LIST OF INHERENT RISK FACTORS

The risk factors listed below are not applicable to all types of audits. The auditor should always consider inherent
risk related to fraud and irregularity, for which relevant inherent risk factors are shown in italics.

1. Inherent risk factors associated with activities/programmes

 complexity of programmes;
 modification to existing programme’s funding or eligibility rules
 complex, unusual or high-value transactions;
 activities involving the handling of large amounts of cash or high-value attractive goods - embezzlement
or theft
 activities of a nature traditionally considered to be particularly prone to fraud or corruption (e.g. public
works and technical contracts, contracts for the delivery of food aid from long-term EU storage);
 urgent operations (e.g. emergency aid)/operations not fully subject to usual controls;
 historical evidence of a high incidence of intentional irregularities;

 the complexity of the rules and regulations, e.g. regarding eligibility;

 the introduction of new legislation or changes in existing regulations;

 eligibility criteria inconsistent with objectives (too wide, too restrictive, not relevant);
 administration of the activity such that the valuation of assets or the costing of goods and services
received is difficult (e.g. price adjustment formulae in contracts);
 activities that are uninsurable and/or subject to risks arising from political, economic, financial, ecological
(etc) instability;
2. Inherent risk factors associated with the operating structure
 geographically dispersed organisation, or organisation operating in areas where communications are
difficult;

 the complexity of the structure of shared management arrangements;

 unclear division of responsibilities between Commission/Member States’ authorities;
 activities or projects involving numerous partners (coordination problems, weaknesses in management
and communications structures);
 activities involving transfrontier operations (exchange rate risks; linguistic and political (etc) problems)
and/or numerous administrative levels;
3. Inherent risk factors associated with beneficiaries
 operations where the conduct of beneficiaries is difficult to check, or where the ultimate beneficiaries may
be different from the apparent recipient;
 beneficiaries highly dependant on Union funds;
 activities which entail several levels of subcontracting, making the identification of eligible beneficiaries
difficult;
 historical evidence of a high incidence of intentional irregularities;
 political/administrative pressure exerted by beneficiaries/participants in the activity;
  beneficiaries’ accounting systems and/or policies incompatible with Union systems (e.g. research sector);
 unwanted responsibilities imposed on organisations, administrations or beneficiaries;
4. Inherent risk factors associated with economic circumstances
 abnormal trends and ratios;
 results that are intangible or difficult to evaluate;
 activities starting up or coming to an end, or subject to rapid technological change;
 beneficiaries or industries subject to a high failure rate (e.g. new technologies);
 unstable sources of supply and variable prices of inputs (raw materials, etc);
 over-dependence on one supplier (e.g. supplier of equipment has exclusive maintenance contract, is sole
supplier of parts and materials, software, etc);
5. Inherent risk factors associated with the audited entity
 frequent conflicts over pay, working conditions, social matters;
 lack of turnover/mobility of personnel and/or personnel not taking holidays in a sensitive department/area
(e.g. finance, accounting and control services);
 activities with which the audited entity has no or limited experience;
 activities that are highly dependent upon a small number of key personnel;
 rapid turnover of personnel and, in particular, of staff working in finance, accounting and control
departments;
 insufficient staff, staff/management under-qualified, inexperienced, poorly motivated;
 peaks and troughs in work patterns and information flows;
 utilisation of obsolete information technology systems;
6. Inherent risk factors associated with the audited entity’s management policies and practices
 management, supervision and control functions poorly suited to the activity;
 lack of management information system and/or cost accounting system;
 unclear division of responsibilities within and between the various departments;
 strong pressure upon management to produce unrealistic results, achieve unrealistic objectives, meet
unrealistic deadlines, achieve high rates of budgetary utilisation at the year-end;
 short-term budgetary pressures (e.g. delay in undertaking necessary maintenance imposes greater costs
at a later stage);
7. Inherent risk factors associated with the financial reporting
 significant changes in the accounting rules
 complexity of accounting rules
 significant changes in the information technology, high number of interconnected IT systems
 number of institutions and bodies and/or departments involved in consolidation and their business model
 history of misstatements or significant adjustments at period-end
 history of weaknesses in internal control, especially those not addressed by management
 enquiries into the entity by regulatory or government bodies
 pending litigation and contingent liabilities