10.12.2014   

EN

Official Journal of the European Union

C 442/326

REPORT

on the annual accounts of the European Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA) for the financial year 2013, together with the Agency’s replies

(2014/C 442/38)

INTRODUCTION

1.

The European Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), hereinafter ‘the Agency’, which is located in Tallinn, Strasbourg and St. Johann im Pongau (see para. 18), was established by Regulation (EC) No 1077/2011 of the European Parliament and of the Council (1). The core mission of this Agency is to fulfil the operational management tasks for the Second Generation Schengen Information System (SIS II), the Visa Information System (VIS) and Eurodac (2).

2.

The Commission granted financial autonomy to the Agency on 22 May 2013. Therefore the audited period for the financial year 2013 runs from 22 May 2013 to 31 December 2013.

INFORMATION IN SUPPORT OF THE STATEMENT OF ASSURANCE

3.

The audit approach taken by the Court comprises analytical audit procedures, direct testing of transactions and an assessment of key controls of the Agency’s supervisory and control systems. This is supplemented by evidence provided by the work of other auditors (where relevant) and an analysis of management representations.

STATEMENT OF ASSURANCE

4.

Pursuant to the provisions of Article 287 of the Treaty on the Functioning of the European Union (TFEU), the Court has audited:

(a)

the annual accounts of the Agency, which comprise the financial statements (3) and the reports on the implementation of the budget (4) for the financial year ended 31 December 2013; and

(b)

the legality and regularity of the transactions underlying those accounts.

The management’s responsibility

5.

The management is responsible for the preparation and fair presentation of the annual accounts of the Agency and the legality and regularity of the underlying transactions (5).

(a)

The management’s responsibilities in respect of the Agency’s annual accounts include designing, implementing and maintaining an internal control system relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error; selecting and applying appropriate accounting policies on the basis of the accounting rules adopted by the Commission’s accounting officer (6); making accounting estimates that are reasonable in the circumstances. The Administrative Manager approves the annual accounts of the Agency after its accounting officer has prepared them on the basis of all available information and established a note to accompany the accounts in which he declares, inter alia, that he has reasonable assurance that they present a true and fair view of the financial position of the Agency in all material respects.

(b)

The management’s responsibilities in respect of the legality and regularity of the underlying transactions and compliance with the principle of sound financial management consist of designing, implementing and maintaining an effective and efficient internal control system comprising adequate supervision and appropriate measures to prevent irregularities and fraud and, if necessary, legal proceedings to recover funds wrongly paid or used.

The auditor’s responsibility

6.

The Court’s responsibility is, on the basis of its audit, to provide the European Parliament and the Council (7) with a statement of assurance as to the reliability of the annual accounts and the legality and regularity of the underlying transactions. The Court conducts its audit in accordance with the IFAC International Standards on Auditing and Codes of Ethics and the INTOSAI International Standards of Supreme Audit Institutions. These standards require the Court to plan and perform the audit to obtain reasonable assurance as to whether the annual accounts of the Agency are free from material misstatement and the transactions underlying them are legal and regular.

7.

The audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the accounts and the legality and regularity of the underlying transactions. The procedures selected depend on the auditor’s judgement, which is based on an assessment of the risks of material misstatement of the accounts and material non-compliance by the underlying transactions with the requirements in the legal framework of the European Union, whether due to fraud or error. In assessing these risks, the auditor considers any internal controls relevant to the preparation and fair presentation of the accounts, as well as the supervisory and control systems that are implemented to ensure the legality and regularity of underlying transactions, and designs audit procedures that are appropriate in the circumstances. The audit also entails evaluating the appropriateness of accounting policies, the reasonableness of accounting estimates and the overall presentation of the accounts.

8.

The Court considers that the audit evidence obtained is sufficient and appropriate to provide a basis for its statement of assurance.

Opinion on the reliability of the accounts

9.

In the Court’s opinion, the annual accounts of the Agency present fairly, in all material respects, its financial position as at 31 December 2013 and the results of its operations and its cash flows for the year then ended, in accordance with the provisions of its Financial Regulation and the accounting rules adopted by the Commission’s accounting officer.

Opinion on the legality and regularity of the transactions underlying the accounts

10.

In the Court’s opinion, the transactions underlying the annual accounts for the year ended 31 December 2013 are legal and regular in all material respects.

Emphasis of matter in relation to the reliability of the accounts

11.

Without calling into question the opinion expressed in paragraph 9, the Court draws attention to the valuation of the Schengen Information System (SIS II), the Visa Information System (VIS) and Eurodac (systems) in the Agency’s accounts. The operational management of these systems was transferred to the Agency from the Commission in May 2013 by way of a non-exchange transaction and is the core task of the Agency. In the absence of reliable and complete information in respect of their total development cost, they are recorded in the Agency’s accounts at their net book values as per the Commission’s books and updated at year-end. These values relate mainly to hardware and off-the-shelf software components and do not include software development costs (see note 6.3.1 to the annual accounts of the Agency).

