| |
Increasing use of technology in banks has made dealings easier for customers and speeded up the operations. Meanwhile there is a corresponding increase of risks in operations. Every bank should conduct Information Systems Audit (ISA) to minimise such risks.
Following RBI`s guidelines, a number of banks have put in place or are in the process of developing security policies, which among other things will determine the scope and periodicity of ISA. A number of banks prefer doing "ISA" internally. Even where banks engage third party IS Auditors, it may be preferable to have additional internal audit to tackle the issue of objective auditing. In order to conduct such internal auditing, it should be ensured that internal IS auditors are not part of IT team and have appropriate professional expertise by way of qualification and training. This will call for technically qualified personnel in the banking set-up and periodical skill building. Not only the auditors - both internal and external- but bankers in general should also be aware of the concerns of audit and initiate appropriate preventive measures. Middle and senior level officers working in banks should necessarily have a good appreciation of issues involved.
With these objectives and requirements, the Institute thought to publish a book which will be useful for: (i) the students enrolled for CelSB examination of the Institute and (ii) persons desiring to acquire upgrade the knowledge on information technology of banks.
The book is divided into five modules consisting of (i) Technology in Banks (ii) Technology - System, Development, Process, implementation (iii) Security and Controls, Standards in Banking (iv) Continuity of Business (v) Overview of legal framework.
It is hoped that the current volume of the book would help the reader
To develop functional expertise in the areas of system identification, development, implementation and designing.
To develop expertise in computer security, implementation of threat prevention and detection systems, designing and testing risk mitigation strategies.
To develop skills for objective assessment of information system control, information privacy and integrity.
To study the tools that provide assurance in the system by measuring against four essential principles availability, security, integrity and maintainability.
To aid the bank management in developing sound information system audit, control and security functions by providing criteria for personnel selection and development.
Primary emphasis of the book is still conceptual. Within the conceptual framework, there is a rigorous coverage of analytical techniques. More importantly, the book gives substantial information about the operational risks that the banks are facing, and how those risks are managed by appropriate measures.
Suggestions to improve contents and coverage of the book are welcome.
|
| |
|