Sample Performa Checklist of Is Audit

INFORMATION SYSTEM (IS) AUDIT FOR CBS BRANCHES
ANNEXURE I
I. BASIC DATA SHEET

1. BRANCH PROFILE
A. Name of the Branch (With Branch
Code)
a) Date of Opening of the Branch
b) Additional Services (ATM,
RTGS/NEFT/E-FUND, OLTAS ETC.)
c) Zone Name (Under which the branch falls)
d) Total Deposits as on date of Audit
e) Total Advances as on date of Audit
f) Date of last IS Audit
g) Name of the Auditor
h)Date of Present IS Audit
j) Name of the Auditor
k) Name of the Branch Incharge
B. DETAILS OF HARDWARE :
a) Total number of Terminals
b) Number of Server(s)
c) Printers
d) UPS/Acs
e) Obsolete Hardware (Numbers/ Types/
Book Value/ Depreciation etc.)
f) Name/ Address of Vendor
g) A.M.C for & valid upto
C. DETAILS OF SOFTWARE:
a) Operating System, its version -
b) Application Software, its version
c) Name/Address of Vendor :
d) Unauthorized Software
e) A.M.C. for& valid upto :.
II. DETAILED REPORT

II.A: IMPLEMENTATION CONTROLS:
S. Particulars Breaches/Risk(s)
No. (Low Risk-High marks and High Risk Low Marks)
Risk Category No Low Medium High Max Marks Remarks
Breach Score Scored
1. Whether all the 3
staff of the
branch have
working
knowledge of
the Application
Software?
2. Whether Post 3
Delivery
Inspection of the
Hardware
delivered during
the last 12
months has been
done?
Total 6
II.B: ENVIRONMENT (SAFEGUARDING OF COMPUTER ASSETS)

II.B.I. SITE ENVIRONMENTS
S. Particulars Breaches/Risk(s) (Low Risk-High marks and High Risk Low
No. Marks)
Breach Score Scored
1. Are the 3
machines kept
too close to the
wall?
2. Is the layout of 3
machines and
other equipment
convenient ?
3. Is the electrical 3
wiring
independent&
direct from the
mains ?
4. Is 3
separateearthing
provided for ?
5. Are all points 3
properly
grounded?
6. Is the power 3
supply to all the
computer related
equipment
through UPS ?
7. Whether 3
provisions for
switching over to
stabilizer/standby
UPS in case of
UPS break down
is available?
8. Is onlyan 3
extension board
used & not a
multipoint plug ?
Total 24
II.B.II: MISCELLANEOUS
No. Marks)
Breach Score Scored
1. Whether 3
sufficient no. of
Carbon Dioxide
gas type fire-
extinguishers are
provided?
2. Is everyone 3
aware of what
type of fire
extinguishers are
to be used on
computer
hardware
equipment in
case of fire?
3. Are these being 3
serviced and
tested
periodically?
4. Whether 3
smoke/heat/water
alarms are
provided?
5. Whether 3
suitable
communication
media (Intercom
etc. ) are
provided for
communication
with the other
staff members ?
6. Is the insurance 3
separate for the
machines and
not part of the
general fixed
assets insurance?
7. Is there a vacuum 3
cleaner?
If yes, is it in
working
condition?
If yes, is it being
used?
8. Whether the 3
machines are
dusted
everyday ?
9. Whether 3
smoking,
drinking and
eating inside the
branch premises
is prohibited
by putting
appropriate
signs ?
10. Is pest control 3
being
implemented?
Total 30
II C: HARDWARE (SAFEGUARDING OF COMPUTER ASSETS)

II.C.I COMPUTER HARDWARE
No. Marks)
Breach Score Scored
1. Whether terms& 3
conditions as
stipulated in the
purchase order/
sanction have
been complied
with ?
2. Whether 3
Hardware/
Software register
as per prescribed
format has been
maintained ?
3. Is maintenance 3
and servicing of
systems
supervised?
4. Whether 3
Hardware items
are numbered as
per fixed assets
register ?
Comments for
difference, if any.
5. Whether any 3
hardware item
purchased /
delivered at the
branch/ office
during the
current financial
year has been got
insured in terms
of HO Accounts
Department
guidelines.
Total 15
NOTE: DETAILS OF COMPUTER HARDWARE ITEMS INSTALLED AS WELL AS

