Information Systems Audit Policy

Information Systems Audit Policy.

[Audio] The business operations in the Banking sector have been increasingly dependent on the computerized information systems over the years. It has now become impossible to separate information technology from the business of the banks. There is a need for focused attention of the issues of the corporate governance of the information systems in computerized environment and the security controls to safeguard information and information systems. The developments in information technology have a tremendous impact on auditing. Well planned and structured audit is essential for risk management, monitoring and controlling Information systems in any organization..

[Audio] The Working Group on Information Systems Security for the Banking and Financial Sector constituted by Reserve Bank of India enumerated that each Bank in the country should conduct 'Information Systems (I-S---) Audit Policy' of the Bank. Accordingly, in the year 2006 first IS Audit Policy of the Bank was framed with the help of M/s Paladion..

[Audio] Auditing is a systematic and independent examination of information system environment to ascertain whether the objectives set out to be achieved, have been met or not. Auditing is also described as a continuous search for compliance. The objective of the IS audit is to identify risks that an organization is exposed to in the computerized and fast changing environment. IS audit evaluates the adequacy of the security controls and informs the management with suitable conclusions and recommendations. IS audit is an independent normal audit exercise and it is an ongoing process of evaluating controls, suggesting security measures for the purpose of safeguarding assets / resources, maintaining data integrity, improving system effectiveness and system efficiency for the purpose of attaining organization goals. Well planned and structured audit is essential for risk management and monitoring of information systems in any organization..

[Audio] The IS auditor shall obtain sufficient, reliable, relevant and useful evidence to achieve audit objectives effectively and assess the effectiveness, efficiency, adequacy, security, control mechanisms, processes et cetera vis a vis business and organizational goals of the Bank, compliance to the policies of the Bank, regulatory requirements, international best practices and standards. The IS auditor shall exercise due professional care, independence, responsibility, authority and accountability during the conduct of the audit..

[Audio] All the employees of the Bank as well as all service providers and system integrators are responsible for adhering to the IS Audit Policy of the Bank, to the extent applicable..