Go back to the Europarl portal

Choisissez la langue de votre document :

<Date>{05/03/2020}5.3.2020</Date>
<NoDocSe>A9-0039/2020</NoDocSe>
PDF 173kWORD 56k

<TitreType>REPORT</TitreType>

<Titre>on discharge in respect of the implementation of the budget of the European Union Agency for Network and Information Security (now the European Union Agency for Cybersecurity) for the financial year 2018</Titre>

<DocRef>(2019/2080(DEC))</DocRef>


<Commission>{CONT}Committee on Budgetary Control</Commission>

Rapporteur: <Depute>Ryszard Czarnecki

</Depute> 

1. PROPOSAL FOR A EUROPEAN PARLIAMENT DECISION
 2. PROPOSAL FOR A EUROPEAN PARLIAMENT DECISION
 3. MOTION FOR A EUROPEAN PARLIAMENT RESOLUTION
 INFORMATION ON ADOPTION IN COMMITTEE RESPONSIBLE
 FINAL VOTE BY ROLL CALL IN COMMITTEE RESPONSIBLE

1. PROPOSAL FOR A EUROPEAN PARLIAMENT DECISION

on discharge in respect of the implementation of the budget of the European Union Agency for Network and Information Security (now the European Union Agency for Cybersecurity) for the financial year 2018

(2019/2080(DEC))

The European Parliament,

 having regard to the final annual accounts of the European Union Agency for Network and Information Security for the financial year 2018,

 having regard to the Court of Auditors’ annual report on EU agencies for the financial year 2018, together with the Agency’s reply[1],

 having regard to the statement of assurance[2] as to the reliability of the accounts and the legality and regularity of the underlying transactions provided by the Court of Auditors for the financial year 2018, pursuant to Article 287 of the Treaty on the Functioning of the European Union,

 having regard to the Council’s recommendation of 18 February 2020 on discharge to be given to the Agency in respect of the implementation of the budget for the financial year 2018 (05761/2020 – C9‑0047/2020),

 having regard to Article 319 of the Treaty on the Functioning of the European Union,

 having regard to Regulation (EU, Euratom) No 966/2012 of the European Parliament and of the Council of 25 October 2012 on the financial rules applicable to the general budget of the Union and repealing Council Regulation (EC, Euratom) No 1605/2002[3], and in particular Article 208 thereof,

 having regard to Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union, amending Regulations (EU) No 1296/2013, (EU) No 1301/2013, (EU) No 1303/2013, (EU) No 1304/2013, (EU) No 1309/2013, (EU) No 1316/2013, (EU) No 223/2014, (EU) No 283/2014, and Decision No 541/2014/EU and repealing Regulation (EU, Euratom) No 966/2012[4], and in particular Article 70 thereof,

 having regard to Regulation (EU) No 526/2013 of the European Parliament and of the Council of 21 May 2013 concerning the European Union Agency for Network and Information Security (ENISA) and repealing Regulation (EC) No 460/2004[5], and in particular Article 21 thereof,

 having regard to Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) [6] and in particular Article 31 thereof,

 having regard to Commission Delegated Regulation (EU) No 1271/2013 of 30 September 2013 on the framework financial regulation for the bodies referred to in Article 208 of Regulation (EU, Euratom) No 966/2012 of the European Parliament and of the Council[7], and in particular Article 108 thereof,

 having regard to Commission Delegated Regulation (EU) 2019/715 of 18 December 2018 on the framework financial regulation for the bodies set up under the TFEU and Euratom Treaty and referred to in Article 70 of Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council7, and in particular Article 105 thereof,

 having regard to Rule 100 of and Annex V to its Rules of Procedure,

 having regard to the report of the Committee on Budgetary Control (A9-0039/2020),

1. Grants the Executive Director of the European Union Agency for Cybersecurity discharge in respect of the implementation of the Agency’s budget for the financial year 2018;

2. Sets out its observations in the resolution below;

3. Instructs its President to forward this decision, and the resolution forming an integral part of it, to the Executive Director of the European Union Agency for Cybersecurity, the Council, the Commission and the Court of Auditors, and to arrange for their publication in the Official Journal of the European Union (L series).

