Euroopa Komisjoni algagatud RRF-i audit

Mr. Aivo Orav

Ambassador, Permanent Representative

Permanent Representation of Estonia to the

EU

Rue Guimard 11/13, 1040, Brussels

Mr. Mart Võrklaev

Minister of Finance

Ministry of Finance

Suur-Ameerika 1, 10122 Tallinn

Commission européenne/Europese Commissie, 1049 Bruxelles/Brussel, BELGIQUE/BELGIË — Tel. +32 22991111

EUROPEAN COMMISSION

DIRECTORATE-GENERAL

ECONOMIC AND FINANCIAL AFFAIRS

Resources and performance management

The Director

Brussels, ECFIN/R4/GG/EE(2024)

Subject: EPM Audit of fulfilment of milestones and targets and compliance audit

with the Audit Authority

Estonian Resilience and Recovery Plan

Final audit report

Ref.: Audit No EE-Q2-2024-M/T and Compliance

Announcement letter Ares(2024)3575565

Draft audit report Ares(2024)5370980

MS reply Ares(2024)6588762

Your Excellency,

Please find enclosed the final audit report setting out the Commission auditors’ final

findings and related actions and recommendations.

The national authorities have informed the Commission auditors on the implementation

of actions and recommendations set out in the final audit report.

As the Member State authorities have implemented all audit recommendations, no further

action will be taken by the Commission and the audit is therefore closed.

Yours faithfully,

Bernadette FREDERICK

Electronically signed

Enclosure: Final audit report

c.c.: Coordinating Body

Triin Tomingas, Head of Foreign Financing Unit, State Budget

Department, Ministry of Finance of the Republic of Estonia

Siret Soosein, Expert, State Shared Service Centre, RRP coordinator

Katri Targama, Head of the Grants Management Unit, State Shared

Services Centre

Audit Body

Anu Alber, Head of Financial Control Department, Ministry of Finance

of the Republic of Estonia, the RRF audit body

Mart Pechter, Advisor of the Financial Control Department, Ministry

of Finance of the Republic of Estonia, the RRF audit body

Directorate-General for Economic and Financial Affairs

Bernadette Frederick, Acting Head of Unit, ECFIN R.4

Giulia Galli, Principal Auditor EE, ECFIN R.4

Peter Niklas, Associate Auditor, ECFIN R.4

Judith Schrenk, Associate Auditor, ECFIN R.4

Daniel von Dungen, Team Leader, ECFIN R.4

Javier Yaniz Igal, Acting as Director, ECFIN E

Joern Griesse, Head of Unit, ECFIN E.2

Recovery and Resilience Task Force

Maria Teresa Fabregas Fernandez, Director, SG.RECOVER.B

Luca Rossi, Head of Unit, SG.RECOVER.B2

Ave Schank-Lukas, SG.RECOVER.B2 – Tallinn

Joint audit service for Cohesion (DAC)

Franck Sebert, Director, REGIO.EMPL.DAC

European Anti-fraud Office (OLAF)

James Sweeney, Director, OLAF.C – Anti-Fraud Knowledge Centre

Charlotte Arwidi, Head of Unit OLAF.C.1 - Anti-Corruption, Anti-

Fraud Strategy and Analysis

European Climate, Infrastructure and Environment Executive Agency

(CINEA)

Paloma Aba Garrote, Director, CINEA

European Court of Auditors

[email protected]

Electronically signed on 11/11/2024 17:34 (UTC+01) in accordance with Article 11 of Commission Decision (EU) 2021/2121

1 | P a g e

EUROPEAN COMMISSION DIRECTORATE GENERAL

ECONOMIC AND FINANCIAL AFFAIRS Resources and performance management

Audit and Control

FINAL AUDIT REPORT (1)

Audit No. EE-Q2-2024-M/T and Compliance

EPM Audit of fulfilment of milestones and targets and

compliance audit with the Audit Authority

MEMBER STATE: Estonia

RRP COMPONENTS /

MEASURES / MILESTONES /

TARGETS

EE-C[A]-I[1-3-.1-3-]-T[7] - eFTI (electronic Freight

Transport Information) platforms development

(Development of digital waybills services)

