Академический Документы
Профессиональный Документы
Культура Документы
SUBMITTED TO:
SUBMITTED BY:
M.NAWAZ 8327
TOPIC............................................................................................I
TABLE OF CONTENTS......................................................................II
ACKNOWLEDGEMENT...................................................................... IV
DEDICATION................................................................................... V
EXECUTIVE SUMMARY.................................................................... V I
1 INTRODUCTION.......................................................................7
1.1 BRIEF HISTORY OF MCB ...........................................................7
1.2 HISTORY OF MCB......................................................................7
1.3 PRIVATIZATION .........................................................................7
1.4 AFTER PRIVATIZATION................................................................7
1.5 MCB BANK TODAY.....................................................................7
2 VISION & MISSION STATEMENT......................................................8
2.1 AWARDS...................................................................................8
2.1.1 EURO MONEY AWARD............................................................8
2.1.2 ASIA MONEY AWARD..............................................................8
2.2.1 CORE VALUES.......................................................................8
2.2.2 OBJECTIVE OF MCB BANK.......................................................9
3 ORGANIZATIONAL HIERARCHY MCB...............................................10
3.1.1 MANAGEMENT LEVEL..............................................................10
3.1.2 ORGANIZATIONAL SETUP........................................................11
3.1.3 MCB GROUP STRUCTURE........................................................12
3.1.4 BRANCH NETWORK................................................................13
3.1.5 ORGANIZATION STRUCTURE OF MCB.......................................13
4 PRODUCTS OF MCB BANK............................................................14
5 DEPARTMENTS OF MCB ...............................................................16
5.1 ORGAN GRAM MCB....................................................................17
6 WAYS OF COMMUNICATION IN A BANK.........................................18
7 MCB BANK IT NETWORK & COMMUNICATION..................................20
7.1 INTRODUCTION OF SAZTEL........................................................20
7.2 SAZTEL SERVICES IN IT ............................................................21
7.3 SAZTEL PROVIDING SOLUTIONS IN BANKING INDUSTRY................21
7.3.1 NETWORKING .......................................................................21
7.3.2 WIRELESS.............................................................................22
7.3.3 SECURITY..............................................................................22
7.3.4 CREDIT/DEBIT CARD SYSTEM IN NETWORK...............................23
7.3.5 MAINTENANCE.......................................................................24
7.3.6 VOIP....................................................................................24
7.3.7 PARTNERS OF SAZTEL............................................................24
7.3.8 MCB ADOPT MICROSOFT E-MAIL HOST TECHNOLOGY...............25
8 EVOLUTION OF IT SYSTEM IN BANK ..............................................26
8.1 RESPONSIBILITIES OF IT DEPARTMENT........................................26
8.2 IT DEPARTMENTS ACCORDING TO FUNCTION...............................27
8.3 STRUCTURE OF IT DEPARTMENT................................................28
8.4 NETWORKS & COMMUNICATION..................................................28
8.5 TYPES OF TOPOLOGIES.............................................................30
9 LIST OF HARDWARE USE IN BANKS...............................................37
10 TYPES OF COMMUNICATIONS USE IN BANKS................................38
11 CALL CENTRE SYSTEM...............................................................39
12 ATM SYSTEM.............................................................................41
13 TPS & PAYROLL TPS..................................................................41
14 SECURITY & RISK......................................................................42
15 MAIN SOFTWARE USE IN BANKS IN MCB......................................42
15.1 FINANCIAL CONTROL SYSTEM IN MCB.......................................42
15.2 SCREEN SHOOTS OF ORACLE G-L SYSTEM...............................42
15.3 PREVIOUS SYSTEM & MCB NEED FOR NEW SYSTEM..................45
We take this opportunity to express profound gratitude and deep regards to our guide Sir
YASIR ALI for his exemplary guidance, monitoring and constant encouragement throughout
the course of this project. The blessing, help and guidance given by him, time to time shall
carry me a long way in the journey of life on which we are about to embark.
I am obliged to my Bank fellows colleagues for the valuable information provided by them. I
am grateful for their cooperation during the period of my project.
Lastly, we thank ALLAH ALMIGHTY, our Parents, Brothers, Sisters and friends for their
constant encouragement without which this project would not be possible.
Dedication
This project is dedicated to our fathers, who taught us that the best kind of knowledge to
have is that which is learned for its own sake. It is also dedicated to our mothers, who
taught me that even the largest task can be accomplished if it is done one step at a time
and also dedicated to our honorable Lecturer SIR YASIR ALI who gave us this opportunity
and provide us necessary information about this project.
Executive Summary
In this project students come to know the real difference between theory and practice and
they are also introduced to the outside business world. An important requirement of this
project is to compile a report about the activities of that organization in which the student
has studied the organizations Audit program.
I survey Audit program in MCB BANK LIMITED. This report provided us great opportunity
to equip myself with knowledge, techniques, application and tools used in an
organization.
The report covers various features of knowledge. It starts with the brief history of Bank,
covers current status, mission statement, vision statement, Audit system, the bank
position today and in the past decade, hierarchy etc.
The major portion of this report explains the Audit System of MCB BANK LTD. Division of
departments and their activities highlights the working of MCB BANK LTD and my
learning experience elaborates how much these visits were useful for us.
Concluding the report there are certain recommendations and suggestions for the bank in
order to have improvements.
The source of information for the preparation of project includes the written notes extracts
from banking audit and verbal discussion with bank officials.
