The audit compendium on cybersecurity developed by the European Court of Auditors in cooperation with the SAIs of 12 EU Member States: of Denmark, Estonia, Finland, France, Ireland, Lithuania, Latvia, the Netherlands, Poland, Portugal, Sweden and Hungary has been published on the Contact Committee website.

It has covered results of selected audits conducted by the Supreme Audit Institutions in 2014-2020. The audits dealt with critical aspects of cybersecurity, such as: data protection, integrity of national data processing centres, implementation of national cybersecurity strategies in a broad sense.

Each of the audit institutions working on the compendium prepared a report on one, selected audit on cybersecurity. NIK presented results of the audit on the security of IT systems used for public services. The Supreme Audit Office of Poland looked into one of critical IT systems in each of six institutions providing significant public services. Besides, for the needs of the compendium, NIK provided the list of other audits on cybersecurity.

The compendium – in the section prepared by the European Court of Auditors – also presents cross-sectional report on cybersecurity, mainly strategic initiatives and legal bases applicable in the EU in this area. Key challenges faced by the EU and Member States have been discussed there, such as: a threat to the EU citizens’ rights through misuse of personal data, the risk for institutions of not being able to deliver essential public services or facing limited performance following cyberattacks.

The audit compendia are publications of the Contact Committee associating Supreme Audit Institutions (SAIs) of the European Union and the European Court of Auditors. They are supposed to make interested parties and a broader public opinion familiar with significant audit findings.

This press release refers to the third audit compendium prepared by the Contact Committee. Two previous ones concerned: public health (December 2019) and youth unemployment and the integration of young people into the labour market (April 2018). They also included reports on audits conducted by the Polish Supreme Audit Office: “Prevention and treatment of type 2 diabetes” and “Internships and traineeships in public administration bodies”.

Contact Committee (CC) is an apolitical, independent and autonomous forum associating Heads of the Supreme Audit Institutions (SAIs) of 27 EU Member States and the European Court of Auditors (ECA). CC facilitates exchange of knowledge and experience in EU funds auditing and other EU-related issues. By fostering dialogue and cooperation among its Members, the Contact Committee makes substantial contribution to effective and independent external audit of the EU policy and programmes. The Committee meeting is held on a yearly basis and its activity is supported by working bodies (working groups, task forces, cooperation networks), responsible for specific EU-related areas as well as permanent representatives of SAIs (so-called Liaison Officers), closely cooperating with one another in between meetings and coordinating the Committee activities.

NIK has been a Member of the Contact Committee since 2004. The Polish SAI was the Committee Chair twice and thus hosted two annual Committee meetings. Both meetings took place in Warsaw: the first one in December 2006 during which the role of Supreme Audit Institutions was discussed in terms of efforts aimed at improving accountability of the EU funds. The second meeting was held in June 2019. Its topic “Digital Europe: challenges and opportunities for the EU SAIs” also discussed in the context of cybersecurity proved an inspiration for the audit compendium in this area.