OBSOLETE IN THE BRANCH ( ITEM, DATE OF PURCHASE,NAME OF THE
VENDOR ETC.) SHOULD BE ANNEXED TO THE REPORT.
II.C.II: UNINTERRUPTED POWER SUPPLY (UPS):

No. Marks)
Breach Score Scored
1. Has U P S been 9
installed
2. Is there separate 3
cabin for UPS?
3. Does the cabin 3
has proper
ventilation?
4. Are the 3
batteries of the
UPS kept outside
the cabin ?
5. Is Standby UPS 3
provided?
6. Whether the UPS 3
(if provided) is
used only for the
system and no
other power
consuming
equipment is
connected to it ?
Total 18
II.C.III: ANNUAL MAINTENANCE CONTRACT ( AMC ):

No. Marks)
Breach Score Scored
1. Whether Annual 6
Maintenance
Contract has
been entered into
for the
maintenance of
i.ComputerSyste
ms?
ii. U.P.S. ?
2. Are the AMCs 6
current ? for -
i. Computer
Systems
ii.U.P.S.
3. Does the vendor's 3
representative
visit the
installation
periodically for
preventive
maintenance
i.System
Equipment
ii.U.P.S
4. Whether visits by 3
vendors for
preventive
maintenance are
recorded?
Total 18
II.D: SOFTWARE (DATA INTEGRITY):

II.D.I:APPLICATION SOFTWARE
No. Marks)
Breach Score Scored
1. Whether the 9
application
softwares (other
than CBS
Application )
with latest
version installed
in the branch
2. Whether all the 9
softwares(other
than CBS
application)
installed in the
branch/ office are
duly authorized
& approved by
HO IT?
3. Whether the 9
latest version of
applicationsoftwa
res(other than
CBS application)
released by HO
IT are loaded at
the branch/
office.
4. Are backups of 9
latest version of
software(other
than CBS
application)
preserved in
branch with
effective dates?
5. Whether user- 9
ID is required
along with
password at the
time of entering
the system?
6. Whether audit 3
trail is printed
and it contained
all operations
input to the
computer?
7. Whether deletion 6
or modification
of transaction is
permitted? if so,
whether a report
can be
generated? if
not, transaction
correction is
done by voucher
posting which is
authorized in
writing.
8. Whether interest 3
rates are stored
in each account
record?
9. Are interest 9
calculation
correctly done?
10. Whether interest 3
postings are
prompted by the
system on
predetermined
dates?
11. While opening an 3
account, is the
number generated
by the system?
12. Whether 6
threshold limit
entered for
SB/CA accounts?
13. Do exception 3
reports contain
large withdrawals
of deposits in
case of new
accounts during
the first six
months and are

these being
monitored?
14. Whether accounts 9
once closed can
be revived?
15. Whether, a report 3
on the closed
accounts can be
generated?
16. Whether the 3
system calculates
interest due till
date before
closing the
account ?
17. Whether accounts 9
can be closed
without debiting
or crediting
interest due ?
18. Whether warning 3
is given for
minimum
balances?
19. Whether 3
shortcuts of
Finacle server,
Finacle report
server and E
helpline server
are at Desktop
and added to
favourites?
Total 111
II.D.II OPERATIONAL CONTROL (DATA INTEGRITY):

No. Marks)
Breach Score Scored
1. Does the system 3
allow an user to
log on two
different
terminals
simultaneously?
2. Are updation / 3
modifications to
accounts
subjected to dual
control out of
which one is of
supervisory
category?
3. Is there any list 3
of internal and
external
personnel
authorized to
access
computer
resources
available with the
branch?
4. Is automatic 3
screen blanking
and log out/
terminal lock
after a certain
period of
inactivity exists?
5. Whether Users 3
are changing the
passwords
periodically?
6. Whether a 3
register of
passwords
changes is
maintained?
7. Are the floppies / 3
tapes / pen-drives
being kept under
lock& Key.?
8. Whether 3
Exception
Statement is
being seen and
signed by the
Branch In-
charge?
9. Is the "END OF 3
REPORT" being
printed at the
end of each
report?
10. Whether total 3
no. of pages in
a particular
report (e.g. page
2 of 5 printed
on each leave of
the report?
11. Whether Cheque 3
Books issued are
recorded on
system daily?
12. Whether vendor's 9
representative is
allowed access to
the system only
in the presence of
a responsible
officer?
13. Whether vendor's 3
representative /
EDP Officer is
asked to record
the purpose of his
visit to the
branch in the
complaint / Visit
Register and
asked to give
details of his
visit ?
14. Are primary and 3
emergency
telephone
numbers and
addresses for
each key
personnel
available ?
15. Are telephone 3
numbers and
addresses of
hardware &
software vendor
available?
Total 51
II E NETWORK MANAGEMENT
II E.I. DATA CABLES & NETWORKING PRODUCTS
No. Marks)