We hope this report will help in understanding various aspects and features of Auditing in
MCB BANK LTD. And will be equally important for Banking & finance students and
persons making future banking.
ORGANIZATIONAL BACKGROUND
HISTORY
This bank was incorporated under companies act 1913 on 9 th July, 1947 (just before
partition) at Calcutta. But due to changing scenario of the region, the certificate of
incorporation was issued on 17th August, 1948 with a delay of almost 1 year; the certificate
was issued at Chitagong. The first Head office of the company was established at Dacca
and Mr. G.M. Adamjee was appointed its first chairman. It was incorporated with an
authorized capital of Rs. 15 million.
After some time the registered office of the company was shifted to Karachi on August
23rd, 1956 through a special resolution, now recently the Head office of MCB has been
transferred to Islamabad in July, 1999 and now Head office is termed as Principle
Office.
This institute was nationalized with other on January 1st, 1974. At that time it had 506
branches and deposits amounting to Rs. 1,640 million.
PRIVATIZATION
When privatization policy was announced in 1990, MCB was the first to be privatized upon
recommendations of World Bank and IMF. The reason for this choice was the better
profitability condition of the organization and less risky credit portfolio which made'' it a
good choice for investors. On April 8th, 1991, the management control was handed over
to National Group (the highest bidders). Initially only 26% of shares were sold to private
sector at Rs. 56 per share.
AFTER PRIVATIZATION
Ten years after privatization, MCB is now in a consolidation stage designed to lock in the
gains made in recent years and prepare the groundwork for future growth. The bank has
restructured its asset portfolio and rationalized the cost structure in order to remain a low
cost producer.
After privatization, the growth in every department of the bank has been observed.
Following are some key developments:
Launching of different deposit schemes to increase saving level.
Increased participation on foreign trade.
Betterment of branches and staff service level.
Introduction of Rupee Traveler Cheques & Photo Credit Card for the first time in Pakistan.
MCB BANK TODAY
MCB today, represents a bank that has grown with time and experience. A major financial
institution, in scope and size, it symbolizes a fully growing tree evergreen, strong, and firmly
rooted. MCB is one of the leading banks of Pakistan with a deposit base of about Rs. 280
billion and total assets of around Rs.300 billion.
The Bank has a customer base of approximately 4 million, a nationwide distribution network
of over 1,000 branches and over 450 ATMs in the market.
During the last fifteen years, the Bank has concentrated on growth through improving
service quality, investment in technology and people, utilizing its extensive branch network,
developing a large and stable deposit base.
SOCIAL SECTOR: The bank activity participating in the Prime Minister self-employment
Scheme. The application received from various applicants is being processed on merit and
disposed off as quickly as possible.
Vision Statement
To be the leading financial provider, partnering with our customers for a more
prosperous & secure future
Mission Statement
AWARDS
MCB Bank has won many awards, which is a clear proof of its good performance. It has
won Euro money awards and Asia Money awards.
Euro money Awards
Best Bank Award 2008
Best Bank in Pakistan Award 2006
Best Bank in Pakistan Award 2005
Best Bank in Pakistan Award 2004
Best Bank in Pakistan Award 2003
Euro money Award 2003 for the "Best Bank in Pakistan".
Best Bank in Pakistan Award 2001
Best Domestic Bank Award 2000
Asia Money Awards
The Best Domestic Commercial Bank Award 2005
The Best Domestic Commercial Bank Award 2004
CORE VALUES
INTEGRITY:
We are the trustees of public funds and serve our community with integrity. We believe in
being the best at always doing the right thing. We deliver on our responsibilities and
commitments to our customers as well as our colleagues.
RESPECT:
We respect our customers values, beliefs, culture and history. We value the equality of
gender and diversity of experience and education that our employees bring with them. We
create an environment where each individual is enabled to succeed.
EXCELLENCE:
We take personal responsibility for our role as leaders in the pursuit of excellence. We are
a performance driven, result oriented organization where merit is the only criterion for
reward.
CUSTOMER CENTRICITY:
Our customers are at the heart of everything we do. We thrive on the challenge of
understanding their needs and aspirations, both realized and unrealized. We make every
effort to exceed customer expectations through superior services and solutions.
INNOVATION:
We encourage and reward people who challenge the status quo and think beyond the
boundaries of the conventional. Our teams work together for the smooth and efficient
implementation of ideas and initiatives.
OBJECTIVES OF MCB
MANAGEMENT LEVEL
As MCB is a banking company listed in stock exchange therefore it follows all the legalities
which are imposed by concerned statutes Mr. Muhammad Mansha is Chairman & Chief
Executive of the company with a team of 10 directors and 1 vice chairman to help in the
business control and strategy making for the company.
Operational Management of the bank is being handled by a team of 10 professionals. This
team is also headed by Mr. Muhammad Mansha. The different operational departments
are Consumer Banking & IT division, financial division & Inter branch division, Banking
operations division, HR & Legal division, financial control & Audit division, Credit
management division, Commercial Banking division, Corporate Banking division, Treasury
management & FX Group and lastly Special Assets Management (SAM) Group.
For effective handling of branches, it has been categorized into three segments with
different people handling each category. These categories are:
a) Corporate Banking
b) Commercial Banking
c) Consumer Banking
Corporate Banking:
These are branches which have an exposure of over Rs. 100 million. Usually includes
multinational & public sector companies.
