REVISED (version 2) RISK RATING MODEL FOR SELECTION OF BRANCHES FOR EDP AUDITS FOR THE YEAR-2010 DATA ENTRY SHEET REGION NAME Lahore Central BRANCH NAME: Anarkali Branch Lahore BRANCH CODE: 0303 Sr.No.
RISK RATING PARAMETER
Branch Data/Value
1-
BRANCH BASIC PROFILE
a)
Branch Category (with reference to No. of staff members)
b)
Communication Status (Off-line/ On-line)
c)
Availability of ATM(s)
No
d)
Availability of Data Encryptor
No
e)
Availability of CCTV/ Survillence System
Yes
f)
Total No. of PCs at the branch
9
g)
No. of PCs running EBS/ BBO application
5
h)
Availability of Smoke Detection System
2-
II On-line (WL)
No
BRANCH IT PROFILE (DOMESTIC IT APPLICATIONS)
a)
Computerized Banking Application
BBO
b)
NBP Advance Salary
Yes
c)
NBP Saibaan
Yes
d)
NBP Karobar
Yes
e)
Any other IT based Banking Product (Remittance Module etc.)
No
f)
Changes in Branch's Key IT Application (e.g. BBO to EBS) during the year
No
3-
BRANCH IT PROFILE (THIRD PARTY IT APPLICATIONS)
a)
SWIFT
No
b)
Western Union Money Transfer System
Yes
c)
SAMBA
Yes
d)
Any Others (Utility Bills Collection System, eCIB etc)
Yes
4-
BRANCH BUSINESS PROFILE
a)
Deposits (Total No. of accounts)
3,000
b)
Advances (Total No. of accounts)
587
c)
Avg. Daily Transactions (All types)
118
5-
BRANCH CONTROL ENVIRONMENT (As per Previous EDP Audit Report)
a)
Documentation & updation of Duties & Computer User IDs at branch
b)
Segregation of critical duties & Succession planning in EBS/BBO/ATM operations
c)
Password privacy & restricted access to critical IT equipment
d)
Disaster Recovery Arrangements (Data/ Application & power Back-up, Security Alarm & fire fighting arrangements etc)
e)
Adequate recording of hardware/software maintenance log
f)
Checking/ balancing/maintenance of financial & non-financial reports
g)
Input of fake/ incomplete/ incorrect Data in EBS/ BBO
Yes
h)
Execution of Un-liscened/ Irrelevent/unapproved Software at branch
Yes
i)
Anti-virus software presense/ up-dation
j)
Outstanding ATM Settlement Entries
Above 5 entresi, O/S for more than 1 week
k)
Position & Layout of Network wiring
Concealed
6-
Absent Partially Present Present Not Audited Partially Present Absent
Present & Updated
AUDIT RATING/ FINDINGS OF PREVIOUS EDP AUDIT
a)
Audit Rating
b)
Total No. of findings reported
25 or More
c)
Total No. of findings diarized
5 or More
7-
D
COMPLIANCE OF PREVIOUS EDP AUDIT REPORT
a)
Status of Clearance Certificate
Outstanding
b)
Delay (if any) in submission of Clearance Certificate
Not Audited
c)
No. of Diaries Outstanding as per CC
3 or More
I
Off-line
II
On-line (WO)
III
On-line (WL)
EBS BBO
Yes No Not Audited A Not Audited Accepted Outstanding Not Audited Present Partially Present Absent Not Audited
Absent Not Updated/ Not Audited
Present & Updated
Concealed Not Concealed 0 Less than 3 3 or More With in Due Date Delay more than 15 days Not Audited
On-line (WO) On-line (WL)
e than 15 days
REVISED (version 2) RISK RATING MODEL FOR SELECTION OF BRANCHES FOR EDP AUDITS FOR THE YEAR-2010 BRANCH NAME: Sr. No.
