Bank Info Systems Audit To Be Mandatory From March

The Reserve Bank of India (RBI) plans to make audit of information systems of computerised bank branches mandatory from March 2003.

Not all public sector financial enterprises have initiated steps to audit their information systems.

The RBI will make the audit compulsory based on certain level of computerisation, Sanjay Agarwal, a chartered accountant and treasurer at Information Systems Audit and Control Association (Isaca), said.

Members of Isaca have been empanelled by the RBI to undertake an IS audit. Just a handful public sector banks of a total 27 -- Dena Bank, Punjab National Bank (PNB), Allahabad Bank and Small Industries Development Bank of India (Sidbi) -- have floated tenders for the appointment of firms for information systems audit.

 

The RBI has directed banks and financial institutions to address security concerns over banks' computerised set-up at the earliest.

According to senior bank officials, State Bank of India (SBI) proposes to audit its information systems internally.

Likewise, Bank of Baroda (BoB) and Bank of India (BoI) also intend to do this internally. However, as per the guidelines laid down by the central bank on information systems security, it has been recommended that organisations must use third-party certified IS auditors to conduct the audit.

Even public sector banks that have undertaken the audit have not gone in for a full-scale review. Many opt to audit select computerised branches, more critical in the nature of their operations and where there are more advances and deposits, Agarwal said.

PNB undertook information systems audit in 200 of its branches in March this year. "The central bank is urging the banks to undertake an information systems audit as billions of depositors' money is at stake and the awareness of the threats has not percolated down to the grassroots (branch) level," Agarwal said.

Top management of banks are, however, worried and many have initiated steps to check the hardware and improve the quality of the software.

"Dependence on information technology has increased and will go up further with the advent of core banking solutions and new products. Therefore, information systems risks need to be managed and controlled," said RBI executive director R B Barman at a seminar here on Saturday.

The turnout at the one-day seminar on 'Banks' Survival in Digital Era' organised by Isaca -- indicated greater interest and participation by the top management of private sector banks, followed by the senior management of foreign banks.

"There is tremendous amount of apathy among public sector banks, and even the central bank feels it," a senior chartered accountant associated with Isaca said.