Commercial Banking:
The branches which has a credit exposure of less than Rs. 100 million but having a credit
portfolio of more than Rs. 20 million (excluding staff loans)
Usually branches in large markets and commercial areas come under this category.
Consumer Banking:
These are the branches which have exposure up to Rs. 20 million and these include all the
branches which are neither corporate nor commercial branches.
For proper functioning of branches and the overall bank has been divided in different
departments. These departments handle different jobs so that division of work is there for
improvement of functions and also it is easy to control the situation. The general division
in a branch is as follows:
1. Cash department
2. Deposit department
3. Advances & credit department
4. Remittance department
5. Foreign exchange department
ORGAN GRAM OF MCB BANK LTD
WAYS OF COMMUNICATION IN A BANK
AUTOMATION
A very good office environment is supported by strong office automation. The automation
includes the installation of telephone system, telex, fax, power generator and UPS etc. Now
we shall discuss each activity performed in lieu of office automation.
TELEPHONE SYSTEM
A telephone exchange system by Digital Communication is installed to communicate with
the outside world. This is very helpful as the most of the business these days is performed
through telephones.
Operator is responsible for the incoming calls only. She receives all the calls and connects
them to person concerned. A staff member, who wants to call outside, has to dial `0' to clear
the line or can ask the operator to dial the number he wants. The telephone operator dials a
number for the convenience of any staff member who has to talk urgently or is busy doing
something else.
INTERCOM
All the staff members are connected through intercom system. The telephone system
serves as reaching out to the employees in least possible time.
TELEX
To disseminate some urgent information, a telex system is installed to cater the need of
disseminating information.
FAX
For an instant reception or dissemination anywhere in the world a Fax machine is installed.
Faxes, these days have become an important part of the business environment for a rapid
transmission. Steps like this show the management's commitment towards building up a
strong MIS to stay in the market as one of the better organization. A facsimile machine from
XEROX is there to serve the purpose.
ELECTRIC TYPE WRITER
Electric typewriters are also there for typing of different documents.
PHOTOCOPY MACHINE
Photocopy machine of XEROX is installed in order to have copies of different documents to
save time and extra costs of getting photocopies from the market. It has really facilitated
the activities being performed and saves cost and human effort
E MAIL
In-house communication plays a very vital role in any organization. MCB BANK LTD has its
own internal electronic mailing system with which it communicates with all the employees of
the bank. The mailing address consists of the name of the employee followed
by @mcb.com.pk
Apart from the employees individual mailing addresses, clients may send a mail on the
banks main e-mail address. Thus in such a case if that mail is meant for a particular
employee then its hard copy (print out) is sent to him.
NOTICE BOARD
A big notice board is placed in all the branches of MCB BANK LTD. It is placed on key
locations i.e. on the left side of the entrance gate/door.
The notice board contains a copy of the memo; information regarding any new products
launched by the bank, branch license, schedule of charges, JDs, newly announced prize
bond list, gazzetted holidays , some good news paper cuttings etc.
MCB BANK IT NETWORK AND COMMUNICATION
INTRODUCTION OF SAZTEL:
Saztel has passed the milestone of providing systems and solutions for more than 25 years
in the field of IT. It is a vindication of our policies and practices to have successfully operated
over this period and continue to do so. Saztel is the longest running organization in Pakistan
providing these services, enabling us to gain valuable experience about the technology, the
environment and our valuable customers. The fact that many organizations have come and
gone in the meantime, gives us encouragement that we are on the right path and have full
confidence of our IT users. Saztel's experience and know-how has enabled it to choose
quality products, giving the customers a definite edge in efficiency and cost effectiveness.
SAZTEL is Pakistans premier IT Systems Integrator with the capacity and experience for
providing strategic technology solutions that achieve real business results in diverse
industries.
Established in 1985, the company has been built from a technical base with a strong focus
on providing a high quality service and delivering solutions with a technological advantage.
Innovation, attention to detail and integrity have been the cornerstones of SAZTEL's growth
and success.Ongoing technical and business training programmes, client and industry
research and investment in specialized network equipment continue to keep SAZTEL at the
forefront of the Networking industry.Whilst working closely with industry leading vendors,
SAZTEL continues to remain mostly manufacturer independent and consultative in its
approach to ensure best fit solutions to both public and private sector clients.
Saztel can deliver its solutions and services countrywide with presence in all the major cities
of Pakistan.SAZTEL offers various services in Information Technology to its
customers, some of which are listed below:
Networking
The computer network is a key component of any organization. It enables you to monitor,
control, manage, and optimize your enterprise. It facilitates in converting your ambitions into
reality.
An optimized and reliable I.T. network is the key to your success. We have over 25 years of
expertise and experience striving to help you achieve this. We provide networking solutions
based on our customer needs, not what particular vendors are offering; complete OEM-
independent solutions.By designing, implementing, and maintaining IT infrastructure through
highly trained, experienced and certified technicians and engineers we leave our clients with
a standard of excellence and satisfaction. We have withstood the test of time and have been
in this business long enough to witness the success of our solution designs over decades,
time and time again. Our Network Solutions provide your small business or enterprise with a
complete network design, installation with implementation with commissioning. This
encompasses:
Switches
UPS
Routers
LAN/WAN
Copper/Fiber Infrastructure
Wireless
Wireless technology provides an easy solution to an enterprise that has one or all of the
following requirements or restraints:
Security
Campus CCTV
Firewalls
Anti-Virus
Network Access Control
Installed, commissioned and maintain the data communication Network for the Credit
Card System used for POS terminal access for American Express, Citi Bank, MCB
Bank and United Bank Ltd.Saztel has also installed the POS terminal Access System
for Shell Pakistan for their Fleet Cards.
