Checklists for IS Audit
Committee on Computer Audit
RBI, DBS, CO
1
Report of the Committee on Computer Audit
Index
I
Introduction
II
Standardised Checklist for conducting Computer Audit
Questionnaires
1.
Business Strategy
2.
Long Term IT Strategy
3.
Short Range IT Plans
4.
IS Security Policy
5.
Implementation of Security Policy
6.
IS Audit Guidelines
7.
Acquisition and Implementation of Packaged Software
8.
Development of software - in-house and outsourced
9.
Physical Access Controls
10.
Operating System Controls
11.
Application Systems Controls
12.
Database controls
13.
Network Management
14.
Maintenance
15.
Internet Banking
Chapter I
INTRODUCTION
1.1
The Jilani Working Group on internal controls and inspection / audit systems in banks
(1995) identified key risks associated with IT systems and recommended various control
measures to address these risks. It recognized the need for a specialized system of EDP audit
and recommended that the entire domain of EDP activities should be brought under the
scrutiny of the Inspection and Audit department. Banks were advised by the Department of
Banking Supervision (DBS) of the Bank to expeditiously implement the recommendations of
the group.
1.2
The risks and controls systems in computerized banks were analysed by Coopers and
Lybrand (U.K) under the Technical Assistance Project funded by the Department For
International Development (DFID) U.K. Based on the consultancy report, DBS had issued in
1998 a detailed guidance note to banks apprising them of the risks in computerized
environment and suggested associated controls to address the specific risk. An inspection
manual was also prepared in 1997 with the assistance of the aforesaid international
consultants for the guidance of the Reserve Bank officers inspecting banks with computerized
accounting system. An assessment of the system of EDP audit in the concerned bank is now
an integral part of the Annual Financial Inspection of banks.
1.3
An assessment of the system of computer audit in banks as on March 31, 2000 was
made