Financial Services Volunteer Corps Project Description
ALBANIA Date Submitted July 15, 2004
Date Approved: August 3, 2004
Project Name: Training on IT Auditing Techniques
Counterpart Institution: Bank of Albania – Bank Supervision and Internal Audit Departments
Project Number 04-16-113-223-1-01
Implementation Date: 3rd or 4th Quarter 2004
Counterpart FSVC- New York FSVC- Albania
Contact: Klodian Shehu Program Officer: Mary Craig Regional Director: Anthony Randazzo
Title: Director, Bank Supervision Dept. 800 Third Avenue, 11th floor Program Officer: Andrew Hebeler
Phone: (355-4) 222153 New York, NY 10022 FSVC c/o Tirana Business Center
Fax: (355-4) 223558 Phone: 212-771-1410 Phone: (355-4) 256292 ext 117
Email: email@example.com Fax: 212-421-2162 Fax: (355-4) 256291
Email: firstname.lastname@example.org E-mail: email@example.com
I. EXECUTIVE SUMMARY
Problem: Both the Internal Audit (IAD) and Bank Supervision (BSD) Departments of the Bank of Albania
(BoA) are currently trying to improve their ability to effectively assess the safety and soundness of IT
systems. The Bank Supervision Department has designated members of its bank examination staff as IT
inspection specialists and is now working to develop their expertise in this area. Recent FSVC training to
BSD staff has provided general consultations on the functions of a bank IT inspection unit as well as more
targeted training on screening for security risk within IT systems.
The Internal Audit Department is responsible for managing risk within the BoA. One important aspect of
this function includes managing the risks posed by IT systems within the BoA. The ultimate goal of this
function is to preserve the integrity and security of the IT systems used by the BoA, including the new Real
Time Gross Settlement (RTGS) payments system. The IAD currently has one staff member responsible for
establishing and auditing the internal controls of IT systems. While he has an IT background and has
received some IT system audit training, he does not have extensive experience in the preparation and
execution of IT system audits.
Given that important role played by both departments in fulfilling the mission of the BoA, both the IAD and
BSD would greatly benefit from more advanced training in the area of IT system auditing (ITSA). ITSA
involves the use of specialized auditing tools (programs) that focus on certain types of operating systems or
databases. Such tools are used to verify that security policies are being properly applied and that the proper
risk control measures are in place.
Proposed Solution: FSVC will arrange for two Volunteers to spend one week with the BoA to provide in-
house training in the field of ITSA. In order to make the training as practical as possible, the BoA IT
Department will make available its own systems and facilities as a testing environment for the knowledge
gained though the training. As this training is valuable to IT Department staff, members of this department
will also be invited to take part.
Expected Outputs: The Volunteers are expected to:
Prior to departure:
Become familiar with the systems used by the BoA in order to tailor the training to the types of systems that
will be audited in the testing environment (conference calls with the IT Unit will be arranged prior to
Once in country:
Financial Services Volunteer Corps
Provide classroom training in ITSA to the staff of the BSD IT Unit as well as staff from the Information
Technology and Internal Audit Departments on the auditing of the selected IT systems within BoA.
Work with the participants to test the IT system audit skills presented in the course of the lectures in
order to reinforce the training provided.
More technical information regarding the systems that will be used as a testing environment will be
provided to the Volunteer prior to the start of this assignment.
Expected Outcomes and Results: Formal training in IT system auditing will enhance the examination
skills of the BSD IT Inspectors and the IT system audit capacity of the Internal Audit Department.
Knowledge of IT system auditing will improve the quality and consistency of the IT system examinations
performed by bank examiners, thereby helping to guarantee the safety and soundness of the banking system.
Such training will also enable the staff of the IAD to manage risks within the BoA and ensure that policies
related to IT security are properly enforced. As a result, both bank examiners and internal auditors will be
able to manage the operational risks of IT systems within the banking system more effectively.
Project Type & Location: The project will take place on-site in Tirana.
Time-frame & Implementation Date Flexibility:
The project will take place in the third or fourth quarter of 2004.
Sokol Qeraxhiu, Director IT Department
Dhimitraq Pllaha, Internal Audit IT specialist
Alma Thimo, Bank Supervision IT inspection specialist
Ilir Pustina, Bank Supervision IT inspection specialist
Merita Bejtj, Bank Supervision IT inspection specialist
Additional staff from the IT and Internal Audit departments will likely be invited to participate in this
Number Required: Two Volunteers are required for this project.
Background/Experience/Skills: The advisors should have at least 4-5 years experience in information
technology system auditing. Previous experience with auditing Oracle databases and the security of diverse
operating systems is important. Ideally, the advisors should hold CISA, CISSP, CITP or similar certification
and have an understanding of information system auditing methodologies and standards (COBIT, FFIEC,
ISO, BS etc.). Familiarity with information security is also important. Strong interpersonal skills and
previous experience working in transition countries is beneficial but not required.
