Access to European Union law
<a href="https://eur-lex.europa.eu/content/help/eurlex-content/experimental-features.html" target="_blank">More about the experimental features corner</a>
Choose the experimental features you want to try
EUR-Lex
Access to European Union law

This document is an excerpt from the EUR-Lex website

You are here
Use quotation marks to search for an "exact phrase". Append an asterisk (*) to a search term to find variations of it (transp*, 32019R*). Use a question mark (?) instead of a single character in your search term to find variations of it (ca?e finds case, cane, care).
Search tips
Need more search options? Use the Advanced search

Document 52011TA1215(04)

Report on the annual accounts of the European Network and Information Security Agency for the financial year 2010, together with the Agency’s replies

OJ C 366, 15.12.2011, p. 15–20 (BG, ES, CS, DA, DE, ET, EL, EN, FR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

15.12.2011   

EN

Official Journal of the European Union

C 366/15

REPORT

on the annual accounts of the European Network and Information Security Agency for the financial year 2010, together with the Agency’s replies

2011/C 366/04

INTRODUCTION

1.

The European Network and Information Security Agency (hereinafter ‘the Agency’), which is located in Heraklion, was created by Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 (1), amended by Regulation (EC) No 1007/2008 of the European Parliament and of the Council of 24 September 2008 (2). The Agency's main task is to enhance the Union’s capability to prevent and respond to network and information security problems by building on national and Union efforts (3).

2.

The Agency’s final 2010 budget was 8,1 million euro, compared with 8,1 million euro the previous year. The number of staff employed by the Agency at the end of the year was 53 as compared with 56 the previous year.

STATEMENT OF ASSURANCE

3.

Pursuant to the provisions of Article 287(1), second subparagraph, of the Treaty on the Functioning of the European Union, the Court has audited the annual accounts (4) of the Agency, which comprise the ‘financial statements’ (5) and the ‘reports on the implementation of the budget’ (6) for the financial year ended 31 December 2010, and the legality and regularity of the transactions underlying those accounts.

4.

This Statement of Assurance is addressed to the European Parliament and the Council in accordance with Article 185(2) of Council Regulation (EC, Euratom) No 1605/2002 (7).

The Director’s responsibility

5.

As authorising officer, the Director implements the revenue and expenditure of the budget in accordance with the financial rules of the Agency, under his own responsibility and within the limits of the authorised appropriations (8). The Director is responsible for putting in place (9) the organisational structure and the internal management and control systems and procedures relevant for drawing up final accounts (10) that are free from material misstatement, whether due to fraud or error, and for ensuring that the transactions underlying those accounts are legal and regular.

The Court’s responsibility

6.

The Court’s responsibility is to provide, on the basis of its audit, a statement of assurance as to the reliability of the annual accounts of the Agency and the legality and regularity of the transactions underlying them.

7.

The Court conducted its audit in accordance with the IFAC and ISSAI (11) International Auditing Standards and Codes of Ethics. Those standards require the Court to comply with ethical requirements and to plan and perform the audit so as to obtain reasonable assurance as to whether the accounts are free of material misstatement and whether the underlying transactions are legal and regular.

8.

The Court’s audit involves performing procedures to obtain audit evidence of the amounts and disclosures in the accounts and of the legality and regularity of the transactions underlying them. The procedures selected, including its assessment of the risks of material misstatement of the accounts or of illegal or irregular transactions, whether due to fraud or error, depend on its audit judgement. In making those risk assessments, internal controls relevant to the entity’s preparation and presentation of accounts are considered in order to design audit procedures that are appropriate in the circumstances. The Court’s audit also includes evaluating the appropriateness of the accounting policies used and the reasonableness of the accounting estimates made by management, as well as evaluating the overall presentation of the accounts.

9.

The Court believes that the audit evidence obtained is sufficient and appropriate to provide a basis for the opinions set out below.

