Views
1 year ago

Work programme 2017

WC500221614

Risk Mitigating actions

Risk Mitigating actions and controls regulatory procedures and decision-making is of poor quality, incomplete, inaccurate and/or lacks integrity Data management – document management Loss of information due to inadequate document management system and processes IT development and management Loss of knowledge due to contractors leaving the Agency Recruitment Staff planning and recruitment do not cover the needs of the Agency in order to achieve its objectives • Validation of data entry in SIAMED and EudraVigilance • Data analytics tool and processes for monitoring data quality • Centralised activity in single department responsible for data governance and information assets In progress: • Data cleaning of existing data to ensure reference quality level • Agency quality standard and reference for data based on ISO standards • Single trusted, identifiable master copies of substances, referentials, organisations and products data available as service • Data cleaning of existing data to bring up to reference quality • Defined roles and responsibilities for all data managers/stewards Planned: • Established Agency quality standard and reference for data based on ISO standards • Single, trusted, identifiable master copies of substances, referentials, organisation and products (SPOR) data available as a service • Data-quality control level based on risk assessment of individual data assets • Data-quality monitoring and data-quality processes • Core data (SIAMED) reports and templates In place: • EMA records-management policy and business classification scheme • Basic back-up procedures undertaken on shared drives, Outlook and document management system • Awareness and training session on document/records management best practices • Procedure on Core Master File Product In progress: • Identification of data-set owners and definition of clear roles and responsibilities Planned: • Records management embedded in redesigned human medicines evaluation processes • Compliance assessment of Agency's document/records management IT systems • Automatic assignment of retention policy and classification • KPIs to monitor compliance with EMA record-management policy • Reporting tools in the document management system to automate monitoring and control measures In place: • Reducing reliance on contractors for critical skills and knowledge In progress: • Review of IT operating model to insource further critical skills and knowledge Planned: • Outsourcing less critical skills and services, managed by strict contracts and SLAs • Review of I-Division operating model to insource further critical skills and knowledge In place: • The Agency's management meets at least four times a year (quarterly EXB meetings) to identify future competencies needed and adequate staff levels to meet the Agency's objectives. The EXB sets up the resource plan, which is then monitored throughout the year. In addition, other ad hoc meetings are set throughout the year to discuss particular resource needs Work programme 2017 EMA/583016/2016 Page 114/123

Risk Mitigating actions and controls Procurement Failure to deliver timely procurement and obtain value for money Finance - Revenue collection and Treasury management Loss on currency exchange rate fluctuations Clinical data publication Non-compliance of • Two separate reports are downloaded from the SAP HR system with all the staff information and a comparison is done between the reports in order to mitigate any discrepancy on numbers and assure that the Agency does not go above the establishment plan. A separate database with all the staff levels is updated daily. This creates a three-layer system which improves the quality of the data. Afterwards, a monthly report is produced comparing the staff levels expected, the actual staff levels and any deviation from the plan, which then is sent out to the head of Administration division, head of HR, head of Strategic planning & budget and HR business partners • Monthly meetings between the Resource planning coordinator and HR business partners to monitor actual staff levels compared to the plan. These meetings also set the basis for planning of potential resignations, retirements and resource planning for part-time, maternity and unpaid leave covers • Fortnight recruitment planning meetings between Head of Talent Acquisition, Head of HR, Head of Staff Payments Office and HR business partners to go through the recruitment planning • Bimonthly salary budget meetings between Resource Planning Coordinator and Salary officers • Quarterly budget meetings between Resource Planning Coordinator and Budget team • Fortnight meetings between Resource Planning Coordinator and Head of Strategic planning & Budget • Fortnight meetings between Resource Planning Coordinator and Head of Administration In place: • Adequate/realistic planning, based on a solid methodology in order to justify and optimize procurement procedures launched and aligned with budget planning, three years in advance • Clear assignment of responsibilities is defined at the outset of a procurement procedure when defining the business case for capital expenditure. All procurement procedures are performed in close cooperation with procurement control office • Clear definition of needs, including justification (e.g. ex-ante evaluation of needs for new projects or expenditure, a cost/benefit analysis, justification for outsourcing, etc.) • Systematic conduct of a lessons learned exercise at the time when a procurement decision is made. A debriefing is also conducted by procurement control office on any procurement over €60,000 to identify improvements • Regular monitoring of planned deadlines and reporting (e.g. monitoring tools in place, deadline management, quality assurance, etc.) • Review of procurement planning carried out at least quarterly, follow ups if needed • Procurement procedures included in the scope of the enhanced ex post controls under Article 46 of the Financial regulation In place: • Hedging/other exchange mechanisms • Forward exchange contracts • Treasury policy • Minimum cash flow level kept • Subsidy claimed only as required • Regular meetings with treasure committee In place: Work programme 2017 EMA/583016/2016 Page 115/123