19.12.2007 |
EN |
Official Journal of the European Union |
C 309/1 |
REPORT
on the annual accounts of the European Network and Information Security Agency for the financial year 2006 together with the Agency's replies
(2007/C 309/01)
CONTENTS
1-2 |
INTRODUCTION |
3-6 |
STATEMENT OF ASSURANCE |
7-9 |
OBSERVATIONS |
Tables 1 to 4
The Agency's replies
INTRODUCTION
1. |
The European Network and Information Security Agency (hereinafter ‘the Agency’) was created by Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 (1). The Agency's main task is to enhance the capability of the Community to prevent and respond to network and information security problems by building on national and Community efforts. |
2. |
Table 1 summarises the Agency's competences and activities. Key data summarised from the financial statements drawn up by the Agency for the financial year 2006 is presented in Tables 2, 3 and 4 for information purposes. |
STATEMENT OF ASSURANCE
3. |
This Statement is addressed to the European Parliament and the Council in accordance with Article 185(2) of Council Regulation (EC, Euratom) No 1605/2002 of 25 June 2002 (2); it was drawn up following an examination of the Agency's accounts, as required by Article 248 of the Treaty establishing the European Community. |
4. |
The Agency's accounts for the financial year ended 31 December 2006 (3) were drawn up by its Executive Director, pursuant to Article 17 of Regulation (EC) No 460/2004, and sent to the Court, which is required to give a statement of assurance on their reliability and on the legality and regularity of the underlying transactions. |
5. |
The Court conducted its audit in accordance with the IFAC and INTOSAI International Auditing Standards and Codes of Ethics, insofar as these are applicable in the European Community context. The audit was planned and performed to obtain reasonable assurance that the accounts are reliable and that the underlying transactions are legal and regular. |
6. |
The Court has thus obtained a reasonable basis for the Statement set out below: Reliability of the accountsThe Agency's accounts for the financial year ended 31 December 2006 are, in all material respects, reliable.Legality and regularity of the underlying transactionsThe transactions underlying the Agency's annual accounts, taken as a whole, are legal and regular.The observations which follow do not call the Court's Statement into question. |
OBSERVATIONS
7. |
The implementation of the Agency's budget for the financial year 2006 shows a utilisation rate of 90 % of commitment appropriations and 76 % of payment appropriations. There was a concentration of transactions in the last quarter of the year. Furthermore, the weaknesses of the procedures for establishing the budget, led to a high number of transfers (4). Thus, the budgetary principles of annuality and specification were not strictly observed. |
8. |
The general accounting software used by the Agency makes it possible to amend entries without leaving an audit trail. Furthermore, a system for recording invoices that ensures the accuracy of the financial information in the final accounts, has not been established. |
9. |
The internal control procedures required by the Financial Regulation to ensure transparency and sound financial management have not yet all been documented. The Management Board did not formally adopt standards for internal control and the code of professional ethics. Written instructions for archiving supporting documentation of transactions were missing. A financial irregularities panel was not established. |
This report was adopted by the Court of Auditors in Luxembourg at its meeting of 27 September 2007.
For the Court of Auditors
Hubert WEBER
President
(2) OJ L 248, 16.9.2002, p. 1.
(3) These accounts were drawn up on 1st July 2007 and received by the Court on 5th July 2007.
(4) During 2006, more than 45 transfers were made.
Table 1
European Network and Information Security Agency (Heraklion)
Areas of Community competence |
Competences of the Agency (Council Regulation (EC) No 460/2004 of 10 March 2004) |
Governance |
Resources made available to the Agency |
Products and services supplied |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The representatives of the Member State governments have, by common agreement, adopted a statement on the creation of a European Network and Information Security Agency. The Agency should operate as a point of reference and establish confidence by virtue of its independence, the quality of the advice it delivers and the information it disseminates, the transparency of its procedures and methods of operating, and its diligence in performing the tasks assigned to it. (Council Decision of 19 February 2004, taken on the basis of Article 251 of the Treaty). |
Objectives
|
Tasks The Agency:
|
1. Management Board
2. Executive Director
3. External audit Court of Auditors. 4. Internal audit The Commission's Internal Auditor. 5. Discharge authority Parliament on a recommendation from the Council. |
2006 final budget: 6,9 (6,3) million euro (100 % Community subsidy). Staff figures on 31 December 2006: 44 (38) posts according to the establishment plan posts occupied: 38 (35) 8 (15) other staff Total staff: 46 (50) assigned to the following duties: operational: 24 (22) administrative: 22 (28) |
Working groups Three Working Groups on (a) Risk management/Risk Assessment, (b) CERTS and (c) Regulatory Aspects of Network & Information Security (RANIS). Publications Annual report, ENISA Quarterly (four Issues)
Cooperation with Member States and other institutions
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Source: Information supplied by the Agency. |
Source: Data supplied by the Agency — These tables summarise the data provided by the Agency in its annual accounts: these accounts are drawn up on an accrual basis.
