Risk Rating For It Audit Of Branch

  • June 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Risk Rating For It Audit Of Branch as PDF for free.

More details

  • Words: 1,533
  • Pages: 12
REVISED (version 2) RISK RATING MODEL FOR SELECTION OF BRANCHES FOR EDP AUDITS FOR THE YEAR-2010 DATA ENTRY SHEET REGION NAME Lahore Central BRANCH NAME: Anarkali Branch Lahore BRANCH CODE: 0303 Sr.No.

RISK RATING PARAMETER

Branch Data/Value

1-

BRANCH BASIC PROFILE

a)

Branch Category (with reference to No. of staff members)

b)

Communication Status (Off-line/ On-line)

c)

Availability of ATM(s)

No

d)

Availability of Data Encryptor

No

e)

Availability of CCTV/ Survillence System

Yes

f)

Total No. of PCs at the branch

9

g)

No. of PCs running EBS/ BBO application

5

h)

Availability of Smoke Detection System

2-

II On-line (WL)

No

BRANCH IT PROFILE (DOMESTIC IT APPLICATIONS)

a)

Computerized Banking Application

BBO

b)

NBP Advance Salary

Yes

c)

NBP Saibaan

Yes

d)

NBP Karobar

Yes

e)

Any other IT based Banking Product (Remittance Module etc.)

No

f)

Changes in Branch's Key IT Application (e.g. BBO to EBS) during the year

No

3-

BRANCH IT PROFILE (THIRD PARTY IT APPLICATIONS)

a)

SWIFT

No

b)

Western Union Money Transfer System

Yes

c)

SAMBA

Yes

d)

Any Others (Utility Bills Collection System, eCIB etc)

Yes

4-

BRANCH BUSINESS PROFILE

a)

Deposits (Total No. of accounts)

3,000

b)

Advances (Total No. of accounts)

587

c)

Avg. Daily Transactions (All types)

118

5-

BRANCH CONTROL ENVIRONMENT (As per Previous EDP Audit Report)

a)

Documentation & updation of Duties & Computer User IDs at branch

b)

Segregation of critical duties & Succession planning in EBS/BBO/ATM operations

c)

Password privacy & restricted access to critical IT equipment

d)

Disaster Recovery Arrangements (Data/ Application & power Back-up, Security Alarm & fire fighting arrangements etc)

e)

Adequate recording of hardware/software maintenance log

f)

Checking/ balancing/maintenance of financial & non-financial reports

g)

Input of fake/ incomplete/ incorrect Data in EBS/ BBO

Yes

h)

Execution of Un-liscened/ Irrelevent/unapproved Software at branch

Yes

i)

Anti-virus software presense/ up-dation

j)

Outstanding ATM Settlement Entries

Above 5 entresi, O/S for more than 1 week

k)

Position & Layout of Network wiring

Concealed

6-

Absent Partially Present Present Not Audited Partially Present Absent

Present & Updated

AUDIT RATING/ FINDINGS OF PREVIOUS EDP AUDIT

a)

Audit Rating

b)

Total No. of findings reported

25 or More

c)

Total No. of findings diarized

5 or More

7-

D

COMPLIANCE OF PREVIOUS EDP AUDIT REPORT

a)

Status of Clearance Certificate

Outstanding

b)

Delay (if any) in submission of Clearance Certificate

Not Audited

c)

No. of Diaries Outstanding as per CC

3 or More

I

Off-line

II

On-line (WO)

III

On-line (WL)

EBS BBO

Yes No Not Audited A Not Audited Accepted Outstanding Not Audited Present Partially Present Absent Not Audited

Absent Not Updated/ Not Audited

Present & Updated

Concealed Not Concealed 0 Less than 3 3 or More With in Due Date Delay more than 15 days Not Audited

On-line (WO) On-line (WL)

e than 15 days

REVISED (version 2) RISK RATING MODEL FOR SELECTION OF BRANCHES FOR EDP AUDITS FOR THE YEAR-2010 BRANCH NAME: Sr. No.