12.

The comments which follow do not call the Court’s opinion on the reliability of the accounts and its opinion on the legality and regularity of the transactions underlying the accounts into question. It should be noted that 2013 was the first year of the Agency’s financial autonomy and that the establishment of its procedures is ongoing.

COMMENTS ON INTERNAL CONTROLS

13.

The development of the Agency’s Internal Control Standards was ongoing at the end of the year. They were approved by the Management Board in June 2014.

14.

There is no insurance coverage for fixed tangible assets, except for multi-risk fire for the premises in Tallinn.

COMMENTS ON BUDGETARY MANAGEMENT

15.

According to the Agency’s Founding Regulation (8), the Commission was responsible for the establishment and initial operation of the Agency until it was granted financial autonomy on 22 May 2013. The migration of data on commitment and payment appropriations from the Commission to the Agency was a complex process and a reconciliation of the figures between the Commission’s and the Agency’s accounting systems was finally completed in June 2014. This affected the Agency’s payment planning and the preparation of its provisional accounts.

16.

According to the Agency’s final accounts budget implementation rates were 96 % for commitment appropriations and 67 % for payment appropriations. Due to the fact that part of the Agency’s total annual budget was executed by the Commission and the differences between the Commission’s and the Agency’s budgetary structures, a more detailed analysis per budget title could not be carried out for 2013.

17.

According to the Agency’s Founding Regulation (9), countries associated with the implementation, application and development of the Schengen acquis and Eurodac-related measures must make a contribution to the Agency’s budget. Although Schengen associated countries were using the systems managed by the Agency in 2013 the Commission’s negotiations were still ongoing.

OTHER COMMENTS

18.

Though the seat of the Agency is in Tallinn (with 46 occupied posts), operational activities are carried out in Strasbourg (with 79 occupied posts) (10). It is likely that management effectiveness could be increased and administrative costs reduced if all staff were centralised in one location.

19.

A headquarters agreement that would clarify the conditions under which the Agency and its staff operate has not yet been signed with the host Member State, Estonia, and negotiations were still ongoing at the time of the audit.

This Report was adopted by Chamber IV, headed by Mr Pietro RUSSO, Member of the Court of Auditors, in Luxembourg at its meeting of 16 September 2014.

For the Court of Auditors

Vítor Manuel da SILVA CALDEIRA

President

(1)  OJ L 286, 1.11.2011, p. 1.

(2)  Annex summarises the Agency’s competences and activities. It is presented for information purposes.

(3)  These include the balance sheet and the economic outturn account, the cash flow table, the statement of changes in net assets and a summary of the significant accounting policies and other explanatory notes.

(4)  These comprise the budgetary outturn account and the annex to the budgetary outturn account.

(5)  Articles 39 and 50 of Commission Delegated Regulation (EU) No 1271/2013 (OJ L 328, 7.12.2013, p. 42)

(6)  The accounting rules adopted by the Commission’s accounting officer are derived from the International Public Sector Accounting Standards (IPSAS) issued by the International Federation of Accountants or, where relevant, the International Accounting Standards (IAS)/International Financial Reporting Standards (IFRS) issued by the International Accounting Standards Board.

(7)  Article 107 of Regulation (EU) No 1271/2013.

(8)  Article 32 of Regulation (EU) No 1077/2011 of the European Parliament and of the Council (OJ L 286, 1.11.2011, p. 1).

(9)  Article 32 of Regulation (EU) No 1077/2011.

(10)  The Agency’s back-up systems are located in Sankt Johann im Pongau with no staff located there.

ANNEX

EU Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (Tallinn)

Competences and activities

Areas of Union competence deriving from the Treaty

(Article 74, 77(2)(a) and (b), 78(2)(e), 79(2)(c), 82(1)(d), 85(1), 87(2)(a) and Article 88(2) of the Treaty on the Functioning of the European Union)

Contribute to the creation of an area of free circulation of people by increasing cooperation on cross-border issues, such as asylum, immigration, border control, as well as judicial and police cooperation in criminal matters.

Competences of the Agency

(Regulation (EC) No 1077/2011of the European Parliament and of the Council)

With reference to its establishing Regulation (EU) No 1077/2011, and without prejudice to the respective responsibilities of the Commission and of the Member States under the legislative instruments governing large-scale IT Systems, the Agency’s objectives are the following:

(a)

effective, secure and continuous operation of large-scale IT systems (at present the second generation Schengen Information System (SIS II), the Visa Information System (VIS) and a large-scale database for the comparison of fingerprints for the effective application of the Dublin Convention (Eurodac));

(b)

the efficient and financially accountable management of large-scale IT systems;

(c)

an adequately high quality of service for users of large-scale IT systems;

(d)

continuity and uninterrupted service;

(e)

a high level of data protection, in accordance with the applicable rules, including specific provisions for each large-scale IT system;

(f)

an appropriate level of data and physical security, in accordance with the applicable rules, including specific provisions for each large-scale IT system; and

(g)

the use of an adequate project management structure for efficiently developing large-scale IT systems.