EE-C[D]-I[4-7-.4-7-]-M[78] - Publication of a call for

proposals for a pilot energy storage programme (Pilot

Energy Storage Programme)

EE-C[C]-R[3-3-.3-3-]-T[49] - Deployment of IT

developments contributing to the implementation of the

business event services and gateway (Development of

event services and digital gateway for entrepreneurs)

(Compliance part)

NATIONAL AUTHORITIES: • Coordinating Body (Ministry of Finance, State Shared

Service Centre)

• Estonian Audit Authority (Ministry of Finance)

• Estonian Business and Innovation Agency

• Ministry of Economic Affairs and Communications

• Environmental Investment Centre

• Ministry of Climate

DATE OF MISSION: 10/06/2024 - 14/06/2024

PRINCIPAL AUDITOR: GALLI Giulia

ASSOCIATED AUDITORS: NIKLAS Peter

SCHRENK Judith

(1) This report should be treated as confidential until the follow-up procedure has been brought to a final

conclusion. If the whole or part of the report is transmitted to persons concerned by the audit to enable

them to provide comments, please ensure that the information set out in this paragraph accompanies the

transmission.

2 | P a g e

TABLE OF CONTENTS

LIST OF ACRONYMS ..................................................................................................... 3

1. EXECUTIVE SUMMARY ......................................................................................... 4

1.1. Introduction ....................................................................................................... 4

1.2. Audit opinion and findings ................................................................................ 4

1.2.1. Overall audit opinion ........................................................................ 4

1.2.2. Findings .............................................................................................. 5

1.2.3. Good practices ................................................................................... 5

1.3. Subsequent events and conclusions ................................................................... 6

2. THE ENGAGEMENT CONTEXT ............................................................................. 6

2.1. Legal Basis ........................................................................................................ 6

2.2. Objectives of the audit ....................................................................................... 6

2.3. Scope of the audit .............................................................................................. 6

2.4. Methodology ...................................................................................................... 8

3. DETAILED FINDINGS AND RECOMMENDATIONS ........................................ 10

3.1. Findings relative to the Audit Authority’s system: ......................................... 10

ANNEX IA: IMPORTANCE OF THE FINDINGS RELATIVE TO AUDITS ON

M/T AND SYSTEM AUDITS ON M/T ................................................................... 14

ANNEX II: SAMPLE OF FINAL RECIPIENTS / OPERATIONS / PROJECTS

AUDITED ................................................................................................................. 16

ANNEX III: MEMBER STATE RESPONSE TO RECOMMENDATIONS .................. 17

1. Findings relative to the Audit Body’s system: ................................................ 17

3 | P a g e

LIST OF ACRONYMS

CID Council Implementing Decision

DG ECFIN Directorate-General for Economic and Financial Affairs

EC

European Commission

eFTI electronic Freight Transport Information

EPM Enquiry Planning Memorandum

EU European Union

FA (Financing

Agreement)

Recovery and Resilience Facility Financing Agreement between the

Commission and the Member State

ISA International Standard on Auditing

IT

KR

Information Technology

Key Requirement

MS

SSSC

Member State

State Shared Services Centre

RRF Recovery and Resilience Facility

RRF

Regulation

Regulation (EU) 2021/241 of the European Parliament and of the

Council of 12 February 2021 establishing the Recovery and

Resilience Facility

RRP Recovery and Resilience Plan

4 | P a g e

1. EXECUTIVE SUMMARY

1.1. Introduction

In accordance with DG ECFIN’s audit plan for 2023/24, and in the context of assessing

compliance with Regulation (EU) 2021/241 of the European Parliament and of the

Council of 12 February 2021, Commission auditors have conducted an audit on the

satisfactory fulfilment of the milestones and targets declared in the request(s) for

payment n°2 submitted by Estonia to the European Commission, on 18/12/2023.

1.2. Audit opinion and findings

1.2.1. Overall audit opinion

❖ Unqualified for the fulfilment of milestones and targets audit part

Based on the work carried out, in accordance with International Standards on Auditing,

detailed in section 2 of the audit report, the auditors have obtained reasonable assurance

on the satisfactory fulfilment of the milestones and targets included in the scope of audit,

as declared in the request(s) for payment n°2 submitted by Estonia to the European

Commission, on 18/12/2023

The audit work carried out does not put in doubt the assertions made in the management

declaration(s) included in the request(s) for payment.

