Information System Audit in Indian Banks

Information itself is an important asset in today’s business. If information is lost, modified, misused huge loss can occur to business. Hence information security becomes important for any business. Information system in business including that of banking is becoming technology oriented. Computers are being used in all the areas of business including that of financial accounting. Internal controls used in a Computerized Information System (CIS) environment should aim at information security also. This aspect of internal control is mostly overlooked in a Financial Audit where evidence collection and evaluation is more important.

Audit provides the assurance to stakeholders of business. Assurance provided by a financial audit is about financial statements, which are relied upon and based on which decisions are taken by many stakeholders. However there are risks associated in any business, which is not highlighted in a financial audit. Operational Risk and Audit For example Basel II Accord mentions of ‘operational risks’ that are due to failure of system, process, procedure and human action/inaction (fraud) and legal restrictions, etc. in the operation of banks, some of which are not dealt in financial audit.

The Basle committee has identified people, processes, systems and external events, as potential hazards for operations. Inadequacy and failure of any of them can result into events, which cause losses. Every business has to identify events of their relevance. The events may be similar in the same industry, but vary from an organization to organization. The whole exercise of the operational risk management is to identify potential events, which are likely to cause losses.

Here is a list of some of the events, which could lead to operational risk (non exhaustive): Technology error Fraud and theft Legal, Regulatory non compliance, Transaction risk Processes, people and systems are closely linked with information systems. Even measurement and recognition of external events need information systems. Therefore, under the new Accord, the job of an audit and control practitioner shall become more onerous and challenging. Therefore a financial audit cannot assure that the information system is foolproof as financial auditor is not expert in information technology. Hence an expert should provide an opinion that information system is risk-free. This is where Information System Audit (IS Audit) comes into picture.

Meaning of IS audit Information systems audit is a part of the overall audit process, which is one of the facilitators for good corporate governance. While there is no single universal definition of IS audit, Ron Weber has defined it as “the process of collecting and evaluating evidence to determine whether a computer system (information system) Safeguards assets Maintains data integrity Achieves organizational goals effectively and Consumes resources efficiently. ” Key Challenge in IS Audit IS audit often involves finding and recording observations that are highly technical.

Such technical depth is required to perform effective IS audits. At the same time it is necessary to translate audit findings into vulnerabilities and businesses impacts to which operating managers and senior management can relate. Therein lies a main challenge of IS audit. Scope of IS Audit IS auditing is an integral part of the audit function because it “supports the auditor’s judgment on the quality of the information processed by computer systems. ” Initially, auditors with IS audit skills are viewed as the technological resource for the audit staff. The audit staff often looks o them for technical assistance.

Within IS auditing there are many types of audit needs, such as Organizational IS audits (management control over information technology), Technical IS audits (infrastructure, data centers, data communication), Application IS audit (business/financial/operational), Development/implementation IS audits (specification/ requirements, design, development and post-implementation phases) Compliance IS audits involving national or international standards. The IS auditor’s role has evolved to provide assurance that adequate and appropriate controls are place.

Of course, the responsibility for ensuring that adequate internal controls are in place rests with management. Audit’s primary role, except in areas of management advisory services, is to provide a statement of assurance as to whether adequate and reliable internal controls are in place and are operating in an efficient and effective manner. So, whereas management is to ensure, auditors are to assure. The breadth and depth of knowledge required to audit information technology and systems is extensive.

For example, IS auditing involves the: pplication of risk-oriented audit approaches use of computer assisted audit tools and techniques(CAATs) application of standards (national or international) such as ISO-9000/3 to improve and implement quality systems in software development understanding of business roles and expectations in the auditing of systems under development as well as the purchase of software packaging and project management Evaluation of complex Systems Development Life Cycle (SDLC) or new development techniques (e. g. , prototyping, end-user computing, rapid systems or application development).

Evaluation of complex technologies and communications protocols involves electronic data interchange, client servers, local and wide area networks, data communications, telecommunications and integrated voice/data/video systems. Elements/components of IS Audit An information system is not just a computer. Today’s information systems are complex and have many components that piece together to make a business solution. Assurances about an information system can be obtained only if all the components are evaluated and secured. The proverbial weakest link is the total strength of the chain.