Breach Score Scored
1. Whether LAN 3
Switch / Hubs
etc. are installed
securely in a rack
with proper
ventilation, glass
front door and
locking facility?
2. Whether Router / 3
Modems /Hubs
etc. are installed
securely in a
separate rack
with proper
ventilation, glass
front door and
locking facility?
3. Whether Both the 3
boxes housing
LAN switch and
Router are kept
locked all the
time?
4. Whether Router 3
and switch boxes
are installed in a
physically secure
place with
adequate
protection from
environmental
threats like fire
etc.?
5. Whether keys of 3
both the boxes
are in the custody
of authorized
officials?
6. Whether 3
Networking
equipments
namely Router,
Switches,
Modems etc. are
kept powered on
24x7 and
connected to a
UPS which is
also kept on
24x7?
7. Whether Data 3
cables are visible
in the open?
8. Are Electric & 3
data cables
crossing each
other?
9. Data and Electric 3
Cable diagram/
map is available
in the branch &
kept in a secured
place
10. Whether sharing 3
is disabled in all
the PCs?
11. Whether i-link is 3
installed on all
the workstations?
II.E.II RTGS / NEFT / SFMS / E-FUND
1. Whether the Yes - -
branch is enabled
for RTGS /
NEFT / SFMS?
YES /NO
2. Name of the - -
officers who have
been authorized
to operate
RTGS?
3. Name of the No branch official has been allotted - -
officers who have Digital Signature.
been allotted
Digital
Signatures
4. Is RTGS/NEFT 3
suspense a/c is
reconciled up to
date?
5. Is the branch 3
sending
certificate to the
affect that no
entry older than 7
days is
outstanding in
RTGS/NEFT
suspense a/c to
ZO on quarterly
basis?
II.E.III INTERNET / WEBMAIL:
1. Whether the Yes - -
branch has
installed
broadband
internet
connection?
Yes/No
2. Whether the 3
internet
connection is on
a stand-alone PC
and is not a part
of the LAN /
WAN?
3. Whether any 3
officer in the
branch has been
authorized by the
branch in charge
to operate
webmail and
Internet?
4. Whether the Yes -

branch is enabled
for Webmail?
Yes/No
Total 45
II.F INCIDENT HANDLING

No. Marks)
Breach Score Scored
1. Whether 3
employees posted
in the branch are
aware of the IT
Security Policy of
the bank?
2. Any incident 9
involving
unauthorized
access or damage
to the systems
reported during
the period of
audit? If yes, give
details
3. Any incident 9
involving
unauthorized
disclosure of
sensitive
information by
the staff reported
during the period
of audit? If yes,
give details
4. Any incident 9
resulting in denial
of service to the
customers
reported during
the period of
audit? If yes, give
details
5. Any incident 9
involving theft of
IT resources
reported during
the period of
audit? If yes, give
details
6. Any incident 9
resulting in
financial or
reputational loss
to the bank
reported during
the period of
audit? If yes, give
details
7. Any violation 9
having legal /
regulatory
implications
reported during
the period of
audit? If yes, give
details
8. Are all the 3
incidents
escalated to
higher
authorities?
Total 60
II.G ATM
No. Marks)
Breach Score Scored
1. Whether 3
Security Guard
has all the
Contact Nos. of
Branch
Manager/other
officials in case
of any
eventuality/
emergency.
2. Whether Access 3
lock is installed
and operational
so that the Glass
door fixed on
ATM entrance
opens only on
swapping of
ATM card.
3. Whether in case 3
of branch is
already having a
CCTV(Close
Circuit
TeleVision)
system installed,
the circuit is
extended to ATM
enclosure by
fixing one
camera for the
better security
control,
4. Whether all 3
Private Security
Guards posted at
ATM guarding
duty by the
Agency have got
their Credentials
verified by Civil
Police. Please see
agreement
5. Whether the 3
agreement/
Period of Contact
with Security
Agency is in
force
6. Whether ATM 3
Cards are being
issued to the
Saving Bank
account holders
and Current
Account Holder
(without OD/CC
Limit) with prior
intimation to
customers and
after getting their
consent.
7. Whether 3
signature of the
Card holder is
obtained on the
Card Issuing
Register and
same is verified
by officials
before Handing
Over the Card /
PIN to Customer
8. Whether 3
Application
Forms for Cards
are properly
filled-up &
signed by the
applicant and
verified by
Authorized
Officer
9. Whether a 3
register is being
maintained at the
branch to note all
activities related
to Card Issuance/
Surrender/ Hot-
Listing/ Lost-
Card etc.
10. Whether Cards 3

