Professional Documents
Culture Documents
2
Trends in Banking in 2016
Trends in Business: Globalization & Competition
9
What is IS Inspection
11
Changing Face of Information Technology (IT)
12
Original
Global
Importer
Documents
Importer
Paperless
Bank Trade
Details
of export documentation
Electronic
Export
Payment Documents
LC issued
subject to eUCP
PAKISTAN
EDI
Singapore
Electronic
Documents
Created
Exporter’s Bank
3rd Party
Docs e.g. B/L
Feeds to assist
Document
creation
Exporter 13
IT Risks
Internal
• IT Administration
External
• IT governance • Network security
• Internal vulnerabilities of systems • E-mail security
• Security administration • Application security
• E-mail control • Privacy
• Virus control • Internet access
• Application administration • Virus control
• Communications-LAN/WAN • Communications
• User management • Firewall
• User support and training configuration
• Disaster recovery planning • Hackers
14
Areas covered under IS inspection
IS Governance in the Bank
Protection of Information Assets
Logical Access Exposures and Controls
Network Infrastructure Security
25
II. Auditing Technology for Information Systems
A. Review of Systems Documentation:
The auditor reviews documentation such as narrative descriptions, flowcharts, and
program listings. In desk checking the auditor processes test or real data through the
program logic.
B. Test Data:
The auditor prepares input containing both valid and invalid data. Prior to processing
the test data, the input is manually processed to determine what the output should look
like. The auditor then compares the computer-processed output with the manually
processed results.
Computer
Computer
Application
Application DataFiles
Data Files
System
System ITF Data
Reports
Reports Reports
Reports Manually
Manually
WithOnly
Only WithOnly
Only Auditor Processed
With With Processed
ActualData
Actual Data ITFData
ITF Data Compares Results
Results
II. Auditing Technology for Information Systems
The test data and ITF methods both process test data through real programs. With
parallel simulation, the auditor processes real client data on an audit program
similar to some aspect of the client’s program. The auditor compares the results of
this processing with the results of the processing done by the client’s program
Computer Operations Actual Auditors
Actual
Transactions
Transactions
Computer
Computer Auditor’s
Auditor’s
Application
Application Simulation
Simulation
System
System Program
Program