Anarkali Branch Lahore
BRANCH CODE:
RISK RATING PARAMETER
0303
CRITERIA FOR SCORING
REGION:
Lahore Central
Maximum Score
Branch Data/ Value
Branch Risk Score
1a) b) c) d) e) f) g)
BRANCH BASIC PROFILE
SCORE=1
SCORE=2
SCORE=3
Branch Category (with reference to No. of staff members)
Category-I
Category-II
Category-III
3
II
2
Communication Status (Off-line/ On-line)
Off-line
On-line (wired)
On-line (wireless)
3
On-line (WL)
3
Availability of ATM(s)
h)
Availability of Smoke Detection System
No ATM
1 ATM
more than 1 ATMs
3
No
1
Availability of Data Encryptor
Yes
No
---
2
No
2
Availability of CCTV/ Survillence System
Yes
No
---
2
Yes
1
Total No. of PCs at the branch
Less than 3
Less than 8
8 or More
3
9
3
No. of PCs running EBS/ BBO application
Less than 3
Less than 6
6 or More
3
5
2
Yes
No
---
2
No
2
SCORE=1
SCORE=2
SCORE=3
EBS
BBO
---
2
BBO
2
NBP Advance Salary
No
Yes
---
2
Yes
2
NBP Saibaan
No
Yes
---
2
Yes
2
NBP Karobar
No
Yes
---
2
Yes
2
Any other IT based Banking Product (Remittance Module etc.)
No
Yes
---
2
No
1
Changes in Branch's Key IT Application (e.g. BBO to EBS) during the year
No
Yes
---
2
No
1
SCORE=1
SCORE=2
SCORE=3
SWIFT
No
Yes
---
2
No
1
Western Union Money Transfer System
No
Yes
---
2
Yes
2
SAMBA
No
Yes
---
2
Yes
2
Any Others (Utility Bills Collection System, eCIB etc)
No
Yes
---
2
Yes
2
SCORE=3
TOTAL SCORE OF PARAMETER 1 :
21
14
2a) b) c) d) e) f)
BRANCH IT PROFILE (DOMESTIC IT APPLICATIONS)
3a) b) c) d)
BRANCH IT PROFILE (THIRD PARTY IT APPLICATIONS)
4a) b) c)
BRANCH BUSINESS PROFILE
SCORE=1
SCORE=2
Deposits (Total No. of accounts)
less than 1000
less than 3000
3000 or moe
3
3,000
3
Advances (Total No. of accounts)
less than 300
less than 1000
1000 or more
3
587
2
Avg. Daily Transactions (All types)
less than 100
less than 1000
1000 or more
3
118
1
Computerized Banking Application
TOTAL SCORE OF PARAMETER 2 :
12
TOTAL SCORE OF PARAMETER 3 :
TOTAL SCORE OF PARAMETER 4 :
Regional Audit Office (C) Lhr
9
8
9
7
6
MIS Section
Sr. No.
