Legislative Observatory
European Parliament
Please fill in this field to find a procedure

2019 discharge: European Union Agency for Cybersecurity (ENISA)

2020/2164(DEC)

The European Parliament decided by 612 votes to 74, with 12 abstentions, to grant discharge to the Executive Director of ENISA (European Union Agency for Cyber Security) in respect of the implementation of the Agency's budget for the financial year 2019 and to approve the closure of the accounts for that year.

Noting that the Court of Auditors stated that it had obtained reasonable assurance that the Agency's annual accounts for the financial year 2019 were reliable and that the underlying transactions were legal and regular, Parliament adopted, by 602 votes to 79, with 10 abstentions, a resolution containing a series of recommendations which form an integral part of the discharge decision and which complement the general recommendations set out in the resolution on the performance, financial management and control of EU agencies.

Agency’s financial statements

ENISA's final budget for the year 2019 was EUR 16 932 952, an increase of 47.58% compared to 2018. This increase is mainly the result of higher expenditure on staff, ICT and core operational activities, related to the adoption of Regulation (EU) 2019/881 of the European Parliament and of the Council on the European Union Cybersecurity Agency and on Information and Communication Technologies Cybersecurity Certification.

Budgetary and financial management

The budget monitoring efforts during the 2019 financial year resulted in a budget implementation rate of 96.80%, which represents a decrease of 3.18% compared to 2018. The execution rate for payment appropriations was 70.12%, which represents a decrease of 18.44% compared to 2018.

Other observations

Members also made a series of observations concerning performance, staff policy, public procurement, conflicts of interest and internal controls.

In particular, they noted that:

- the Agency uses certain key performance indicators (KPIs) to measure the added value of its activities and to improve its budgetary management, and it has put in place specific KPIs related to the new mandate given by the cyber security regulation;

- on 31 December 2019, the establishment plan was 79.66 % implemented, with 47 temporary agents appointed out of 59 temporary agents authorised under the Union budget. The gender imbalance reported for 2019 in senior management and the Management Board is however of concern;

- the Agency faces some difficulties in recruiting, attracting and retaining suitably qualified staff, mainly due to the low salary weightings applied to staff in Greece and the lack of professionals in the EU IT security market;

- there is an increased dependency on temporary agency workers, who account for 29% of the total workforce, an increase on the previous year;

- shortcomings were found in the procurement procedures, where in three of the four cases audited there was an overlap between the selection and award criteria and a lack of separation constituting a procedural defect;

- the CVs and conflict of interest declarations of the Management Board members are being published on the website; the Agency is encouraged to publish the conflict of interest declarations and CVs of its senior managers;

- the Agency produced 55 reports and was actively involved in raising awareness of cyber security issues. It should focus on disseminating the results of its research to the general public;

- lastly, the Agency has not yet developed a formal and comprehensive environmental management policy to ensure an environmentally friendly workplace.