PowerPoint Presentation

[Audio] Now it's time for module 2, which is titled "Governance and Compliance"..

[Audio] Strong financial governance is the regulatory and ethical backbone that ensures project funds are used properly. In EU-funded Digital Agriculture and R&I projects, governance structures define who is responsible for what, who makes decisions, and who is accountable. Clear governance reduces risks, prevents misuse of funds, and ensures that financial decisions support the project's objectives and comply with EU rules. Governance is not about control for its own sake. It is about enabling transparency, shared responsibility, and trust—within the consortium and with funders. Typically, this structure is built around three key roles: the Executive Board, Work Package Leads, and the Financial Officer..

[Audio] Let's start by looking at governance structures in a project, because strong governance is the backbone of effective financial management. In most multi-partner projects, especially EU-funded agri-innovation initiatives, the governance framework is made up of several key roles: the Executive Board, Work Package Leads, and the Financial Officer. Each of these roles has specific responsibilities, and together they ensure that decisions are made efficiently, resources are allocated properly, and the project meets both its technical and financial objectives..

[Audio] The Executive Board acts as the strategic decision-making body. It sets priorities, approves budgets, and ensures that the consortium aligns with the project objectives. Think of the Executive Board as the central hub that keeps the entire project moving in the right direction. For example, if one partner requests additional funds for a field trial because of unexpected costs, the Executive Board evaluates whether this adjustment is feasible and aligns with the overall project plan..

[Audio] Next, the Work Package Leads, or WP Leads, manage specific components of the project. They are responsible for planning and executing their assigned work packages, monitoring expenses, and reporting progress to the Executive Board. WP Leads are crucial because they are closest to the day-to-day activities—they can detect early if a cost overrun is likely or if a particular task needs more resources. By providing timely financial information, they enable the Executive Board to make informed decisions..

[Audio] Finally, the Financial Officer plays a specialized and critical role. The Financial Officer is responsible for the project's overall budget management, accounting, financial reporting, and compliance with EU and national financial regulations. They monitor cash flow, ensure proper documentation, and coordinate audits. For instance, when preparing for a Horizon Europe audit, the Financial Officer gathers all necessary documentation, reconciles accounts, and makes sure that every expenditure is justified according to the grant agreement. Together, these governance roles create a system of checks and balances. The Executive Board makes strategic decisions, WP Leads provide operational oversight, and the Financial Officer ensures compliance and accuracy. This structure ensures that funds are used efficiently, ethically, and transparently throughout the project lifecycle..

[Audio] When governance roles are clearly defined and properly implemented, they create a system of checks and balances. Strategic oversight, operational responsibility, and compliance control work together to ensure funds are used ethically, transparently, and effectively. This structure protects not only the project but also individual partners. It reduces conflicts, prevents misuse of funds, and reinforces trust with funders and stakeholders. Good governance is therefore not a bureaucratic requirement—it is a foundation for integrity, credibility, and long-term success..

[Audio] Now let's move to internal control systems, which are the mechanisms that make sure governance structures work effectively in practice. While governance sets roles and responsibilities, internal controls are the day-to-day processes and procedures that ensure the project's finances are managed properly. Internal controls cover a wide range of activities. They include approvals for expenditures, verification of invoices, segregation of duties, and regular financial reviews. The goal is to prevent errors, detect anomalies, and reduce the risk of fraud or mismanagement. For example, no single person should have the authority to approve, execute, and record a payment. By separating these duties among different partners, the consortium reduces the risk of mistakes or misuse..

[Audio] An effective internal control system is built on several interconnected components. These include clear procedures, segregation of duties, proper authorisation processes, accurate documentation, and regular monitoring. Together, these elements create a structured environment where financial activities are transparent and traceable. For example, the person approving an expense should not be the same person processing the payment. This separation reduces the risk of errors or fraud and reinforces accountability..

[Audio] Budget control is a core element of internal control systems. It involves comparing planned budgets with actual expenditures on a regular basis. This allows project teams to detect deviations early and take corrective action before issues escalate. In Digital Agriculture projects, costs can fluctuate due to seasonal activities, equipment needs, or field conditions. Regular budget monitoring ensures that these fluctuations are managed proactively, rather than becoming surprises at reporting time..

[Audio] Another key element is documentation and record-keeping. Every expense should be supported by receipts, contracts, or agreements. Financial records should be organized and accessible so that any partner, auditor, or funder can verify them if needed. For instance, if the project purchases sensors for field trials, the invoice, approval form, and payment record should all be linked and stored securely..