Financial Institutions
Installed and maintains Country wide Data communication networks for various financial
institutions including the network with the largest number of routers in the country.
SAZTEL enjoys a good relationship with most of the banks operating in Pakistan.
Citibank has been a SAZTEL customer since 1985. SAZTEL has over the years,
supplied and
Installed Modems, X.25 Switches, Multiplexers, Data Encryptions and Radio Modems at
Citi Bank locations throughout Pakistan.
Citibank was the first financial institution to employ data Communication in Pakistan.
Designed, installed and maintain the Country-wide LAN/WAN & Power infrastructure for
the
State Bank (Central Bank) of Pakistan. It was a World Bank funded project with more
than 3500
Habib Bank is the largest bank in the private sector. Saztel has installed & maintain
wireless links to 100 branches of the Bank. Saztel has also designed and installed a
Metropolitan Network consisting of five locations in Karachi, using core Ethernet switches.
Saztel has supplied to MCB Bank, hundreds of Modems, Routers, Switches and Wireless
Radios for its Head Office and Bank Branches. MCB Bank also has the largest ATM
Network in Pakistan.
National Bank of Pakistan, utilizes SAZTEL supplied Modems and other networking
equipment to link its Remote Branches to its head office.
Saztel has designed and installed more than 30 wireless links for the of Remote Bank
Branches in various cities of Pakistan for Bank Alfalah.
SAZTEL has provided security solutions and advices to banks and other organizations
such as Citibank, National Bank, HBL and CDC.
Maintenance
An optimized and reliable network is the key to your success. Running your network to failure
is never an option. The cost in maintaining your network to prevent that failure is fractional
compared to the loss of revenue due to downtime or due to loss of reputation; a luxury, your
enterprise cannot afford. With simple steps, we will perform a free consultation of your
network and then giving you a solution based on our findings.
UPSs
PCs
Printers
Saztel Maintenance solution offers 24x7 service and support for all your IT needs. We have a
broad range of packages available tailored to your desired level of service. Let us show you
the Saztel experience so you can focus on more important things.
VOIP
Operational costs can be reduced drastically by better utilization of your existing resources.
One such example is in using your existing IT infrastructure to transfer your voice signals and
data. Apart from being cost effective, it also simplifies the user interface by allowing a unified
coding system throughout your enterprise, allowing you to reach different departments or
even different offices with ease. By shifting their intra- and interoffice communication to IP our
customers have saved Crores of rupees per year.
Partners of SAZTEl
MCB Bank has had a reputation of maintaining a technological edge when it comes to online
banking, email hosting, and other communication networks. In order to help it stay on top,
MCB has collaborated with Microsoft (News - Alert). Among the services available, it will
be adopting Microsoft Exchange Server, Microsoft Active Directory, Microsoft Office and
Microsoft System Center Configuration Manager in order to give it a better advantage over
competitors.
This action falls in line with MCB Banks strategy of establishing the largest online branch in
the country. The idea of e-banking has slowly swept through the financial sector. With its
convenience and ease of use, the online option is very amiable to consumers giving all the
more reason for banks to adopt the technology. Through things like improved email hosting,
which allows MCB employees to connect securely and collaborate from virtually any device,
the organization can offer users everything their business needs to succeed.
This will enable the technology function to deliver the best quality of services to its internal
and external customers while changing the experience and productivity through a facilitation
model, stated Imtiaz Mahmood, head of Information Technology Group, MCB Bank Ltd, in a
statement.
Aasim Ashraf, division head of ITSM (Project Director), MCB Bank Ltd sees this as a good
step forward. He added, "Acquiring these Microsoft solutions is a major step which will not
only enhance MCB Bank's Employees' productivity but will also help us to change the
dynamics of the Infrastructure optimization model from standard to rationalized in a phased
approach."
This upgrade with Microsoft products shouldnt come as a surprise for MCB Bank. Like
many other institutions, it pushes for efficiency. This latest investment in Microsofts services
will allow them to improve efficiency by 30 percent due to the improved network, email
hosting, and communication abilities between the staff and their customers
This department is responsible for managing all the network and communications inside
and outside the organization.
Services Management:
This department is responsible for to providing the services to the new and existing
application running inside the organization.
Relationship Management:
This department provides the services to enhance the number of customer in the
organization,
This department is responsible to handle all the technical issues of all the branches and
this department also provides the services of personal visit in the different branches to
check the hardware components and ATM performance.
This department is responsible for managing all the network and communication inside and
outside the organization.
LAN: A local area network is a computer network that interconnects computer within a limited
area such as a home, school, computer laboratory or office building using network media.
WAN: A wide area network is a network that covers a broad area (i.e. any
MAN: A metropolitan area network is a network that interconnects users with computer
resources in a geographic area or region larger than that covered by even a large local
area network (LAN) but smaller than the area covered by a wide area network (WAN).
INTERNET: A global computer network providing a variety of information and
communication facilities, consisting of interconnected networks using standardized
communication protocols.
EXTRANET: An extranet is a computer network that allows controlled access from outside
of an organizations intranet. Extranet are used for specific use cases including business to
business (B2B).
