The National Audit Office of Kosovo was established in 2003 by the UN administration and reports to the Kosovo Assembly. It controls public funds and helps improve performance of public institutions. The office conducts regulatory and performance audits, including of IT systems. It has four IT auditors divided into two teams. The office evaluates IT systems of budget organizations using standards like COBIT and ISO. A self-assessment found issues with IT governance, investment monitoring, and data protection. The office has audited systems like the health information system and property tax system, finding issues with effectiveness and control environments.

1. REPUBLIC OF KOSOVO KOSOVO NATIONAL AUDIT OFFICE
National Audit Office
KNAOs IT Audit Team and IT Audits
November, 2019

2. • The General Auditor Office (now the National Audit Office) was
established by the United Nations Administration (UNMIK) in
November 2003.
• With Constitution of the Republic of Kosovo in 15th of June 2008,
National Audit Office has been established and reports to Kosovo
Assembly.
The establishment
Kosovo National Audit Office 1/11

3. Role and Competencies of the General Auditor
To control:
• The economic activity of public institutions and other legal state
entities;
• The use and safeguarding of public funds by central and local
authorities;
• Helps public institutions charged with public service delivery to
improve their performance at the central and local level.
Kosovo National Audit Office 2/11

4. Organization of the National Audit Office
• National Audit Office of the Republic of Kosovo, conducts:
• Statutory Regularity Audits, and
• Performance Audits, that include:
 Procurement, and
 IT.
• National Audit Office of the Republic of Kosovo has started with IT
Audits since 2016, while the IT Auditor starting from the 2018 are
also engaged in Financial Audits to support the Financial Audit
Teams regarding the IT Systems in audited entities.
• Currently at the National Audit Office of the Republic of Kosovo are
four IT Auditors (Two IT Audit Teams).
Kosovo National Audit Office 3/11

5. Methodology
Evaluation and identification of findings during these audits was carried out
using:
• Control Objectives for Information and Related Technology (COBIT);
• Information Technology Infrastructure Library (ITIL);
• Handbook on IT Audit for Suprem Audit Institutions;
• IT Auditing Standards:
 ISSAI 5300;
 ISO 27001/2 etc.
• Laws and Regulations of the Republic of Kosovo;
• Internal Policies, procedures and regulations of the audited institutions;
• Referring to similar research models conducted by SAIs in different
countries;
• Using digital and technological tools such as CAATs;
• Questionnaire prepared for the audit/evaluation process.
Kosovo National Audit Office 4/11

6. Objective:
• IT auditors have carried out an evaluation of all systems used by the
entities of the Republic of Kosovo, which is the basis for assessing
the risks of the systems and defining the topics for IT audits based
on risk.
• In this evaluation are analyzed the preparation and use of:
 Internal IT Policies and Procedures;
 Central IT Services; and
 Security of the Information Systems.
Evaluation of systems and organization of
audits
Kosovo National Audit Office 5/11

7. Scope of the evaluation:
• In this assessment participated 92 Budget Organizations (BOs)
divided into 3 groups as follows:
 Central level, 24 BOs;
 Local level, 38 BOs; and
 Independent Institutions, 30 BOs.
Evaluation of systems and organization of
audits (c.)
Kosovo National Audit Office 6/11

8. Self-Assessment:
• A self-assessment survey based on Control Objectives for
Information and Related Technology (COBIT) was sent to BOs for the
following areas:
 Planning and Organization;
 Availability and Implementation;
 Delivery and Support;
 Monitoring and Evaluation.
Evaluation of systems and organization of
audits (c.)
Kosovo National Audit Office 7/11

9. Evaluation of systems and organization of
audits (c.)
Kosovo National Audit Office 8/11
Self-Assessment (c.) – Main deficiencies:
• IT Governance;
• Monitoring and managing IT investments;
• Data protection in BOs information systems.

10. • Main reports in the IT Field conducted by National Audit Office of the
Republic of Kosovo are (All KNAOs Audit Reports can be found on the official
web site www.zka-rks.org):
 Efficiency and Effectiveness in Implementation of Unified and Integrated
Health Information System :
Objective: Efficiency and effectiveness of the implementation of the Health
Information System in the Republic of Kosovo.
Conclusion: HIS in Kosovo was not fully functional and it results that it was
not efficient and effective.
Some of the KNAOs IT Audits
Kosovo National Audit Office 9/11

11.  Effectiveness of property tax information system:
Objective: The Property Tax Information System (PTIS) is supporting
the goals and the strategy of the institution by providing reliable,
complete and timely information.
Conclusion: The MoF was not able to provide an effective control
environment to secure a well-functioning of PTIS.
Some of KNAO's IT Audits (c.)
Kosovo National Audit Office 10/11

12.  Public enterprise audit report “Kosovo Telecom“ for the Financial
Year ended on 31st of December 2018:
(In this audit the IT audit team supported the regularity audit team in meeting the technology
objectives.)
Objective: Data recorded and processed in Kosovo Telecom
Information Systems have occurred in incoming systems, have been
transferred accurately, fully and reliably to other telecom information
systems, and have maintained integrity during their processing cycle.
Conclusion: Telecom of Kosovo lacks data controls that are transferred
to information systems within the Company and there is a lack of data
harmonization.
Some of KNAO's IT Audits (c.)
Kosovo National Audit Office 11/11

13. Thank you!
REPUBLIC OF KOSOVO KOSOVO NATIONAL AUDIT OFFICE