RISK RATING PARAMETER
CRITERIA FOR SCORING
5a) b) c)
BRANCH CONTROL ENVIRONMENT (As per Previous EDP Audit Report)
Maximum Score
Branch Data/ Value
Branch Risk Score
SCORE=1
SCORE=2
SCORE=3
Documentation & updation of Duties & Computer User IDs at branch
Present
Partially Present/ Not Audited
Absent
3
Absent
3
Segregation of critical duties & Succession planning in EBS/BBO/ATM operations
Present
Partially Present/ Not Audited
Absent
3
Partially Present
2
Password privacy & restricted access to critical IT equipment
Present
Partially Present/ Not Audited
Absent
3
Present
1
d)
Disaster Recovery Arrangements (Data/ Application & power Back-up, Security Alarm & fire fighting arrangements etc)
Present
Partially Present/ Not Audited
Absent
3
Not Audited
2
e) f) g) h) i)
Adequate recording of hardware/software maintenance log
Present
Partially Present/ Not Audited
Absent
3
Partially Present
2
Checking/ balancing/maintenance of financial & non-financial reports
Present
Partially Present/ Not Audited
Absent
3
Absent
3
Input of fake/ incomplete/ incorrect Data in EBS/ BBO
No
Not Audited
Yes
3
Yes
3
Execution of Un-liscened/ Irrelevent/unapproved Software at branch
No
Not Audited
Yes
3
Yes
3
Present & Updated
Not updated/ Not Audited
Absent
3
Present & Updated
1
j)
Outstanding ATM Settlement Entries
No Entry O/S for more than one week
Below 5 entries, O/S for more than 1 week
Above 5 entries, O/S for more than 1 week
3
Above 5 entresi, O/S for more than 1 week
3
k)
Position & Layout of Network wiring
Concealed
Not Concealed
--
2
Concealed
Anti-virus software presense/ up-dation
TOTAL SCORE OF PARAMETER 5 :
6a) b) c)
AUDIT RATING/ FINDINGS OF PREVIOUS EDP AUDIT
7a)
32 SCORE=1
SCORE=2
SCORE=3
A or B
C / Not Audited
D
3
D
3
Total No. of findings reported
less than 16
Less than 25/ Not Audited
25 or More
3
25 or More
3
Total No. of findings diarized
0
Less than 5/ Not Audited
5 or More
3
5 or More
3
COMPLIANCE OF PREVIOUS EDP AUDIT REPORT
SCORE=1
SCORE=2
SCORE=3
Status of Clearance Certificate
Accepted
Not Audited
Outstanding
3
Outstanding
3
With in Due Date
Delay not more than 15 days/ Not Audited
Delay more than 15 days
3
Not Audited
2
0
Less than 3/ Not Audited
3 or More
3
3 or More
2
Audit Rating
TOTAL SCORE OF PARAMETER 6 :
b)
Delay (if any) in submission of Clearance Certificate
c)
No. of Diaries Outstanding as per CC
9
TOTAL SCORE OF PARAMETER 7 :
SUMMARY OF RISK RATING SCORE Sr. #
1 24
9
Branch: Anarkali Branch Lahore (0303)
Parameter Discription
9
Region:
7
Lahore Central
Maximum Score
Risk Score Attained by the Branch
Risk %
1
BRANCH BASIC PROFILE
21
14
66.67%
2
BRANCH IT PROFILE (DOMESTIC IT APPLICATIONS)
12
9
75.00%
3
BRANCH IT PROFILE (THIRD PARTY IT APPLICATIONS)
8
7
87.50%
4
BRANCH BUSINESS PROFILE
9
6
66.67%
5
BRANCH CONTROL ENVIRONMENT (As per Previous EDP Audit Report)
32
24
75.00%
6
AUDIT RATING/ FINDINGS OF PREVIOUS EDP AUDIT
9
9
100.00%
7
COMPLIANCE OF PREVIOUS EDP AUDIT REPORT
9
7
77.78%
100
76
76.00%
TOTAL: Regional Audit Office (C) Lhr
MIS Section
Sr. No.
RISK RATING PARAMETER
CRITERIA FOR SCORING
Maximum Score
Branch Data/ Value
Branch Risk Score
(Khurram Jahangir Mughal) OG-I/Section Incharge (MIS)
Regional Audit Office (C) Lhr
MIS Section
Regional Audit Office (C) Lhr
MIS Section
Regional Audit Office (C) Lhr
MIS Section
Regional Audit Office (C) Lhr
MIS Section
I II III V
Off-line On-line (WO) On-line (WL)
EBS BBO
Yes No Not Audited A C D Accepted Outstanding Not Audited
Regional Audit Office (C) Lhr
MIS Section
Present Partially Present Absent Not Audited
Absent Not Updated/ Not Audited
Present & Updated
0 Less than 4 4 or More Not Audited
With in Due Date Delay more than 15 days Not Audited Delay Not more than 15 days
Regional Audit Office (C) Lhr
MIS Section
Regional Audit Office (C) Lhr
MIS Section