IV. INSTITUTIONAL CONTEXT
Counterpart Institution Information: The Bank of Albania is a public legal entity accountable to the
People’s Assembly (parliament.) The principle objective of the BoA is to maintain price stability. The
BoA has a number of secondary objectives mentioned in the law, including the promotion of liquidity,
solvency, and the proper functioning of a stable market-oriented banking system The BoA is responsible
for formulating and implementing monetary policy and exchange rate policy, licensing and supervising the
Financial Services Volunteer Corps
banking system, managing official foreign exchange reserves, promoting the smooth operation of the
payments system and acting as the fiscal agent of the government of Albania.
The Supervisory Council is the supreme decision-making authority of the BoA and is composed of nine
members who are appointed by the Peoples’ Assembly. The Governor is the chairman of the Supervisory
Council and is the chief executive officer of the BoA. Council members serve a term of seven years, and
are eligible for reappointment. The law outlines the conditions under which members may be removed from
office. The Governor is responsible for formulating and proposing all monetary, credit and foreign
exchange policies to the Council, and has ultimate responsibility for the execution of all Council decisions.
In addition, the People’s Assembly elects and Inspector General, who serves a five-year term, and is in
charge of the Audit Department of the BoA. The Audit Department exercises internal audit control over
the administration and operations of the Bank of Albania, and ensures its operations are in conformity with
all applicable laws and regulations.
The Bank of Albania may accept deposits from the Government of the Republic of Albania, and make
payments on behalf of the government from these deposits. The BoA may make loans to the government of
Albania under strict terms, not exceeding a maturity of six months. Loans must be collateralized with debt
securities and may generally not exceed 5% of the total average revenues of the government.
Banking Supervision Department: The BSD is divided into two main sections, the Licensing Unit and
the Examination Unit. The Licensing unit is responsible the licensing and registration of banks wishing to
operate in Albania, as well as the drafting and review of banking regulations. The Examination Unit is
responsible for monitoring banks’ activities by conducting both on and off site inspections. The BSD
supervises the 15 commercial banks operating in Albania, as well as other non-bank financial institutions,
such as Savings and Credit Associations.
FSVC extends an array of assistance to the BSD, the focus of which has been a periodic advisor, Mr. Don
Schmid, who from June 2002 to June 2004 provided intermittent on-the-job training to the bank examiners
during on-site inspections. Aspects of this training included: monitoring assignments; training on the
methodologies and the practical skills needed to conduct thorough examinations; and ensuring that
appropriate supervisory policies and procedures are routinely implemented. In addition, the Advisor has
worked to ensure that on-site inspections include a thorough review of anti-money laundering compliance
programs adopted by commercial banks. Mr. Schmid has also worked closely with FSVC staff to ensure
consistency and continuity in FSVC’s full program of technical assistance to the Supervision Department.
In this regard, he has assisted in the design and implementation of short-term assistance activities. The
activities include the design and implementation of a quality assurance process, the design and
establishment of an electronic database for supervision, assistance in foreign bank supervision, creation of a
bank supervision training and development program, internal controls training, and training in anti-money
Audit of BoA IT Systems: In addition to its general auditing functions the Internal Audit Department is
responsible for auditing the IT Department and the IT systems of each of the BoA’s departments such as the
Oracle database used by the Accounting Department and the Inforex system used by the Monetary
Operations Department for tracking the sale of Treasury bills and other monetary transactions. The IA
Department will also be responsible for auditing the newly installed RTGS system, known as the Albanian
Interbank Payment System (AIPS). Current IT audits focus on identifying and assessing systemic risks, and
reviewing information systems controls and system security. The IT Specialist of the IAD also audits
application systems software and data records (input, output, and data processing). CobiT is used to review
and improve internal control standards.
The Monetary Operations Department’s Inforex system bears the greatest similarity to the new AIPS. The
Financial Services Volunteer Corps
new AIPS however has many features which necessitate special audit training for IAD staff.
Rationale: Highly specialized and up-to-date knowledge in the field of information technology and systems
is essential to ensuring the credibility of BSD IT examiners and their ability to examine information systems
in banks, thus helping maintain the safety and soundness of the banking system. The same level of expertise
must be developed to conduct audits of IT systems within the BoA, enabling audit staff to identify areas of
potential risk that threaten the Central Bank.
FSVC Program Strategy: This project falls under USAID Strategic Objective 1.3 “Growth in number of
Self-Sustaining Enterprises.” USAID has asked FSVC to create a program of technical assistance to the
supervision department that will address both the needs of the department in meeting the WB obligations
and to continue the work done to date by the Banking Supervision Program (under a Barents contract and
set to expire in September 2002).
Past FSVC Activity: FSVC has provided training to the BSD IT Inspection Specialist first through
consultations at the Croatian National Bank, where she received a general overview of the operations,
structure and procedures of the IT inspection unit. In April 2004 the Specialist then took part in intensive
training on IT security, provided by the SANS institute in Munich.