❖ Unqualified for the compliance audit part

Based on the audit work carried out, nothing has come to our attention that causes us to

believe that the subject matter of the audit is not in compliance, in all material aspects

with Article 22(1) of the RRF Regulation and Article 11 of the Financing Agreement.

In compliance with the “Guidance on the assessment of the Internal Control Systems set

in place by the Member States under the Recovery and Resilience Facility”, the

following table shows the results of the key requirement audited and the overall audit

opinion of the system audited:

Assurance on

KR5

Overall

opinion

High Unqualified

This audit represents the assessment and evaluation of the design of the internal control

system at a specific point in time. Hence, this compliance audit does not provide

assurance for future periods in view of risks such as the weakening of the internal

controls resulting from changes in conditions, or possible deterioration of the degree of

compliance with legal requirements or procedures.

5 | P a g e

1.2.2. Findings

The findings related to the audit identified by the ECFIN R4 auditors are summarised

below:

Fulfilment of milestones and targets audit:

- Findings related to the audit on fulfilment of milestones and targets:

No findings were identified by the ECFIN R4 auditors for T[7] and M[78].

Compliance Audit:

- Findings related to the re-performed audit on milestone and targets

No findings were identified by the ECFIN R4 auditors for target T[49].

- Findings relative to the Audit Authority’s system:

Fin-

ding

n°

Issue

Key

Require-

ments

Relevant

articles

of the

FA/LA

Classifi-

cation

(see

Annex I)

Coordin

-ating

body’s

response

Status

of the

finding

1

Missing elements in

the procedures and

checklists used by

the Estonian Audit

Authority

KR 5

Annex I

of the

FA:

KR 5

Very

Important Agree Closed

2

Low number of audit

staff dedicated to the

RRF

KR 5

Annex I

of the

FA:

KR 5

Very

Important Agree Closed

1.2.3. Good practices

The IT systems (SFOS) used by the Estonian Bodies can be considered “best practice”

and facilitate the Coordinating Body’s (and all the other national bodies) tasks in

monitoring, supervision, and reporting. SFOS is also interconnected with other national

databases such as the Business Register and the reporting platform e-grant.

SFOS and other interconnected databases enable the relevant bodies to store and verify

information related to:

- State Aid (SA);

- Public procurement (PP);

- Do no significant harm (DNSH);

- Protection of Financial Interest of the Union (PFIU) – (Double Funding, Conflict

of Interest);

- Implementation, monitoring and reporting of M/T;

- Audits.

6 | P a g e

1.3. Subsequent events and conclusions

On 18/09/2024 (2) the Estonian authorities submitted their comments on the draft audit

report. In particular, the Estonian authorities accepted all audit findings.

In addition, the Estonian authorities described the actions taken to improve the

functioning of the Audit Authority’s system.

Subsequently, based on the analysis of the Estonian reply to the audit findings all the

findings have been closed by the Commission auditors and in Section 3 of the Final audit

report it is described why the Commission accepted to close them.

2. THE ENGAGEMENT CONTEXT

2.1. Legal Basis

The legal basis for the audit on milestones and targets is foreseen in Article 12 of the

Financing Agreement of the Recovery Resilience Plan between the European

Commission and Estonia, in accordance with Article 22(2)(e) of the RRF Regulation (3).

2.2. Objectives of the audit

The audit was performed in the context of the Enquiry Planning Memorandum "Audit on

the fulfilment of milestones and targets and compliance audit.

The objective of the audit is to obtain reasonable assurance on:

- the satisfactory fulfilment of the milestone M[78] and target T[7] as declared in the

second request for payment submitted by the Republic of Estonia to the European

Commission on 18/12/2023;

- the compliance of audit activities performed by the national Audit Authority with

internationally accepted audit standards, related to target T[49].

