法律人 LawPlayer logo

資料由法律人 LawPlayer整理提供·EU law / curated by LawPlayer from EUR-Lex

Decision

Commission Decision (EU) 2025/2570 of 18 December 2025 establishing the mission charter for the Internal Audit Service of the Commission

CELEX
Decision (EU) 2025/2570
Date of document
Articles
14
Source
EUR-Lex
Article 1Subject matter and scope

1.   This Decision shall apply to the IAS work within the Commission, executive agencies and European offices.

2.   The Internal Audit Service (‘IAS’) shall provide the Commission with independent, risk-based, and objective assurance, advice, insight, and foresight.

3.   The IAS shall:

(a)

perform an independent assessment of the effectiveness of governance, risk management, and control processes for operations, activities and financial transactions (‘assurance services’);

(b)

provide advice, insight and foresight (‘non-assurance services’).

Article 2Assurance services

1.   The purpose of the assurance services performed by the IAS shall be to confirm or verify that:

(a)

risks are appropriately and continuously identified, assessed and managed;

(b)

significant financial, managerial and operating information is accurate, reliable and timely;

(c)

the Commission’s policies, procedures and applicable laws and regulations are complied with;

(d)

the Commission’s objectives are achieved effectively and efficiently;

(e)

the development and maintenance of high-quality control processes are promoted throughout the Commission.

2.   The assurance services delivered shall allow the IAS to:

(a)

provide an independent conclusion/opinion in each audit report;

(b)

make recommendations for improving the efficient and effective management, performance and accountability within the Commission and its departments, executive agencies and European offices.

Article 3Non-assurance services

1.   Without prejudice to Article 9(2), the IAS may provide advice, insight or foresight in the areas where it has expertise.

2.   The advice may take the form of an advisory engagement, or another form, as appropriate.

3.   The advice, insight or foresight may be provided at the request of the relevant Directors-General, Heads of Service and Directors of executive agencies (‘senior management’) or on the IAS’s own initiative.

4.   The nature and scope of a senior management-requested service shall be agreed with senior management.

5.   When the IAS provides a service on its own initiative, the nature and scope of the service shall be discussed with the relevant senior management.

Article 4Organisation and accountability

1.   The IAS shall work under the direction of the Internal Auditor who shall be accountable to the Commission.

2.   The IAS shall report to the Audit Progress Committee reflecting the Audit Progress Committee’s role, purpose and responsibilities as outlined in Communication to the Commission C(2020)1165  ( 9 ) and Article 123 of Regulation (EU, Euratom) 2024/2509.

Article 5Independence and objectivity

1.   No authority may interfere in the conduct of IAS work or ask the IAS to make any alterations to the content of audit reports.

2.   The Internal Auditor and staff of the IAS shall:

(a)

preserve independence and objectivity in relation to the activities and operations they review;

(b)

ensure objectivity in their judgement;

(c)

avoid conflict of interest and in case they arise act in line with Article 11a of the Regulation No 31 (EEC), 11 (EAEC)  ( 10 ) .

3.   Where the objectivity of the Internal Auditor and staff of the IAS is impaired in fact or appearance, the Internal Auditor shall disclose the details of the impairment to the Audit Progress Committee.

4.   Where the Internal Auditor considers it necessary, he or she may contact directly the President of the Commission.

Article 6Interinstitutional arrangements and confidentiality

The IAS shall retain the confidentiality of information it handles, in line with the provisions of the Commission Decision (EU, Euratom) 2015/443  ( 11 ) and of the Global Internal Audit Standards.

Article 7Tasks

The Internal Auditor shall be responsible for organising and managing the work of the IAS in accordance with this Decision and Regulation (EU, Euratom) 2024/2509. In particular, the Internal Auditor shall:

(a)

develop and implement an internal audit strategy that supports the strategic objectives of the Commission, as set out in Article 10;

(b)

develop and establish the IAS audit methodology and procedures;

(c)

ensure communication with Directors-General, Heads of Service and Directors of executive agencies, the audited services, and relevant stakeholders;

(d)

ensure that the IAS resources are appropriate and effectively deployed to meet the requirements of the annual work programme;

(e)

ensure that confidentiality is respected with regard to the information gathered by the IAS in the course of its work.

Article 8Oversight and horizontal reporting

1.   The Internal Auditor shall:

(a)

report to the Audit Progress Committee significant issues related to the audited activities of the Commission, executive agencies and European offices, including potential improvements to those activities;

(b)

report to the Audit Progress Committee significant risk exposures and control issues, corporate governance issues and other matters needed or requested by the Commission;

(c)

formally communicate in writing to the Director-General, Head of Service or Director of executive agency and the Audit Progress Committee where the Internal Auditor believes that the Director-General, Head of Service or Director of executive agency has accepted an unreasonably high level of risk.

2.   The Internal Auditor shall report, at least annually, to the Audit Progress Committee:

(a)

on the IAS mission, authority and responsibility;

(b)

on the organisational independence of the IAS, including, if appropriate, incidents where independence may have been impaired and the actions and safeguards employed to address the impairment;

(c)

on the update of the internal audit strategy;

(d)

its annual audit plan and its performance in relation to this audit plan;

(e)

the impact of any resource limitations on the audit plan and its execution including the IAS ability to cover high risks and express an overall conclusion on the state of financial management in the Commission;

(f)

any failing or inability to meet and comply with the requirements of this Decision;

(g)

if objectivity was impaired in fact or in appearance, and the details of the impairment;

(h)

on the results of the internal or external quality assessment, as appropriate.

