Cheque Book Management: Application Controls Review NDB Bank PLC

NDB Bank PLC
Application Controls Review
Cheque Book Management
Information Technology Risk and Assurance (ITRA)
NDB Bank PLC
Cheque books stock entry

CPU BA (Banking Assistance) (CPU Inputter) Officer In charge (CPU Authorizer)
Blank cheque books received by the CPU
Received cheque books stock detail
Enter stock entry
Get approval for stock entry.
Approve stock entry details.
Updated stock registry
Print stock received receipt
NDB Bank PLC
Issuing of Cheque Book

Branch BA(Banking Assistance) (CPU Inputter) Officer In charge (CPU Authorizer)
Send the customer request to CPU for a cheque book

N1
Request letter
Verify the signature and the current account status

N2
Verified request
Enter cheque books request details.
Unauthorized cheque book records
Approve the cheque book request
Print the cheque book

N3
Authorized cheque books records
Printed Cheque book
Authorize chequebook issue
Issue the cheque book to the customer
Authorized cheque books
N1: Customer can request a cheque by fax/letter/form N2: Forward the request to Branch Manager if the account status is not Regular N3: The inputter writes down the cheque books details in a manual registry before printing the cheque books.
NDB Bank PLC
CH01 Check type field can be omitted when registering received check stock details in the system. Test Reference Observation T-CH10
Medium
When banking assistance receiving blank check books , they need to register the stock details in the system. Banking assistance has to mention the check types (privilege cheque/normal cheque ) whenever they registering the received stocks, however it can be omitted by the banking assistance.
Blank check type field.
When banking assistance issuing a checks books to customers, the check type field would be blank, if the type was blank at the cheque receiving stage.
Implications The cheque book count in either category would be erroneous in the system. Therefore, issuing cheques to customers would not be properly supported by the system. Check type field must be set as necessary field when registering check stocks in the system.
Check type field can be left as blank.
Recommendations
Managements Comments
NDB Bank PLC
Executive Summary
Cheque Book Management When banking assistance receiving blank cheque books he has to register them in the stock inventory system. Banking assistance has to mention check type and stock series in the system. Cheque type can be privilage cheque/normal cheque .However this cheque type field can be omitted by the banking assistance when registering check books. As the result it makes difficult to count different type of cheque in the stock.
NDB Bank PLC
Bank Draft
NDB Bank PLC
Issuing of bank draft

Customer CPU In putter CPU Authorizer
Customer requesting a bank draft

N1
Bank draft request is received
Check customer bank draft request

Eligible bank draft request
Enter bank draft request
Getting approval for bank draft request
Approve the bank draft request
Approved Bank draft
Bank draft received by customer
Issuing bank draft to customer
Print bank Draft
N1: Customer can request bank draft by letter /fax/application from
NDB Bank PLC
BD01 Bank draft validity period can be less the 180 days Test Reference Observation T-BD13
High
When banking assistance issuing bank draft to customers the validity period need to be mention in the bank draft slips. In this period only the bank draft slips can be utilized for encasement . The NDB bank define 180 days as validity period for the bank draft, however system allows to produce bank draft less then 180 days validity dates. This will violating the business rules of the NDB bank policy. If customer received with less validity period of bank draft then they have very short time to encashment the bank draft, as the result customers would dissatisfy about the bank and it could affect the reputation of the bank .
Bank draft only valid for 100 days
Implications
Recommendations
System should not allow to produce bank draft slips with less validity period.
Only 100 days validly bank draft
NDB Bank PLC
Executive Summary
Bank Draft Bank draft validity period has been set as180 days for NDB bank. However this 180 day validity period can edited by the banking assistance when issuing to customer therefore it is only has limited time period to encash the bank draft.
NDB Bank PLC
Pay orders
NDB Bank PLC
Issuing of pay orders