TYPES OF TOPOLOGY
BUS Topology
Bus topology is a network type in where every computer and network device is connected
to single cable.
1. It is cost effective.
4. It is easy to understand.
2. If network traffic is heavy or nodes are more the performance of the network decreases.
RING Topology
It is called ring topology because it forms a ring as each computer is connected to another
computer, with the last one connected to the first. Exactly two neighbours for each device.
Features of Ring Topology
3. Easy to troubleshoot.
5. Only that node is affected which has failed rest of the nodes can work smoothly.
2. Expensive to use.
3. If the hub is affected then the whole network is stopped because all the
MESH Topology
It is a point-to-point connection to other nodes or devices. Traffic is carried only between two
devices or nodes to which it is connected. Mesh has n (n-2)/2 physical channels to link
in devices.
Types of Mesh Topology
1. Partial Mesh Topology: In this topology some of the systems are connected in the same
fashion as mesh topology but some devices are only connected to two or three devices.
2. Full Mesh Topology: Each and every nodes or devices are connected to each other.
1. Fully connected.
2. Robust.
3. Not flexible.
4.
TREE Topology
It has a root node and all other nodes are connected to it forming a hierarchy. It is also
called hierarchical topology. It should at least have three levels to the hierarchy.
Features of Tree Topology
1. Heavily cabled.
2. Costly.
Servers
Router
Hubs
Modems
Scanners
Printers (inkjet/LaserJet)
UPS
Others
Lease Line
ISDN Lines
Wireless Network
LAN cabling
TYPES OF COMMUNICATION USED IN BANKS
Internal communication
External communications
1. Internal communication:
It means communication within the organization is called internal communication. It includes all
communication between different level peoples within the organization. It may be informal or
Upward communication
Downward communication
Horizontal communication
Diagonal communication
Upward communication
Upward Communication is the process of information flowing from the lower levels of
a hierarchy to the upper levels. This type of communication is becoming more and more popular
in organizations as traditional forms of communication are becoming less popular. The more
traditional organization types such as a hierarchy, places people into separate ranks.
Upward communication helps employees to express their requirements, ideas, and feelings. For
the top management, upward communication is an important source of information for business
decisions. It helps in alerting top management about the requirement of changes in
organizations. Upward contribution is the core contributor of business process re-engineering in
many organizations.
Downward communication:
Downward communication is the flow of information and messages from a higher level inside an
organization to a lower one. Effective downward communication is crucial to an organization's
success.
Horizontal communication:
In organizations and organisms, lateral communication works in contrast to traditional top-down,
bottom-up or hierarchic communication and involves the spreading of messages from individuals
across the base of a pyramid.
Diagonal communication:
The sharing of information among different structural levels within a business. For example,
diagonal communication could involve higher level management communicating to lower level
management a shift in organizational objectives, as well as the ensuing dialog about how best
to achieve the new goals.
2. External communication:
External communication is the transmission of information between a business and another
person or entity in the company's external environment. Examples of these people and entities
include customers, potential customers, suppliers, investors, shareholders, and society at large.
Call Center
s
The state of the art MCB call center is the right choice to keep you in step with your ever hectic
schedule by providing you round the clock services relating to your Bank Accounts, Visa cards
and MCB Lite at any point in time.
Our well-abreast and dedicated call center team is available 24 x 7, 365 days a year to ensure
that your daily financial obligations are taken care of guaranteeing you a good nights sleep.
Welcome to the MCB Phone Banking Experience: 111-000-MCB (622)
MCB Call Center Offerings
Value Added Features
Regional Languages
Financial Services
Non-Financial Services
MCB Credit & Prepaid Card Activation
Why wait for tomorrow to make a request or transactions, give us a call and we will
take care of all your financial needs. 24 x 7 x 365.
ATM SYSTEM
TPS is a information system which collect, store, modify and retrieve the transaction from an
organization. A transaction that generate a modify data eventually store in the computer. The
TPS is managed with the helpful transaction processing monitor.
Payroll TPS is designed to get information and recorded of the employee from their department
to calculate their earnings it get information from employee department and the links into
previous record. After verification the reports are sent to management.
SECURITY & RISKS
CCTV cameras
Total 08 cameras are located in the MCB BANK D.Ground Branch. Four on the ground
floor and two on the upper floor, and storage capacity of two weeks and covered large
area and also available in ATM and Server room.
The Financial control department makes sure that all the financial transactions comply
with state laws, rules and regulations.
The department is responsible for centrally processing and recording the transaction. This
department also ensures that enough funds are available before the bank engages in
commitment.
This department is also responsible for generation the annual reports in compliance with
the companys ordinance 1984.
The financial control department uses the oracle GL as its information that our group has
selected as a part of our assignment for the MIS course.
Oracle GL is the product of Oracle E-Business tool which the organization has acquire as
its plate form for managing its business transaction and maintaining records.
Oracle General Ledger works seamlessly with other Oracle E-business suite products to
drive better decision making, sustainable financial discipline, regulatory compliance, and
optimized business processes.
These are some screen shoots of the Oracle General ledger Look like:
THE PREVIOUS SYSTEM AND THE COMPANYS NEED FOR A NEW SYSTEM
The Financial Control Department before switching over to Oracle E-Business Suites
Oracle GL system used an in-house developed system called Financial Control System.