 


 

2. PROPOSAL FOR A EUROPEAN PARLIAMENT DECISION

on the closure of the accounts of the European Union Agency for Network and Information Security (now the European Union Agency for Cybersecurity) for the financial year 2018

(2019/2080(DEC))

The European Parliament,

 having regard to the final annual accounts of the European Union Agency for Network and Information Security for the financial year 2018,

 having regard to the Court of Auditors’ annual report on EU agencies for the financial year 2018, together with the Agency’s reply[8],

 having regard to the statement of assurance[9] as to the reliability of the accounts and the legality and regularity of the underlying transactions provided by the Court of Auditors for the financial year 2018, pursuant to Article 287 of the Treaty on the Functioning of the European Union,

 having regard to the Council’s recommendation of 18 February 2020 on discharge to be given to the Agency in respect of the implementation of the budget for the financial year 2018 (05761/2020 – C9‑0047/2020),

 having regard to Article 319 of the Treaty on the Functioning of the European Union,

 having regard to Regulation (EU, Euratom) No 966/2012 of the European Parliament and of the Council of 25 October 2012 on the financial rules applicable to the general budget of the Union and repealing Council Regulation (EC, Euratom) No 1605/2002[10], and in particular Article 208 thereof,

 having regard to Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union, amending Regulations (EU) No 1296/2013, (EU) No 1301/2013, (EU) No 1303/2013, (EU) No 1304/2013, (EU) No 1309/2013, (EU) No 1316/2013, (EU) No 223/2014, (EU) No 283/2014, and Decision No 541/2014/EU and repealing Regulation (EU, Euratom) No 966/2012[11], and in particular Article 70 thereof,

 having regard to Regulation (EU) No 526/2013 of the European Parliament and of the Council of 21 May 2013 concerning the European Union Agency for Network and Information Security (ENISA) and repealing Regulation (EC) No 460/2004[12], and in particular Article 21 thereof,

 having regard to Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) [13] and in particular Article 31 thereof,

 having regard to Commission Delegated Regulation (EU) No 1271/2013 of 30 September 2013 on the framework financial regulation for the bodies referred to in Article 208 of Regulation (EU, Euratom) No 966/2012 of the European Parliament and of the Council[14], and in particular Article 108 thereof,

 having regard to Commission Delegated Regulation (EU) 2019/715 of 18 December 2018 on the framework financial regulation for the bodies set up under the TFEU and Euratom Treaty and referred to in Article 70 of Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council7, and in particular Article 105 thereof,

 having regard to Rule 100 of and Annex V to its Rules of Procedure,

 having regard to the report of the Committee on Budgetary Control (A9-0039/2020),

1. Approves the closure of the accounts of the European Union Agency for Cybersecurity for the financial year 2018;

2. Instructs its President to forward this decision to the Executive Director of the European Union Agency for Cybersecurity, the Council, the Commission and the Court of Auditors, and to arrange for its publication in the Official Journal of the European Union (L series).

 


 

3. MOTION FOR A EUROPEAN PARLIAMENT RESOLUTION

with observations forming an integral part of the decision on discharge in respect of the implementation of the budget of the European Union Agency for Network and Information Security (now the European Union Agency for Cybersecurity) for the financial year 2018

(2019/2080(DEC))

The European Parliament,

 having regard to its decision on discharge in respect of the implementation of the budget of the European Union Agency for Network and Information Security for the financial year 2018,

 having regard to Rule 100 of and Annex V to its Rules of Procedure,

 having regard to the report of the Committee on Budgetary Control (A9-0039/2020),

A. whereas, according to its statement of revenue and expenditure[15], the final budget of the European Union Agency for Network and Information Security (the ‘Agency’) for the financial year 2018 was EUR 11 473 788, representing an increase of 2,67 % compared to 2017; whereas the budget of the Agency derives mainly from the Union budget[16];

B. whereas the Court of Auditors (the ‘Court’), in its report on the Agency’s annual accounts for the financial year 2018 (the ‘Court's report’), stated that it has obtained reasonable assurances that the Agency’s annual accounts are reliable and that the underlying transactions are legal and regular;