Customer requesting pay order

N1
Pay order request is received
Check customer pay order request

Eligible pay order request
Enter pay order request
Getting approval for pay order request
Approve the pay order request
Approved Bank draft
Bank draft received by customer
Issuing bank draft to customer
Print pay order
N1: Customer can request bank draft by letter /fax/application from N2:
10
NDB Bank PLC
PO01 Pay orders validity period can be less the 180 days Test Reference Observation T-PO14
High
When banking assistance issuing pay orders to customers the validity period need to be mention in the slips. The pay orders slips can be utilized for encasement only in this period. The NDB bank define 180 days as validity period for the pay order ,however system allows to produce pay orders less then 180 days. This will violating the business rules of the NDB bank policy. If customer received with less validity period of pay orders then they have very short time to encash the pay orders. As the result customers would dissatisfy about the bank services and it could affect the reputation of the bank .
Pay order valid for 100 days only .
Implications
Recommendations
System should not allows to produce pay orders slips. with less validity period.
Pay order valid for 100 days.
11
NDB Bank PLC
Executive Summary
Pay order Pay order validity period has been set as180 days for NDB bank. However this 180 day validity period can edited by the banking assistance when issuing pay order to customer therefore it is only has limited time period to encash the bank draft.
12
NDB Bank PLC
Telegraphic Transfer
13
NDB Bank PLC
Payments Through Telegraphic Transfer

Customer requesting for Telegraphic Transfer

N1
Telegraphic request is received
Check customer Telegraphic Transfer request

Eligible Telegraphic Transfer
Enter customer Telegraphic transfer request
Getting approval for customer Telegraphic Transfer request
Approve customer Telegraphic request
Payment receipt received by the customer
Issue debit advice
Print debit advice of payments to customer Telegraphic transfer
Approved Telegraphic Transfers
N1: Customer can request Telegraphic Transfer by letter /fax/application from/e-windows systems N2:
14
NDB Bank PLC
TT01Benifeciery account number can be omitted when making payments through telegraphic transfer. Test Reference Observation T-TT06
High
Beneficiary account number can be omitted.
When banking assistance paying out money to their customers invoice through electronic fund they need to mention the beneficiary name, account number and destination bank details in the transfer, however account number is not set as mandatory field for the transaction therefore it could be omitted when making the payments through telegraphic transfer. If account number is not mention in the telegraphic transfer instruction then the payment will not be executed correctly. Beneficiary account number should be set as mandatory field when making payments through telegraphic transfer.
Implications
Recommendations
Beneficiary account number can be left as blank.
15
NDB Bank PLC
TT02Benifeciery bank name and its SWIFT code can be omitted when making payments through telegraphic transfer. Test Reference Observation T-TT12
High
When banking assistance paying out money to their customers invoice through electronic fund they need to mention the beneficiary name, account number and destination bank/ SWIFT code details in the transfer, however bank name /SWIFT code is not set as mandatory field for the transaction therefore it could be omitted when making the payments through telegraphic transfer. If bank name /SWIFT is not mention in the telegraphic transfer instruction then the payment will not be executed correctly. Bank name/SWIFT code should be set as mandatory field when making payments through telegraphic transfer.
Beneficiary bank name and SWIFT code can be blank
Implications
Recommendations
Beneficiary bank name and SWIFT code can be omitted.
16
NDB Bank PLC
TT03 Outward remittance currency format can be LKR format when making payments through telegraphic transfer. Test Reference Observation T-TT10
High
Credit currency can be LKR format.
Telegraphic transfer facility provide customers can pay their invoice to their foreign clients in their currency format, therefore the currency field must contain only the foreign currency not the LKR currency format. However system allow to set a telegraphic transfer in LKR format currency as well. Currency can be set in LKR format for the telegraphic transfer imply it is violating the business rules of the NDB bank policy. Currency field must only contain foreign currency except LKR format.
Currency can be LKR format.
Implications
Recommendations Managements Comments
17
NDB Bank PLC
TT03 Outward remittance currency format can be LKR format when making payments through telegraphic transfer. Test Reference Observation T-TT10
High
Credit currency can be LKR format.
Telegraphic transfer facility provide customers can pay their invoice to their foreign clients in their currency format, therefore the currency field must contain only the foreign currency not the LKR currency format. However system allow to set a telegraphic transfer in LKR format currency as well. Currency can be set in LKR format for the telegraphic transfer imply it is violating the business rules of the NDB bank policy. Currency field must only contain foreign currency except LKR format.
Currency can be LKR format.
Implications
18
NDB Bank PLC
RTGS Fund Transfer
19
NDB Bank PLC
Payments Through RTGS Transfer