Anarkali Branch Lahore

BRANCH CODE:

RISK RATING PARAMETER

0303

CRITERIA FOR SCORING

REGION:

Lahore Central

Maximum Score

Branch Data/ Value

Branch Risk Score

1a) b) c) d) e) f) g)

BRANCH BASIC PROFILE

SCORE=1

SCORE=2

SCORE=3

Branch Category (with reference to No. of staff members)

Category-I

Category-II

Category-III

3

II

2

Communication Status (Off-line/ On-line)

Off-line

On-line (wired)

On-line (wireless)

3

On-line (WL)

3

Availability of ATM(s)

h)

Availability of Smoke Detection System

No ATM

1 ATM

more than 1 ATMs

3

No

1

Availability of Data Encryptor

Yes

No

---

2

No

2

Availability of CCTV/ Survillence System

Yes

No

---

2

Yes

1

Total No. of PCs at the branch

Less than 3

Less than 8

8 or More

3

9

3

No. of PCs running EBS/ BBO application

Less than 3

Less than 6

6 or More

3

5

2

Yes

No

---

2

No

2

SCORE=1

SCORE=2

SCORE=3

EBS

BBO

---

2

BBO

2

NBP Advance Salary

No

Yes

---

2

Yes

2

NBP Saibaan

No

Yes

---

2

Yes

2

NBP Karobar

No

Yes

---

2

Yes

2

Any other IT based Banking Product (Remittance Module etc.)

No

Yes

---

2

No

1

Changes in Branch's Key IT Application (e.g. BBO to EBS) during the year

No

Yes

---

2

No

1

SCORE=1

SCORE=2

SCORE=3

SWIFT

No

Yes

---

2

No

1

Western Union Money Transfer System

No

Yes

---

2

Yes

2

SAMBA

No

Yes

---

2

Yes

2

Any Others (Utility Bills Collection System, eCIB etc)

No

Yes

---

2

Yes

2

SCORE=3

TOTAL SCORE OF PARAMETER 1 :

21

14

2a) b) c) d) e) f)

BRANCH IT PROFILE (DOMESTIC IT APPLICATIONS)

3a) b) c) d)

BRANCH IT PROFILE (THIRD PARTY IT APPLICATIONS)

4a) b) c)

BRANCH BUSINESS PROFILE

SCORE=1

SCORE=2

Deposits (Total No. of accounts)

less than 1000

less than 3000

3000 or moe

3

3,000

3

Advances (Total No. of accounts)

less than 300

less than 1000

1000 or more

3

587

2

Avg. Daily Transactions (All types)

less than 100

less than 1000

1000 or more

3

118

1

Computerized Banking Application

TOTAL SCORE OF PARAMETER 2 :

12

TOTAL SCORE OF PARAMETER 3 :

TOTAL SCORE OF PARAMETER 4 :

Regional Audit Office (C) Lhr

9

8

9

7

6

MIS Section

Sr. No.

RISK RATING PARAMETER

CRITERIA FOR SCORING

5a) b) c)

BRANCH CONTROL ENVIRONMENT (As per Previous EDP Audit Report)

Maximum Score

Branch Data/ Value

Branch Risk Score

SCORE=1

SCORE=2

SCORE=3

Documentation & updation of Duties & Computer User IDs at branch

Present

Partially Present/ Not Audited

Absent

3

Absent

3

Segregation of critical duties & Succession planning in EBS/BBO/ATM operations

Present

Partially Present/ Not Audited

Absent

3

Partially Present

2

Password privacy & restricted access to critical IT equipment

Present

Partially Present/ Not Audited

Absent

3

Present

1

d)

Disaster Recovery Arrangements (Data/ Application & power Back-up, Security Alarm & fire fighting arrangements etc)

Present

Partially Present/ Not Audited

Absent

3

Not Audited

2

e) f) g) h) i)