Budget and financial management

1. Notes with satisfaction that the budget monitoring efforts during the financial year 2018 resulted in a budget implementation rate of 99,98 %, representing a decrease of 0,01 % compared to 2017; notes furthermore that the payment appropriations execution rate was 88,56 %, representing a slight increase of 0,37 % compared to 2017;

Performance

2. Notes that the Agency uses certain key performance indicators (KPIs) to measure the added value provided by its activities and to enhance its budget management, focusing more on qualitative indicators for the assessment of the achievement of its operational goals and more on quantitative indicators for its administrative goals; notes that, in order to better meet its stakeholders’ expectations, the Agency is enhancing its reporting package by tailoring its qualitative and quantitative KPIs to measure its activity impact more efficiently;

3. Calls on the Agency to step up its action to tackle the security vulnerabilities of 5G and to disseminate information on the subject as widely as possible in order to ensure that the existing technical solutions are adopted by the industry;

4. Regrets that, following the study on the external evaluation of the Agency’s performance over the 2013 to 2016 period carried out on behalf of the Commission in 2017, no action plan has been formalised; nevertheless, notes that relevant recommendations have been implemented and that an internal audit carried out by the Internal Audit Service made overlapping recommendations for which a formal remedial action plan has been agreed upon;

5. Encourages the Agency to pursue the digitalisation of its services;

6. Calls on the Commission to conduct a Feasibility Study in order to assess the possibility of setting up shared synergies with the Cedefop which has its headquarters in Thessaloniki; calls on the Commission to evaluate both scenarios, namely the transfer of the Agency to the Cedefop headquarters in Thessaloniki, and the transfer of the Agency's headquarters to its Heraklion headquarters; notes that the transfer of the Agency to the Cedefop headquarters would entail the sharing of corporate and support services and the management of the common premises, as well as shared ICT, telecommunications and internet-based infrastructures, saving very significant amounts of money which would be used for the further funding of both agencies;

Staff policy

7. Notes with concern that, on 31 December 2018, the establishment plan was executed only to 93,62 %, with 44 temporary agents appointed out of 47 temporary agents authorised under the Union budget (compared with 48 authorised posts in 2017); notes that, in addition, 27 contract agents and three seconded national experts worked for the Agency in 2018;

8. Notes that in 2015, the Agency planned to relocate staff engaged in its administration to Athens while Regulation (EU) No 526/2013[17] provides that such members of staff should be based in Heraklion, and that it is likely that costs could be further reduced if all members of staff were centralised in one location; notes that only seven members of staff are currently working at Heraklion’s premises; notes that the Agency will further study the relevance of the facilities in line with the current seat agreement and the programmes developed in those facilities;

9. Notes with concern that the Agency finds it difficult to recruit, attract and hold suitably qualified staff, mainly due to the types of post that are advertised, namely contract agent posts, and to the low correction coefficients  applied to the salaries of the Agency’s members of staff in Greece; notes with satisfaction, however, that the Agency has implemented a number of social measures in order to increase its attractiveness;

10. Notes that the Agency does not have the necessary appropriations to advertise all vacant posts in all EU languages as required by EPSO; notes, however, that the Agency, like other Union decentralised agencies, publishes vacancy notices on several websites, in publications across the Union and on the EU Agencies Network website;

11. Notes that the handover process to new members of staff is currently being reviewed in order to better transfer knowledge to new staff in the future and that this process is considered to be included in the sensitive posts policy; invites the Agency to inform the discharge authority when that review has been concluded;

12. Notes with concern the lack of gender balance for 2018 for senior managers (8 men and 2 women) and for the Management Board (25 men and 5 women);

Prevention and management of conflicts of interests and transparency

13. Notes the Agency’s existing measures on and ongoing efforts to secure transparency, prevention and management of conflicts of interests and notes that the CVs of the members of the management board and their declaration of conflicts of interests have now been published on the Agency’s website; recalls that the Agency does not publish the senior management members’ declaration of conflicts of interests on its website; reiterates its calls on the Agency to publish the CVs of all the members of the management board and the declarations of conflicts of interests of its senior management and to report to the discharge authority on the measures taken in that regard;