Customer requesting for RTGS Transfer
RTGS request is received
Check customer RTGS Transfer request
N1
Eligible RTGS Transfer
Enter customer RTGS Transfer request
Getting approval for customer RTGS Transfer request
Approve customer RTGS request
Payment receipt received by the customer
Issue debit advice
Print debit advice of payments to customer RTGS transfer
Approved RTGS Transfers
N1: Customer can request RTGS Transfer by letter /fax/application from/e-windows systems N2:
20
NDB Bank PLC
RT01Benifeciery account number can be omitted when making payments through transfer. Test Reference Observation T-TT06
High
When banking assistance paying out money to their customers invoice through electronic fund they need to mention the beneficiary name, account number and destination bank details in the transfer, however account number is not set as mandatory field for the transaction therefore it could be omitted when making the payments through RTGS transfer. If account number is not mention in the RTGS transfer instruction then the payment will not be executed correctly.
Implications
Recommendations
Beneficiary account number should be set as mandatory field when making payments through RTGS transfer.
21
NDB Bank PLC
RT02Benifeciery bank name and its SWIFT code can be omitted when making payments through RTGS transfer. Test Reference Observation T-TT12
High
When banking assistance paying out money to their customers invoice through RTGS fund they need to mention the beneficiary name, account number and destination bank/ SWFT code details in the transfer, however bank name /SWIFT code is not set as mandatory field for the transaction therefore it could be omitted when making the payments through RTGS transfer. If bank name /SWIFT is not mention in the RTGS transfer instruction then the payment will not be executed correctly. Beneficiary account number should be set as mandatory field when making payments through RTGS transfer.
Implications
Recommendations
22
NDB Bank PLC
RT03 Outward remittance currency format can be foreign currency format when making payments through RTGS transfer. Test Reference Observation T-TT10
High
RTGS transfer facility provide customers can pay their invoice to their Local clients in LKR currency format, therefore the currency field must contain only the LKR currency not the foreign currency format. However system allow to set a RTGS transfer in foreign format currency as well. Currency can be set in LKR format for the telegraphic transfer imply it is violating the business rules of the NDB bank policy. Currency field must only contain LKR currency not foreign currency format.
Implications
23
NDB Bank PLC
Sweep Facility
24
NDB Bank PLC
Setup Maintenance Sweep Facility

Customer Brach CPU Inputter CPU Authorizer
Customer requesting for Maintenance Sweep Facility

N1
Customer request is received
Check customer Maintenance Sweep Facility request

Eligible customer request
Stamp Received date and time and verify custom signature

Forward customer Sweep Facility request
Setup customer Maintenance Sweep Facility request
Getting approval for Sweep Facility request
Approve customer Maintenance Sweep Facility setup
N1: Customer can request Maintenance Sweep Facility by letter to Brach Manager /Regional Manager N2:
25
NDB Bank PLC
Setup Surplus Sweep Facility

Customer Brach CPU Inputter CPU Authorizer
Customer requesting for Surplus Sweep Facility

N1
Customer request is received
Check customer Surplus Sweep Facility request

Eligible customer request
Stamp Received date and time and verify customer signature

Forward customer Surplus Sweep Facility request
Setup customer Surplus Sweep Facility request
Getting approval for Sweep Facility request
Approve customer Surplus Sweep Facility setup
N1: Customer can request Surplus Sweep Facility by letter to Brach Manager /Regional Manager N2:
26
NDB Bank PLC
SW01Inappropriate rules can be chosen when executing the sweep facility . Test Reference Observation T-SW06
High
When banking assistance setting up the sweep facility according to the customer requirement they need to mention the rules as well. The rules field has been set as mandatory field, however rules field display inappropriate parameters to setting up the sweep facility therefore inappropriate rules can be applied when setting the sweep facility. If the incurrent rules are applied when setup the sweep facility then then changes in the sweep facility will not be executed correctly. Only irrelevant parameters should be displayed in the rules field.
Implications
27
NDB Bank PLC
Executive Summary
Sweep Facility When making sweep setup for customer requirement the rules need to be chosen. The rule can be MAIN/SURP however irrelevant parameters also displayed by the system. If any of the irrelevant parameter chosen as rules then sweep setup wont work properly. As the result only relevant parameters only must display for rules.
28
NDB Bank PLC
Current Account
29
NDB Bank PLC
Opening Current Account