2.3. Scope of the audit

The scope of the audit is limited to:

- a verification of the achievement of milestone M[78] and target T[7] declared in the

request for payment n°2 submitted on 18/12/2023 to the European Commission;

(fulfilment of M/T audit);

- public procurement and state aid procedure checks, do no significant harm (DNSH)

checks (where applicable);

(2) European Commission Reference: Ares(2024)6588762

(3) Regulation (EU) 2021/241 of the European Parliament and of the Council of 12 February 2021 establishing the

Recovery and Resilience Facility

7 | P a g e

- a verification of an adequate and independent audit of systems and cases of support to

investments and reforms KR5; (compliance audit);

- a review of the audit body’s methodology and procedures in relation to the above-

mentioned key requirement; (compliance audit);

- a review of the audit body’s working papers from audits carried out on the selected

milestones or targets declared to the Commission in the request for payment n°2

submitted on 18.12.2023; (compliance audit);

- the re-performance of the audit of the selected measure T[49] (compliance audit).

SEQUEN

TIAL

NUMBE

R (AS IN

CID)

NAME OF

MEASURE MILE-

STONE /

TARGET

INDICATORS

(QUANTITATIVE / QUALITATIVE) BODY(IES)

RESPONSIBLE FOR

REPORTING AND

IMPLEMENTATION /

FOR AUDITING

49 Development

of event

services and

digital

gateway for

entrepreneurs

target Number of IT development projects contributing to the

implementation of the business event services and

gateway that have successfully deployed new

developments online.

These development projects shall be either directly

related to the development of the digital gateway for

entrepreneurs or to the development of business-event

services, which additionally include the development

of various related systems for interfacing with the

digital gateway. As a result of each development

project, at least a minimally functional IT solution shall

be completed (i.e., the IT solution shall be operational

at least in the basic parts for the end users

(entrepreneurs) and shall be able to provide feedback

for further development needs during the reform

implementation period or afterwards).

Compliance Audit:

Audit Authority

(Financial Control

Department -

Ministry of Finance

of Estonia)

78 Pilot Energy

Storage

Programme

milesto

ne

An open call for proposals shall be published by the

Environmental Investment Centre to support energy

storage projects.

The call shall be based on project selection criteria and

award conditions that ensure that the selected projects

comply with the ‘Do no significant harm’ Technical

Guidance (2021/C58/01) through the use of an

exclusion list and the requirement of compliance with

the relevant EU and national environmental legislation.

The selection/eligibility criteria shall specify that the

supported activities and/or enterprises contribute to

climate-neutral economy, climate resilience and

climate change adaptation, including circular economy

objectives.

Fulfilment of M/T

Audit:

Ministry of Climate

Environmental

Investment Centre

7 Development

of digital

waybills

services

target Number of projects developing an eFTI platform which

have received a positive grant decision.

Fulfilment of M/T

Audit:

Ministry of Eco-

nomic Affairs and

Communications

Estonian Business

and Innovation

Agency

8 | P a g e

The audit work was carried out at the premises of the Coordinating body and bodies

implementing reforms and investments and at the premises of the Audit Authority.

2.4. Methodology

The audit work was carried out in accordance with the methodology set out in the above-

mentioned Enquiry Planning Memorandum and was based on the standard checklist(s)

foreseen in the same memorandum.

The audit was performed in line with ISSAI 4000 (compliance with audit standard from

INTOSAI) and in line with the principle 13 of COSO 2013.

After finalising the on-the-spot work, the Commission auditors have requested additional

clarifications to the national authorities and received a complete reply.

Bodies Ares number Received

Coordinating Body (Ministry of Finance,

State Shared Service Centre)

Ares(2024)4497461 and

Ares(2024)4405970

13/06/24

17/06/24

Estonian Audit Authority (Ministry of

Finance)

Ares(2024)4405847 17/06/24

Estonian Business and Innovation Agency Ares(2024)4405820 13/06/24

Ministry of Economic Affairs and

Communications

Ares(2024)4405947,

Ares(2024)4466865 and

Ares(2024)4474068

18/06/24

19/06/24

20/06/24

Environmental Investment Centre Ares(2024)4405926 13/06/24

Ministry of Climate Ares(2024)4405970 and

Ares(2024)4502738

17/06/24

21/06/24

Based on the audit work, the auditors identified two types of audit findings which do not

have the same implications for the audited entity:

Type A audit findings correspond to errors found in the audited sample and related to

items specified in the CID. These errors are extrapolated to the entire population in the

draft audit report and may lead to the conclusion that the corresponding target or

milestone has not been satisfactorily achieved.

