PURPOSE: presentation of the EU Court of
Auditors’ report on the annual accounts of the European
Network and Information Security Agency (ENISA) for the year 2013,
together with the Agency’s reply.
CONTENT: in accordance with the tasks conferred on the
Court of Auditors by the Treaty on the Functioning of the European
Union, the Court presents to the European Parliament and to the
Council, in the context of the discharge procedure, a Statement of
Assurance as to the reliability of the annual accounts of each
institution, body or agency of the EU, and the legality and
regularity of the transactions underlying them, on the basis of an
independent external audit.
This audit concerned, amongst others, the annual
accounts of the European Network and Information Security Agency
(ENISA).
Statement of assurance:
pursuant to the provisions of Article 287 of the Treaty on the
Functioning of the European Union (TFEU), the Court has
audited:
- the annual accounts of the Agency, which comprise the
financial statements and the reports on the implementation of the
budget for the financial year ended 31 December 2013;
- the legality and regularity of the transactions
underlying those accounts.
Opinion on the reliability of the
accounts: in the Court’s
opinion, the Agency’s annual accounts present fairly, in all
material respects, its financial position as at 31 December 2013
and the results of its operations and its cash flows for the year
then ended, in accordance with the provisions of its Financial
Regulation and the accounting rules adopted by the
Commission’s accounting officer.
Opinion on the legality and regularity of the
transactions underlying the accounts:
in the Court’s opinion, the transactions underlying the annual
accounts for the year ended 31 December 2013 are legal and regular
in all material respects.
The report also makes a series of observations on the
budgetary and financial management of the Agency, accompanied by
the latter’s response. The main observations may be summarised
as follows:
The Court’s observations:
- budgetary management:
the overall level of committed appropriations was 94 %, which is
explained mainly by the fact that additional funds requested from
the Commission to finance the refurbishment of the new office in
Athens were only approved in November 2013. In this context, an
amount of EUR 500 000 that was not yet committed at year-end was
carried over following a Management Board decision. In total,
non-committed and committed appropriations carried over to 2014
amounted to EUR 1.2 million (or 13.5% of total
appropriations);
- double headquarters:
operational staff of ENISA were relocated to Athens in 2013 while
administrative staff remain in Heraklion. The administrative costs
could be reduced if all staff were centralised in one location.
According to the lease agreement between the Greek authorities, the
Agency and the landlord, rent for the offices in Athens is paid by
the Greek authorities. This rent is constantly paid with a delay of
several months which is a business continuity and financial risk to
the Agency.
The Agency’s reply:
- budgetary management:
the Agency noted that the EUR 500 000 carried over at year end were
committed in 2014 at a rate of 99.78%;
- double headquarters: the
Agency noted that the creation of an additional office based in
Athens was a political compromise reached among the European
Parliament, the Commission and the government of the host country,
in order to increase the operational efficiency of the Agency and
in particular of the work of the Core Operations Department. This
decision was beyond the influence of ENISA. The Agency agreed with
the comment and notes that it continuously communicates the
problems and the risks involved to the partner DG CNECT and various
authorities of the Greek Government in order to ensure that the
issues pertaining to the payment of the subsidy from the Greek
Government are overcome. The Agency continues to exercise and
explore all possible remedies arising from the late payments from
the Greek Government. To date the Agency has been able to mitigate
any risks arising from the late payments.
Lastly, the Court of Auditors’ report contains a
summary of the Agency’s activities in 2013. This is
focused on the following:
Budget: EUR 9.7 million
of which the Union subsidy is 93%.
Activities:
- threat evaluation and opportunities: the objective of this work stream was to identify
the most important evolving threats that are relevant to critical
infrastructure and trust services. This was done by monitoring
publicly available sources that publish threat-related data and by
making a regular assessment of this data. Based on the analysis
done, ENISA has proposed good practices and guidelines for
mitigating these risks;
- improving Pan-European Protecting Critical Information
Infrastructures (CIIP) by
facilitating cooperation and coordination among Member States,
ENISA has continued in this work stream to support all of these
stakeholders in developing sound and implementable preparedness,
response and recovery strategies, policies and measures to meet the
challenges of a continuously evolving threat
environment;
- support CERT (Computer
Emergency Response Team) enabling communities to improve network
and information security (NIS).