Previous training to the Internal Audit Department includes a two weeks consultation by an audit specialist
who worked closely with the Inspector General and her staff, reviewing the current policies and procedures
of the Internal Audit Department, and making recommendations for improvements. Based in part on those
recommendations, further consultations were provided in the form of the on the job training during the audit
of the Accounting Department. This training allowed the FSVC volunteer to assess the level of
implementation of the previous recommendations, and to provide further guidance on areas for
Other Technical Assistance:
The US Treasury is not providing advice to the Bank of Albania, but is currently advising the Ministry of
Finance (MoF) on sovereign debt management and has placed a full time Financial Crimes Enforcement
Advisor with Financial Intelligence Unit at the MoF.
The IMF is funding a resident advisor, Lou San Felice since August 2003. This advisor’s efforts are
focused on banking supervision and Anti-Money Laundering, cooperatively with FSVC. In 2004 IMF AML
expert Terry Donovan made two visits to work with Mr. San Felice and BSD inspectors to develop
examination procedures. The IMF and World Bank both provide advisors in different areas on a periodic
basis. Recent missions have included advisors on the implementation of an RTGS system and automated
clearinghouse system (which the World Bank has agreed to finance.)
V. RELATIONSHIP TO MACRO-ECONOMIC REFORM
From the end of World War II until the fall of communism in 1992, Albania remained one of the most
centralized and isolated states of the so-called former Eastern Bloc. Political and economic ties with the
rest of the world were kept to an absolute minimum, and all forms of private ownership were forbidden.
Economic activity was completely controlled by the state, and infrastructure deteriorated over time from the
lack of capital investments. Although Albania has made notable progress in the course of its transition
since 1992, the legacies of autarchy and extreme state control are still felt today. For this reason, Albania
can be classified as both a transition and a developing country.
The initial shock caused by the change in the political and economic regime in the early 1990’s was
profound. Output fell by an estimated 40 percent, inflation rose to 240 percent and unemployment rose to
Financial Services Volunteer Corps
27 percent in 1992. With assistance from international financial institutions, the government undertook a
dynamic stabilization and structural reform program. These policies reduced macroeconomic imbalances
and curbed inflation. Structural measures were designed to rapidly transform the economy, and resulted in
the privatization of nearly all shops, small enterprises and agricultural land. Most price controls were also
abolished. These measures also resulted in the unification of the exchange rate and the liberalization of
trade and payments. As a result, GDP was able to grow at an annual rate of about 9 percent between 1993-
1995 and inflation declined to 6 percent in 1995.
The Albanian economy experienced two significant shocks since the start of transition. The first was the so-
called pyramid scheme crisis in 1997 and the second was the war in neighboring Kosovo in 1999. The
collapse of the pyramid schemes in early 1997 triggered large-scale civil disturbances and riots. By some
estimates, some $1.5 - 2 billion was invested in these schemes, which were offering investors 20-30%
interest per month. Following their collapse, the security situation quickly deteriorated and the resulting
collapse in public order forced diplomatic missions to evacuate. The effects of the crisis were profound.
Inflation soared and the currency depreciated over 40 percent. International trade and assistance declined
and widespread looting and theft inflicted severe damage to Albania’s economy and international
Elections were held in mid-1997 with foreign assistance, and a new government was put in place. A post-
crisis recovery program curbed the fiscal deficit and inflation, and steps were taken to wind-down the
pyramid schemes. Political stability was only partially restored however, and in 1998 conflicts between
opposing political parties led to civil unrest. This, in addition to the threat of international terrorism, forced
a temporary evacuation of diplomatic missions in September 1998. The crisis, however, was short-lived. A
new government took office in October and was able to restore public order, and GDP actually rose 8% by
the end of 1998.
The conflict in Kosovo delivered a second shock to the economy in March 1999. Some 400,000 refugees
entered the country by May, putting a significant strain on infrastructure and government resources.
Although international relief organizations and a NATO military presence helped to contain the crisis and
maintain public order, the economy suffered from a temporary lack of investment and a disruption in
foreign trade. The crisis did however result in an increase in consumption. The Bank of Albania estimates
that some $US 59 million entered the economy through the hard currency spending of refugees on food,
housing and other essential items.
Since 1998, the economic and political situation has steadily improved. The currency has remained stable
and the rate of inflation has remained low. Moreover, GDP has grown steadily by an average of about 6-7
percent per year.
Institutional/Functional Reform: The Bank of Albania is striving to become a modern, market-oriented
central bank. Reform goals of the Bank of Albania include: the adoption of international bank supervision
standards, the establishment of a modern payments system, the implementation of an automated accounting
system, improving research and forecasting abilities, and the adoption of modern personnel performance
VI. PROJECT NUMBER
Fill in the appropriate project codes for this Project Description.
Year 04 2004
Grant 16 Albania
Financial Services Volunteer Corps
Location 113 Albania
Function/sub-function 223 Information Technology – Central Bank
Activity 1 In - Country
Counterpart 01 Central Bank