This was implemented so as to meet the business needs of the company at that time,
however as the company expanded and its branches increased at a phenomenal rate and
it started to offer new services, the Financial Control System could no longer meet the
complex needs of the department. Apart from this, there were the usual system break
downs which resulted in increased cost (time cost because it required some time to repair
the system and monetary cost because it required having separate personnel for training
new employees).A need was felt that a new system had to be brought in to the
department that would integrate smoothly with the organization and the departments
information management needs and at the same time also be reliable. Therefore, after a
period of searching and evaluating various information systems, the company bought a
new information system, the Oracle Financial Suite and one of the elements of this
financial suite was Oracle GL which was perfectly suited for the Financial Control
Departments requirements.
This system enables the department in making General Ledgers for the bank, completing its
transactions, maintaining accounts and balances of the bank and its customers and with the
help of that it helps the department to balance the accounts and generate Financial
Statements (the MCB generates the following financial statements with the help of this
system: Balance Sheet; Profit and Loss account; Cash Flow statement and Statement
of Changes in Equity). The system then saves and documents all these reports and financial
statements into its database for future use and referencing. This information is not only
useful for preparing reports and financial statements for the bank but is also used in times
such as making audit reports, company reports, etc
This course will also address the standards for using these interfaces.
Identifying the primary business functions that can be performed using each
Oracle Financials application
Describing the Oracle Financials applications integration and data flow among
applications
Over viewing the default account sources, multi-organization architecture, andthe use of
Multiple Reporting Currencies
Lastly, the attendants were made familiar with the following:
The attendants returned as soon as the training sessions ended, ready to carry
out their tasks with the new system.
Hardware
HP Blade Server
Software
Oracle e-Business Suite R12
Operating System
Linux Environment
Input
Financial data
Output
Financial statements like ledgers, balance sheet etc.
Processing
Batch processing
Storage
Both Hot-sites and Cold-sites (to be discussed later in the report)
BACKUPS
MCB has both cold sites and hot sites for its new financial system the Oracle General
Ledger.
Since its not a multinational organization, it has its hot sites in Pakistan only.
The cold sites are the various regional headquarters in the country.
The hot site is the main headquarter in Karachi at the I.I. Chundrighar Road.
Backups are scheduled on a daily bases in the off-peak hours (late nights).
This time of the day has been selected due to the fact that during the day the
systems are overworked enough to be able to do in real time. Hence, batch processing
suits this organizations culture.
In our interview with the banks employees who worked on the system, it
seemed they were very satisfied with the system and considered that the Oracle GL
was a perfect fit for their department. The IT department too was very satisfied
with the Oracle software and t o l d u s t h a t t h e n u m b e r o f c o m p l a i n t s t h a t
t h e y p r e v i o u s l y u s e d t o r e c e i v e f r o m t h e i r employees when they were
using their in-house software was very high. Ever since the introduction of
Oracle GL, those complaints have almost entirely
disappeared because of w h i c h t h e e f f i c i e n c y o f t h e d e p a r t m e n t s h a s
a l s o r i s e n . S o f o r t h e e n d u s e r s o f t h e organization, the software had
no flaws other than that some employees thought that the software could be
further customized in a better way to suit their business better.
AUDIT COMMITTEE OF MCB BANK
Shehzad Salam
Member
DEFINITIONS OF BISA
An information technology audit, or information systems audit, is an examination
of the management controls within an Information technology (IT) infrastructure. The
evaluation of obtained evidence determines if the information systems are
safeguarding assets, maintaining data integrity, and operating effectively to achieve
the organization's goals or objectives. These reviews may be performed in conjunction
with a financial statement audit, internal audit, or other form of attestation engagement.
The collection, storage and processing of financial and accounting data that is used by
decision makers. An accounting information system is generally a computer-based
method for tracking accounting activity in conjunction with information technology
resources. The resulting statistical reports can be used internally by management or
externally by other interested parties including investors, creditors and tax authorities.
Information systems Auditing is a systematic process of collecting and evaluating
evidence/information to access whether the information security systems.
HISTORY OF BISA
In the past decade, with the increased technology adoption by Banks, the complexities
within the
IT environment have given rise to considerable technology related risks requiring effective
management.
This led the Banks to implement an Internal Control framework, based on various
standards and its own control requirements and the current RBI guidelines. As a result,
Banks management and RBI, need an assurance on the effectiveness of internal controls
implemented and expect the IS Audit to provide an independent and objective view of the
extent to which the risks are managed.
As a consequence, the nature of the Internal Audit department has undergone a major
transformation and IS audits are gaining importance as key processes are automated, or
enabled by technology. Hence, there is a need for banks to re-assess the IS Audit
processes and ensure that IS Audit objectives are effectively met.
The concept of IT auditing was formed in the mid-1960s. Since that time, IT auditing has
gone through numerous changes, largely due to advances in technology and the
incorporation of technology into business.
Currently, there are many IT dependent companies that rely on the Information
Technology in order to operate their business e.g. Telecommunication or Banking
company. For the other types of business, IT plays the big part of company including the
applying of workflow instead of using the paper request form, using the application control
instead of manual control which is more reliable or implementing the ERP application to
facilitate the organization by using only 1 application. According to these, the importance
of IT Audit is constantly increased. One of the most important role of the IT Audit is to
audit over the critical system in order to support the Financial audit or to support the
specific regulations announced e.g. SOX.
BENEFITS OF BISA
Banking Audit in Information system is increasing day by day and becoming the focal
point of the independent audit, compliance audit, and operational audits. Through Auditing
the Organization get benefits in many ways, which are as under:
Standardization.