[Audio] Internal control systems also include regular monitoring and reconciliation. This means that project managers and financial officers periodically review expenditures against the budget to identify deviations early. If a work package is spending faster than anticipated, corrective action can be taken before it becomes a problem. Finally, internal controls are essential for audits. Both internal reviews and external audits depend on well-documented and consistently applied control processes. A strong internal control system demonstrates financial discipline, accountability, and transparency, and it supports the consortium's credibility with funders and stakeholders. In short, internal control systems turn governance theory into practice. They ensure that decisions are implemented correctly, that financial risks are managed proactively, and that the project remains on track to achieve both its technical and financial objectives..

[Audio] Let's start by talking about compliance with EU and national rules, and why it is absolutely critical for the success of any Horizon Europe project. When we talk about compliance, we're not just talking about ticking boxes or filling out forms. We're talking about making sure that the funds entrusted to the project—your consortium, your partners, and ultimately the EU—are used responsibly, ethically, and transparently. In Horizon Europe projects, every partner has a role to play. It doesn't matter if you're a technical lead, a researcher, or a coordinator. If you handle resources, if you make decisions that involve spending, if you approve invoices or contracts, you are part of this compliance framework. Compliance is not optional, and it is not something that only the finance officer needs to worry about. Why does this matter so much? Well, let's imagine for a moment a project that develops digital crop monitoring systems across several countries. The EU provides funding to achieve measurable impact for farmers and stakeholders. If any partner does not follow the rules—say, makes a purchase without proper justification, or fails to document an expense—that could trigger an audit issue. If unresolved, it could even result in financial corrections, penalties, or in the worst case, suspension of funding. That affects the whole consortium and can delay or even stop the project from delivering its objectives. So, compliance is really a protective mechanism. It protects the project itself, it protects each individual partner, and it protects public funds. Following EU and national regulations ensures that every euro spent can be justified, tracked, and demonstrated to auditors. It also helps maintain credibility with your stakeholders—whether that's the European Commission, national authorities, or your research and agricultural partners. In summary, compliance is about operating legally, ethically, and sustainably. It's not just about following rules for the sake of rules—it's about ensuring that the project runs smoothly, that your partnerships remain strong, and that the innovation you're creating can actually reach farmers, researchers, and the wider community without risk of interruption. Think of it as the safety net that allows the project to succeed both technically and financially..

[Audio] Next, let's focus on procurement rules. Procurement is simply how we purchase goods, services, or works with project funds—but in EU projects, it comes with very specific requirements. The goal is always the same: fairness, transparency, and competitiveness. These rules exist to make sure that the project gets value for money, and that every purchase can withstand scrutiny from auditors and funding authorities. Let's take an example. Suppose our project needs to purchase a set of soil sensors for a precision irrigation trial. You might think, 'Well, I know a supplier and I can just buy from them.' But in a Horizon Europe project, that would be a compliance violation. Instead, the rules require that we obtain multiple quotes, evaluate them fairly, document the decision, and justify why one supplier was chosen over the others. This process ensures that funds are spent responsibly and can be traced back to legitimate project needs. Procurement rules also include thresholds. Certain purchases, depending on their value, may require open tenders or formal competitive procedures. And it's important to remember that we need to comply not just with EU rules but also with national procurement laws in each partner country. This dual compliance ensures that everything we do is legal, fair, and audit-ready. Another key point: procurement is not just about following rules. It's also about risk management. Transparent procurement protects the consortium from accusations of favoritism, fraud, or mismanagement. It also helps ensure that the project can deliver its technical objectives on time, because you are sourcing the right equipment and services in a controlled and predictable way. So, when you're planning a purchase, always ask yourself: Are we following fair procedures? Do we have proper documentation? Can we justify this decision to a funder or auditor? If the answer is yes, then you are meeting both the letter and the spirit of EU procurement rules. Procurement is therefore both a compliance requirement and a tool for good governance..

[Audio] Now, let's talk about conflicts of interest. A conflict of interest occurs whenever someone's personal, financial, or professional interests could improperly influence their decision-making. In Horizon Europe projects, conflicts of interest are taken very seriously, and there are clear rules: they must be identified, disclosed, and managed immediately. Let me give you an example. Imagine a Work Package Lead is in charge of selecting a supplier for drone-based crop monitoring equipment. If that person also happens to hold shares in a drone company being considered, that's a conflict of interest. If left undisclosed, it could compromise the decision, undermine transparency, and put the consortium at risk of non-compliance. The proper procedure is simple: disclose the conflict immediately. Then, the consortium can take steps to manage it—maybe that person steps aside from the decision, and another partner makes the final choice. This preserves trust, ensures the decision is ethical, and protects everyone involved. Why does this matter? Conflicts of interest, if unaddressed, can erode trust among partners, affect the credibility of the project, and even violate EU and national regulations, which can have legal and financial consequences. By managing conflicts proactively, the consortium demonstrates integrity, accountability, and ethical governance. So, conflicts of interest aren't just bureaucratic rules—they're a fundamental part of financial ethics. Managing them properly protects the project, maintains trust, and ensures that all decisions are made in the best interest of the project objectives, not personal gain..