Governance

1.

 Management Board

The eu-LISA Management Board is composed of one member designated by each Member State, two representatives of the European Commission plus one member from each country associated with the implementation, application and development of the Schengen acquis and Eurodac-related measures. Its function is to ensure that the Agency carries out its tasks, including the appointment and if appropriate the dismissing of the Executive Director.

2.

 Executive Director

The eu-LISA Executive Director is appointed by the Management Board on the basis of a list of eligible candidates identified in an open competition organised by the Commission. His/her function is to manage and represent the Agency. For this purpose he/she shall assume full responsibility for the tasks entrusted to the Agency and shall be subject to the procedure for annual discharge by the European Parliament for the implementation of the budget.

3.

 Advisory Groups: SIS II Advisory Group, VIS Advisory Group and Eurodac Advisory Group

The Advisory Groups are composed of a representative of each Member State, the Commission plus one member from each country associated with the implementation, application and development of the Schengen acquis and Eurodac-related measures. Their function is to provide the Management Board with expertise relating to large-scale IT systems and, in particular, in the context of the preparation of the annual work programme and the annual activity report.

Resources made available to the Agency in 2013

Final Budget  (1)

61,35 million euro (commitment appropriations)

34,38 million euro (payment appropriations)

Staff as at 31 December 2013

Posts authorised:

120 Temporary Agents

6 Contractual Agents

6 Seconded National Experts

Posts occupied:

120 Temporary Agents

5 Contractual Agents

3 Seconded National Experts

Products and services in 2013

Products and services in 2013 included:

Operational management and evolution of SISII, VIS and EURODAC

Helpdesk: provided first level support services to users across all systems under the management of eu-LISA.

Monitoring and evolution of appropriate Service Level Agreements for such systems under the management of the Agency;

Provision of coordination, security and supervision of relations between the Member States and the network provider for the communication infrastructure for SIS II, Eurodac and VIS (sTESTA network);

Participation in preparatory processes to design, develop and implement new systems;

Statistics: timely and accurate provision of statistics and information on the performance of the systems, as provided for in the relevant legal bases;

Reporting: fulfilment of all reporting obligations laid down in the establishing Regulation and legal bases for the IT systems under the Agency's management

Monitoring of new technologies and solutions relevant for the operational management and evolution of SIS II, VIS, Eurodac and other large-scale IT systems.

Training: provision of bespoke system training plans for national authorities on IT systems managed by the Agency

(1)  For the period 22nd May 2013, when the Agency was granted financial autonomy, to 31 December 2013

Source: Annex supplied by the Agency.

THE AGENCY’S REPLIES

11.

The Agency acknowledges the Court’s mention, having regard to it in the notes to the balance sheet, 6.3.1 ‘Non-current assets’, section ‘Material transfer of tangible & intangible fixed assets received from other consolidated entities’.

13.

The Agency acknowledges the Court’s comment and will continue to develop further its robust processes and procedures already in place in order to ensure full compliance with Internal Control Standards’ requirements.

14.

Technical specifications are being drafted, procurement is planned for the second half of the year, aiming at start of contractual execution in the fourth quarter 2014.

15.

During the handover of responsibilities on operational management of the systems from the European Commission to the Agency there was intensive exchange of information at working level. As the Commission informed the Agency:

the migration followed a standard process, already used for the independence of other agencies,

coherence controls by a third independent actor were performed to ensure a safe and complete transfer.

A comprehensive set of documents relating to the technical documentation or contracts signed were transmitted to eu-LISA in electronic or paper format in support of the migration exercise; some original documents were retained by the Commission for control and audit purposes.

While the Agency acknowledges the complexity and length of the reconciliation exercise, a full reconciliation of the budgetary data has been achieved, presenting a complete — i.e. combining DG HOME’s and the Agency’s implementation — overview of the 2013 budget. As the migration of appropriations following financial independence is a non-recurring exercise, future budgetary implementation reporting is expected to provide the basis for fully detailed analysis.

17.

The procedure for adoption by the Council will be launched as soon as the negotiations led by the Commission are over. Following the decision by the Council, the associated countries will have to ratify the agreement in line with their national legislation. It should be noted that the text of the agreements currently includes a provision which entails retroactive payment of contribution to the Agency starting from December 2012.

18.

The organisational set-up of the Agency is governed by its establishing Regulation. The Agency is not in a position to elaborate on this comment.

19.

The Agency acknowledges the observation. The only outstanding item subject of negotiations with the Estonian Government is VAT regime applicable to the Agency's staff.