ISACA Mumbai Chapter - #317, WIM, L Nappoo Road Matunga (CR), Mumbai-400 019 | India isaca@isacamumbai.

org 022-2417 4255 / 6552 7187

Banking System Security Audit Seminar (3 days) (14 , 15th and 16th February 2014 - Friday / Saturday / Sunday) Timing: 9.30 am to 6:00 pm
th

Venue: Hotel Tunga Paradise.

Embassy Hall, 6th Floor, Plot -16, M.I.D.C, Central Road, Andheri-East, Mumbai-400093. Tel 022-67898900.

Course Modules: 12 sessions familiarizing the participants with the different aspects of Banking System Audit aspects (approximately 1 hour 30 minutes per session).
Module Timings 09:00 AM onwards 09:45-10:15 M1 10:15-11:30 Topics & Contents

DAY 1 14

th

Speaker / Faculties

Feb 2014

Registration and Breakfast Inauguration session with key-note address by guest speaker Banking Structure overview Regulations Related to Banking(Specific & Generic) Lines of Business and Org Structure of Banks with specific reference to IS Audit and security Core Banking Software evolution ,trends & Architecture Other Application Software & Interfaces IT Infrastructure IS Audit Perspective TEA BREAK Introduction to IS Audit Process and its overview Audit Planning Audit Management Audit Process & Various Methods used RBI Checklist ICAI Checklist ISACA Standards, Procedures and Guidelines relevant to Banking User-defined Checklist Need for standardization ACL tools for Audit Audit Sampling Audit Completion Process and Audit reports Report Preparation / Discussion with Auditee Closing audit reports Audit Committee Lunch Break IT Risk Management in Banks Risk Assessment Risk classification methods Identification of threats Identification of vulnerabilities Mr. Ganga Charan - Director Internal Audit A Leading Multinational Bank Mr. Nanda Mohan Shenoy Director & CEO Bestfit Solutions

M2

11:30-11:45 11:45-13:15

Ms. Jaya Bharti - Auditime India

M3

13.15-14.15 14:15 15:45

Mr. Basant Shroff Partner, Ernst and Young

ISACA Mumbai Chapter - #317, WIM, L Nappoo Road Matunga (CR), Mumbai-400 019 | India isaca@isacamumbai.org 022-2417 4255 / 6552 7187 Module Timings Topics & Contents Risk Matrix & software tools used Risk-based Approach to IS Audits in Banks TEA BREAK Data Centre Audit Understanding the data centre environment (own data centre Vs Third Party Data centre) o Contractual obligations in a third party data centre o Agreement on the roles and responsibility Aspects to be covered in the data centre o Physical Security o Environmental Security o Network Security o Other aspects Third Party as well as own data centre will be discussed BCP / DR issues RTO/RPO concepts Back-up & Recovery process BCP Measures Issues Related to Storage Backup & Retrieval Storage backup / Retrieval of data Archival of data Reproduction of reports after archival Cataloging of storage Speaker / Faculties

M4

15:45 -16:00 16:00 17:30

Mr. Ravikiran Mankikar - Chief General Manager Shamrao Co-operative Bank

DAY 2 15th Feb 2014

9:00 AM onwards 9:30-11:00 Breakfast Internet and Mobile Banking Controls Master Circular of RBI on Internet banking Types of mobile Banking services o View o Transact o Manage Types of Mobiles that can be used for each of the services and controls required for the same RBI Circular of 08th Oct 2008 and the subsequent modification of 24122009 to be discussed - Auditing the Website of Banks a check list preparation TEA BREAK Data Centre and ATM Audit - A case study LUNCH BREAK Case Study Continued TEA BREAK Anti Money Laundering (AML), fraud risk management and investigations Mr. Ravikumar Ramachandran Account Security Officer - HP India

M5

M6 M7

11:00-11:15 11:15-13:00 13:00-14:00 14:00-15:30 15:30-15:45 15:45-17:15

Mr. Nanda Mohan Shenoy Director & CEO Bestfit Solutions Mr. Nanda Mohan Shenoy Director & CEO Bestfit Solutions Mr. Abhishek Jhunjhunwala - Associate Director Forensic Services KPMG

M8

ISACA Mumbai Chapter - #317, WIM, L Nappoo Road Matunga (CR), Mumbai-400 019 | India isaca@isacamumbai.org 022-2417 4255 / 6552 7187 Module Timings Topics & Contents pertaining to AML Speaker / Faculties India

DAY 3 16th Feb 2014

09:00 AM onwards 9:30-11:00 Breakfast Application control Reviews Access Controls Input controls Processing Controls TEA BREAK Log Management and Log Monitoring with reference to Security Operations Centre (SOC) Understanding of Logs & Audit Trails: Online logs, Validations, authorisation Archival policy, purging periodicity Retrieval of information Authentication of logs LUNCH BREAK Understanding various products of NPCI and their linkage to Banking. TEA BREAK Demo of Fraud Risk Management tool of NPCI Card & Payment related Fraud A Discussion Summing-up session and valediction Mr. Nanda Mohan Shenoy Director & CEO Bestfit Solutions

M9

M10

11:00-11:15 11:15-13:00

Mr. Vaibhav Patkar President ISACA Mumbai Chapter

M11

13:00-14:00 14:00 15:15 15:15-15:30 15:30 16:15 16:15 to 17:15

Mr. Bharat Panchal Head Risk Management National Payments Corporation of India (NPCI) Mr. Bharat Panchal Head Risk Management National Payments Corporation of India (NPCI) and team Mr. Mahesh Ramamoorthy General Manager Technology operations FIS Payment Solutions Services India Pvt Ltd.

M12A M12B

17:15-18:00