IS Audit in Banks
Information Systems Audit in Indian Banks
Cyber Crime Consultants addresses business processes run on Information Technology. To this end, we help you deploy technology to enhance efficiency and retain flexibility in goods and services provided worldwide. We help you empower your business with all the benefits of 24x7 banking practices like ATM networks and Internet Banking.
Our team helps you mitigate exposure of the company to:
- Process re-engineering failure
- Non addressing control structure changes
- Lack of awareness and training
- Vendor dependence
- Improper Information systems Audit
The team helps you audit not only records of financial transactions, but also business processes. We support SMT (Senior Management Team) decisions on deployment of technology and quality of services. Cyber Crime Consultants addresses both - Information Systems Audit and Financial Audit. We empower automation of systems with IT tools and solutions.
Our aim is to help you maximize IT advantages evade disadvantages. To this end, the Information System Audit we provide is different from financial audit in approach. While our financial audit addresses post-mortem activity, the information systems audit primarily focuses business process controls and their impact on transactions, even those yet to be transacted.
Another way in which our financial audit differs from the Information System Audit is that while the former focuses on volume of transactions (Quantitative value), the latter focuses on the transaction process. of transaction (Qualitative value).
We garner the functionality of all the IT solutions you have in place and report on their input and output in the audit process. Our team of auditors also uses CAAT - Computer Assisted Audit Tools and Techniques:
- Financial Audit CAAT - ACL, IDEA, SOFTCAAT
- Information systems audit CAAT - Output Analyzers, Firewall, Vulnerability assessment tools
Cyber Crime Consultants offers Information systems audit to cover various processes:
We address all information assets of the business and also cover technologies developed for deployment of Information processes like:
- Networked ATMs
- Wireless LAN
- Interactive Website
- Branchless banking (Any Where banking)
The Information systems audits we deliver are focused on verification of controls. Depending on in house technology deployment, there are different IS Audits we provide:
- Software Audit to skim control weaknesses (Acquired Packaged Software, Acquired developed software, In-house developed software)
- Implementation Audit to make software available across business locations for use by customers or employees (regulatory and/or statutory requirements)
- Operations Audit to prevent misuse/frauds (Branch operations, ATM operations, Network administration, System access, EDI and remote login, Software development process, Software testing)
- Firewall/Network audits to ensure security of communication
- Internet banking/web server audits to protect access to Bank database (procedures of identification, authentication and authorization)
- Business continuity management audits (Disaster recovery, business continuity)
- PKI Audits to manage private keys
- Combination audits (EDI/ development and deployment of software, ATM/ implementation audit etc)
Cyber Crime Consultants empowers audits through supervision of skilled and knowledgeable I S Auditors. We follow all the standards and practices defined by the Information Systems Audit and Control Association (ISACA). Our auditors follow and deliver requirements of:
- Audit Charter - Responsibility, Authority and Accountability
- Independence – Professional and Organizational
- Professional Ethics and Standards - Code of Professional Ethics and Due Professional Care
- Competence – Skills/Knowledge and Continuing Professional Education
- Planning - Audit Planning
- Performance of Audit Work – Supervision and Evidence
- Reporting - Scope, objectives, duration, nature and extent
- Follow-Up Activities – Evaluation, conclusions and recommendations
We adhere to procedures defined by the management during audit. Risk-based audit offered by the team comprises evaluation of procedures and analysis of ingrained technology. We develop a control matrix to target risk mitigation. This not only helps in analyzing your perception about the risks involved, but also highlights risk perception discrepancies.
Cyber Crime Consultants helps you address security issues before outsourcing (performance, secrecy, fidelity, continuity, vendor processes, outsourcing agreements). Auditing of compliance of integral security-risk procedures are part and parcel of our deal.
We also assist you in your endeavor to control outsourced systems, software development requirements, development of Information Security Policy and procedures and Password sharing. Another area you can bank on Cyber Crime Consultants for support is Self Audits. Self Audit or Control self assessment add precision to operational audits. We offer the Workshop method and the questionnaire approach.
Internal I S Audit by Cyber Crime Consultants covers all the technology at hand. Our team of internal auditors handles Operational I S Audits to focus on compliance of predefined business and IT procedures. We take on challenges for all types of complex technological audits.Cyber Crime Consultants – Essentials:
- Cyber Crime Consultants follows RBI guidelines for internal and external auditing (Software audit, operations audit, and implementation and conversion audit)
- Operations audits deployed by the team include Banking operations audit as well as Technical operations audit.
- The operation audit questionnaire we use is in sync with has questions covering access controls and flagging of dormant accounts.
- Our auditors are equipped to highlight quantitative errors like quantum of incorrect interest and risks perceived due to losses and compensating controls
- Our approach is to understand and address risks arising out of use of technology nod hence we offer I S audit with ‘soul’