Bank Audit System Needs to be Changed

.

 

Audits have the important function of alerting the asset owners on possible frauds. When audits are conducted on assets under the control of persons who themselves are in a position to commit frauds, the auditor has to be on the look out for being fooled by the presentation of doctored documents.

Bank records are today mostly in the form of electronic documents. Audit of Banks today is therefore entirely dependent on the Computerized records. 

Traditional auditors checked written ledgers and documents and carefully investigated fraud probabilities indicated out of corrected entries or interlineations. The computerized records have wiped out this very important means of fraud identification.  

Auditing the print outs and computer screens as presented by the Branch Management is logically ineffective in case of any frauds done by the Branch staff themselves and also can raise the bogey of “Invalid Self Incriminating Evidence” when a criminal prosecution is to be launched based on the evidence produced by the accused who himself is a branch manager or a system administrator. 

The system therefore needs a modified approach which is suggested below and is based on the use of some tools. This is ideal for Banks which maintain branch level servers. A modified system can also be structured for Banks which run on the Central server based systems running on a dedicated network or Internet. 

The following audit system is suggested for Indian Banks using client server model of Banking software at the branch level. 

  1. Each Branch will be provided with an “Audit Assistance Tool” with which they can send a “Forensic Quality Hard Disk Clone “ of the data base server every month to the central audit unit of the Bank in the form of a “Monthly Return”.
  2. The Hard disk will be accompanied by a Certificate which indicates the “Hash Value” of the disk on MD5 hash (Legally accepted in India under ITA-2000) and signed by the Bank Manager and the System Administrator as per an approved procedure.
  3. Alternatively, the Inspection department will organize a “Roving Data Collector” who is equipped with the “Mobile Audit Assistance Tool” and will collect the necessary disk copy under the authentication of the branch authorities under his presence.
  4. The Disk will be sent securely to the central audit unit which will be equipped with a "Set of data analysis tools" capable of undertaking normal audit as well as fraud audit.
  5. After analysis the disk will be wiped clean and recycled.

 The above system not only enables the auditor to look for fraudulent file erasures and modifications but also cuts down the time taken by the senior auditors at the branch location drastically.

 Naavi  can provide the necessary hardware and software required for such auditing and also organize the necessary training.

Naavi

February 28, 2004

For Structured Online Courses in Cyber laws, Visit Cyber Law College.com

 

Back To Naavi.org