5.12.2008 |
EN |
Official Journal of the European Union |
C 311/13 |
REPORT
on the annual accounts of the European Network and Information Security Agency for the financial year 2007 together with the Agency's replies
(2008/C 311/03)
CONTENTS
1-2 |
INTRODUCTION |
3-6 |
STATEMENT OF ASSURANCE |
7-11 |
OBSERVATIONS |
Tables 1 to 4
The Agency's replies
INTRODUCTION
1. |
The European Network and Information Security Agency (hereinafter the Agency) was created by Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 (1). The Agency's main task is to enhance the Community's capability to prevent and respond to network and information security problems by building on national and Community efforts. |
2. |
Table 1 summarises the Agency's competences and activities. Key data taken from the financial statements drawn up by the Agency for the financial year 2007 are presented in Tables 2, 3 and 4 for information purposes. |
STATEMENT OF ASSURANCE
3. |
This Statement is addressed to the European Parliament and the Council in accordance with Article 185(2) of Council Regulation (EC, Euratom) No 1605/2002 of 25 June 2002 (2); it was drawn up following an examination of the Agency's accounts, as required by Article 248 of the Treaty establishing the European Community. |
4. |
The Agency's accounts for the financial year ended 31 December 2007 (3) were drawn up by its Executive Director, pursuant to Article 17 of Regulation (EC) No 460/2004, and sent to the Court, which is required to give a Statement of Assurance on their reliability and on the legality and regularity of the underlying transactions. |
5. |
The Court conducted its audit in accordance with the IFAC and ISSAI (4) International Auditing Standards and Codes of Ethics, insofar as these are applicable in the European Community context. The audit was planned and performed to obtain reasonable assurance that the accounts are reliable and that the underlying transactions are legal and regular. |
6. |
The Court has thus obtained a reasonable basis for the Statement set out below: Reliability of the accountsThe Agency's accounts for the financial year ended 31 December 2007 are, in all material respects, reliable.Legality and regularity of the underlying transactionsThe transactions underlying the Agency's annual accounts, taken as a whole, are legal and regular.The observations which follow do not call the Court's Statement into question. |
OBSERVATIONS
7. |
The Agency's 2007 budget amounted to 8,3 million euro compared to 7,0 million euro the previous year. The implementation of operational activities (Title III) was concentrated in the last quarter of 2007. About 40 % of the commitments and more than 50 % of the payments under Title III were executed in November and December 2007 due to the late release of funds. For small Agencies with limited resources, releasing funds at the end of the year jeopardises the implementation of operational activities. |
8. |
The appropriations carried over did not always correspond to legal commitments in four cases (5). Moreover, more accurate financial information needs to be prepared by the operational departments (6) to minimise the risks of errors in the accounts. |
9. |
The inventory of fixed assets was managed using a spreadsheet, which did not guarantee the integrity of the data, and no exhaustive physical inventory was made. |
10. |
Recurrent weaknesses were noted in the procurement procedures: the pre-selections of bids were not justified, the evaluation documents were not signed by the evaluation committee, and the files were not structured and were incomplete. In one case relevant information could not be found. This situation was at odds with the principle of transparency. |
11. |
According to article 27 of the founding regulation, the Agency's mandate expires on 13 March 2009. Given the financial and organisational impact on the Agency's activities, a decision should be taken. |
This report was adopted by the Court of Auditors in Luxembourg at its meeting of 18 September 2008.
For the Court of Auditors
Vítor Manuel da SILVA CALDEIRA
President
(2) OJ L 248, 16.9.2002, p. 1.
(3) These accounts were drawn up on 25 June 2008 and received by the Court on 4 July 2008.
(4) International Federation of Accountants (IFAC) and International Standards of Supreme Audit Institutions (ISSAI).
(5) Total value of 121 500 euro.
(6) Errors of about 105 000 euro of accrued liabilities were identified and corrected during the audit.