[Audio] Procurement rules and conflict of interest policies are not just administrative hurdles, they are key pillars of governance. They ensure that financial decisions are made responsibly, transparently, and in line with both the consortium's objectives and legal obligations. By following these compliance rules, the consortium strengthens its credibility with funders, mitigates financial risk, and promotes ethical practices that benefit all partners..

[Audio] Now we turn to anti-fraud and anti-corruption standards. At first, this might sound like something only auditors or compliance officers need to worry about, but in reality, it affects every partner in the project. Fraud and corruption pose serious risks—they can lead to financial penalties, reputational damage, or even suspension of funding. In EU-funded projects, even a single fraudulent transaction can compromise the credibility of the entire consortium. That's why it's essential to implement robust standards to prevent, detect, and respond to fraud or corruption. This isn't just a legal requirement; it's about protecting the project, the partners, and the public funds entrusted to us. Think of it this way: when we adhere to anti-fraud standards, we're not only avoiding problems, we're also creating a culture of trust and integrity. Funders, auditors, and stakeholders can see that the project is managed responsibly, which enhances our credibility and increases the likelihood of future funding and partnerships. In short, anti-fraud and anti-corruption standards are not just administrative rules—they are the ethical and operational backbone that keeps the project honest, transparent, and sustainable..

[Audio] Let's look more closely at OLAF, the European Anti-Fraud Office. OLAF provides guidelines for detecting, investigating, and preventing fraud in EU-funded projects. This includes things like false invoices, double claiming of costs, misrepresentation of activities, or any other misuse of EU funds. Every consortium needs clear procedures for reporting suspicious activities. For instance, if a partner notices that an invoice doesn't match the work completed, or that a cost seems unusually high, they must report it immediately to the designated compliance officer or the Executive Board. Early detection is critical—addressing potential fraud proactively minimizes both financial and reputational risks. Cooperation with audits and investigations is also mandatory. If OLAF initiates a review, all partners must provide documentation, explanations, and full transparency. Failing to cooperate can lead to serious consequences, including financial corrections or disqualification from funding. So, OLAF is not just about catching fraud—it's also about creating a culture of vigilance and responsibility, where everyone in the consortium knows that misuse of funds is not tolerated, and that transparency and accountability are the norm..

[Audio] Next, let's discuss ISO 37001, which is an international standard for anti-bribery management. While OLAF is EU-specific, ISO 37001 provides a global framework for preventing bribery and corruption across all partners, especially in multi-country projects. Implementing ISO 37001 involves several key elements. First, you need clear anti-bribery policies that everyone understands. Second, you need risk assessments to identify where bribery or corruption might occur, such as in procurement, partnerships, or subcontracting. Third, training and awareness are crucial—everyone must know how to recognize and report suspicious activities. Finally, there must be controls in place to prevent and detect bribery, and clear reporting channels when something is suspected. For example, imagine the consortium is selecting a subcontractor to provide data management services. If a partner has a personal relationship with the subcontractor, ISO 37001 standards require that this risk is identified, documented, and managed. Controls could include having an independent partner review the selection process to avoid undue influence. By adopting ISO 37001, the consortium strengthens its ethical and operational resilience, ensuring that bribery and corruption risks are minimized and that decisions are transparent, fair, and accountable..

[Audio] Finally, let's talk about how OLAF guidelines and ISO 37001 standards fit into overall project governance. These standards are not just separate rules or checklists. They must be fully integrated into the consortium's governance structure and internal control systems. This means having clearly defined responsibilities, reporting lines, and procedures. Everyone should know who to contact if they spot a potential issue, and training should be provided to ensure all partners understand what constitutes fraud or bribery. High-risk activities, such as procurement or subcontracting, should be regularly monitored to detect irregularities early. By embedding anti-fraud and anti-corruption measures into everyday operations, the consortium ensures compliance, protects its funding, and promotes a culture of ethical decision-making. Partners are more confident that decisions are made fairly, funds are used properly, and the project can achieve its objectives without being undermined by unethical behavior. In other words, OLAF and ISO 37001 are not just compliance tools—they are foundational elements of ethical governance, transparency, and trust in the consortium..

