Role and responsibilities of the Bank :
Considering the importance of IT systems in the preparation and presentation of financial statement, it is imperative that the bank should share the detailed information about the following key aspects relating to IT environment of the bank with the central auditor at regular intervals:
Overall IT Policy, structure and environment of the bank’s IT system and changes/developments, if any, thereto.
Data processing and data interface under various systems.
Data integrity and data security.
Business Continuity Plans and Disaster Recovery Plans.
Accounting manual and critical accounting entries (including month-end and year-end) and the processes and involvement of IT systems.
Controls over key aspects, such as, account codes and mapping thereof, use of various account heads including other assets and other liabilities,
income recognition, expense booking, overdue identification, month-end and year-end procedures, valuation and re-valuation of various items of
the financial statements, KYC, ALM, etc.
Controls and recording of various e-banking and internet banking products.
Manual processing of key transactions.
MIS reports being generated and the periodicity thereof.
Hard copies being generated and the periodicity thereof.
Process of generating information related to various disclosures in the financial statements and the involvement of the IT systems.
Major exception reports and the process of generation thereof.
Major IT related issues (including frauds and failures) faced and resolved/unresolved during the year, such as, data/system corruption,
system break-down, etc., having bearing on the preparation and presentation of financial statements.
Significant observations of internal auditors, concurrent auditors, system auditors, RBI inspection and internal inspection, etc., related to
computerised accounting and overall IT systems.
Customer complaints related to mistakes in transactions (interest
application, balances, etc.).
In order to ensure that the technology deployed to operate the payment system/s authorised is/are being operated in a safe, secure, sound and
efficient manner and as per the process flow submitted by the bank for which authorisation has been issued, banks are required to get a System
audit done by a firm of Chartered Accountants / Certified Information System Auditor. The scope of the System audit would include evaluation
of the hardware structure, operating systems and critical applications, security and controls in place, including access controls on key applications, disaster recovery plans, training of personnel managing systems and applications, documentation, etc. The system auditor also required to comment on the deviations, if any, in the processes followed from the process flow submitted to RBI while seeking authorisation.