9 | P a g e

Type B audit findings correspond to errors found in the audited sample, which are not

related to elements specified in the CID. In some cases, these findings are linked to non-

compliance with national or EU rules and require follow-up by the national authority,

which should:

1. check whether the corresponding funding has been unduly paid or not;

2. decide on the recovery of the corresponding amount;

3. confirm whether recovered amounts will be reused for the same objectives and, if

so, the timeline of this use; and

4. report these elements to the Commission as part of the contradictory process of

this audit.

On the basis of these elements, the Commission will be able to subsequently update its

conclusion as to the satisfactory achievement of the objective and compliance with the

agreement of financing. (4)

(4) On the fulfilment of milestone and target audit there were no Type A and Type B findings.

Only for the compliance audit part ECFIN R4 had issued some findings and recommendations to the

Audit Authority.

10 | P a g e

3. DETAILED FINDINGS AND RECOMMENDATIONS

3.1. Findings relative to the Audit Authority’s system:

Finding n° 1 Issue: Missing elements in the procedures and checklists used

by the Estonian Audit Authority

Legal basis and other sources:

Annex I of the Financing Agreement - KR 5

Description of the finding:

During the compliance audit, ECFIN R4 auditors focused their questions on the

following aspects:

-the audit performed by the Estonian Audit Authority on the measure T[49]

-the procedures, checklists and working documents used by the Estonian Audit Authority

to prepare, conduct and report on their audits.

The audit trail and the documentation provided by the Estonian Audit Authority related

to the target T[49] is succinct, but the ECFIN R4 auditors’ analysis concluded that the

European Commission can rely on the audit work carried out by the Estonian Audit

Authority.

The Estonian Audit Authority explained to ECFIN R4 auditors that:

- in case of absence of findings during the audit of a measure, only the final audit report

is drafted without a draft audit report or contradictory procedure.

- the audit work is also supported by other levels of controls, e.g. by the Internal Audit

Departments in the Ministries and Agencies and by the Coordinating Body itself, and by

well-functioning and strong IT systems (SFOS).

ECFIN R4 auditors before and during the mission analysed the summary of audit,

templates of checklists / working papers used by the Estonian Audit Authority and the

audit manual. During the analysis of documents and during the compliance audit, ECFIN

R4 auditors identified some missing elements in the procedures and checklists used by

the Estonian Audit Authority to prepare, conduct and report on their audits, compared to

the standards applied by the European Commission.

Specifically, ECFIN R4 auditors observed that:

In the audit strategy there is no reference to:

- the quality controls carried out;

- the international auditing standards that the Estonian auditors follow;

- the reference to the sampling methodology.

11 | P a g e

In the templates of checklists / working papers the following standard questions are

missing:

- the respect of the requirements in the description of the M/T and measure as defined in

the CID Annex;

- the checks on the publicity requirements as defined in the RRF Regulation;

- the checks on the eligibility compliance period (the implementation of the measure has

not started before 01 February 2020).

In the audit manual there are only references to the Structural Funds, and not to RRF.

1. Additionally, regarding the structure of the audit trail, ECFIN R4 auditors concluded it is

missing the following elements, according to the description of the Estonian Audit

Authority:

- a formal announcement letter template in which the contradictory procedure is covered;

- a formal mission planning memorandum explaining the audit methodology, the scope

and the sampling methodology applied.

Recommendation(s):

The audit authority (Ministry of Finance) is recommended to:

1. Ensure improvements to the audit strategy by:

- adding the reference to the quality controls carried out;

- adding the reference to the international auditing standards that the

auditors follow;

- adding the reference to the sampling methodology.

2. Ensure improvements to the templates of checklists/ working papers by including

standard questions on the below mentioned aspects:

- adding the respect of the requirements as in the description of the M/T and

measure defined in the CID Annex;

- explicitly checking the publicity requirements defined in Article 34 of

RRF Regulation;

- explicitly checking compliance with the eligibility period in accordance

with Article 17(2) of RRF Regulation (the implementation of the measure has not

started before 1 February 2020).