Table 2
European Network and Information Security Agency (Heraklion) — Implementation of the budget for the financial year 2006
(1000 euro) |
||||||||||||
Revenue |
Expenditure |
|||||||||||
Source of revenue |
Revenue entered in the final budget for the financial year |
Revenue collected |
Allocation of expenditure |
Final budget appropriations |
Appropriations carried over from previous financial year(s) |
|||||||
entered |
committed |
paid |
carried over |
cancelled |
entered |
committed |
paid |
cancelled |
||||
Community subsidies |
6 940 |
6 600 |
Title I Staff |
4 249 |
3 989 |
3 728 |
253 |
268 |
257 |
257 |
178 |
79 |
Other revenue |
12 |
12 |
Title II Administration |
859 |
779 |
653 |
126 |
80 |
1 065 |
1 065 |
863 |
202 |
|
|
|
Title III Operating activities |
1 844 |
1 542 |
989 |
538 |
317 |
790 |
790 |
271 |
519 |
Total |
6 952 |
6 612 |
Total |
6 952 |
6 310 |
5 370 |
917 |
665 |
2 112 |
2 112 |
1 312 |
800 |
Source: Data supplied by the Agency — These tables summarise the data provided by the Agency in its annual accounts. Revenue collected and payments are estimated on a cash basis. |
Table 3
European Network and Information Security Agency (Heraklion) — Economic outturn account for the financial years 2006 and 2005
(1000 euro) |
||
|
2006 |
2005 |
Operating revenue |
||
Community subsidies |
5 476 |
4 251 |
Other revenues |
12 |
— |
Total (a) |
5 488 |
4 251 |
Operating expenditure |
||
Staff expenditure |
3 100 |
1 040 |
Fixed asset related expenditure |
103 |
31 |
Other administrative expenditure |
1 515 |
1 563 |
Operational expenditure |
1 236 |
518 |
Total (b) |
5 954 |
3 152 |
Surplus /(deficit) from operating activities (c = a – b) |
– 466 |
1 099 |
Financial operations revenue (e) |
— |
— |
Financial operations expenditure (f) |
–2 |
–1 |
Surplus /(deficit) from non-operating activities (g = e – f) |
–2 |
–1 |
Economic result for the year (h = c + g) |
– 468 |
1 098 |
Table 4
European Network and Information Security Agency (Heraklion) — Balance sheet at 31 December 2006 and 2005
(1000 euro) |
||
|
2006 |
2005 |
Non-current assets |
||
Intangible fixed assets |
33 |
12 |
Tangible fixed assets |
312 |
332 |
Current assets |
||
Short-term receivables |
56 |
13 |
Cash and cash equivalents |
2 519 |
2 510 |
Total assets |
2 920 |
2 867 |
Current liabilities |
||
Provisions for risks and charges |
66 |
45 |
Accounts payable |
2 224 |
1 724 |
Total liabilities |
2 290 |
1 769 |
Net assets |
||
Accumulated surplus/deficit |
1 098 |
— |
Economic result for the year |
– 468 |
1 098 |
Total net assets |
630 |
1 098 |
Total liabilities and net assets |
2 920 |
2 867 |
THE AGENCY'S REPLIES
7. |
Being in its first full year of operation, the Agency intensified its activity in the second half of the year resulting in having many transactions in the last quarter. Also, in 2006, the position of budget officer remained vacant for more than five months which affected the ability of the Agency to optimise planning and minimize the transfers for the year. |
8. |
ENISA has already applied for ABAC, the Commission's accounting software since 2005. Based on the schedule of the Commission the project will be launched early in 2008. The system for recording invoices was revised before the preparation of the final accounts and is being applied since. |
9. |
ENISA will present to its Management Board for adoption standards for internal control as well as a code of ethics. The executive director will put in place the organisational structure and all the procedures and controls necessary to their implementation. |