Opinion on the reliability of the accounts

10.

In the Court’s opinion, the Agency’s Annual Accounts (12) fairly present, in all material respects, its financial position as of 31 December 2010 and the results of its operations and its cash flows for the year then ended, in accordance with the provisions of its Financial Regulation.

Opinion on the legality and the regularity of the transactions underlying the accounts

11.

In the Court’s opinion, the transactions underlying the annual accounts of the Agency for the financial year ended 31 December 2010 are, in all material respects, legal and regular.

12.

The comments which follow do not call the Court’s opinions into question.

COMMENTS ON THE BUDGETARY AND FINANCIAL MANAGEMENT

13.

In 2010, 52 % of the Agency’s operational budget (Title III) was committed but not spent. This level of carry-over is excessive and at odds with the budgetary principle of annuality.

OTHER MATTERS

14.

With regard to staff selection procedures, neither the thresholds that candidates had to meet in order to be invited to interview nor those necessary for them to be put on the reserve list were fixed in advance. They were set by the selection board after the evaluation of the candidates. These practices put at risk the transparency of the recruitment procedures.

This Report was adopted by Chamber IV, headed by Mr Igors LUDBORŽS, Member of the Court of Auditors, in Luxembourg at its meeting of 6 September 2011.

For the Court of Auditors

Vítor Manuel da SILVA CALDEIRA

President

(1)  OJ L 77, 13.3.2004, p. 1.

(2)  OJ L 293, 31.10.2008, p. 1.

(3)  The Annex summarises the Agency's competences and activities. It is presented for information purposes.

(4)  These accounts are accompanied by a report on the budgetary and financial management during the year which gives inter alia an account of the rate of implementation of the appropriations, with summary information on the transfers of appropriations among the various budget items.

(5)  The financial statements include the balance sheet and the economic outturn account, the cash-flow table, the statement of changes in capital and the annex to the financial statements, which includes a description of the main accounting policies and other explanatory information.

(6)  The budget implementation reports comprise the budget outturn account and its annex.

(7)  OJ L 248, 16.9.2002, p. 1.

(8)  Article 33 of Commission Regulation (EC, Euratom) No 2343/2002 of 19 November 2002 (OJ L 357, 31.12.2002, p. 72).

(9)  Article 38 of Regulation (EC, Euratom) No 2343/2002.

(10)  The rules concerning the presentation of the accounts and accounting by the Agencies are laid down in Chapter 1 of Title VII of Regulation (EC, Euratom) No 2343/2002 as last amended by Regulation (EC, Euratom) No 652/2008 of 9 July 2008 (OJ L 181, 10.7.2008, p. 23) and are integrated as such in the Financial Regulation of the Agency.

(11)  International Federation of Accountants (IFAC) and International Standards of Supreme Audit Institutions (ISSAI).

(12)  The Final Annual Accounts were drawn up on 7 June 2011 and received by the Court on 30 June 2011. The Final Annual Accounts can be found on the following website http://eca.europa.eu or http://www.enisa.europa.eu/about-enisa/accounting-finance

ANNEX

European Network and Information Security Agency (Heraklion)

Competences and activities

Areas of Union competence deriving from the Treaty

(Council Decision of 19 February 2004, taken on the basis of the Treaty on the Functioning of the European Union)

The representatives of the Member State governments have, by common agreement, adopted a statement on the creation of a European Network and Information Security Agency. The Agency should operate as a point of reference and establish confidence by virtue of its independence, the quality of the advice it delivers and the information it disseminates, the transparency of its procedures and methods of operating, and its diligence in performing the tasks assigned to it.

Competences of the Agency

(Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004)

Objectives

The Agency enhances the capability of the Union, the Member States and the business Union to prevent, address and respond to network and information security problems.

The Agency provides assistance and delivers advice to the Commission and the Member States on issues related to network and information security falling within its competencies.

