Mur għall-kontenut ewlieni
Anti-Fraud Knowledge Centre

Fraud risk evaluation group (GVRF-group) and self -assessment tool

Context and objective(s)

The Italian National Operational Program “Governance and Institutional Capacity” (PON GOV) is managed by the Italian Agency for Territorial Cohesion alongside two intermediate bodies (IB): The Department of Public Service within the Presidency of the Council of Ministers and the Ministry of Justice. The Audit Authority (AA) is the Ministry of Economy and Finance while the Certifying Authority (CA) role is carried out by a specific department within the Italian Agency for Territorial Cohesion. The PON GOV program allotted a budget of EUR 805 million during the period between 2014 and 2020 and supports capacity‑building and innovation of all Public Administrations.  80% of the resources have been earmarked for the less developed Regions (Basilicata, Calabria, Campania, Puglia and Sicily).

In 2017, the Italian Agency for Territorial Cohesion set up a fraud risk evaluation group (Gruppo di Valutazione del Rischio Frode – GVRF-group) in the PON GOV program with the aim to minimise the risk of fraudulent behaviour, to continuously assess potential fraud risks and to adopt adequate preventive and corrective measures.

The GVRF group based its work on the fraud risk self-assessment tool from the EC guidance note of EGESIF n.14-0021-00 published on 16/06/2014 . The EC self-assessment tool covers the likelihood and impact of specific and commonly recognised fraud risks particularly relevant to key processes such as:

  • selection of applicants;
  • implementation of projects by beneficiaries, focusing on public procurement and labour costs;
  • certification of costs by the Managing Authority (MA) and payments;
  • selection of projects of technical assistance directly by the MA or the IB.  

The EC general methodology for the fraud risk assessment follows 5 main steps:

  1. Quantification of Gross risk
    The Gross risk refers to the level of risk well before considering the effect of any existing or planned controls. The quantification of risk is assessed by its likelihood and impact; how likely is the event to happen and what consequences will the event have, financially and non-financially? In order to standardise the assessment, a time horizon of seven years (the length of the programming period) should be set when determining the likely sequence of events that would lead to risk.
  2. Assessment of the mitigating controls put in place
  3. Assessment of the Net risk
    The Net risk refers to the level of risk after considering the impact of any existing controls and their effectiveness, i.e. the situation as it is at the current time.
  4. Action plans for putting in place effective and proportionate anti-fraud measures
  5. Definition of the Target risk

The Target risk refers to the level of risk after considering the effect of any current and planned controls. It is the risk level that the MA considers tolerable.

Description of the practice

Considering the EC guidelines, the specific objectives of the GVRF-group of the PON GOV program were to:

  • adopt the Fraud Risk self-assessment tool aimed at reducing the risk of fraud for each MA and IB;
  • collect the information needed to carry out the evaluation, and request any additional information from all stakeholders. During this phase the group also closely examines the content of the three-year anti-corruption plan established by the Italian National Anti-corruption Authority (ANAC), consults fraud information databases (such as SIAF/PIAF, ARACHNE) and carries out interviews with key officers involved in projects that monitor activities currently in place;
  • carry out the first assessment of potential fraud risks in relation to the designation of Authorities within a maximum of six months, and before the MA or IBs of the Program proceed to select beneficiaries;
  • identify any new (established or potential) risks by analysing a wealth of case studies of suspected or verified instances of fraud;
  • approve evaluations and any capacity building actions if needed as corrective mitigating measures;
  • monitor the Action Plans to improve first level controls;
  • periodically review the fraud risk evaluation, depending on risk levels and instances of fraud.

The MA as well as the CA and IB participate in the GVRF group. The group is composed of:

  • six representatives of the Agency of Territorial Cohesion (the Director of the office responsible for managing administrative capacity-building and technical assistance programs, the Director of the unit for coordination and execution of first-level checks, the Agency's Corruption Prevention and Transparency Officer, the Director of the office for coordination of certification and expenditure monitoring, the Director of organisation, budget and human resources unit, and the Director of the Information services and purchasing unit);
  • two representatives of the Department for Public Services within the Presidency of the Council of Ministers;
  • two representatives of the Ministry of Justice.

When AA authorities audit the completed risk assessment, they do not take a direct role in deciding on the level of risk exposure but participate in the assessment process in an advisory role or as observers.

The methodological approach to the process rolled out in the following sequence:

  1. The coordination unit gathered information and documentation of general interest on anti-fraud matters and forwarded it to the GVRF group and to the MA. The MA then assessed the need for “preventive" actions and disseminated further knowledge and information (for example spreading information to staff employees, setting up internal training modules, etc.)
  2. A constant monitoring of the anti-fraud system was put in place. This step included continuous monitoring of risks and controls/measures that were put in place to mitigate risks (a verification of the "tightness" of the instrument or the actual existence / persistence of the specific individual risk areas and each control point/measure mitigating the previously identified risk, as well as the implementation of any action plans).
  3. The coordination unit proceeded to identify, collect and analyse cases of fraud in the PON GOV program. It included cases of suspected and/or verified fraud as well as any findings on new or potential risks identified as part of the internal and external audit activities (first level and second level controls - European Commission audit – European Court of Auditors). A summary document was sent annually to the GVRF group to facilitate the evaluation of the anti-fraud system and to identify any improvements through Action Plans.