[Audio] Now we move on to ethics in financial decisions. Ethics isn't just a buzzword; it's central to how we manage funds responsibly in any project. When we talk about ethics in financial management, we're really talking about making decisions that are fair, responsible, and aligned with the project's objectives and broader societal expectations. Ethical financial management builds trust—not only within the consortium but also with the funding bodies and stakeholders who rely on us to manage resources properly. Without ethics, even perfectly accurate financial reporting could still be damaging if decisions were made in bad faith or in a way that favored certain partners over others. For example, imagine a situation where a partner could redirect funds from a work package to a task that benefits them personally rather than the project. Even if the books balance, the action would be unethical and could put the entire project at risk. Ethics also intersects with legal compliance. Following EU financial regulations is mandatory, but doing so ethically goes further—it ensures we consider the fairness, impact, and consequences of every decision. In practice, this means thinking about how our financial decisions affect the consortium, the project outcomes, and the end-users, like farmers or researchers who will benefit from our innovation. In short, ethical financial management is about doing the right thing, not just the legal thing, and it forms the foundation for trust, credibility, and long-term sustainability in any project..

[Audio] Let's focus now on transparency. Transparency means openness and traceability. Every financial decision, every transaction, and every expenditure should be clear, justified, and easy to track. Transparency allows all partners to understand where money is going, why it's being spent, and how it supports the project's objectives. It also allows auditors, funding agencies, and other stakeholders to verify that funds are used correctly. Without transparency, even small errors or misunderstandings can quickly become serious compliance issues. For example, let's say the consortium purchases a fleet of drones for crop monitoring. Transparency would mean that every invoice is documented, every approval is recorded, and all partners have access to this information as appropriate. That way, anyone can trace a payment from the bank account all the way to the actual equipment purchased. Transparency also enables early detection of errors. If a partner accidentally overspends on a deliverable, transparent records make it possible to spot the issue early and take corrective action, rather than discovering it during an audit when it may be too late. Ultimately, transparency is about accountability and trust. It ensures that every partner and every funder knows that resources are being used effectively, responsibly, and in line with the project's goals..

[Audio] While transparency is essential, we must also recognize the importance of confidentiality. Financial records often contain sensitive information, including personal data like salaries, commercial terms with suppliers, or strategic budget plans. Confidentiality ensures that this information is protected from unauthorized access, while still allowing the consortium to operate effectively. For example, payroll data should only be accessible to HR and finance personnel, not the entire project team. Similarly, supplier bids or quotes should be limited to those directly involved in procurement decisions. By protecting this information, we safeguard partners' privacy, preserve competitive fairness, and comply with legal requirements such as GDPR. Confidentiality is not about hiding information from partners—it's about ensuring that sensitive data is handled responsibly. In other words, we need to share the right information with the right people at the right time, balancing openness with protection. In practice, this means implementing access controls, secure file storage, and clear procedures for who can see and approve sensitive financial data. Confidentiality is a key part of ethical governance—it protects both the consortium and the individuals involved, while maintaining trust and credibility..

[Audio] Finally, we need to talk about balance. In financial management, transparency and confidentiality are two sides of the same coin. Too much transparency can expose sensitive data unnecessarily, while too much confidentiality can prevent accountability and hinder trust. The key is to define clear policies: what information should be shared, with whom, and under what circumstances. For example, general budget summaries might be shared with all partners, while individual payroll records or supplier quotes are restricted to authorized personnel. This balance is critical in multi-partner projects, where partners span multiple countries and institutions, each with different regulations and expectations. Clear communication about how information is handled, combined with secure storage and controlled access, allows the consortium to maintain both transparency and confidentiality. Balancing these principles is not just a technical task—it's an ethical responsibility. By doing it well, we demonstrate integrity, accountability, and respect for both the project and its partners. It allows the project to run smoothly, supports compliance, and ultimately strengthens trust among all stakeholders..