Improve business efficiency.
Improve system and process controls.
Plan for contingencies and disaster recovery.
Manage information & developing systems.
Prepare for the independent audit.
Evaluating the effectiveness and efficiency related to the use of resources.
Reduce risk and enhance system security
Prevent and detect errors as well as fraud.
Para Topic
1.0 Hardware installed at Data Centre / Branch
2.0 Installation of Computers
3.0 Server Farm / Room
4.0 Scanner
5.0 Fire Extinguishers
6.0 Physical Security
7.0 Insurance:(Electronic Equipment Policy)
8.0 Hardware Maintenance
9.0 UPS
10.0 Anti-Virus
11.0 Software
12.0 Software Maintenance
13.0 Back up
14.0 Data Purging
15.0 LAN Security
15.1 Login Controls
15.2 Password Controls
15.3 Data Access Controls
15.4 Terminal Controls
15.5 Temporal Controls
15.6 Dial up Controls
15.7 Back up Controls
15.8 Firewalls
16.0 Data Security
17.0 Registers
18.0 Print outs
19.0 Scanning
20.0 Miscellaneous
Information System Audit of
Compiled by Spandane 3 Banks
Para Topic
21.1 Review of ATM Operations
21.2 ATM Cost Sheet
21.3 ATM Registers
22.1 Disaster Management
23.1 Rating
24.1 Major Irregularities requiring urgent attention
www.spandane.com
Compiled by Spandane 4 Information System Audit of
Banks
Data D. R.
Sr. No. Branch Centre Centre
1 Hardware Control Yes Yes Yes
2 Environmental Control Yes Yes Yes
3 Access Control Yes Yes Yes
4 Data Protection Control Yes Yes Yes
5 Data Access Control Yes Yes Yes
6 Network Control Yes Yes Yes
7 CommunicationControl Yes Yes Yes
8 Personnel Control Yes Yes Yes
9 Service Control Yes Yes Yes
10 Back up Control Yes Yes Yes
I S Audit of Branches
Scop
Sr. No. e
1 Security Hardware and SoftwareCCTV camera 2weaks recording
safe
2 Hardware register, user register Yes all components are up to
date
3 Back up and Disaster recovery practices..yes we maintain
backup setup
4 Report circulation and authentication .yes timing reports send to
management
5 AMC facilities & its monitoring yes we watch out all visitors through
CCTV
6 Voucher marking transaction number ...branch manager check daily
transaction
7 a) Revenue Test Check .Branch deposit plus or Negative on daily basis
b) Availability of IS Policy, Disaster Management Policy..yes we have backup
sys
c) Number of users attached to the branch vs. physically present and its
reconciliation. Our branch have 13 employee & all perform their work
actively
www.spandane.com
Information System Audit of
Compiled by Spandane 5 Banks
Server Farm /
3.0 Room:
Whether server room is away from the
3.1 main
door, windows, passage and customer
area? Yes
Whether server room is located not
3.2 endangered
by rain, wind, dust etc. which will reduce
the
life of the server? Yes
3.3 Whether AC provides adequate cooling and
humidity for the server farm
/room? Yes
Whether additional ACs has been installed
3.4 to
work in rotation with a Timer? No
Whether instrumen
3.5 temperature measuring t
and smoke & fire detectors has been
installed in Yes
server room?
Ambient temperature normally recommended is 18 C. yes
3.6 Whether server room is locked? Yes
3.7 Whether entry to server room is restricted? Yes
Whether the new user entry policy has
3.8 been set,
documented and evaluated regularly? Yes
Whether entry of outsiders to server room
3.9 is
approved by competent official? Yes
Whether record of visitors & reason for
3.10 allowing
access to server room has been
maintained? Yes
Whether access is controlled through
3.11 biometric
or smart cards in order to prevent
authorized Locked system
access?
3.12 Whether controlling devices are in working
condition? Yes
Whether AMC has been given for
3.13 maintenance
of controlling
devices? No
Whether audit trails of key card access
3.14 systems No
is checked daily?
Whether failed logs are
3.15 investigated? Yes
3.16 Whether Monitoring or Surveillance system
(CCTV) has been installed in Data Centre? Yes
3.17 Whether numbers of cameras are adequate Yes
to
cover the entire
area?
Whether recording is done simultaneously
3.18 by
all cameras? Yes
Whether control panel displays the images
3.19 from
all cameras in a single screen with a facility Yes
change over to the particular
camera?
Whether notice board namely Area is
3.20 covered
by CCTV has been displayed in the data
centre? Yes
How many days recording of CCTV are
3.21 made
available? 2 weak
Whether server has been installed in a
3.22 room
with atleast one wall of glass panel
permitting No
the view from
outside?
3.23 Whether Data centre follows the Password
Policy at all times? Yes
3.24 Whether is it supervised? Yes
Refer Sr. No.15.2 / Password
Whether System Administrator access is
3.25 under
the two factor Operational manager & chief
access? cashier
3.26 Group Ids should not be made but only
individual to pin responsibility. Whether Yes
complied?
Whether server is password
3.27 protected? Yes
Whether server room is maintained clean
3.28 and
not used for storage of any
record? Yes
Whether printer has been kept in server
3.29 room?
Yes
4.0 Scanner:
4.1 Whether scanner has been kept under lock,
Available at
when not in use? Manager room
If scanner is attached to a particular
4.2 terminal,
whether the said terminal is password No
protected?
