Ethics and integrity policies

• ensuring the culture for the organisation required by top management is understood throughout the organisation

Irregularity management and reporting

• ensuring possible irregularities noted lower down the organisation are reported appropriately and followed-up, including protection for ’whistle-blowers’

Staff planning, recruitment, training and appraisal (including sensitive post management)

• ensuring adequate numbers and quality of staff are in place at all levels

Sensitive functions and conflicts of interest

• ensuring that staff in ’sensitive posts’ are identified (i.e. those where the staff may become vulnerable to undue influence by the nature of their contacts with third parties or the information they have);

• ensuring that appropriate controls (including, where appropriate, rotation policies) are applied to sensitive posts;

• ensuring that procedures exist to identify and avoid conflicts of interests.

Establishment of legal bases for bodies and individuals

• ensuring bodies and individuals have full legal authority to fulfil their functions.

Formal establishment of accountability, responsibility, delegated responsibility, and any necessary related authority for all tasks and positions throughout the organisation:

• ensuring that no member of staff is in doubt as to the extent of their responsibilities. For commitments or payments engaged to third parties, a single manager should be accountable for all aspects of the transaction;

• mission statements, job descriptions etc are up to date and known.

Risk identification, assessment and management

• ensuring that risks are identified and management, in particular that adequate control resources are applied in all areas, in function of the significance of different risks they mitigate.

Objective setting and allocation of resources against objectives

• ensuring that appropriate (and measurable) objectives at output and impact level are established at all levels and understood throughout the organisation;

• ensuring that resources are appropriately allocated against those objectives respecting transparent sound financial management principles;

• ensuring that responsibility for those objectives is clear.

Planning of the implementation process

• ensuring clear planning of steps needed to deliver objectives — including timing and responsibility for each step, and critical path analyses where necessary.

Verification procedures

• ensuring double-check of all steps in a transaction (ex-ante and, where appropriate, ex-post).

Procedures for supervision by accountable management of tasks delegated to subordinates (including annual statements of assurance from subordinate actors)

• ensuring that responsibility is supported by active supervision — and not merely considered a passive or theoretical concept.

Rules for each type of procurement and grant calls

• ensuring appropriate legal framework for all such commitment processes.

Procedures (including checklists) for each step of procurement and grant calls (e.g. technical specifications, evaluation committees, reporting of exceptions etc)

• ensuring each member of staff is clear as to their task responsibilities in these areas.

Publicity rules and procedures

• ensuring that these Commission requirements are fulfilled.

Payment procedures (including procedures for confirmation of output delivery, and/or eligibility conditions, ‘on-the-spot’ where necessary).

• ensuring that payments are made only for justified payment applications which fulfil all contractual requirements.

Procedures for monitoring delivery of co-financing

• ensuring that these Commission requirements are fulfilled.

Budgetary procedures to ensure availability of funds (including funds necessary to maintain implementation if Commission funding is delayed or refused)

• ensuring that the National Authority can fulfil its local contractual commitments regardless of delays or interruptions in funding from Commission.

Procedures for continuity of operations

• ensuring that significant risks to continuity (e.g. concerning loss of data, absence of individuals etc) are identified and contingency plans put in place where possible.

Accounting procedures

• ensuring full and transparent accounting following accepted accounting principles.

Reconciliation procedures

• ensuring that wherever possible accounting balances are reconciled against third-party information.

Reporting of exceptions, inter alia, exceptions to normal procedures approved at appropriate level, unapproved exceptions and control failures whenever identified

• ensuring variations to normal practices are always recorded and logged and reviewed at appropriate levels.

Security procedures (IT and otherwise)

• ensuring that assets and data are kept secure from interference or physical damage.

Archiving procedures

• ensuring that documents will be available — at least for Commission review throughout the required periods for which they much be kept.

Segregation of duties

• ensuring that where different tasks in the life of the same transaction are allocated to different staff to ensure some automatic cross-checking controls.

Reporting of internal control weaknesses

• ensuring that the registration of any internal control weakness identified from any source and that management responses are recorded and followed-up.

Internal audit including handling of audit reports and recommendations (NB: distinct from control activities and management supervision)

• ensuring that top managers are provided with some independent reviews of the functioning of their systems at subordinate levels. May involve some ex-post transaction checking but should be more focussed on effectiveness and efficiency of system and organisation design.

Evaluation

• ensuring that top managers are provided with information concerning the assessment of impacts of interventions (in addition to the other information they receive about legality, regularity and operational procedures).