track and give prior approval to control overrides or deviations from policies and procedures.' The aim of ... Corporate
Standard operating procedure Title: Requesting and recording of exceptions and non-compliance events Status: Public
Document no.: SOP/EMA/0044
Lead author
Approver
Effective date: 17/01/2018
Name: Mario Benetti
Name: Guido Rasi
Review date: 17/01/2020
Signature:
Signature:
Supersedes:
Signature on file
Signature on File
TW4037
Date: 17/01/2018
Date: 17/01/2018
TrackWise record no. 5368
SOP/EMA/0044 (28-JUL-2014)
1. Purpose The procedure describes the approval, registration and follow up of exceptions and/or non-compliance events as in accordance with the standard for internal control on recording exceptions (standard No. 8), the Agency shall ‘[….] track and give prior approval to control overrides or deviations from policies and procedures.’ The aim of reporting exception and/or non-compliance is to ensure that any deviation from established policies or procedures is documented, justified and approved at an appropriate level before decision/action is taken.
2. Scope The procedure is applicable to all Agency staff through the hierarchy. This procedure is without prejudice to the one described in the charter of tasks and responsibilities of the verifying officer and verifying assistant(s). in paragraph 3 (doc. Ref n. EMA/96380/2015). The present procedure does not cover irregular activities which are described in a separate procedure dealing with reporting suspected improprieties (doc. Ref n. EMEA/283205/2013).
3. Responsibilities It is the responsibility of the Executive Director, Heads of Division and Department, Authorising Officers by delegation/sub-delegation to ensure that staff is aware of and complies with this procedure. Specific responsibilities are outlined in section 9.
30 Churchill Place ● Canary Wharf ● London E14 5EU ● United Kingdom Telephone +44 (0)20 3660 6000 Facsimile +44 (0)20 Send a question via our website www.ema.europa.eu/contact
An agency of the European Union
© European Medicines Agency, 2018. Reproduction is authorised provided the source is acknowledged.
4. Changes since last revision Title edit Rename of managerial titles following the reorganisation/restructuring Review the steps and description of the procedure Update the request for an exception form (Annex I and Annex II) Addition of point 11 on transparency
5. Documents needed for this SOP Register of exceptions (Cabinets/06. Corporate governance/06.2 Integrated Management System/6. Internal controls/Exceptions) Template for requesting an exception (Word-File-New-Templates-Agency-More-request for exception)
6. Related documents Standards for internal control (EMA/MB/555181/2010)
7. Definitions ED: Executive Director AO: Authorising Officer by delegation/ sub-delegation HDiv: Head(s) of Division HDep: Head(s) of Department A-SG: Strategic Planning & Governance Department A-SG-QRM: Quality Assurance & Risk Management A-FI-VFO: Verification Office EXB: Executive Board Exception: 1. It constitutes a deviation from established processes and procedures (action of replacing one or more steps in established process/procedures with another action or no action) or, an overriding of controls (action which goes against the results of previous controls) but does not constitute a breach of regulatory and/or contractual provisions and, 2. It is not foreseen in already existing processes/procedures and, 3. It is approved by the responsible person before action is taken (ex ante) Non-compliance: 1. It constitutes a deviation from established processes and procedures or an overriding of controls or a gap in existing controls and, 2. It might entail a breach of existing regulatory and/or contractual provisions, and 3. It is detected after action was taken (ex post).
Standard operating procedure – PUBLIC SOP/EMA/0044, 17/01/2018
Page 2/8
Regulatory provisions (e.g. Regulation, Directive, Financial regulation, Implementing rules, Rules of application, Staff regulations, Data protection regulation, Access to documents). Contractual provisions (e.g. contracts with entities outside of the European Medicines Agency) Procedures (e.g. internal implementing rules, manuals, guidelines, SOPs, WINs…)
8. Process map(s)/ flow chart(s)
Start
1. Complete template and forward it to Head of Division/ Authorising Officer by Delegation
2. Head of Division/ Authorising Officer sends request to AFI-VFO and A-SGQRM
3. A-FI-VFO and A-SG-QRM validate or reject the request and inform staff member
Rejected
Validated
5. A-SG-QRM obtain decision from the Executive Director
Refused
4. Originator advise on alternative course of action
Granted
6. Notify Head of Division or delegated Authorising Officer to proceed in accordance with decision taken by ED
7. Register the exception/noncompliance together with the decisions taken and file originals
End
Standard operating procedure – PUBLIC SOP/EMA/0044, 17/01/2018
Page 3/8
9. Procedure Step
Action
Responsibility
1.