3. Improve the audit manual by:

- adapting the audit manual developed for the Structural Funds, in order to

make it suitable for the RRF specificities (like data collection according to Article

22 RRF Regulation, eligibility period, publicity requirements under NGEU, etc.).

4. Improve the structure of the audit trail by:

- defining a formal announcement letter template in which the contradictory

procedure is covered;

- defining a formal mission planning memorandum explaining:

o the audit methodology;

o the scope, including fulfilment of M/T, PP/ SA and other thematic issues

like PFIU aspects (fraud, corruption, conflict of interest, double funding);

o the sampling methodology applied.

Deadline for implementation:

3 Months

Importance (See Annex 1A):

Very Important

12 | P a g e

Body responsible:

Audit Authority (Ministry of Finance)

Finding n° 2 Issue: Low number of audit staff dedicated to the RRF

Legal basis and other sources:

Annex I of the Financing Agreement - KR 5

Description of the finding:

During the compliance audit, ECFIN R4 auditors learned that while the Estonian Audit

Authority deals with all European funds, the Audit Authority has only one specialised

auditor for the Recovery and Resilience Facility (RRF).

The staff of all teams is supporting each other’s audit work. The specialised auditor for

the RRF benefits from the experience of fellow auditors working on other European

funds.

Coordinating body’s response to recommendation (agree / partially agree / reject):

Agree

Coordinating body’s comments:

See Annex III

Auditors’ further comments (if applicable):

Finding Closed

Auditors took into account the reply from the MS and the documents provided as

evidence and consider them sufficient.

1) Regarding the first recommendation the evidence was received on 25/09/24: "2 2024

Audit Strategy RRF".

2) Regarding the second recommendation the evidences were received on 25/09/24: "2

2024 Audit Strategy RRF", "4 2024 A2 General KL-TP RRF_EN".

3) Regarding the third recommendation the evidence was received on 14/10/24:

"PA_Handbook_ver10_2024_new".

4) Regarding the second recommendation the evidences were received on 25/09/24: "2

2024 Audit Strategy RRF", "4 2024 A2 General KL-TP RRF_EN", "7 2024 A5 Audit

plan and declaration_EN", "9 2024 A7 Letter informing about the audit_EN".

13 | P a g e

Additionally, the Estonian Audit Authority relies on audit activities performed by the

Internal Audit Departments in the Ministries and Agencies. Overall and in particular for

the RRF the number of auditors is limited.

The low number of auditors puts a strain on the effort of the Estonian Audit Authority to

be effective and is a risk for business continuity.

Hiring an additional auditor dedicated to the RRF would contribute to guarantee business

continuity at the Estonian Audit Authority and would be a contribution to ensure that

sufficient resources for the purpose of the RRF are allocated.

Recommendation(s):

The audit authority (Ministry of Finance) is recommended to:

1) Analyse the administrative capacity and report to the Commission auditors on how

sufficient RRF audit coverage is ensured; consider adding an additional auditor

dedicated to RRF.

Deadline for implementation:

3 Months

Importance (See Annex 1A):

Very Important

Body responsible:

Audit Authority (Ministry of Finance)

Coordinating body’s response to recommendation (agree / partially agree / reject):

Agree

Coordinating body’s comments:

See Annex III

Auditors’ further comments (if applicable):

Finding Closed

Auditors took into account the reply from the MS and the document provided as evidence

and consider them sufficient.

The evidence was received on14/10/24: "MEMO RRF work account 2024".

In the future ECFIN R4 will review if indeed the administrative capacity was increased,

and the audit coverage is adequate (e.g. in the payment request assessment checklist

based on the Summary of Audit and follow-up questions).

14 | P a g e

ANNEX IA: IMPORTANCE OF THE FINDINGS RELATIVE TO AUDITS ON M/T AND SYSTEM

AUDITS ON M/T

Critical: Fundamental issue that is likely to affect the quality, integrity and ability of the

underlying data management systems and/or pose severe risks to the reliability of

reported data on achieved milestones and targets of the RRP.

