Financial audit and compliance reviews

Deloitte undertakes audits on behalf of the Commission to assess the compliance of the operational and financial management of EU co-funded projects and programmes. This includes:

• Audit of expenditure/ cost statements submitted by the beneficiaries of the EU grants/ subsidies
  
• Operational reviews to assess the compliance with contractual provisions (e.g. procurement regulations)
  
• Process and organisation audits to assess effectiveness of management and control systems put in place by the beneficiaries (including Member States) in the context of direct or shared management of EU programmes

Effective and efficient statistical sampling

EU guidelines on sampling are demanding and complex, not always easy to interpret but strictly maintained. Extensive knowledge of statistical theory is often required to effectively and efficiently translate these guidelines into practical sample design and understandable sample evaluation. Deloitte has been recognised by the EU as a knowledgeable party in this area.
Our approach is based on a thorough knowledge of International Standards of Auditing (ISA) and standard setting publications such as the AICPA Audit Sampling Guide.

Organisation-wide and operational risk assessments

We perform interactive risk assessment exercises to identify risks that can affect the organisation and its operations, using risk maps and assessment frameworks tailored to the specific environment.

We then assist the DG/Agency to develop an adequate risk management response including risk management plan and activities.

Internal control advisory

We assist the Commission and agencies in implementing general monitoring and internal control frameworks by developing tools and methodologies tailored to their operations and programme activities. This includes assessment tools, control checklists, and control activity planning support.

Business Continuity Planning

In today’s environment where risks and expectations are high, the business must keep running even if there are interruptions caused by unforeseen events. Traditional risk management systems may not be sufficient when faced with events such as natural disasters, political and economic instability.

However, through Business Continuity Planning, we can help the European Institutions achieve a reasonable level of end-to-end availability of essential business practices at disruptive times.

Risk management and internal control procedure development

We develop operating procedures providing DGs/ Agencies with a broad range of services:

• From assistance in setting up a structured methodology on procedure development to effective documentation of operating and financial processes and procedures
• In compliance with applicable national regulations (for Agencies) and with the rules laid down by the Commission including the 16 Internal Control Standards

Assistance in validation of systems and processes

We provide assistance to the European Institutions for validation of their own ICT systems and processes in line with internal policies and procedures, with Commission’s requirements and with good practices.

The assistance includes ICT systems and/or process analysis and gap identification, corrective action implementation and audit.

Data analytics as support for better compliance and controls

By using advanced data analytics, we give more insight into this complex organisation of the DGs and European Agencies.

Our data analytics solutions include profiling, predictive modelling, and continuous monitoring in order to support increased performance and help European Institutions minimise non-compliance to preserve and improve overall value.

Cybersecurity services, in support to the Cybersecurity Strategy of the European Union

We currently assist the European Institutions and the Member States in their role in developing and implementing the Cybersecurity Strategy of the European Union, which was published on 7 February 2013.

Our assistance covers all five EU strategic cyber priorities: achieving cyber resilience, reducing cybercrime, developing the EU cyberdefence policy, developing the industrial and technological resources for cybersecurity and establishing a coherent international cyberspace policy.

Supporting the development and adoption of security frameworks and standards

We work with the industry, the Commission, ENISA and the Member States in stimulating the development and adoption of security frameworks, standards and technical norms. Specifically, we perform extensive research, surveys and workshops with key stakeholders, in particular the ICT product manufacturers and service providers, including cloud providers.

Our work produces technical guidelines and recommendations for the adoption of cybersecurity frameworks, standards and good practices in the public and private sectors.

Cybersecurity capacity and policy building

We assist the European Institutions in cybersecurity capacity building, including:

• Assisting with training
  
• Supporting the creation of relevant policies, strategies and capabilities

A step-change in the European Institutions' structure, governance and approach to cybersecurity

We work with the European Institutions to assess the maturity of their cybersecurity controls and benchmark those controls against good practices. 

As such, we help to define the strategy and roadmap for improving the cybersecurity controls at organisational level.

The enclosed brochure "Deloitte services for European Union Institutions & Agencies - Ability. Quality. Delivery." provides further details on the services described above as well as more of our services for European Institutions.