Customer Banking Assistance Branch Manager CPU
Request to open a current account
Mandate
Check documents and mandates

Approved request
Enter current account details to the system
Get approval from Manager
Authorized Current account
Deposit
Approved current account
Make deposit in newly open current account
Current account updated
Scan documents
Scan and verify the signature enter into the system.
30
NDB Bank PLC
Closing of Current Account

Customer Manager Branch Banking Assistance CPU
Request to close a current account
Request letter
Accept the account closing request letter
Approved account closing request
Enter account closing details
Authorized account closing N1
Get approval from manager
Closed accounts details
Update GL N2
Enter
Store account closing details
N1: Cash pay out to the customers. N2: Letter informing closing of account to customer
31
NDB Bank PLC
CA01 Current account can be open for minor customers. Test Reference Observation T-CA33
Low
Minor customers only have eligibility to open a saving account in NDB bank, they dont have facility to open a current account at NDB bank, however system does allows to open a current account for minor customers as well. Business rules System should prevent to open a current account for minor customers
Implications Recommendations Managements Comments
32
NDB Bank PLC
CA02 Current NRFC account can be opened in LKR format. Test Reference Observation T-CA14
Medium
Foreign customers are eligible to open a current NRFC accounts at NDB bank. The NRFC account currency field must be in foreign currency format and not in the LKR format, however system does allow to open a current NRFC account with LKR as currency format.
Implications Recommendations Managements Comments System should prevent to open a NRFC current account with currency as LKR format.
33
NDB Bank PLC
Standing Orders
34
NDB Bank PLC

Setup standing orders Customer Branch CPU Inputter
CPU Authorizer
Customer request for standing orders

N1
Received customer request
Check completeness of standing order request

Approved standing order Received standing order request Get approval from CPU authorizer
Email requesting CPU to setup a standing order.
Enter customer standing orders request.

N2
Authorized customer standing order s
N1: Customer can request standing orders through letter/form N2: Incomplete customer request will be returned to branch for completeness.
35
NDB Bank PLC
ST01 All the charges codes are not displayed in the system, when executing charges for a customer standing order request.
Low
Test Reference
Observation
T-ST24
When setting a standing order, there will be a small charges will be getting from customer to execute the request. Charges codes can be vary according to the customer standing order request, however system does not display all the available charges codes (SO6) to set a standing orders charges. There is a high possibility that the banking assistance can enter wrong charge code when executing the standing orders request for customer request
Implications
Recommendations
All the standing order charges codes must be display by the system when executing the standing order for customer request.
SO6 standing order charge code not displayed by drop down menu
36
NDB Bank PLC
ST02 Irrelevant work profile parameters are displayed in the system when setting a standing orders through SLIPS. Test Reference Observation T-SA33
Low
When banking assistance uploading the standing orders through SLIPS system they need to choose work profile parameter as one, however the system display irrelevant parameters for work profile option. If banking assistance wrongly choose different parameters for work profile when executing the standing orders through SLIPS then the customer standing order request will not be executed successfully. System must display only one as work profile option when executing the standing orders through SLIPS.
Implications
Recommendations
Work profile parameters can be inaccurate information.
37
NDB Bank PLC
Customer Creation
38
NDB Bank PLC

Customer Creation Customer Banking Assistance (In Putter)
Banking Manager (Authorizer)
Fill madedate form and provide required documents

N1
Filled mandate form and documents
Check mandate form and documents.
Enter customer details in the system
Approved Customer request
Get approval from Branch Manager
Authorized customer
N2
N1: Customer provide NIC/Birth Certificate/Company Registration as an identity proof. N2: Copies of customer documents will be forwarded to CPU for storage purpose.
39
NDB Bank PLC

