Previous article
Next article

KOSOVO: Highlights of the IT audit for e-Kosova Platform

11.12.2025

The Government of Kosovo* has created the “e-Kosovo” platform as one of the developments to improve the provision of public services and increase the efficiency of the administration. The e-Kosovo platform is one of the systems of state importance, also classified at the national level for its importance, managed by the Information Society Agency-ISA. It currently offers 230 public services electronically and serves as a unique gateway for access to services from various institutions, contributing to the transparency and modernization of public administration.

The NAO conducted an IT audit of the e-Kosova platform to assess whether the system is supported by adequate governance, security, operational, and application controls to ensure reliability, integrity, and the uninterrupted delivery of electronic services. We have included three ministries and the central agency.

Kosovo1 pic1

Picture 1. Categories of services in e-Kosova

The e-Kosovo platform has made significant progress in the digitalization of public services. However, it is necessary to address existing deficiencies in internal controls, especially in aspects related to contracting, systems development, as well as data control and information security.

Audit findings, structured according to audit areas and issues.

Kosovo1 pic2

 

The Information Society Agency has not established sufficient standards for contract management, in order to prevent uncertainties in responsibilities for information security.

The emergency service on the e-Kosova platform have been developed in an unplanned manner and outside standard procedures for documenting software development and technical design.

The AIS does not sufficiently guarantee a secure information environment due to the lack of updated policies and operational guidelines for access and incident management.

The AIS is not prepared to restore services in cases of emergency or disaster, jeopardizing the continuity of electronic state operations.

The lack of functional and technical controls in the applications of the e-Kosova platform has created risks to the accuracy of data and the integrity of services. Deficiencies have been identified in the interconnection of systems for verifying criteria, processing data without technical validations, as well as insufficient controls that have resulted in duplicate applications and repeated payments.

The e-Kosovo platform faces serious shortcomings in application controls, which affect the integrity, accuracy and security of data. For two services, the lack of interconnection of systems for verifying criteria such as “residence” has allowed benefits to be received without meeting the necessary conditions. The lack of real-time payment status updates and weak controls in the payment module have allowed the same payments to be executed multiple times, creating financial consequences for citizens.

Conclusion

The e-Kosovo platform has achieved important steps towards the digitalization of public services, however, there are still challenges in systems integration, information security, data control that affects their reliability, and business continuity that affects data security. We have issued 16 recommendations, of which 14 recommendations for the Information Society Agency and 2 recommendations for the Agency in coordination with the Ministry of Finance and the Ministry of Education.

 

* This designation is without prejudice to positions on status and is in line with UNSCR 1244/1999 and the ICJ Opinion on the Kosovo declaration of independence.