Very Important: Significant issue that is likely hamper the quality, integrity and ability

of the underlying data management systems and/or pose significant risks to the reliability

of reported data on achieved milestones and targets of the RRP.

Important: Moderate issue that may hamper the quality, integrity and ability of the

underlying data management systems and/or pose risks to the reliability of reported data

on achieved milestones and targets of the RRP.

Desirable: Minor issue, the correction of which would support the quality, integrity and

ability of the underlying data management systems and/or enhance the reliability of

reported data on achieved milestones and targets of the RRP.

15 | P a g e

ANNEX IB: IMPORTANCE OF THE FINDINGS RELATIVE TO PFIU FOR THE SELECTED

MILESTONES AND TARGETS

Critical: Corrective action is needed to address a fundamental weakness in key controls,

which puts in question the reliability of the whole or part of the internal control system of

the auditee to protect the financial interests of the Union and has led or may lead to

widespread irregularities. There is a substantial risk that the financial interests of the

Union are not protected with respect to the RRF measures implemented by the

corresponding auditee(s). If not addressed and depending on the impact on the overall

implementation of the funds, such weaknesses may constitute a serious breach of the

financing agreement leading to financial corrections in accordance with articles 3 and 19

of the financing agreement.

Very Important: Corrective action is needed to address a significant weakness in key

controls, affecting the reliability of a significant part of the internal control system of the

auditee to protect the financial interests of the Union, which has led or may lead to

irregularities. There is a high risk that the financial interests of the Union are not

protected with respect to the RRF measures implemented by the corresponding

auditee(s). If not addressed and depending on the impact on the overall implementation

of the funds, such weaknesses may constitute a serious breach of the financing agreement

leading to financial corrections in accordance with articles 3 and 19 of the financing

agreement.

Important: Corrective action is needed to address a weakness or deficiency in the

internal control systems, which may lead to irregularities. Improved controls would

benefit the implementation of the RRP and/or allow for greater effectiveness and/or

efficiency of the measures to protect the financial interests of the Union with respect to

the measures implemented by the corresponding auditee(s).

Desirable: Minor issue, the correction of which would support the effectiveness,

efficiency and reliability of the measures to protect the financial interests of the Union.

16 | P a g e

ANNEX II: SAMPLE OF FINAL RECIPIENTS / OPERATIONS / PROJECTS AUDITED

List of the selected Final recipients / Operations / Projects audited for fulfilment of T[7]

EE-C[A]-I[1-3-.1-3-]-T[7]

COMPANY NAME VAT NUMBER ADDRESS

ATV Transport Aktsia

Company

EE100171787 Harju maakond, Tallinn, Kesklinna linnaosa,

Uus-Sadama tn 21

Waybiller OÜ

EE101946348 Harju maakond, Tallinn, Mustamäe

linnaosa, Mäealuse tn 2/1

Live Technologies OÜ

EE101635620 Harju maakond, Tallinn, Lasnamäe linnaosa,

Valukoja tn 32/3

Planlogi OÜ

EE102042047 Viljandi maakond, Viljandi linn, C. R.

Jakobsoni tn 11

Eveod OÜ

EE102346031 Lääne maakond, Haapsalu linn, Haapsalu

linn, Metsa tn 23

GoSwift OÜ

EE100619906 Harju maakond, Tallinn, Mustamäe

linnaosa, Mäealuse tn 2/1

17 | P a g e

ANNEX III: MEMBER STATE RESPONSE TO RECOMMENDATIONS

1. Findings relative to the Audit Body’s system:

Finding n° 1 Issue: Missing elements in the procedures and checklists used by the

Estonian Audit Authority

Coordinating body’s response to recommendation (agree / partially agree / reject):

Agree

Coordinating body’s comments:

Recommendation 1)

- Missing elements in the audit documents and procedures: quality control.

Your recommendation was to add information to the Audit Strategy to reference the

quality

controls carried out. The Audit Authority has added to the Audit Strategy under the section

“Methodology” a clarification, that in accordance with the general methodology of the

Department, a working paper for quality control will be filled out for each audit by the

Audit Supervisor of that audit.

- Missing elements in the audit documents and procedures: international auditing

standards.

