Legislative Observatory
European Parliament
Please fill in this field to find a procedure

2011 discharge: European Network and Information Security Agency (ENISA)

2012/2197(DEC)

PURPOSE: presentation of the EU Court of Auditors’ report on the annual accounts of the European Network and Information Security Agency (ENISA) for the financial year 2011, together with the Agency’s.

CONTENT: in accordance with the tasks conferred on the Court of Auditors by the Treaty on the Functioning of the European Union, the Court presents to the European Parliament and to the Council, in the context of the discharge procedure, a Statement of Assurance as to the reliability of the annual accounts of each institution, body or agency of the EU, and the legality and regularity of the transactions underlying them, on the basis of an independent external audit.

This audit concerned, amongst others, the annual accounts of the European Network and Information Security Agency (ENISA).

In the Court’s opinion, the Agency’s Annual Accounts fairly present, in all material respects, its financial position as of 31 December 2011 and the results of its operations and its cash flows for the year then ended, in accordance with the provisions of its Financial Regulation.

It considers that the transactions underlying the annual accounts of the Agency are, in all material respects, legal and regular.

The report confirms that the Agency’s final 2011 budget was EUR 8.1 million and that the number of staff employed by the Agency at the end of the year was 51.

The report also makes a series of observations on the budgetary and financial management of the Agency, accompanied by the latter’s response. The main observations may be summarised as follows:

Court’s comments:

  • carry-overs: a significant number of appropriations were carried over to 2012 were substantial. This high level of carry over is at odds with the budgetary principle of annuality;
  • assets: the Court identified the need to improve the documentation of fixed assets. Purchases of fixed assets are recorded at invoice and not at item level;
  • recruitment: the Agency needs to improve the transparency of recruitment procedures.

Agency’s replies:

  • to further reduce the carry overs, the Agency started its procurement planning for 2012 and managed to launch respective procurement procedures related to activities provided for in the Work Programme 2012 in the last quarter of 2011. This practice should show results at the end of 2012;
  • the Agency has streamlined its asset management with the introduction of ABAC Assets, the asset management module introduced by the Commission and used by Institutions and Agencies;
  • the Agency has adopted relevant guidelines on the recruitment of staff on 2 March 2012.

Lastly, the Court of Auditors’ report contains a summary of the Agency’s activities in 2011. This is focused in particular on the following:

  • improving cooperation: the principal goal of the first Work Stream was to support the European Commission and the Member States in building on current cooperation schemes to intensify the exchange of information and cooperation between Member States. This includes providing data and opinions to the Commission in order to assist them in drafting new regulation as well as the identification and promotion of good practice in support of such legislation. This work fed into and takes into account the discussions at the European Forum for Member States (EFMS) and the European Public Private Partnership for Resilience (EP3R);
  • improving Pan-European Critical Information Infrastructure Protection (CIIP) and Resilience: the objective of work stream 2 is to assist Member States in implementing secure and resilient ICT systems and to increase the level of protection of critical information infrastructures and services in Europe. This Work Stream is closely aligned with the CIIP Action Plan described in the Commission’s communication of March 2009 and of March 2011. Much of this work also directly supports objectives laid down in the Internal Security Strategy document as well as the Digital Agenda. Work packages in the area of CIIP are, for the most part, a natural continuation of work carried out as part of the work programme of 2010. More specifically, the objectives of this work stream are: to enhance the operational capabilities of Member States by helping relevant stakeholders to increase their level of efficiency and effectiveness; to support and promote exercises on a pan-European level; to identify and address the information security challenges in CIIP; to identify and address information security issues in ICT and Interconnected Networks; to support to the EU-U.S. Working Group on Cyber-security and Cyber-crime established in the context of the EU-U.S. summit;
  • promoting privacy and trust: this part comprised of four work packages (WPK): (i) understanding and analysing economic incentives and barriers to information security ; (ii) ensuring that privacy, identity and trust are correctly integrated into new services; (iii) supporting the implementation of article 4 of the ePrivacy Directive (2002/58/EC); (iv) promoting the establishment of a European Cyber Security month.

The Agency also collaborated with Member States on the organisation of a European Cybersecurity month.