Banks – IS Audit
Recommend corrective action
Enterprise-wide compliance
Oversight of IT activities
IS Audit of banks

In the past decade, with the increased technology adoption by Banks, the complexities within the IT environment have given rise to considerable technology related risks requiring effective management. This led the Banks to implement an Internal Control framework, based on various standards and its own control requirements and the current RBI guidelines.
As a result, Bank’s management and RBI, need an assurance on the effectiveness of internal controls implemented and expect the Information System Audit to provide an independent and objective view of the extent to which the risks are managed.
As a consequence, the nature of Audit process has undergone a major transformation and Information System audits are gaining importance as key processes are automated or enabled by technology. Hence, there is a need for banks to re-assess the Information System Audit processes and ensure that Information System Audit objectives are effectively met.
The scope of IS Audit includes:
- Determining effectiveness of planning and oversight of IT activities
- Evaluating adequacy of operating processes and internal controls
- Determining adequacy of enterprise-wide compliance efforts, related to IT policies and internal control procedures
- Identifying areas with deficient internal controls, recommend corrective action to address deficiencies and follow-up, to ensure that the management effectively implements the required actions
“