Customer Amendment Customer Banking Assistance (In Putter)
Banking Manager (Authorizer)
Customer request to make edition of their details.
Customer documents
Check customer documents.
Edit customer details in the system
Approved Customer request
Get approval from Branch Manager
Authorize customer edited details.
40
NDB Bank PLC
CC01Passport number and legal document number can be different for foreign customers. Test Reference Observation T-CC06
High
Whenever banking assistance registering a foreign customers they have to enter passport number and legal document number for customer registration. However system does allow to enter different numbers as passport and legal document numbers. Customer passport number can be different from legal document number ,which can make inaccuracy data being stored in the database about the customer information. System should validated foreign customer passport characters with legal document characters.
Passport number is PP123456
Implications
Recommendations
Passport legal ID number PP12345678
41
NDB Bank PLC
CC02System does allow to register less the18 years old person as an individual customer.
High
Test Reference
Observation
T-CC06
When inputting new individual customers to the system banking assistance need to input date of birth of the customers for initial registration. Individual customer need to be adult and atlease18 years older person ,however system does allow to open an individual customer who is less then 18 years old. It is not comply with NDB business rules allow to open an individual customers who is less than 18 years old. System should not allow to open an individual customers who age is less than 18 years old.
Date of birth is 01 of May 2000 and age is less then18.
Implications
Recommendations
Individual customer age is less the 18.
42
NDB Bank PLC
CC04 Customer can be create with inaccurate date of birth and NIC number. Test Reference Observation T-CC06
High
When banking assistance registering a individual/ foreign customer in the system they need to input date of birth of the customers because it is a mandatory field, however the system not validating date of birth with NIC numbers logic format. Therefore system does accept customers with wrong date of birth and NIC number. The NDB bank need to sent crib report to central banks every month about customer details who fail to pay their due lone fee in given time period, however if NDB sent the wrong customer details (Date of birth and NIC number) then crib wont be executed successfully.
NIC number not validating with date of birth.
Implications
System should validate NIC number with date of birth.
Date of birth is not validating with NIC number.
43
NDB Bank PLC
CC05 Customer email address can be inaccurate when creating the new customers to the system. Test Reference Observation T-CC35
High
When banking assistance registering a new customers to the system, banking assistance need to mention the customers contact details(email address) in the system. However customer email address can be inaccurate. If NDB introduces a new services and they want to promoted their new service to customer through email, then the promotional message will not be reached to customers who have wrong email address in the system. System should validate email address with standard email address.
Wrong email address as customer address
Implications
Wrong email address as abc@gamil.c
44
NDB Bank PLC
CC06 Customer telephone number can be inaccurate when creating a new customers to the system. Test Reference Observation T-CC34
High
When banking assistance registering a new customers to the system, banking assistance need to mention the customers contact details( telephone number) in the system. However customer telephone number can be inaccurate. If NDB bank want to contact a customer for business purpose. Then it is not possible for NDB bank to contact the customer who has wrong telephone number in the system. System should validate telephone numbers with valid srilankan telephone number standards.
Implications
Incorrect phone number as abcd
Recommendations
Customer phone number is incorrect.
45
NDB Bank PLC
CC03 Date of birth and initial is being used as NIC number for minor customers Test Reference Observation T-CC06
High
Whenever minor customer need to be registered in the system by banking assistance they need to fill NIC number field for identification. However minor customers they do not have NIC number because they are less the 18 years old as the result their date of birth and initial is being used as NIC number for them.
Implications Recommendations It is not comply with NDB business rules allow to open an individual customers who is less than 18 years old.
46
NDB Bank PLC
Customer Creation
47
NDB Bank PLC
High
Implications
Recommendations
48
NDB Bank PLC
High
Test Reference
Observation
T-CC06
Implications
Recommendations
49
NDB Bank PLC
High
Implications
50
NDB Bank PLC
High
Implications
51
NDB Bank PLC
High
Implications
Recommendations
52
NDB Bank PLC
High
53
NDB Bank PLC
High
Implications
Recommendations
54
NDB Bank PLC
High
Test Reference
Observation
T-CC06
Implications
Recommendations
55
NDB Bank PLC
High
Implications
56
NDB Bank PLC
High
Implications
57
NDB Bank PLC
High
Implications
Recommendations
58
NDB Bank PLC
High
59
NDB Bank PLC
Over Draft
60
NDB Bank PLC

