2014 discharge: European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA)

2015/2195(DEC)

PURPOSE: presentation of the EU Court of Auditors’ report on the annual accounts of the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA) for the year 2014, together with the Agency’s reply.

CONTENT: in accordance with the tasks conferred on the Court of Auditors by the Treaty on the Functioning of the European Union, the Court presents to the European Parliament and to the Council, in the context of the discharge procedure, a Statement of Assurance as to the reliability of the annual accounts of each institution, body or agency of the EU, and the legality and regularity of the transactions underlying them, on the basis of an independent external audit.

This audit concerned, amongst others, the annual accounts of the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA).

Statement of Assurance: pursuant to the provisions of Article 287 of the Treaty on the Functioning of the European Union (TFEU), the Court has audited:

  • the annual accounts of the Foundation, which comprise the financial statements and the reports on the implementation of the budget for the financial year ended 31 December 2014;
  • the legality and regularity of the transactions underlying those accounts.

Opinion on the reliability of the accounts: in the Court’s opinion, the Office’s annual accounts present fairly, in all material respects, its financial position as at 31 December 2014 and the results of its operations and its cash flows for the year then ended, in accordance with the provisions of its Financial Regulation and the accounting rules adopted by the Commission’s accounting officer. Without calling into question this generally favourable opinion, the Court draws attention to the valuation of the Schengen Information System (SIS II), the Visa Information System (VIS) and Eurodac (systems) in the Agency’s accounts. The operational management of these systems is the Agency’s core task. In the absence of reliable and complete information in respect of their total development cost, they are recorded in the Agency’s accounts at their net book values as per the Commission’s books and updated at year end (approximately EUR 6.6 million at date of transfer and EUR 2.1 million euro at 31 December 2014). These values relate mainly to hardware and off-the-shelf software components and do not include software development costs.

Opinion on the legality and regularity of the transactions underlying the accounts: the Court considers that the transactions underlying the annual accounts for the year ended 31 December 2014 are legal and regular in all material respects.

The report also makes a series of observations on the budgetary and financial management of the Agency, accompanied by the latter’s response. The main observations may be summarised as follows:

The Court’s observations:

  • budgetary management: the Court notes that out of the EUR 6.6 million committed appropriations for staff and operational expenditure which were carried over from 2013 to 2014, EUR 1.7 million euro (26 %) were cancelled in 2014, showing that budgetary needs were overestimated at the end of 2013. Furthermore, committed appropriations carried over to 2015 were very high for administrative expenditure at 87 %. These carry-overs mainly resulted from delayed procurements for the extension and refurbishment of the Agency’s site in Strasbourg. Carry-overs of committed appropriations were also high for operational expenditure at EUR 24.5 million (85 %) mainly in relation to multi-annual contracts for the maintenance of the IT systems. The court considers that the high levels of cancelled carry-overs from 2013 and the extent of carry-overs made from 2014 to 2015 is at odds with the budgetary principle of annuality.

The Agency’s replies:

  • budgetary management: the Agency states it has taken steps to improve its capacity to plan, monitor and implement available appropriations. Specific organisational measures, are regular budget implementation reporting, are being implemented. The Agency closely followed the Financial Regulation as regards carry-forwards, resulting in both automatic and non-automatic carry-overs as allowed by the applicable rules on annuality. As regards non-automatic carry-overs for the Strasbourg site, the Management Board approved these based on a duly justified proposal by the Agency in compliance with applicable rules. The Agency highlights its difficulties regarding the differentiated nature of appropriations regarding commitments carried forward following financial independence, and commitments migrated from DG HOME to the Agency. 

Lastly, the Court of Auditors’ report contains a summary of the Agency’s activities in 2014. This is focused on the following:

Budget: EUR 59.38 million in commitment appropriations.

Activities:

  • operational management and evolution of SISII, VIS and EURODAC;
  • helpdesk: provide first level support services to users across all systems under the management of eu-LISA;
  • provision of coordination, security and supervision of relations between Member States and the network provider for the communication infrastructure for SIS II, Eurodac and VIS (sTESTA network);
  • participation in preparatory processes to design, develop and implement new systems;
  • timely and accurate provision of statistics and information on the performance of the systems as provided for in the relevant legal bases;
  • reporting: fulfilment of all reporting obligations laid down in the establishing Regulation and legal bases for the IT systems under the Agency's management
  • monitoring of new technologies and solutions relevant for the operational management and evolution of SIS II, VIS, Eurodac and other large-scale IT systems
  • training: provision of bespoke system training plans for national authorities on IT systems managed by the Agency
  • establishment of an informal network of security experts with the Member States for the exchange of early warnings in cyber areas, best practices and security incident management.