Page 137 - DMGT303_BANKING_AND_INSURANCE
P. 137
Banking and Insurance
Notes audit in these new fields. The department previously only looked at IT security issues,
with security broadly defined. The COBIT approach focused on management of the process
and process control issues.
We constructed a matrix using the COBIT control objectives. A risk assessment helped us
determine which objectives would be verified during the audit. We then crosschecked the
objectives withheld for the audit with (a) scopes from previous audits, (b) industry standards
and (c) checklists provided by external auditors.
Based on the matrix, we constructed the audit program. The COBIT framework enabled us
to prioritize audit activities and areas under review, using the primary/secondary ratings
provided by COBIT.
Conclusion
Implementing the COBIT framework in this comprehensive audit was a major change for
auditors and management. While change often creates adversity and criticism, the process
orientation was quickly appreciated by management, and the auditors are planning to use
it again.
COBIT will be used more and more in future audits, certainly now that the audit committee
has ratified it as the IT audit reference. It is certainly being regarded as a good basis for
SAS70-type reviews.
In parallel, COBIT has also found its way into the IT organisation of the enterprise after the
CIO, upon coming across the framework by accident, ordered it for all the service IT
managers. It supported his ideas and plans for moving the IT organisation towards increased
measurability and process excellence.
COBIT is also finding immediate and practical use. When looking for input on defining
the mission and objectives for a new systems planning group, the CIO came to me and
said, "Give me your COBIT detailed objectives to help do this!" I only had to point him to
the PO1 through PO5 sections. He had asked me for input on this mission and objectives
previously, so why hadn't I thought of this myself?
Source: http://www.isaca.org/Knowledge-Center/cobit/Pages/Society-for-Worldwide-Interbank-
Financial-Telecommunication-SWIFT-.aspx
6.8 Summary
In an era of information technology SWIFT offers unique message processing services and
provides a very fast, accurate and authenticated transfer of financial messages on global
basis.
The acronym "RTGS" stands for Real Time Gross Settlement. RTGS system is a funds
transfer mechanism where transfer of money takes place from one bank to another on a
"real time" and on "gross" basis.
The RBI's Institute of Development and Research in Banking Technology, Hyderabad has
set up a National Financial Switch that would enable sharing common technology
infrastructure.
The focal point for each bank is called the Computer Based Terminal (CBT) for that bank.
Our CBT is located at FEO, Nariman Point, Mumbai.
This is another US payment system operated by Federal Reserve Bank, operated all over
the US states, since 1918, and handles majority of domestic payments.
132 LOVELY PROFESSIONAL UNIVERSITY