Request an exception or report a non-compliance event by
Staff member
completing a request form (Annex I) and forward it to Head of
initiating the
Division or AO by Delegation for validation. The request should:
request/Originator
Indicate which regulatory and/or contractual provisions; policy/procedure/regulation/process is not respected.
Describe the type of transaction/event and amount concerned.
Explain the exceptional circumstances that justify an exception request or that caused a non-compliance.
Describe the risk (e.g. reputational, financial or legal).
Indicate the actions taken to mitigate the resulting risk and/or measures proposed to avoid repetition of the situation.
2
Send request to Verification Office (A-FI-VFO) and Quality
Head of Division /
Assurance & Risk Management (A-SG-QRM).
Authorising Officer by Delegation
3
A-FI-VFO and A-SG-QRM validate or reject the request. If request is rejected inform staff member of decision.
A-FI-VFO/ A-SG-QRM
If the request is rejected go to step 4. If the request is validated go to step 5. 4
Advise on alternative course of action.
Originator
5
Quality Assurance & Risk Management (A-SG-QRM) obtain decision
A-SG-QRM
from the Executive Director. If the request is granted go to step 6. If the request is refused go to step 4. 6
Notify Head of Division or delegated Authorising Officer to proceed
A-SG-QRM
in accordance with decision taken by ED. 7
Register the exception/non-compliance and decision taken and file
A-SG-QRM
original request.
Standard operating procedure – PUBLIC SOP/EMA/0044, 17/01/2018
Page 4/8
10. Records Electronic files: The register of exceptions/non-compliances, including the completed forms and the supportive documentation, are kept in the appropriately labelled folder in the electronic document management system: Cabinets/06. Corporate governance/06.2 Integrated Management System/6. Internal controls/Exceptions Document security setting: For non-confidential documents the ACL EMA_default_staffonly should be used. For confidential issues an ACL with an appropriate access level should be chosen. Signed originals: Originals of signed forms are kept by the A-SG-QRM: Quality Assurance & Risk Management
11. Transparency The register of exceptions and non-compliances is submitted to the Executive Board (EXB) annually for information.
Standard operating procedure – PUBLIC SOP/EMA/0044, 17/01/2018
Page 5/8
ANNEX 1
Request for an exception / reporting of non-compliance event CONFIDENTIAL (To be delivered by hand) URGENT Please call requester and inform of decision by
(DD/MM/YYYY)
(For non-urgent requests, information will be processed within 24 hours after decision)
Exception Division:
Non-compliance event Name:
Office:
Tel:
Policy or procedure this request for exception/report of non-compliance refers to / is in conflict with (enclose reference)1: Financial Regulations /Staff Regulation/Implementing Rules/Legal base Contract / Grant Agreement Call for tenders / call for proposals Other (please specify) Type of transaction/event and amount concerned2
Exceptional circumstances that require an exception request / caused a non-compliance event
Resulting risk of the exception / non-compliance (consequences of the event)
Measures to be taken to mitigate the resulting risks and ensure that such a situation does not reoccur:
Validation Opinion of the verification office (A-FI-VFO): Opinion of the quality assurance and risk management function (A-SG-QRM): Head of Division or delegated Authorising Officer validates the application: Yes Date: ..........................................................
No
Signature: ................................................................
1
To attach the relevant documents In case the amount cannot be determined or if the impact is not financial please indicate the significance e.g. important / immaterial 2
Request for an exception / reporting of non-compliance event – PUBLIC SOP/EMA/0044, 17/01/2018
Page 6/8
Decision Opinion of the Executive Director: Granted Date: ..........................................................
Refused Signature: ................................................................
Justification if refusing request or if granting exception to regulatory or contractual obligations:
Registration - For exception and non-compliance Reference Number: Date of registration in exceptions register by Internal Control Coordinator (A-SG-QRM):
Date: ..........................................................
Signature: ................................................................
Request for an exception / reporting of non-compliance event – PUBLIC SOP/EMA/0044, 17/01/2018
Page 7/8
ANNEX 2
DELIVER BY HAND Transmission slip Request for exceptions and recording of non-compliance
URGENT Please call requester and inform of decision by
(DD/MM/YYYY)
(For non-urgent requests, information will be processed within 24 hours after decision)
Exception
Non-compliance event
Title/ brief description
Transmission
Name
Signature
Date
Office / Tel. No. Initiator
/
Head of Division/AO A-FI-VFO A-SG-QRM Executive Director A-SG-QRM
/ / / / /
Return to Initiator Initiator
/
Comments: (Notify resolution to the initiator)
The transmission is effective on 15-JUL-2014. Please refer to SOP/EMA/0044 for details of the procedure.
DELIVER BY HAND – PUBLIC SOP/EMA/0044, 17/01/2018
Page 8/8