The Agency develops a high level of expertise and uses this expertise to stimulate broad cooperation between actors from the public and private sectors.

Tasks

The Agency:

collects information on current and emerging risks that could produce an impact on electronic communications networks,

provides the European Parliament, the Commission and European bodies or competent national bodies with advice and assistance,

enhances cooperation between actors in its field,

facilitates cooperation on common methodologies to address network and information security issues,

contributes to awareness-raising on network and information security issues for all users,

assists the Commission and the Member States in relations with industry,

tracks standards,

advises the Commission on research in the area of network and information,

promotes risk assessment activities on prevention solutions,

contributes to cooperation with third countries.

Governance

1 —   Management Board

The Management Board shall be composed of one representative of each Member State, three representatives appointed by the Commission, as well as three representatives, proposed by the Commission and appointed by the Council, without the right to vote, each of whom represents one of the following groups:

information and communication technologies industry,

consumer groups,

academic experts in network and information security.

2 —   Executive Director

1.

The Agency is managed by its Executive Director, who is independent in the performance of his duties.

2.

The Executive Director is appointed for a term of office of up to five years.

3 —   External audit

Court of Auditors.

4 —   Discharge authority

Parliament, acting on a recommendation from the Council.

Resources made available to the Agency in 2010 (2009)

Final Budget

8,1 (8,1) million euro of which the Community subsidy is 100 % (100 %).

Staff at 31 December 2010

44 (44) posts foreseen in the establishment plan, of which occupied: 40 (43).

Other posts occupied:

11 (9) Contract Agents, 2 (4) Seconded National Experts.

Total staff: 53 (56), undertaking the following tasks:

 

operational: 34 (38)

 

administrative: 19 (18)

 

mixed: 0 (1)

Products and services in 2010 (2009)

MTP  (1) 1:   Improving resilience in European electronic communication network

In 2010, the main effort in this area was to support the actions described in the communication released by the Commission in March 2009. (Deliverables: 6)

MTP 2:   Developing and maintaining co-operation between Member States

In 2010, co-operation among Member States was developed further and international cooperation opportunities were explored with the aim of improving the capabilities of all Members States and increasing the overall coherence of the approach to NIS at the pan-European level. Due to its limited resources, the Agency cooperated closely with the Commission services in order to minimize its efforts and maximize the results. (Deliverables: 12)

MTP 3:   Identifying emerging risks for creating trust and confidence

The Agency established a framework that will enable decision makers to better understand and assess emerging risks arising from new technologies and new applications. The Agency continued preparing Risk Assessment reports to express the Agency's view on emerging risks arising from new technologies and new applications. In addition, the Agency explored topics related to accountability and trust in the future Internet. As such, this MTP provided an antenna function for decision makers in Europe and possibly beyond. (Deliverables: 2)

PA  (2) 1:   Identity, accountability and trust in the future Internet

The overall goal of this Preparatory Action was to ‘ensure that Europe maintains a high level of security and confidence of both users and industry on the electronic communication infrastructure and provided services, while at the same time limiting the threats to civil liberties and privacy’. (Deliverables: 5)

PA2:   Identifying drivers and frameworks for EU sectoral NIS Cooperation

The purpose of this PA was to clarify the question of how to get commitments from relevant actors to collective action to address NIS challenges at a pan-European level. (Deliverables: 1)

Source: Information supplied by the Agency.

(1)  MTP: Multiannual thematic programme.

(2)  PA: Preparatory Action.

THE AGENCY’S REPLIES

13.

ENISA’s activity life cycle along with the fluctuations of staff contributed to the level of carry-forward noted by the Court. The Agency carries out a project to further optimise its procedures, improve procurement planning, and implement a project management and follow-up tool.

14.

Guidelines for the Selection Boards are currently under way. Additionally, the list of information to be included in the minutes of the Selection Boards was revised foreseeing the establishment of thresholds before assessing the list of suitable candidates.
Top