|
IS Audit of banks
Commercial banks in India are the backbone of financial
transactions and the volumes put through by them is
mind boggling because of their
- Vast network
- Locations
- Number of customers they serve
Banks have different products for various segments
and employ relevant delivery channels. It is also the
biggest in terms of manpower employed resulting in complex
situations as far as the controls are concerned.
Any IS audit of a bank is a complex operation and a
bank has several layers, beginning with branches at
the lowest and the corporate/head office at the highest
level. The IS audit should be broken down to cover the
entire architecture of the system, i.e. from the system
at the highest level to the terminals or inputs that
the customers use. The audit should be vertical in terms
of hierarchy and horizontal in terms of function.
Information system audit of each module is to be done
with different perspective as each one of them perform
different roles in the organisation and there will be
some overlapping of functions and policies e.g. branch
as well as Head office will have to comply with government
regulations. This can be represented by a three dimensional
matrix which will give a better picture.
BANK's ORGANISATIONAL STRUCTURE &
BUSINESS PROCESS
Fig. 1 Three Dimensional View of Banking Operations
- In the first column we have the list of functions
performed by banks namely, day-to-day operations,
ATMs, Treasury Management, Forex Management, Internet
Banking etc. This is represented by 'm' in the three
dimensional matrix. These activities are carried out
by various operational units mentioned in the second
column namely branches, Regional Offices etc. represented
by 'n' matrix. One of the functions is either carried
out independently by a single unit like opening of
deposit accounts by branches or two or more units
will be involved in completing the process. For example,
in an ATM, while the replenishment of cash and maintenance
is looked after by the branch the purchase of ATMs
and macro level policies to be followed in ATMs are
decided by another unit at the higher level. Thus
a complexity comes into the business process. Similarly,
in treasury management, branches perform physical
delivery of securities in the branches, while the
rates and other decisions such as purchase and sale
are decided by one of the higher operational unit.
- Another dimension called 'o' is added which may
be applicable to either a function ('m') or operational
unit ('n') or both thus increasing the complexity.
As stated earlier, one example is compliance with
government regulations, some of which may be applicable
to only branch level whereas business goals will have
to be achieved by the entire operational units. The
complexity of banking industry is to be kept in mind
during IS audit.
- The role of bank auditors is rapidly changing in
the context of manual bookkeeping and total branch
automation giving way to CBS. But the core audit principles
remain the same though the methods and terminology
used for the audit are different. The periodicity
of IS audit of branch and other offices also will
vary for various levels depending on the nature and
volume of transactions.
• Overview
of banking processes ... read
more
• IS
Audit of banks ... read more
• Controls
in the Information System environment ...
read more
|
