first published on the 2/2022 issue of the ECA Journal. The contents of the interviews and the articles are the sole responsibility of the interviewees and authors and do not necessarily reflect the opinion of the European Court of Auditors.



European Court of Auditors

Articles from the European Court of Auditors, #EU's external auditor & independent guardian of the EU's finances.