Financial Institutions - IS Audit Services

Business Value

Key Value drivers vary between organizations and industries; they may range from “Increased efficiency and effectiveness”, to “Meeting fiduciary requirements regarding compliance reporting, security and privacy of data”, to “Reduced dependency on individual key IT personnel”; each adding a fraction of value to the total business value. Organizations seek to maximize business value and strive to satisfy associated business goals, objectives and requirements.

Information is vital to any organizations functioning and survival in today’s technology based society; however, through its lifecycle, information is constantly under threat from many sources which can be internal, external, accidental, or malicious.

Considering their key role and business nature, financial institutions are subject to particular quality, security and regulatory requirements, which heavily affect the organization’s decision on what governance and control it should provide, and the needed level of assurance.

In this context, Independent assurance reviews are of a great importance in monitoring and evaluating the internal control system by enabling the organization to identify control deficiencies and inefficiencies and to initiate improvement actions; thus obtaining transparency for key stakeholders on the adequacy of the system of internal controls and providing trust in operations, confidence in the achievement of enterprise objectives and an adequate understanding of residual risks.


Information Systems Audit Services

TAGITI IT Audit services consist of a number of IT Audit and Security services that aim to provide reasonable assurance and address the organization’s objectives and requirements. The services are also aligned with international standards and best practices including COBIT, ISO 27001, ISO22301, ITIL, and other best practices. Combined with TAGITI expertise, the IT audit services form an important source of assurance on the enterprise IT.

The IT Audit services consist of the following services, each service can be customized as appropriate:

Core Systems and Applications Audit:


The main focus will be to review the core financing systems, accounting systems features, application interfaces, and information flow, and assess it against international best practices for accounting and application systems as well as business Requirements.

TAGITI have extensive knowledge and experience in IT audit, accounting, business process modeling, application design and ERP systems business processes, all of which will allow us to thoroughly understand the environment and to accurately pinpoint any areas which needs to be addressed.

Hereunder are the main areas to be addressed in this audit service taking into consideration that the actual needs will be determined during the envisioning phase:

  • System administration
    1. System Users management
    2. System Security management
    3. System application modules management
    4. General system configuration and parameter
  • System setup
  1. Clients definition
  2. Group clients definition
  3. Loan computation method definition
  4. Payments frequency definition
  5. Loan guarantee types definition
  6. Loan products definition
  7. Banks definition
  • Loan cycle management
  1. Loan request
  2. Loan approval
  3. Loan scheduling
  4. Loan disbursement and Multi disbursement
  5. Loan repayment
  6. Loan rescheduling
  7. Loan write off
  8. Treasury Management
  9. Portfolio Management
  • Reporting
  1. loans risk management reporting
  2. portfolio monitoring and tracking reporting
  3. delinquent  loans and repayment reporting
  4. loans requests and status tracking reporting
  5. loans due payment aging reporting
  6. loans products reporting
  7. clients and groups reporting

In addition to the mentioned above, other integrated/ un-integrated information systems may also be reviewed; including ERP systems, CRM systems, Supply Chain Management systems, business Intelligence, web applications and other systems. This service includes:

  • Reviewing business units and departments business and functional requirements.
  • Understanding, from a functional and technical perspective, what processes have been implemented in the application(s) and how they have been handled.
  • Specifying where the system(s) currently lies and any discrepancies.
  • Conducting penetration testing for the external environment to detect vulnerabilities and week controls
  • Review Information Technology deployed hardware and the surrounding environment including data center, connectivity and networking based on the international general computer controls areas.


Computer General Control (GCC) Audit:


This service focuses on IT controls that are designed to manage and monitor the IS environment, in addition to the IT controls over the acquisition, implementation, delivery and support of IS systems and services. The following areas are addressed in this service:

  1. Information Resource Strategy And Planning,
  2. System Software Acquisition And Development,
  3. Information Systems Operation,
  4. Application Systems Implementation And Maintenance,
  5. Relationships With Outsourced Vendors,
  6. Database Implementation And Support,
  7. Hardware Support & IT Fixed Assets,
  8. Business Continuity Planning,
  9. Network Support,
  10. Information Security.


External Penetration Testing


A penetration test is a formal, planned attack on the organization’s network, with the objective of finding the vulnerabilities on any of its systems that can be exploited to gain entry to, or compromise any of its’ systems. This audit emphasizes the combination of many different types of test results with known techniques to obtain access.


Website Audit:


The main objective is to assess the features, operated under the organization’s website, to achieve a reasonable assurance of the appropriateness and compliance with web standards and best practices, and achievement of the business goals. The following areas are addressed in this service: Security, Design (Look and Feel), Content, Engineering, and Search Engine Optimization.


List of Selected References


Provided Service

Client Name


Application System

And It Infrastructure Audit Proposal

AMLAK International -  KSA, Al- Riyadh


Microfinance Application Audit

National Microfinance Bank (NMB)


Microfinance Application Audit

CHF Jordan


Microfinance Application and General Computer Controls Audit

Microfund for Women (MFW)


Microfinance Application and General Computer Controls Audit

Jordan Trade Facilities Company (JTF)


Microfinance Application and General Computer Controls Audit

Middle East Micro Credit Co. (MEMCCO)


Audit five commercial banks operating in Afghanistan

Central Bank of Afghanistan (DAB)


Information Security Audit

Egyptian Arab Land Bank (ELAB)


Project Management

Cities and Villages Development Bank (CVDB)


Assessment of IT functionality and security, and set-up of IT long-term strategy Supervising COBIT Framework and  ISO 27001 implementation

Jordan Kuwait Bank (JKB)


Enhancing IT organizational structure

Arab Bank for Economic Development in Africa (BADEA)


Information Security Audit

Jordan Ahli Bank (JAB)


IT Security Assessment

Unicorn Investment Bank (UIB)


Information Security Audit

The Arab Islamic Bank (iiabank)


ERP – Microsoft Dynamics AX Implementation

Etihad Middle Exchange LLC.


Developing and managing software ESCROW agreements

Tamkeen Leasing Co. Amman-Jordan


General Computer Controls Audit

Palestine National Fund (PNF)


Review and evaluate “Broker manager” Software packages

Jordan Securities Commission (JSC)


General Information Technology & Security Controls Audit

Aqaba Airport Company (AAC)


General Computer Control (GCC) Audit

Aqaba Ports


General Computer Control (GCC) Audit

United Pharmaceutical Manufacturing Co. (UPM)


General Computer Control (GCC) Audit



General Computer Control (GCC) Audit

Al-Isra University 


General Computer Control (GCC) Audit

Al-Rahid Hospital Center 


General Computer Control (GCC) Audit

Jordan Emirates Insurance 


General Computer Control (GCC) Audit

King Abdullah II Award for Excellence (KACE)


IT Infrastructure Audit

Amman Hilton Hotel


Software Asset Management Review

Jordan Phosphate Mines Co. (JPMC)


Application Audit

Jordan Electric Power Co. (JEPCO)


General Computer Control (GCC) Audit

Aqaba Bulk Chemicals Company (ABCCOJO)