Table 1
European Network and Information Security Agency (Heraklion)
Areas of Community competence |
Competences of the Agency (Regulation (EC) No 460/2004 of the European Parliament and of the Council) |
Governance |
Resources made available to the Agency (Data for 2006) |
Products and services supplied |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The representatives of the MemberState governments have, by common agreement, adopted a statement on the creation of a European Network and Information Security Agency. The Agency should operate as a point of reference and establish confidence by virtue of its independence, the quality of the advice it delivers and the information it disseminates, the transparency of its procedures and methods of operating, and its diligence in performing the tasks assigned to it. (Council Decision of 19 February 2004, taken on the basis of Article 251 of the Treaty). |
Objectives
|
Tasks The Agency:
|
1. Management Board
2. Executive Director
3. External audit Court of Auditors. 4. Internal audit The Commission's Internal Auditor. 5. Discharge authority Parliament acting on recommendation from the Council. |
Final budget: 8,3 (6,9) million euro (100 % Community subsidy) Staff figures on 31 December 2007:
Total staff: 56 operational: 31 (35) administrative and policy: 25 (26) |
The Agency produced 22 reports on various NIS topics including:
The Agency organised 8 Workshops on various NIS topics including Awareness Raising, technological developments, authentication, CSIRT. The Agency updated its web site. The Agency issued a newsletter on a quarterly basis. The Agency delivered over 40 presentations in various NIS events and conferences. The Agency dealt with seven requests for advice and assistance: five by MemberStates (two from Austria, two from Greece and one from Bulgaria) and two requests from the Commission. The Agency developed contacts with specialised organs of OECD and International Telecommunication Union in order to identify possible synergies and to report on their activities to the Agency's stakeholders. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Source: Information supplied by the Agency. |
Table 2
European Network and Information Security Agency (Heraklion) — Implementation of the budget for the financial year 2007
(1000 euro) |
||||||||||||
Revenue |
Expenditure |
|||||||||||
Source of revenue |
Revenue entered in the final budget for the financial year |
Revenue collected |
Allocation of expenditure |
Final budget appropriations |
Appropriations carried over from previous financial year(s) |
|||||||
entered |
committed |
paid |
carried over |
cancelled |
entered |
committed |
paid |
cancelled |
||||
Community subsidies |
8 000 |
7 900 |
Title I Staff |
4 190 |
4 082 |
3 953 |
129 |
108 |
253 |
253 |
243 |
11 |
Other revenue |
417 |
417 (1) |
Title II Administration |
1 135 |
1 103 |
883 |
220 |
32 |
126 |
126 |
121 |
5 |
|
|
|
Title III Operating activities |
3 092 |
3 043 |
1 351 |
1 692 |
49 |
538 |
538 |
496 |
42 |
Total |
8 417 |
8 317 |
Total |
8 417 |
8 228 |
6 187 |
2 041 |
189 |
917 |
917 |
860 |
58 |
Source: Data supplied by the Agency — this table summarises the data provided by the Agency in its annual accounts. Revenue collected and payments are estimated on a cash basis. |
Table 3
European Network and Information Security Agency (Heraklion) — Economic outturn account for the financial years 2007 and 2006
(1000 euro) |
||
|
2007 |
2006 |
Operating revenue |
||
Community subsidies |
7 988 |
5 476 |
Other revenues |
203 |
12 |
Total (a) |
8 191 |
5 488 |
Operating expenditure |
||
Staff expenditure |
3 573 |
3 100 |
Fixed asset related expenditure |
126 |
103 |
Other administrative expenditure |
1 477 |
1 515 |
Operational expenditure |
2 199 |
1 236 |
Total (b) |
7 375 |
5 954 |
Surplus /(deficit) from operating activities (c = a – b) |
816 |
– 466 |
Financial operations revenue (e) |
— |
— |
Financial operations expenditure (f) |
3 |
2 |
Surplus /(deficit) from non-operating activities (g = e – f) |
–3 |
–2 |
Economic result for the year (h = c + g) |
813 |
– 468 |
Source: Data supplied by the Agency — this table summarises the data provided by the Agency in its annual accounts: these accounts are drawn up on an accrual basis. |
Table 4
European Network and Information Security Agency (Heraklion) — Balance sheet at 31 December 2007 and 2006
(1000 euro) |
||
|
2007 |
2006 |
Non-current assets |
||
Intangible fixed assets |
36 |
33 |
Tangible fixed assets |
337 |
312 |
Current assets |
||
Short-term receivables |
101 |
56 |
Cash and cash equivalents |
2 379 |
2 519 |
Total assets |
2 853 |
2 920 |
Current liabilities |
||
Provisions for risks and charges |
155 |
66 |
Accounts payable |
1 255 |
2 224 |
Total liabilities |
1 410 |
2 290 |
Net assets |
1 443 |
630 |
Reserve |
||
Accumulated surplus/deficit |
630 |
1 098 |
Economic result for the year |
813 |
– 468 |
Net capital |
1 443 |
630 |
Source: Data supplied by the Agency — this table summarises the data provided by the Agency in its annual accounts: these accounts are drawn up on an accrual basis. |
(1) The amount includes the re-use of 234 528 euro.
Source: Data supplied by the Agency — this table summarises the data provided by the Agency in its annual accounts. Revenue collected and payments are estimated on a cash basis.
THE AGENCY'S REPLIES
7. |
Indeed external factors such as the late release of funds partially affected the implementation of operational activities. In the meantime the Agency has closely planned and follows up the execution of 2008 budget. |
8. |
In certain cases with a significant number of variables, the appropriations carried over were calculated with some degree of approximation. The Agency is aware of this risk and strives to ensure to the highest degree possible the accuracy of appropriations carried over. |
9. |
Fixed assets are managed in the accounting software of the Agency. The administrative inventory is managed in spreadsheets due to the limited number of items. The Agency intends to use ABAC Assets in 2009. |
10. |
The Agency recognises some shortcomings in three procurement files. The Agency takes measures to eliminate these administrative shortcomings including the hiring of an experienced Procurement Officer. |
11. |
The European Commission has proposed an extension of the mandate of the Agency and legislators have agreed on a three-year extension. |