Financial Institutions - IS Audit Services

Business Value

Key Value drivers vary between organizations and industries; they may range from “Increased efficiency and effectiveness”, to “Meeting fiduciary requirements regarding compliance reporting, security and privacy of data”, to “Reduced dependency on individual key IT personnel”; each adding a fraction of value to the total business value. Organizations seek to maximize business value and strive to satisfy associated business goals, objectives and requirements.

Information is vital to any organizations functioning and survival in today’s technology based society; however, through its lifecycle, information is constantly under threat from many sources which can be internal, external, accidental, or malicious.

Considering their key role and business nature, financial institutions are subject to particular quality, security and regulatory requirements, which heavily affect the organization’s decision on what governance and control it should provide, and the needed level of assurance.

In this context, Independent assurance reviews are of a great importance in monitoring and evaluating the internal control system by enabling the organization to identify control deficiencies and inefficiencies and to initiate improvement actions; thus obtaining transparency for key stakeholders on the adequacy of the system of internal controls and providing trust in operations, confidence in the achievement of enterprise objectives and an adequate understanding of residual risks.

Information Systems Audit Services

TAGITI IT Audit services consist of a number of IT Audit and Security services that aim to provide reasonable assurance and address the organization’s objectives and requirements. The services are also aligned with international standards and best practices including COBIT, ISO 27001, ISO22301, ITIL, and other best practices. Combined with TAGITI expertise, the IT audit services form an important source of assurance on the enterprise IT.

The IT Audit services consist of the following services, each service can be customized as appropriate:

The main focus will be to review the core financing systems, accounting systems features, application interfaces, and information flow, and assess it against international best practices for accounting and application systems as well as business Requirements.

TAGITI have extensive knowledge and experience in IT audit, accounting, business process modeling, application design and ERP systems business processes, all of which will allow us to thoroughly understand the environment and to accurately pinpoint any areas which needs to be addressed.

Hereunder are the main areas to be addressed in this audit service taking into consideration that the actual needs will be determined during the envisioning phase:

• System administration
  1. System Users management
  2. System Security management
  3. System application modules management
  4. General system configuration and parameter

• System setup

1. Clients definition
2. Group clients definition
3. Loan computation method definition
4. Payments frequency definition
5. Loan guarantee types definition
6. Loan products definition
7. Banks definition

• Loan cycle management

1. Loan request
2. Loan approval
3. Loan scheduling
4. Loan disbursement and Multi disbursement
5. Loan repayment
6. Loan rescheduling
7. Loan write off
8. Treasury Management
9. Portfolio Management

• Reporting

1. loans risk management reporting
2. portfolio monitoring and tracking reporting
3. delinquent  loans and repayment reporting
4. loans requests and status tracking reporting
5. loans due payment aging reporting
6. loans products reporting
7. clients and groups reporting

In addition to the mentioned above, other integrated/ un-integrated information systems may also be reviewed; including ERP systems, CRM systems, Supply Chain Management systems, business Intelligence, web applications and other systems. This service includes:

• Reviewing business units and departments business and functional requirements.
• Understanding, from a functional and technical perspective, what processes have been implemented in the application(s) and how they have been handled.
• Specifying where the system(s) currently lies and any discrepancies.
• Conducting penetration testing for the external environment to detect vulnerabilities and week controls
• Review Information Technology deployed hardware and the surrounding environment including data center, connectivity and networking based on the international general computer controls areas.

This service focuses on IT controls that are designed to manage and monitor the IS environment, in addition to the IT controls over the acquisition, implementation, delivery and support of IS systems and services. The following areas are addressed in this service:

1. Information Resource Strategy And Planning,
2. System Software Acquisition And Development,
3. Information Systems Operation,
4. Application Systems Implementation And Maintenance,
5. Relationships With Outsourced Vendors,
6. Database Implementation And Support,
7. Hardware Support & IT Fixed Assets,
8. Business Continuity Planning,
9. Network Support,
10. Information Security.

A penetration test is a formal, planned attack on the organization’s network, with the objective of finding the vulnerabilities on any of its systems that can be exploited to gain entry to, or compromise any of its’ systems. This audit emphasizes the combination of many different types of test results with known techniques to obtain access.

The main objective is to assess the features, operated under the organization’s website, to achieve a reasonable assurance of the appropriateness and compliance with web standards and best practices, and achievement of the business goals. The following areas are addressed in this service: Security, Design (Look and Feel), Content, Engineering, and Search Engine Optimization.

List of Selected References