Case study on IS Audit

Ravi Satpal , Last updated: 16 September 2007  
  Share


Case study on IS Audit

You are chartered accountant in practice who has recently passed the ISA Exam. Your firm has received an inquiry from a Public Sector Bank for submitting a proposal for IS Audit. Key highlights of the inquiry are:

Software Packages to be audited are given below:

Category A: Developed In-house (Standalone)

Bills

Remittance

Vostro Accounts

Preventive Monitoring System

Category B: (Outsourced)

Cash Management Services

Centralised Banking Solution

The Scope of Audit is as under:

Evaluation of Effectiveness & Effectiveness of the package vis-à-vis business process and requirements

Application Security & Controls review

Database Security and Integrity review

Review of Interface Controls with other applications

Review of Network & Communications controls with relation to the application package

Inter-alia, the above scope shall include the following:

Whether the design of the software conforms to the Requirements Specification.

Objectives of the application - whether these have been fulfilled/ likely to be fulfilled by implementation.

Whether bank’s systems & procedures are being followed in the application.

What are the controls built in the application? Whether these take care of bank’s systems and procedures.

What are the security features available / built into the application package and whether these are sufficient to take care of the risks in a financial transaction.

What is the relative efficiency of the application in conduct of transactions vis-à-vis the performance in similar packages?

Testing robustness of the application package by running a specified number of transactions on int.

Assessment of the Risk component in the package.

To test and verify for any bugs in the application package.

To specify clearly methodology to be adopted in carrying out each of the above steps.

Please discuss the following in your group:

Identify additional information required for submitting the proposal and the methodology of getting the information.

Provide detailed step-by-step methodology, which will be adopted by you for carrying out the assignment.

Identify skill-sets of audit team and estimated time for completing the assignment.

List the standards and guidelines to be used for the assignment and explain how these how these would be adopted and used.

Specify the desired deliverables and proposed formats of the report.

Join CCI Pro

Published by

Ravi Satpal
(CA (Final) & CS (Executive) Student)
Category Audit   Report

  6756 Views

Comments


Related Articles


Loading