Information System for Banks, 2017 by INDIAN INSTITUTE OF BANKING & FINANCE

Increasing use of technology in banks has made dealings easier for customers and speeded up the operations. Meanwhile, there is a corresponding increase of risks in operations. Every bank should conduct Information Systems Audit (ISA) to minimize such risks.

Following RBI’s guidelines, a number of banks have put in place  security policies, which among other things will determine the scope and periodicity of ISA. A number of banks prefer doing “ISA” internally. Even where banks engage third party IS Auditors, it may be preferable to have additional internal audit to tackle the issue of objective auditing. In order to conduct such internal auditing, it should be ensured that internal IS auditors are not part of IT team and have appropriate professional expertise by way of qualification and training. This will call for technically qualified personnel in the banking set-up and periodical skill building. Not only the auditors – both internal and external – but bankers in general should also be aware of the concerns of audit and initiate appropriate preventive measures. Middle and senior level officers working in banks should necessarily have a good appreciation of issues involved.

With these objectives and requirements, the Institute thought to publish a book which will be useful for: (i) the students enrolled for CeISB examination of the Institute and (ii) persons desiring to acquire, upgrade the knowledge on information technology of banks.

The book is divided into seven modules consisting of (i) Technology in Banks (ii) Technology – System, Development, Process, Implementation (iii) Continuity of Business (iv) Overview of Legal Framework(v) Security and Controls Standards in Banking (vi) Security Policies, Procedures and Controls (vii) Information Security & IS Audit.

Information System for Banks

It is hoped that the current volume of the book would help the reader:

• To develop functional expertise in the areas of system identification, development, implementation and designing.
• To develop expertise in computer security, implementation of threat prevention and detection systems, designing and testing risk mitigation strategies.
• To develop skills for objective assessment of information system control, information privacy and integrity.
• To study the tools that provide assurance in the system by measuring against four essential principles: availability, security, integrity and maintainability.
• To aid the bank management in developing sound information system audit, control and security functions by providing criteria for personnel selection and development.

Primary emphasis of the book is still conceptual. Within the conceptual framework, there is a good coverage of analytical techniques. The book also gives information about the operational risks that the banks are facing, and how those risks are managed by appropriate measures.