Your recommendation was to add information to the Audit Strategy to reference the

international auditing standards that the auditors follow. The Audit Authority has added to

the Audit Strategy under the section “Introduction” a clarification that the Financial

Control Department carries out audit work in accordance with the global internal audit

standards of the Institute of Internal Auditors and has been externally evaluated as such.

Missing elements in the audit documents and procedures: sampling methodology.

Your recommendation was to add information to the Audit Strategy to reference the

sampling methodology. The Audit Authority has added to the Audit Strategy under the

section “Risk assessment” a clarification that the Audit Authority will consult the

“Guidance on sampling methods for audit authorities” issued by the European

Commission to ascertain which method is the most appropriate to the task.

Recommendation 2)

- Ensure improvements to the templates of checklists/ working papers: adding the respect

of the requirements.

Your recommendation was to improve the templates of checklists/ working papers by

adding the respect of the requirements as in the description of the M/T and measure

defined

in the CID Annex. The Audit Authority has added to the “General checklist / working

paper

for checking the fulfilment of milestones and targets” (Annex 2 of the Audit Strategy) the

respective control question.

- Ensure improvements to the templates of checklists/ working papers: adding the explicit

check for publicity requirements.

Your recommendation was to improve the templates of checklists/ working papers by

explicitly checking the publicity requirements defined in Article 34 of RRF Regulation.

18 | P a g e

The Audit Authority has added to the “General checklist / working paper for checking the

fulfilment of milestones and targets” (Annex 2 of the Audit Strategy) the respective

control

question.

- Ensure improvements to the templates of checklists/ working papers: adding the explicit

check for the eligibility period.

Your recommendation was to improve the templates of checklists/ working papers by

explicitly checking compliance with the eligibility period in accordance with Article 17(2)

of RRF Regulation. The Audit Authority has added to the “General checklist / working

paper for checking the fulfilment of milestones and targets” (Annex 2 of the Audit

Strategy) the respective control question.

Recommendation 3)

- Improve the audit manual: suitability for the RRF specificities.

Your recommendation was to improve the audit manual developed for the Structural

Funds, to make it suitable for the RRF specificities. The Audit Authority has added to the

Audit Strategy under the section “Introduction” a clarification, that the Financial Control

Department uses in its work the general audit methodology developed by itself in

accordance with the same standards. Whenever this methodology is used for Recovery and

Resilience Facility, amendments will be made to the respective working documents to

clarify their accordance with its specifics (such as data collection, eligibility period,

publicity requirements, etc.).

Recommendation 4)

- Improve the structure of the audit trail: formal announcement letter.

Your recommendation was to improve the structure of the audit trail by defining a formal

announcement letter template in which the contradictory procedure is covered. The Audit

Authority has added to the Audit Strategy an Annex 7 “Audit Announcement Letter”,

which includes points such as the scope of the audit, the sampling methodology and details

about the contradictory procedures.

- Improve the structure of the audit trail: formal mission planning memorandum.

Your recommendation was to improve the structure of the audit trail by defining a formal

mission planning memorandum explaining the audit methodology, the audit scope, and the

sampling methodology applied. The Audit Authority has added to the “Audit Plan and

Declaration of Objectivity” an Annex 8 “Audit Announcement Letter” (Annex 5 of the

Audit Strategy”, the respective points.

If necessary, updated documents will be sent to you directly by the Auditing Authority.

19 | P a g e

Finding n° 2 Issue: Low number of audit staff dedicated to the RRF

Coordinating body’s response to recommendation (agree / partially agree / reject):

Agree

Coordinating body’s comments:

Recommendation 1)

Your recommendation was to analyse the administrative capacity and report to the

Commission auditors on how sufficient RRF audit coverage is ensured; consider adding an

additional auditor dedicated to RRF.

The Audit Authority has analysed the administrative capacity required for delivering the

necessary results for RRF and proposes diverting a larger number of auditors within the

Department to the task of carrying out RRF audits when that task arrives again. Audit

Authority would also like to add an additional auditor full-time equivalent to the

Department when the resources allow for it, so as not to leave other tasks of the

Department undermanned as a result.

Electronically signed on 11/11/2024 17:34 (UTC+01) in accordance with Article 11 of Commission Decision (EU) 2021/2121