written 2.6 years ago by |
INTRODUCTION
• Information Technology is changing the banking operations.
• It has largely influenced the activities of banks, which are mainly financial in nature.
• Besides having advantages such as efficiency, speed and economy in transactions processing, challenges are also posed by usage of IT.
INFORMATION SYSTEM AUDIT
A process of collecting and evaluating evidence to determine the capability of computer system to safeguard the assets such as hardware, software and data by adopting:
security and control measures,
maintain data integrity
achieve goals of the organization effectively.
and results in efficient use of available resources
IS AUDIT CONTROLS
• Control is a set of interrelated components that function together to achieve some goals.
• It is the sum of policies, procedures, practices and organizational structures designed to provide assurance regarding the achievement of business objectives.
• Concerned with detection and control of undesired events Example: ACCESS CONTROL
• Events and circumstances are identified which could result in loss to organization. These events are called EXPOSURES Controls are the acts which are implemented to minimize exposures.
Following are the types of controls:
1) Detterent controls
• Designed to deter people from doing undesirable activities.
• eg written policies focusing on punitive measures may deter people from doing undesired activities
2) Preventive measures
• Minimise the probability of unlawful events taking place.
• eg. security controls at various levels like hardware, software, application software etc.
3) Detective controls
• In case of exposure, detective controls report its existence with a view to minimize the extent of damage.
• eg. Fire precautions like smoke detectors and heat detectors
4) Corrective controls
• These are designed for recovery from a loss situation
• eg. Business continuity planning
• Without corrective controls, the bank has risk of business loss due to its inabilityto recover essential IT based services, information and other resourses after the disaster has taken place.