1. SAI of ALBANIA
SIGMA/SAI of North Macedonia
Workshop on Digital Auditing
Skopje, North Macedonia, 6-7 November 2019
ALSAI Experience in IT Systems Audit
"Audit of the e-Albania Platform"
Alfred Leskaj
2. AUDITING STANDARDS
ISSAI 100
ISSAI 5300
ISSAI 5310
COBIT 4.1
Information Technology Audit Manual (WGITA)
Active IT Manual
ALSAI Law 154/2014
5. e - Albania is a governmental portal for providing electronic public services.
The e-Albania portal is an EU funded IPA project.
The portal is concepted as a one-stop-shop where the citizen registers using
his ID card, by searching and applying for the service he needs.
e-Albania portal, offers 29 downloadable PDF documents with digital stamp
and provides legal validity.
INTRODUCTION
9. AUDIT FOCUS
The performance’s evaluation of the National Information Society Agency, in terms
of effectiveness of the e-Albania portal, on the e-services benefiting through the
platform of interaction of public institutions systems with each other.
11. THE OBJECT OF THE AUDIT
Audit of ICT Governance functioning.
Verification of ICT Strategy, Policies and Procedures
Assessment of human resources in ICT structures
Audit of information technology projects and investments
Audit of IT investment projects regarding e-Albania platform
Audit of ICT Operations in e-Albania
Evaluation of e-Albania platform management
13. KEY FINDINGS
NAIS frequent structural changes, doesn’t reflect changes in the regulatory
basis of it’s functioning structure.
The realization of investments, for the creation of electronic services and the
establishment of the portal has not been timely synchronized with the issuance
of the legal basis for the electronic stamp by the responsible structures.
The e-Albania Platform publishes information and services from sources that
have non-certified databases (by NAIS), by failing to ensure a proper
interaction and a proper personal data safety.
15. NAIS Governing structures, considering the time and resources needed and
also the importance of the data that this institution possesses and processes,
are required to draft the Strategic Information Technology Plan, where the
objectives of the institution must be clearly addressed.
NAIS management structures are required to take measures to complete the
structure and carry out occasional assessments of the human IT resources
needed to achieve the objectives and take measures to complete those IT
structures according to the approved plan.
RECOMMENDATIONS
16. The e-Albania Platform Directorate, in order to increase the use of the platform, is
required to periodically analyze the reasons for not receiving the service and to
perform the restoration of “support services” in Albanian language by telephone /
chat with a 24/7 coverage. In providing support it needs to consider the legal
framework regarding the requirements of the categories with special needs.
NAIS is required to take necessary measures in order to analyze and configure
existing log storage capacities, and to draft and approve in accordance with
“electronic document storage” legislation, storage time, procedures for their
analysis and deletion.
18. AUDIT OPINION
The lack of strategic objectives and priorities in terms of Information
Technology investments in public institutions has impacted the effectiveness
of the services provided by the e-Albania portal, coupled with the low
number of electronic services provided to the Albanian public.
While the frequent structural changes and regulatory framework of NAIS, in
the absence of action plans for change management, mainly of critical
elements in information systems, has made the investments in information
systems ineffective, in ensuring Business Continuity and Disaster Recovery
security.