[Audio] Now, let's focus on data protection in financial management, which is a critical part of governance in any EU-funded project. In Horizon Europe projects, financial records are not just numbers on a spreadsheet—they often contain personal information, such as staff salaries, reimbursement claims, or payroll data. They may also contain commercially sensitive information, like supplier bids, contracts, or pricing details. Protecting this information is crucial for three main reasons. First, it's a legal obligation. Under GDPR, any personal data collected and processed in the context of the project must be handled responsibly, securely, and only for the purposes it was collected. Second, it's about trust. If partners, staff, or suppliers feel that their sensitive data is not protected, they may hesitate to collaborate openly, which can hinder project progress. Third, it's about risk management. Poor data protection can lead to data breaches, legal penalties, reputational damage, or even loss of funding. Let me give you an example. Suppose your consortium manages a project budget that includes detailed payroll records for staff in multiple countries. If those records were accidentally shared with all project partners or stored in an unsecure location, it could violate GDPR and expose sensitive personal information. This is why careful data handling is critical, even for routine financial tasks. So, in financial management, data protection is not optional or secondary—it is central. By ensuring compliance with GDPR, we safeguard individuals' privacy, protect commercial interests, and demonstrate that the consortium is a trustworthy and responsible manager of public funds..

[Audio] Next, let's look at the key GDPR principles that apply to financial records. GDPR sets out clear requirements for how personal data must be collected, processed, stored, and shared. Let's walk through the most important ones in the context of financial management. First, lawfulness, fairness, and transparency. This means any data we collect—such as names, salaries, bank details, or reimbursement information—must be collected and used according to legal rules, and the data subjects must know what the data is being used for. Second, purpose limitation. Financial data should only be collected for specific, legitimate purposes, such as processing payroll, reimbursing expenses, or preparing audit reports. We cannot repurpose financial data for unrelated projects or use it for personal reasons. Third, data minimisation. Only the information necessary for the purpose should be collected. For example, if you need to reimburse a travel expense, you only need the name of the traveler, the amount, and the relevant receipts. You do not need additional personal details like home addresses unless legally required. Fourth, accuracy. Financial records must be up-to-date and correct. Mistakes in salary records, partner reimbursements, or invoices can lead to errors in reporting and audits, and may even breach GDPR. Fifth, storage limitation. Data should not be kept longer than necessary. Old records that are no longer required for audits or reporting should be securely deleted or anonymized. Finally, integrity and confidentiality. All financial data must be protected against unauthorized access, loss, or damage. This includes using secure storage systems, encrypted files, and controlled access. In practice, following these principles ensures that financial data is accurate, secure, and legally compliant, which strengthens both governance and trust within the consortium..

[Audio] Now, let's get practical and talk about how to implement GDPR-compliant data protection for financial records. There are several key steps that every consortium should take. First, restrict access. Only authorized personnel—such as financial officers, payroll staff, or designated auditors—should have access to sensitive financial records. Access should be granted on a need-to-know basis. Second, secure storage. Financial data should be stored in encrypted systems, secure servers, or password-protected files. Physical records, such as signed invoices, should also be stored in locked cabinets. Third, regularly review access rights. As partners leave the project or roles change, access to sensitive data should be updated immediately. This prevents former staff from accessing financial information they no longer need. Fourth, establish clear policies for sharing, retention, and deletion. For example, payroll records may need to be kept for a certain number of years for audit purposes, after which they should be securely destroyed. Supplier quotes may have different retention periods. Finally, maintain audit trails. Every financial transaction or data modification should be logged and traceable. This not only supports transparency but also provides evidence during audits that data protection measures are being followed. To give an example, imagine the consortium is reimbursing travel expenses for partners in multiple countries. Only the finance officer should access the receipts and payment details, and all files should be stored in an encrypted system. When the audit is complete, old receipts should be securely deleted in accordance with the consortium's data retention policy. This ensures both compliance and operational efficiency..

[Audio] Finally, let's tie it all together. Data protection is not just a legal or technical requirement—it is a fundamental aspect of ethical financial governance. By protecting financial data in line with GDPR, the consortium shows respect for partners, staff, and suppliers. It demonstrates that sensitive information will not be misused or exposed, and that the consortium can be trusted to manage public funds responsibly. Integrating data protection into financial workflows also reinforces transparency. Partners can trust that they will have access to the information they need for decision-making, without compromising the confidentiality of sensitive data. It creates a culture of accountability, ethical responsibility, and professionalism across the project. Think of GDPR not as a bureaucratic hurdle, but as a tool that helps us balance ethics, transparency, and operational effectiveness. When implemented well, it ensures that financial governance is not only compliant but also credible and sustainable. Strong data protection is therefore an essential pillar of both ethical and effective project management, supporting the long-term success of the project and the trust of funders and stakeholders alike..

thank you!. TALLHEDA has received funding from the European Union's Horizon Europe research and innovation programme under Grant Agreement No. 101136578. Funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Research Executive Agency (REA). Neither the European Union nor the granting authority can be held responsible for them..