3.   The Internal Auditor shall:

(a)

submit an annual internal audit report to the Commission, indicating the number and type of internal audits carried out, the principal recommendations made and the actions taken on those recommendations, in accordance with Article 118(4) of Regulation (EU, Euratom) 2024/2509;

(b)

provide annually, on the basis of the work of the IAS, an overall conclusion on the state of financial management in the Commission.

4.   The Internal Auditor shall, in accordance with Article 22a of the Staff Regulations, inform without delay as appropriate either the Director-General or Head of Service or Director of executive agency concerned, or the Secretary-General, or persons in equivalent positions, or the European Anti-fraud Office (OLAF) directly in accordance with Commission Decision 1999/396/EC, ECSC, Euratom  ( 12 ) and Commission Decision C(2002)845  ( 13 ) or the Audit Progress Committee, of any suspected fraudulent activities.

Article 9Powers

1.   The Internal Auditor and staff of the IAS acting on his or her behalf shall be authorised to:

(a)

have unrestricted and facilitated access to all functions, information systems, data, records, property and personnel within the Commission, as considered necessary for the fulfilment of their duties;

(b)

obtain the necessary assistance of Commission’s staff in all Directorates-General, Services and executive agencies;

(c)

allocate resources, select subjects, determine the scope of work and apply the techniques required to accomplish audit objectives;

(d)

be informed at an early stage about the development of new systems and changes to existing systems that may substantially affect the Commission’s internal control system.

2.   The Internal Auditor and the staff of the IAS may not:

(a)

perform any operational duties for the Commission or take management responsibility for any function other than the internal audit function;

(b)

initiate or approve financial transactions, except within the allocation for the functioning of the IAS;

(c)

direct the activities of Commission staff not employed by the IAS, except to the extent such staff members have been appropriately assigned to auditing teams or to otherwise assist the IAS.

Article 10Internal audit strategy

1.   The internal audit strategy shall outline the vision and strategic objectives for exercising the internal audit function.

2.   The Internal Auditor shall develop and implement initiatives supporting the internal audit strategy that cover all IAS audit activities, and continuously monitor their effectiveness.

3.   The supporting initiatives shall include:

(a)

a quality assurance and improvement programme;

(b)

a human resources strategy;

(c)

a digital auditing and transformation strategy.

4.   The Internal Auditor shall develop a mutual expectations paper as a guidance document that describes the relationship between auditor and auditee to clarify responsibilities and align mutual expectations so that audits are efficient and effective.

Article 11Work programme

1.   The Internal Auditor shall adopt annually the work programme, containing the audit plan and resource management plan.

2.   The Internal Auditor shall:

(a)

carry out a risk assessment at least on an annual basis, that will consider any risks identified by management and, where relevant, the independent assessment by the Chief Risk Officer of the financial risks arising from Union’s financial operations;

(b)

develop an audit plan, aligned with the priorities of the internal audit strategy, indicating the engagements planned for the next two years and consulting with the Directorates-Generals and Services for the purpose of providing optimal audit coverage and including as appropriate any special tasks or projects requested by the Audit Progress Committee, Directors-General, Heads of Service and Directors of executive agencies;

(c)

submit the audit plan to the Audit Progress Committee for consideration;

(d)

adopt the audit plan and submit it to the Commission;

(e)

update the audit plan as needed to take into account new and/or emerging risks that could impact the organisation, or any requests by the Commission to carry out audits after informing the Audit Progress Committee;

(f)

ensure audit coordination with the European Court of Auditors as appropriate.

3.   The Internal Auditor shall:

(a)

ensure that the work programme is properly implemented;

(b)

ensure that audits are performed in line with the mutual expectations paper;

(c)

ensure findings are promptly validated and recommendations are discussed with the auditee, with the auditee’s position reflected in the final report, particularly in the case of disagreement;

(d)

ensure a continuous dialogue with the auditee is in place, to ensure the relevance of the findings and the quality and feasibility of the recommendations for action to be taken;

(e)

effectively and in a timely manner communicate the results of assurance and non-assurance engagements to Directors-General, Heads of Service, Directors of executive agencies and the Audit Progress Committee;

(f)

establish a follow-up process monitoring that recommendations have been implemented and inform the Audit Progress Committee accordingly, with special attention for the overdue recommendations and the related risks.

Article 12International internal audit standards

1.   The Internal Auditor shall ensure conformance with the Global Internal Audit Standards and, for its assurance services, with Topical Requirements issued by the Institute of Internal Auditors, subject to paragraph 3.

2.   The Internal Auditor shall ensure that an independent external quality assessment is performed at least every 5 years.

3.   Requirements originating from Union law shall take precedence over the Global Internal Audit Standards and Topical Requirements.

Article 13Access to documents

No access to documents being part of internal audit engagements shall be granted, unless the applicant demonstrates an overriding public interest in providing access prevailing over the interests protected by Article 4(2) of Regulation (EC) No 1049/2001 of the European Parliament and of the Council  ( 14 ) .

Article 14

This Decision shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union .

14 articles

Cite this act

Commission Decision (EU) 2025/2570 of 18 December 2025 establishing the mission charter for the Internal Audit Service of the Commission (EUR-Lex). Retrieved via LawPlayer, https://lawplayer.com/eu/act/32025D2570

© European Union, https://eur-lex.europa.eu, 1998-2026. Reuse authorised under Commission Decision 2011/833/EU, provided the source is acknowledged.

EU-EurLex-Reuse-2011-833

本頁資料來源:EUR-Lex·整理提供:法律人 LawPlayer· lawplayer.com