Case study on IS Audit
You are chartered accountant in practice who has recently passed the ISA Exam. Your firm has received an inquiry from a Public Sector Bank for submitting a proposal for IS Audit. Key highlights of the inquiry are:
Software Packages to be audited are given below:
Category A: Developed In-house (Standalone)
Bills
Remittance
Vostro Accounts
Preventive Monitoring System
Category B: (Outsourced)
Cash Management Services
Centralised Banking Solution
The Scope of Audit is as under:
Evaluation of Effectiveness & Effectiveness of the package vis-à-vis business process and requirements
Application Security & Controls review
Database Security and Integrity review
Review of Interface Controls with other applications
Review of Network & Communications controls with relation to the application package
Inter-alia, the above scope shall include the following:
Whether the design of the software conforms to the Requirements Specification.
Objectives of the application - whether these have been fulfilled/ likely to be fulfilled by implementation.
Whether bank’s systems & procedures are being followed in the application.
What are the controls built in the application? Whether these take care of bank’s systems and procedures.
What are the security features available / built into the application package and whether these are sufficient to take care of the risks in a financial transaction.
What is the relative efficiency of the application in conduct of transactions vis-à-vis the performance in similar packages?
Testing robustness of the application package by running a specified number of transactions on int.
Assessment of the Risk component in the package.
To test and verify for any bugs in the application package.
To specify clearly methodology to be adopted in carrying out each of the above steps.
Please discuss the following in your group:
Identify additional information required for submitting the proposal and the methodology of getting the information.
Provide detailed step-by-step methodology, which will be adopted by you for carrying out the assignment.
Identify skill-sets of audit team and estimated time for completing the assignment.
List the standards and guidelines to be used for the assignment and explain how these how these would be adopted and used.
Specify the desired deliverables and proposed formats of the report.
CAclubindia