Adequate recording of hardware/software maintenance log

Present

Partially Present/ Not Audited

Absent

3

Partially Present

2

Checking/ balancing/maintenance of financial & non-financial reports

Present

Partially Present/ Not Audited

Absent

3

Absent

3

Input of fake/ incomplete/ incorrect Data in EBS/ BBO

No

Not Audited

Yes

3

Yes

3

Execution of Un-liscened/ Irrelevent/unapproved Software at branch

No

Not Audited

Yes

3

Yes

3

Present & Updated

Not updated/ Not Audited

Absent

3

Present & Updated

1

j)

Outstanding ATM Settlement Entries

No Entry O/S for more than one week

Below 5 entries, O/S for more than 1 week

Above 5 entries, O/S for more than 1 week

3

Above 5 entresi, O/S for more than 1 week

3

k)

Position & Layout of Network wiring

Concealed

Not Concealed

--

2

Concealed

Anti-virus software presense/ up-dation

TOTAL SCORE OF PARAMETER 5 :

6a) b) c)

AUDIT RATING/ FINDINGS OF PREVIOUS EDP AUDIT

7a)

32 SCORE=1

SCORE=2

SCORE=3

A or B

C / Not Audited

D

3

D

3

Total No. of findings reported

less than 16

Less than 25/ Not Audited

25 or More

3

25 or More

3

Total No. of findings diarized

0

Less than 5/ Not Audited

5 or More

3

5 or More

3

COMPLIANCE OF PREVIOUS EDP AUDIT REPORT

SCORE=1

SCORE=2

SCORE=3

Status of Clearance Certificate

Accepted

Not Audited

Outstanding

3

Outstanding

3

With in Due Date

Delay not more than 15 days/ Not Audited

Delay more than 15 days

3

Not Audited

2

0

Less than 3/ Not Audited

3 or More

3

3 or More

2

Audit Rating

TOTAL SCORE OF PARAMETER 6 :

b)

Delay (if any) in submission of Clearance Certificate

c)

No. of Diaries Outstanding as per CC

9

TOTAL SCORE OF PARAMETER 7 :

SUMMARY OF RISK RATING SCORE Sr. #

1 24

9

Branch: Anarkali Branch Lahore (0303)

Parameter Discription

9

Region:

7

Lahore Central

Maximum Score

Risk Score Attained by the Branch

Risk %

1

BRANCH BASIC PROFILE

21

14

66.67%

2

BRANCH IT PROFILE (DOMESTIC IT APPLICATIONS)

12

9

75.00%

3

BRANCH IT PROFILE (THIRD PARTY IT APPLICATIONS)

8

7

87.50%

4

BRANCH BUSINESS PROFILE

9

6

66.67%

5

BRANCH CONTROL ENVIRONMENT (As per Previous EDP Audit Report)

32

24

75.00%

6

AUDIT RATING/ FINDINGS OF PREVIOUS EDP AUDIT

9

9

100.00%

7

COMPLIANCE OF PREVIOUS EDP AUDIT REPORT

9

7

77.78%

100

76

76.00%

TOTAL: Regional Audit Office (C) Lhr

MIS Section

Sr. No.

RISK RATING PARAMETER

CRITERIA FOR SCORING

Maximum Score

Branch Data/ Value

Branch Risk Score

(Khurram Jahangir Mughal) OG-I/Section Incharge (MIS)

Regional Audit Office (C) Lhr

MIS Section

Regional Audit Office (C) Lhr

MIS Section

Regional Audit Office (C) Lhr

MIS Section

Regional Audit Office (C) Lhr

MIS Section

I II III V

Off-line On-line (WO) On-line (WL)

EBS BBO

Yes No Not Audited A C D Accepted Outstanding Not Audited

Regional Audit Office (C) Lhr

MIS Section

Present Partially Present Absent Not Audited

Absent Not Updated/ Not Audited

Present & Updated

0 Less than 4 4 or More Not Audited

With in Due Date Delay more than 15 days Not Audited Delay Not more than 15 days

Regional Audit Office (C) Lhr

MIS Section

Regional Audit Office (C) Lhr

MIS Section

Related Documents