Welcome to Information System Audit (ISA) Community
Home
MyPage
Disclaimer
Sitemap
FAQs

The Institute of Chartered Accountants of India



ISA COM
What is ISA-COM?
Why join ISA COM?
ROSM
Online Tests
Networking
Others
Press release
Member's feedback
Chairman's desk

TMM Corner

Knowledge Speak
K-Mailer Preview
K-Universe
Jargon Box
Check C-Quotient


Press release

"Information Safety Audit is a Rs 500-cr biz" - Economic Times dated 14-08-02

Information Safety Audit is a Rs 500-cr biz by N.S.Ramnath Increasing use of technology in banks has not only made dealings easier for customers, but also scammers aiming at big bucks. It has also opened up, in the process, a business opportunity valued at approximately Rs500 crore a year, in the form of Information System Audit(ISA).

The guesstimate of market size by banking sources is on the conservative side, considering that a single audit may cost anywhere between Rs 1 lakh to 50 lakh depending on the coverage of the audit and the technology to be audited. Besides, as per RBI guidelines, every bank should conduct systems audits regularly.

Following the central bank's norms, a number of banks have put in place-or are in the process of - developing security policies, which, among other things, would determine the scope and periodicity of ISA. But it is still uncertain whether the contracts will be given to internal or external auditors.

Further, the recent media coverage on Punjab National Bank's tender for appointment of external Information security (IS) auditors raised the issue of who may ultimately gain from this business opportunities. The eligibility criteria demanded by the bank, industry observers felt, were in favour of MNCs with financial muscles rather than Indian Firms.

However, a number of Banks prefer doing IS audit internally. State Bank of India(SBI), which has drawn up a Rs.500 crore budget to computerise its operations, intends to use an internal audit team. Ditto for Union Bank of India(UBI). The Bank, which recently engaged Infosys and Wipro for computerisation, is also going ahead with its own team of internal auditors.

A senior bank official explains that this is because banks are reluctant to expose their systems to outsiders. An argument many disagree with. Mr.S.Santhanakrishnan, chairman of IT Committee of Institute of Chartered Accountants of India, insists banks must engage third party IS auditors for the same reason it engages third party auditors for statutory audits.

"Third party audits will ensure objectivity which is very important for any audit activities. Besides, auditing is not the core activity of banks and it is best left to audit firms. Banks should reap the benefits of specialised skills and knowledge accumulation in independent audit firms, " Mr.Santhanakrishnan argues.

Banks which prefer internal auditing are confident of tackling the issue of objective auditing. Mr. K R Nambalkar, DGM, Indian Overseas Bank, which is in the process of developing its security policy, says IS Auditors would not be a part of IT Team, but an independent team whose head will report to the Board of Directors.

Top

"PNB tender norms favour MNCs, says ICAI" - Business Line dated July 21

N.S. Vageesh - CHENNAI

THE Institute of Chartered Accountants of India (ICAI) has objected to the eligibility criteria fixed by Punjab National Bank (PNB) in its tender for appointment of firms for Information Security Audit in PNB.

PNB had announced its intention a few weeks ago to utilise the services of information security auditors to audit its information security framework for Internet banking.

Mr.S.Santhanakrishnan, Chairman of the IT Committee, ICAI, says that the eligibility criteria are heavily weighted in favour of multinational audit firms and will practically exclude all-national level audit firms. PNB had said in its auditor eligibility criteria for Information Security Audit that the auditors should have a turnover of Rs 5 crore in Information Security Audit and that they should have done a minimum of three projects in India or abroad in financial institutions with Rs 200 crore turnover, among other conditions.

Mr.Santhanakrishnan, says that given the infancy of the industry, the prescription of a turnover of Rs 5 crore for Information Security Audit will preclude most, if not all audit firms in India from submitting their proposals.

Besides, equating the experience of projects in India or abroad in financial institutions is misplaced, given the difference in practices as well as state of network connectivity, according to Mr.Santhanakrishnan.

He said the criteria are framed in such a way that only the multinational audit firms such as - KPMG, PricewaterhouseCoopers, Ernst & Young - would be able to apply for the tender. Mr.Santhanakrishnan says that the Institute has sufficient number of members and member firms, which are qualified to conduct the required information security audit without having recourse to multinational firms, which may also give rise to "National Security issues"!

When queried about what kind of national security issues could arise where public sector banks are involved (where most of their data are in public domain) and when they seem headed for greater privatisation, Mr.Santhanakrishnan said that foreigners could still get hold of sensitive data, databases, payment patterns and more information which is still outside public domain.

"An economy's strength lies in the strength of its banking system. Sensitive information could be used by outsiders to spoil the image of these banks and consequently endanger national security," he said.

Top

Become a Member
» Membership Types
» Member Privileges
» Registration Process
» Membership Policy

» Change Password
» Helpdesk
» Feedback

 
Best viewed on Internet Explorer 4+ & 800 x 600 resolution.

This site is created
and maintained by