Internal controls

14.  Notes with concern from the Court’s report that the Agency does not have a sensitive post policy which would identify sensitive functions, keep them up to date and define appropriate measures to mitigate the risks of vested interests; calls on the Agency to adopt and implement such a policy without delay;

15. Notes that in 2018, the Commission’s Internal Audit Service issued an audit report on “Stakeholders’ involvement in the Production of Deliverables in ENISA” for which the Agency is preparing an action plan to address any potential areas of improvement;

Other comments

16. Notes that the impact on the Agency’s operations and administration of the United Kingdom’s decision to withdraw from the Union is very limited; notes, however, that the Agency has reviewed its internal processes to mitigate any risks linked to the United Kingdom’s withdrawal from the Union, but that none of those risks are considered to be critical but are, rather, considered to be very low;

17. Regrets the fact that the Agency has not yet formalised a strategy to ensure an environmentally friendly working place; calls on the Agency to do so as a matter of urgency;

18. Calls on the Agency to focus on disseminating the results of its research to the public, and to reach out to the public via social media and other media outlets;

o

o  o

19. Refers, for other observations of a cross-cutting nature accompanying its decision on discharge, to its resolution of … March 2020[18] on the performance, financial management and control of the agencies.


INFORMATION ON ADOPTION IN COMMITTEE RESPONSIBLE

Date adopted

19.2.2020

 

 

 

Result of final vote

+:

–:

0:

20

2

0

Members present for the final vote

Matteo Adinolfi, Olivier Chastel, Caterina Chinnici, Lefteris Christoforou, Luke Ming Flanagan, Daniel Freund, Isabel García Muñoz, Cristian Ghinea, Monika Hohlmeier, Jean-François Jalkh, Joachim Kuhs, Sabrina Pignedoli, Michèle Rivasi, Angelika Winzig, Lara Wolters, Tomáš Zdechovský

Substitutes present for the final vote

Maria Grapini, David Lega, Mikuláš Peksa, Ramona Strugariu

Substitutes under Rule 209(7) present for the final vote

Peter Pollák, József Szájer

 


 

FINAL VOTE BY ROLL CALL IN COMMITTEE RESPONSIBLE

20

+

GUE/NGL

Luke Ming Flanagan

ID

Jean-François Jalkh

NI

Sabrina Pignedoli

PPE

Lefteris Christoforou, Monika Hohlmeier, David Lega, Peter Pollák, József Szájer, Angelika Winzig, Tomáš Zdechovský

RENEW

Olivier Chastel, Cristian Ghinea, Ramona Strugariu

S&D

Caterina Chinnici, Isabel García Muñoz, Maria Grapini, Lara Wolters

VERTS/ALE

Daniel Freund, Mikuláš Peksa, Michèle Rivasi

 

2

-

ID

Matteo Adinolfi, Joachim Kuhs

 

0

0

 

 

 

 

 

Key to symbols:

+ : in favour

- : against

0 : abstention

 

 

[1] OJ C 417, 11.12.2019, p.1.

[2] OJ C 417, 11.12, p. 34.

[3] OJ L 298, 26.10.2012, p. 1.

[4] OJ L 193, 30.7.2018, p. 1.

[5] OJ L 165, 18.6.2013, p. 41.

[6] OJ L 151, 7.6.2019, p. 15.

[7] OJ L 328, 7.12.2013, p. 42.

[8] OJ C 417, 11.12.2019, p.1.

[9] OJ C 417, 11.12.2019, p.34.

[10] OJ L 298, 26.10.2012, p. 1.

[11] OJ L 193, 30.7.2018, p. 1.

[12] OJ L 165, 18.6.2013, p. 41.

[13] OJ L 151, 7.6.2019, p. 15.

[14] OJ L 328, 7.12.2013, p. 42.

[15] OJ C 120/42, 29.03.2019, p.207

[16] OJ C120/42, 29.03.20119, p.206

[17]  Regulation (EU) No 526/2013 of the European Parliament and of the Council of 21 May 2013 concerning the European Union Agency for Network and Information Security (ENISA) and repealing Regulation (EC) No 460/2004 (OJ L 165, 18.6.2013, p. 41).

[18] Texts adopted of that date, P9_TA(2020)0000.

Last updated: 18 March 2020Legal notice - Privacy policy