The GVRF group referred to the descriptive document accompanying the self-assessment tool, which was initially published in the EC note EGESIF 14-0021-00, as "additional" to the excel tool. This descriptive document outlines:

  • the composition of the Group in charge of the self-assessment of the risk of fraud
  • how the work of the group is to be organised
  • the internal process and the activities through which the analysis and evaluation were conducted
  • the methodology used for the self-assessment
  • a synoptic overview of the documentation and sources of information used for the self-assessment
  • for each specific risk and related control point shown in the tool, summary tables with an indication of the information and / or documentary elements on the basis of which the assessments were expressed (so-called "Arguments")

The purpose of this "additional" document is to facilitate the reading of the assessments (numerical only) shown in the tool and to allow a clear and accurate examination of the conclusions reached.

The Fraud Risk Self-Assessment system of PON GOV tool was presented as a best practice in the main public administration networking event in Italy called FORUM PA 2018.

Key success factors

  1. The members of the GVRF group were chosen based on high-level expertise and had clearly recognised competencies. This is relevant because the audits done by the AA take into consideration the level of expertise of the group members – see Annex 4, point C.1.1 of EGESIF guidance. The composition was deliberately of transversal character and this diversity was an advantage when integrating different institutional views into the monitoring activities, as it makes the anti-fraud strategy more exhaustive.
  2. The GVRF group was further supported by a technical restricted sub working group aimed at sharing methodologies, interpretations of possible doubts/clarifications as well as the process of developing individual evaluation tools. While having only one GVRF group, the decision was taken to create 3 separate self-assessment tools within the PON GOV program, so that each IB and MA could have its own self-assessment tool. 
  3. It is essential to ensure the necessary independence and objectivity of self-assessments. The GVRF group let each MA/IB carry out its own work independently and perform its own in-house analysis, risk mapping and risk assessment of fraud that may be linked to their projects.

Challenges encountered & lessons learned

The GVRF group faced the following challenges:

  1. There is an enormous volume of documentation and information to be processed in order to make the GVRF group self-assessment as accurate as possible. The GVRF group relied on a coordinating unit in the MA for assistance. This unit took care of the collection and documentation of the information sources during the risk assessment process and supported the self-assessment process (one of the most demanding aspects of the process because of the sheer number of documents to be collected and analysed).
  2. The task of carrying out in-depth assessment of potential fraud risks in the life cycle of a project is not easy.  the assessment must include the selection of the operation, the implementation of the project, the control, as well as payment and certification of expenditure (so-called process and risk mapping).
  3. the group required the active involvement of different areas / structures / offices / departments and related staff (example: Tender & purchasing office, Personnel office, Budget office, Payments office, Manager transparency and anti-corruption).

Potential for the transferability

The fraud risk self-assessment system (we understand the "system" to mean both the process / methodology and the tools) can be transferred to other EU Member States because the success factors (GVRF group composition, operational organisation of activities, working methodology and tools used) are in fact replicable with due adjustments needed.

The fraud risk self-assessment tool (and the accompanying report) can be further adapted to the distinctive features of each program, making its assessment and monitoring functions more targeted and methodical. For example, one could introduce new risk factors and, consequently, new control points / mitigating actions aimed at potential fraud risks that could occur in the selection, implementation, control and certification phases of EU projects.

Other EU countries may have one program managed by different structures of MA and IB (such as Spain). For these countries it would make sense to have a single GVRF group, composed of representatives of the different administrations, each of which have their own assessment tool  (not a single self-assessment tool for the entire program). As the PON GOV practice shows, each administration can customise and adapt the tools to its specificities and, therefore, work in an independent and objective way.

17 MARZU 2021
Fraud Risk Evaluation Group EN
29 MARZU 2021
Fraud risk self evaluation group BG
29 MARZU 2021
Fraud risk self evaluation group CZ
29 MARZU 2021
Fraud risk self evaluation group EL
29 MARZU 2021
Fraud risk self evaluation group ES
29 MARZU 2021
Fraud risk self evaluation group FR
29 MARZU 2021
Fraud risk self evaluation group HR
29 MARZU 2021
Fraud risk self evaluation group HU
29 MARZU 2021
Fraud risk self evaluation group IT
29 MARZU 2021
Fraud risk self evaluation group PL
29 MARZU 2021
Fraud risk self evaluation group RO