The major elements of IS audit can be broadly classified: Physical and environmental review–This includes physical security, power supply, air conditioning, humidity control and other environmental factors. System administration review–This includes security review of the operating systems, database management systems, all system administration procedures and compliance. Application software review–The business application could be payroll, invoicing, a web-based customer order processing system or an enterprise resource planning system that actually runs the business.

Review of such application software includes access control and authorizations, validations, error and exception handling, business process flows within the application software and complementary manual controls and procedures. Additionally, a review of the system development lifecycle should be completed. Network security review–Review of internal and external connections to the system, perimeter security, firewall review, router access control lists, port scanning and intrusion detection are some typical areas of coverage.

Business continuity review–This includes existence and maintenance of fault tolerant and redundant hardware, backup procedures and storage, and documented and tested disaster recovery/business continuity plan. Data integrity review–The purpose of this is scrutiny of live data to verify adequacy of controls and impact of weaknesses, as noticed from any of the above reviews. Such substantive testing can be done using generalized audit software (e. g. , computer assisted audit techniques).

It is important to understand that each audit may consist of these elements in varying measures; some audits may scrutinize only one of these elements or drop some of these elements. While the fact remains that it is necessary to do all of them, it is not mandatory to do all of them in one assignment. The skill sets required for each of these are different. The results of each audit need to be seen in relation to the other. This will enable the auditor and management to get the total view of the issues and problems. This overview is critical.

Calculate the price
Make an order in advance and get the best price
Pages (550 words)
*Price with a welcome 15% discount applied.
Pro tip: If you want to save more money and pay the lowest price, you need to set a more extended deadline.
We know how difficult it is to be a student these days. That's why our prices are one of the most affordable on the market, and there are no hidden fees.

Instead, we offer bonuses, discounts, and free services to make your experience outstanding.
How it works
Receive a 100% original paper that will pass Turnitin from a top essay writing service
step 1
Upload your instructions
Fill out the order form and provide paper details. You can even attach screenshots or add additional instructions later. If something is not clear or missing, the writer will contact you for clarification.
Pro service tips
How to get the most out of your experience with MyStudyWriters
One writer throughout the entire course
If you like the writer, you can hire them again. Just copy & paste their ID on the order form ("Preferred Writer's ID" field). This way, your vocabulary will be uniform, and the writer will be aware of your needs.
The same paper from different writers
You can order essay or any other work from two different writers to choose the best one or give another version to a friend. This can be done through the add-on "Same paper from another writer."
Copy of sources used by the writer
Our college essay writers work with ScienceDirect and other databases. They can send you articles or materials used in PDF or through screenshots. Just tick the "Copy of sources" field on the order form.
See why 20k+ students have chosen us as their sole writing assistance provider
Check out the latest reviews and opinions submitted by real customers worldwide and make an informed decision.
Business and administrative studies
Customer 452773, February 23rd, 2023
Social Work and Human Services
Great work I would love to continue working with this writer thought out the 11 week course.
Customer 452667, May 30th, 2021
I just need some minor alterations. Thanks.
Customer 452547, February 10th, 2021
Business and administrative studies
Thank you
Customer 452773, March 19th, 2023
Business Studies
Thank you very much for a good job done and a quick turn around time.
Customer 452615, March 31st, 2021
Great job
Customer 452773, February 13th, 2023
Business and administrative studies
excellent job!
Customer 452773, May 25th, 2023
Human Resources Management (HRM)
excellent work
Customer 452773, July 3rd, 2023
English 101
IThank you
Customer 452631, April 6th, 2021
Criminal Justice
This has been the greatest help while I am recovering from an illness. Thank your team so much.
Customer 452671, May 2nd, 2021
Don't really see any of sources I provided, but elsewise its great, thank you!
Customer 452697, May 8th, 2021
Looks great and appreciate the help.
Customer 452675, April 26th, 2021
Customer reviews in total
Current satisfaction rate
3 pages
Average paper length
Customers referred by a friend
15% OFF your first order
Use a coupon FIRST15 and enjoy expert help with any task at the most affordable price.
Claim my 15% OFF Order in Chat

Sometimes it is hard to do all the work on your own

Let us help you get a good grade on your paper. Get professional help and free up your time for more important courses. Let us handle your;

  • Dissertations and Thesis
  • Essays
  • All Assignments

  • Research papers
  • Terms Papers
  • Online Classes
Live ChatWhatsApp