Over Draft Granting Customers Branch (Branch Manager)
Consumer Credit Operation
Request for over draft
Request letter
Check account over draft limit and interest rate
Eligible over draft request
Authorize over draft
Authorized overdraft request
Block fund in the customer account
Update
Update the account details (T24)
61
NDB Bank PLC
OD01 Over draft granted slips can be printed by the banking assistance before it get approval from branch authorizer. Test Reference Observation T-RE15
High
When banking assistance paying out money to customer request, if the customer request is over the limit then it will ask for an override, however if the override accepted by the banking assistance subsequently system will print the over draft slips to customer before the request being approved by the branch authorizer. If banking assistance accidently granted the money more than the over draft limit amount then it wont be caught immediately. System should allows to print over draft slips by banking assistance after it get approval from branch authorizer.
Available area for sale. Newly created block is available for reservation which is bigger than the whole extent. Creating a new block with 300 purches.
Implications
Recommendations
62
NDB Bank PLC
63
NDB Bank PLC
OD02 Over draft can be granted without any limit restriction Test Reference Observation T-RE15
High
When banking assistance paying out cash to customer over draft request., if the over draft request is over the limit then it asked for override approval from the manager to issue money to customer ,however system does allow to grant over draft facility without any limit restriction. Banking assistance can grant any amount of cash to customer request without any limitation of the over draft. System should allows to print over draft slips by banking assistance after it get approval from branch authorizer.
Available area for sale.
Implications
Recommendations
Creating a new block with 300 purches.
Newly created block is available for reservation which is bigger than the whole extent.
64
NDB Bank PLC
Executive Summary
Over Draft When Over draft slips is getting printed before branch authorizer authoring it. Therefore when money payout only authorizer can noted the overdraft. System allows to grant overdraft without any limitation. When issuing overdraft limit need to be created however system allows for over draft without any limit restriction.
65
NDB Bank PLC
Cheque Clearing
66
NDB Bank PLC
Outwars Clearing
Customers Branch CPU Lanka Clear
Slips and Cheque
Eligible slips & cheque
Collect slips and cheque
Slips and cheque sent to CPU
Scan cheque and slips
Cheque text feild
Enter cheque data to the system(CITS)

Burning cheque image
Burn a CD (Cheque Image and Data)
CD sent to Lanka Clear for Clearance
Return cheque CD to CPU
Clearing Process
CRN generated
Receive return cheque CD Printing CRN (Cheque return notification)
CRN sent to CPU
CRN received by customers
Inform customer
Check with CRN & Lanka clear report
67
NDB Bank PLC
Inward Clearing
Lanka Clearing CPU Branch
Inward cheque CD
CD received by CPU
CIT sub system
Uploaded cheque image
Scrutinize the cheques
Eligible cheques
Enter cheque details (T24 )

Email (return cheque of branch)
Account updating Confirm Return cheques of branch
Return cheque CD
CD sent to Lanka Clear
Return cheque (T24)
Confirmed return cheque
Account updating
68
NDB Bank PLC
SLIPS (Srilanka Inter Bank Payment System)
69
NDB Bank PLC
Incoming SLIPS Transfer

Banking Assistance CPU
Download inwards file & report

N1
copying
Inwards files copying into flash drive
Flash drive given to help desk
Files copying into SLIPS destination

Getting SLIPS uploading files
SLIPS files uploaded into T24 system.
Get approval for SLIPS upload.
Approve the SLIPS upload
Accounts get updated
Updated the account
N1: Inwards files are downloaded through LCPL(Lanka Clear private Limited ) VPN
70

Cheque Book Management: Application Controls Review NDB Bank PLC

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cheque Book Management: Application Controls Review NDB Bank PLC

Uploaded by

Copyright:

Available Formats

NDB Bank PLC

Application Controls Review