are delivered to
customer within
reasonable time
period (5-10
days).
11. Whether in case 3
of issue of
duplicate cards,
the branch is
taking and
maintaining
proper letters in
writing from the
Cardholders.
12. Whether 3
Currency notes
(500 & 100) are
kept in right Bin/
Currency slot of
the ATM.
Whether the
denominations
other than 500 &
100 are being
used
13. Whether Record 3
of journal
printouts / roll
are being
maintained with
From-Date and
To-Date
mentioned on it.
14. Whether Keys & 3
Password of
Combination
Lock (ATM
Safe) are being
kept confidential
under custody
with ATM officer
& Branch
Manager as per
guidelines.
15. Whether branch 3
is having enough
stock of ATM
Consumables viz.
Receipt roll,
Journal audit roll,

Printer Cartridges
etc. to avoid
disruption of
ATM operations
16. Whether proper 3
Air conditioning
is done at ATM
Cabin
17. Whether the 3
ATM cabin is
provided with
internal
communication
line with the
Branch
Manager/Staff to
reply to any
query of the
customer
operating the
ATM.
18. Whether ATM 3
complaint
register is
maintained and
all complaints
lodged to
helpdesk of
service provider
are recorded and
the complaint no.
assigned by
service provider
is recorded
19. Whether PIN No 3

and ATM cards
are kept in
custody of
different officials
at the branches
20. Whether disputed 3
transactions
addressed to the
branch by the
customer?
21. Whether are any 3
pending disputed
transactions,
which has not

been resolved?
22. Whether notice in 3
respect to ATM
operations is
prominently
displayed at
ATM site?
Total 66
Note:-No breach: 100% marks, Low: 80% marks,Medium: 50% marks &High: 0 marks
RISK RATING SHEET

S.No. PARTICULARS MAX. MARKS % OF RISK RATING
SCOR SCORE MARK
E D S
II.A IMPLEMENTATION 6
CONTROLS
II.B.I SITE 24
ENVIRONMENT
II.B.II MISCELLANEOUS 30
II.C.I COMPUTER 15
HARDWARE
II.C.II UPS 18
II.C.III AMC 18
II.D.I APPLICATION 111
SOFTWARE
II.D.II OPERATIONAL 51
CONTROL
II.E NETWORK 45
MANAGEMENT
II.F INCIDENT 60
HANDLING
II.G ATM 66
TOTAL 444

Sample Performa Checklist of Is Audit

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Sample Performa Checklist of Is Audit

Uploaded by

Copyright:

Available Formats

INFORMATION SYSTEM (IS) AUDIT FOR CBS BRANCHES

I. BASIC DATA SHEET

II. DETAILED REPORT

II.B: ENVIRONMENT (SAFEGUARDING OF COMPUTER ASSETS)

II C: HARDWARE (SAFEGUARDING OF COMPUTER ASSETS)

NOTE: DETAILS OF COMPUTER HARDWARE ITEMS INSTALLED AS WELL AS

II.C.II: UNINTERRUPTED POWER SUPPLY (UPS):

II.C.III: ANNUAL MAINTENANCE CONTRACT ( AMC ):

II.D: SOFTWARE (DATA INTEGRITY):

months and are

II.D.II OPERATIONAL CONTROL (DATA INTEGRITY):

Risk Category No Low Medium High Max Marks Remarks

4. Whether the Yes -

II.F INCIDENT HANDLING

10. Whether Cards 3

Journal audit roll,

19. Whether PIN No 3

which has not

RISK RATING SHEET

You might also like