Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword or section
Like this

Table Of Contents

0 of .
Results for:
No results containing your search query
P. 1
Checklists for is Audit

Checklists for is Audit

Ratings: (0)|Views: 617 |Likes:
Published by sandeepptk

More info:

Published by: sandeepptk on Dec 01, 2009
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Checklists for IS AuditCommittee on Computer Audit
Report of the Committee on Computer AuditIndexI IntroductionIIStandardised Checklist for conducting Computer AuditQuestionnaires1.Business Strategy2.Long Term IT Strategy3.Short Range IT Plans4.IS Security Policy5.Implementation of Security Policy6.IS Audit Guidelines7.Acquisition and Implementation of Packaged Software8.Development of software - in-house and outsourced9.Physical Access Controls10.Operating System Controls11.Application Systems Controls12.Database controls13.Network Management14.Maintenance15.Internet BankingChapter IINTRODUCTION
1.1The Jilani Working Group on internal controls and inspection / audit systems in banks(1995) identified key risks associated with IT systems and recommended various controlmeasures to address these risks. It recognized the need for a specialized system of EDP auditand recommended that the entire domain of EDP activities should be brought under thescrutiny of the Inspection and Audit department. Banks were advised by the Department of Banking Supervision (DBS) of the Bank to expeditiously implement the recommendations of the group.1.2The risks and controls systems in computerized banks were analysed by Coopers andLybrand (U.K) under the Technical Assistance Project funded by the Department ForInternational Development (DFID) U.K. Based on the consultancy report, DBS had issued in1998 a detailed guidance note to banks apprising them of the risks in computerizedenvironment and suggested associated controls to address the specific risk. An inspectionmanual was also prepared in 1997 with the assistance of the aforesaid internationalconsultants for the guidance of the Reserve Bank officers inspecting banks with computerizedaccounting system. An assessment of the system of EDP audit in the concerned bank is nowan integral part of the Annual Financial Inspection of banks.1.3An assessment of the system of computer audit in banks as on March 31, 2000 wasmade based on the basis of findings contained in the inspection reports of banks for the year1998-99 and 1999-2000 and other specific feedback received from banks. Structured
Checklists for IS AuditCommittee on Computer Audit
questionnaires were sent to all the banks eliciting information on the nature of theInformation Technology (IT) management function, IT risk management and EDP auditsystems, EDP audit methodology etc. The analysis revealed that the system of computer auditin banks is still in the developmental stage. A range of policy approaches has been reported inregard to the conduct of EDP audit by banks. It was observed that in respect of 50 percent of banks, the policy on IT risk management and EDP audit were not duly documented. Inrespect of many banks even availability of EDP inspection manuals was not ensured. Theperiodicity for conducting such audits also was not uniform across banks. The practice inmost of the banks in India was to audit around the computer. Computer security issues didnot receive adequate Top Management attention. It was evident from the assessment that thecomputer audit in India had been still evolving and a major constraint encountered by banksis the general shortage of skilled technical personnel for the task. The findings of theassessment were put up to the Audit Sub-committee of the Board for Financial Supervision asper the Board’s direction.1.4The Audit Sub-committee decided that a small committee comprising representativesof RBI, ICAI, SBI, a foreign bank and a new private sector bank may be constituted to drawupon a check list in a standardised form so that all the banks operating in the country canensure that their computerized branches are applying requisite controls in the computerizedenvironment and the branch auditors also verify the same and report accordingly.Accordingly, a committee was constituted with Shri A.L.Narasimhan, Chief GeneralManager-in-Charge, Department of Banking Supervision, Central Office as the Convener.The composition of this Committee is as follows:1Shri A.L.Narasimhan,ConvenerConvener,Chief General Manager-in-Charge,Department of Banking Supervision, CO,Mumbai 400 0052Shri Ashok Kumar Chandak/ Shri R.Bupathy
,MemberVice President,The Institute of Chartered Accountants of India,Indraprastha Marg,New Delhi 110 002.3Shri S.Santhanakrishnan,MemberChairman, Committee on Information Technology,The Institute of Chartered Accountants of India,Indraprastha Marg,New Delhi 110 002.4Shri S.N.Pattnaik,MemberGeneral Manager,State Bank of India,Inspection Department, Corporate Centre, 
Shri Ashok Chandak was the Vice-President of ICAI when the Committee was formed. Shri R.Bupathysubstituted him as the member in the Committee consequent on his election as the new Vice-President.
Checklists for IS AuditCommittee on Computer Audit
Hyderabad.5Shri Atilla Karasappan.MemberVice President, Senior Country Operations Officer,Citi Bank,5
Floor, Plot C-61, B-K complex,G-Block, Bandra (E),Mumbai 400 051.6Shri Ashok Kumar Patni,MemberExecutive Vice President & Head - Audit,Methods & Inspection Department,ICICI Bank Ltd,ICICI Towers,Bandra Kurla Complex, Mumbai 400 051.7Shri R.Ravikumar,Member-SecretaryAssistant General Manager,Reserve Bank of India,Department of Banking Supervision,Central Office,Mumbai 400 005.The terms of reference of this Committee was-To draw upon a check list in a standardised form to conduct computer audit so that all thebanks operating in the country can ensure that their computerized branches are applyingrequisite controls in the computerized environment and the branch auditors also verify thesame and report accordingly.1.5The Committee had its first meeting on 1st November 2001. The levels of computerization of banking industry, earlier work done in this regard and guidelines alreadyissued by DBOD/DBS in this connection were discussed in detail. Different levels of computerization of different banks, availability of different platforms in different banks etc.were discussed and it was decided to prepare a standardised checklist for conductingcomputer audit. It was felt by the committee that IS Audit Checklist prepared need to beplatform independent and necessary platform dependent control questionnaire can be framedby the banks themselves. Computer Audit questionnaire also should be bank independent. Onthe basis of the practices followed by individual banks they may frame bank specific controlquestionnaire.1.6The committee decided to classify the areas of risk in the IS environment as under:
1. Business Strategy2. Long Term IT Strategy3. Short Range IT Plans4. IS Security Policy5. Implementation of Security Policy6. IS Audit Guidelines7. Acquisition and Implementation of Packaged Software

Activity (49)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
norousta liked this
Hermann Dario liked this
ildianda liked this
Basuki Rahardjo liked this
lpsai liked this
ccocos7182 liked this
Wini Sana liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->