TheManageMentor - ICAI - Chairman's desk

Welcome to Information System Audit (ISA) Community

Home

MyPage

Disclaimer

Sitemap

FAQs

The Institute of Chartered Accountants of India

ISA COM

What is ISA-COM?

Why join ISA COM?

ROSM

Online Tests

Networking

Others

Press release

Member's feedback

ISA Tool Kit

Chairman's desk

TMM Corner

Knowledge Speak

K-Mailer Preview

K-Universe

Jargon Box

Check C-Quotient

ISA Tool Kit

Banking Series - Part I

Controls in the Information System environment
All transactions put through, need to be continuously monitored for their integrity and compliance with control requirements. IS audit will provide assurance to the management about the adequacy of bank's control measures. Two key controls in any IT environment are

Application controls: These are the controls that exist within the application software, which puts through the transactions at the branch level. One example is permitting of overdrawing in any account, which should be permitted only by the authorised person and none else.
Information System controls: These are the controls in developing IT packages, ensuring system security and monitoring IT processes. Successful IS controls can increase the reliability of application controls. In the system security, effective control should be exercised in physical access as well as in access to control software. Password controls and access levels have to be clearly defined and well documented. Another important area any IS audit should look at is access violation monitoring, which will give an idea about any unauthorised attempts to log into the system. Reporting of errors and maintaining a log of such errors will help in improving the software.

In addition to the above the following areas are also critical to the IS audit.

Operating System Controls
Under these controls, it is ensured that only authorized users log in to the terminals and are uniquely identifiable and accountable. Logs are maintained on the use of utilities, changes to access methods etc and this will give the IS auditor an idea about the controls existing at the operating system level.
Database Controls
This controls the access to data files to authorised users only and ensures that data is validated before it is updated in the database.
Infrastructure Controls
This takes care of other areas such as restricting physical access to computer room to authorized personnel, Fire Hazards, Air conditioning, power supply, communication network, insurance etc.

Disaster management:

An effective disaster management should be in place so that downtime is negligible. It will affect the image of the bank if customers are not able to put through their transactions quickly. This is very true if they are not able to access ATMs or through Internet. The backup procedures should be effective and care should be taken to observe the following:

Regular backups
Backups on external media
Offsite storage of backups
Testing of backup periodically for validity of data
Comprehensive backup
Replacing the backup media at regular intervals

Another area is maintaining a close liaison with vendors so that any problems encountered with hardware and other related infrastructure can be rectified minimising the downtime.

Conclusion

We have given you an overview of IS audit and what is in store for you. We will deal with various aspects of IS audit of banks in detail in the forthcoming issues

Click Here for Printer Friendly Version

Tool-kit Home | Back | Top

Become a Member

» Membership Types

» Member Privileges

» Registration Process

» Membership Policy

» Change Password

» Helpdesk

» Feedback

Best viewed on Internet Explorer 4+ & 800 x 600 resolution.

This site is created and maintained by
About TMM : Board of Directors \| Advisory board \| Partners \| Offices \| Team \| Press \| Privacy Policy \| Contact Us © Copyright 2001 C & K Management Limited