Fraud risk evaluation group (GVRF-group) and self -assessment tool

The Italian National Operational Program “Governance and Institutional Capacity” (PON GOV) is managed by the Italian Agency for Territorial Cohesion alongside two intermediate bodies (IB): The Department of Public Service within the Presidency of the Council of Ministers and the Ministry of Justice. The Audit Authority (AA) is the Ministry of Economy and Finance while the Certifying Authority (CA) role is carried out by a specific department within the Italian Agency for Territorial Cohesion. The PON GOV program allotted a budget of EUR 805 million during the period between 2014 and 2020 and supports capacity‑building and innovation of all Public Administrations.  80% of the resources have been earmarked for the less developed Regions (Basilicata, Calabria, Campania, Puglia and Sicily).

In 2017, the Italian Agency for Territorial Cohesion set up a fraud risk evaluation group (Gruppo di Valutazione del Rischio Frode – GVRF-group) in the PON GOV program with the aim to minimise the risk of fraudulent behaviour, to continuously assess potential fraud risks and to adopt adequate preventive and corrective measures.

The GVRF group based its work on the fraud risk self-assessment tool from the EC guidance note of EGESIF n.14-0021-00 published on 16/06/2014 . The EC self-assessment tool covers the likelihood and impact of specific and commonly recognised fraud risks particularly relevant to key processes such as:

• selection of applicants;
• implementation of projects by beneficiaries, focusing on public procurement and labour costs;
• certification of costs by the Managing Authority (MA) and payments;
• selection of projects of technical assistance directly by the MA or the IB.  

The EC general methodology for the fraud risk assessment follows 5 main steps:

1. Quantification of Gross risk
   The Gross risk refers to the level of risk well before considering the effect of any existing or planned controls. The quantification of risk is assessed by its likelihood and impact; how likely is the event to happen and what consequences will the event have, financially and non-financially? In order to standardise the assessment, a time horizon of seven years (the length of the programming period) should be set when determining the likely sequence of events that would lead to risk.
2. Assessment of the mitigating controls put in place
3. Assessment of the Net risk
   The Net risk refers to the level of risk after considering the impact of any existing controls and their effectiveness, i.e. the situation as it is at the current time.
4. Action plans for putting in place effective and proportionate anti-fraud measures
5. Definition of the Target risk

The Target risk refers to the level of risk after considering the effect of any current and planned controls. It is the risk level that the MA considers tolerable.

Considering the EC guidelines, the specific objectives of the GVRF-group of the PON GOV program were to:

• adopt the Fraud Risk self-assessment tool aimed at reducing the risk of fraud for each MA and IB;
• collect the information needed to carry out the evaluation, and request any additional information from all stakeholders. During this phase the group also closely examines the content of the three-year anti-corruption plan established by the Italian National Anti-corruption Authority (ANAC), consults fraud information databases (such as SIAF/PIAF, ARACHNE) and carries out interviews with key officers involved in projects that monitor activities currently in place;
• carry out the first assessment of potential fraud risks in relation to the designation of Authorities within a maximum of six months, and before the MA or IBs of the Program proceed to select beneficiaries;
• identify any new (established or potential) risks by analysing a wealth of case studies of suspected or verified instances of fraud;
• approve evaluations and any capacity building actions if needed as corrective mitigating measures;
• monitor the Action Plans to improve first level controls;
• periodically review the fraud risk evaluation, depending on risk levels and instances of fraud.

The MA as well as the CA and IB participate in the GVRF group. The group is composed of:

• six representatives of the Agency of Territorial Cohesion (the Director of the office responsible for managing administrative capacity-building and technical assistance programs, the Director of the unit for coordination and execution of first-level checks, the Agency's Corruption Prevention and Transparency Officer, the Director of the office for coordination of certification and expenditure monitoring, the Director of organisation, budget and human resources unit, and the Director of the Information services and purchasing unit);
• two representatives of the Department for Public Services within the Presidency of the Council of Ministers;
• two representatives of the Ministry of Justice.

When AA authorities audit the completed risk assessment, they do not take a direct role in deciding on the level of risk exposure but participate in the assessment process in an advisory role or as observers.

The methodological approach to the process rolled out in the following sequence:

1. The coordination unit gathered information and documentation of general interest on anti-fraud matters and forwarded it to the GVRF group and to the MA. The MA then assessed the need for “preventive" actions and disseminated further knowledge and information (for example spreading information to staff employees, setting up internal training modules, etc.)
2. A constant monitoring of the anti-fraud system was put in place. This step included continuous monitoring of risks and controls/measures that were put in place to mitigate risks (a verification of the "tightness" of the instrument or the actual existence / persistence of the specific individual risk areas and each control point/measure mitigating the previously identified risk, as well as the implementation of any action plans).
3. The coordination unit proceeded to identify, collect and analyse cases of fraud in the PON GOV program. It included cases of suspected and/or verified fraud as well as any findings on new or potential risks identified as part of the internal and external audit activities (first level and second level controls - European Commission audit – European Court of Auditors). A summary document was sent annually to the GVRF group to facilitate the evaluation of the anti-fraud system and to identify any improvements through Action Plans.

The GVRF group referred to the descriptive document accompanying the self-assessment tool, which was initially published in the EC note EGESIF 14-0021-00, as "additional" to the excel tool. This descriptive document outlines:

• the composition of the Group in charge of the self-assessment of the risk of fraud
• how the work of the group is to be organised
• the internal process and the activities through which the analysis and evaluation were conducted
• the methodology used for the self-assessment
• a synoptic overview of the documentation and sources of information used for the self-assessment
• for each specific risk and related control point shown in the tool, summary tables with an indication of the information and / or documentary elements on the basis of which the assessments were expressed (so-called "Arguments")

The purpose of this "additional" document is to facilitate the reading of the assessments (numerical only) shown in the tool and to allow a clear and accurate examination of the conclusions reached.

The Fraud Risk Self-Assessment system of PON GOV tool was presented as a best practice in the main public administration networking event in Italy called FORUM PA 2018.