Fire
5.0 Extinguishers:
5.1 Fire extinguishers of CO2 inert gas type can
only be used on computer equipment (in
the Good condition
event of fire breaking out)
Whether fire extinguishers have been
5.2 installed? Yes
5.3 If yes, whether in up to date condition? Yes
5.4 Next service due on After one year
Whether staff members have been
5.5 given No
adequate training to use fire extinguishers
in
case of need?
Insurance:(Electronic Equipment
7.0 Policy)
Whether insurance policy has been
7.1 taken? Yes
Adam general
i Insurance Company insurance
Not detail
ii Policy Number available
iii Sum insured 5000000
iv Valid up to 5 year
v Risk covered 5000000
vi Premium 25000 t0 50000
Whether movement of hardware from one
7.2 office
to another office is informed to Insurance Yes
company?
Not detail
7.3 Details of pending claims: available
i Date of incident / loss etc. No
ii Loss estimated No
iii Survey carried on No
iv Existing status No
v Router Yes
vi Switches Yes
vii Hubs Yes
viii Modems Yes
ix Scanners Yes
x Printer (Dot Matrix) Yes
xi Printers (Inkjet/Laserjet) Yes
xii Passbook Printers No
xiii UPS Yes
xiv Others Yes
xv Lease Line Yes
xvi Dial up net work No
xvii ISDN Lines No
xviii Wireless Network Yes
xix LAN Cabling Yes
9.0 UPS:
Whether power supply has been provided
9.1 to
Computers through UPS? Yes
9.2 Whether UPS room is locked? Yes
Whether entry to UPS room is
9.3 restricted? Yes
9.4 Whether UPS system is free of load from
electrical equipments such as fan, AC, tube Yes
lights etc.?
Whether batteries are kept for charging
9.5 after
Office hours? Yes
Whether periodic checking of UPS &
9.6 batteries is
done? Yes
Whether record to that effect has been
9.7 kept? Yes
What is the duration for which computer
9.8 system 2 hours on UPS
can function on UPS?
When UPS was put to use
9.9 last? Daily
What was the approx.
9.10 duration? Daily 6 hours
Whether register has been maintained to
9.11 record
power failure? yes
Whether loss of data is confirmed after
9.12 every Automatic convert to UPS
power failure?
10.0 Anti-Virus:
10.1 Whether Anti-virus software is used? Yes
Saztel provides security
10.2 Details. solutions
11.0 Software:
11.1 Which software does the branch use? Sona ware software
11.2 Whether it is latest? Yes
11.3 Whether it is authorized copy? Yes
Whether MS-Office installed at the branch is
11.4 an
authorized copy of software? Yes
Whether any unauthorized software is
11.5 installed
at the branch? To Specify. No
tested periodically?
Auto Log off should be activated in case Login is not done for 2 days.
Activation rights should be with HO EDP only. Yes
iii Whether User Approval application is
maintained? Yes
iv Whether users are created by HO EDP? Yes
Whether all users are uniquely
v identified? Yes
Whether unlocking of accounts of users
vi whose
accounts are locked is carried out after
obtaining Yes
unlocking requests & duly approved by
competent
authorities?
After how many unsuccessful attempts at
vii login,
a user is locked out? Yes
Any restriction on number of logins in a
viii day? 3 time
Whether the duration of inactivity before
ix screen Yes
gets locked has been stipulated?
Whether any staff member possesses
x multiple
levels or more than one user-id in the
system? No
Whether any dummy user-id has been
xi created No
in the system?
Whether branch has suspended user-ids of
xii staff
on long leave, transferred, deputed for
training Yes
etc?
Whether branch obtains acknowledgement
xiii from
every user at the time of creation /
allotment of Yes
user-ids?
Password
15.2 Controls:
i Whether Password is masked at the time of Yes not show password
entry?
Whether system compels the user to
ii change the
Password when he logs in for the first
time? Yes
15.8 Firewalls:
Whether comprehensive list of what should
i be
allowed / disallowed through the Firewall
has
been compiled, approved and kept up to
date? No
Where do you place
ii firewalls? IT room
17.0 Registers:
Whether following registers are maintained Whether up
17.1 & if Whether to
maintained
yes, whether up to date? ? date?
Dead stock register for
i computers Yes No
ii Back up register Yes Yes
iii Back up movement register No No
iv Hardware problems register Yes Yes
v Software problems register Yes Yes
No No
vi Due date diary for AMC answer answer
Software release updating
vii register No No
Visit register for AMC
viii personnel No No
ix Power failure register No No
x User register No No
Computer data change
xi register Yes Yes
xii Register of computer consumables such as
floppies, cartridges, tapes, ribbons,
printed Yes Yes
stationery etc.
xiii Register of destroyed floppies Yes Yes
xiv Password Issue No No
xv Password Changes No No
xvi
xvii
19.0 Scanning:
Whether signature are scanned &
19.1 authorized
regularly? Yes
SB CD CC/ TDR
OD
No No No No
Running account number answer answer answer answer
No No No No
Signature scanned up to answer answer answer answer
No No No No
Confirmed up to answer answer answer answer
20.0 Miscellaneous:
20.1 Whether staff is rotated on regular basis? No
Whether stamp is affixed on cheques,
20.2 credit
slips, withdrawal slips, vouchers etc.
indicating Yes
transaction number, scroll number and
initials
of operating staff?
Whether consumables are kept under lock
20.3 & Yes
key?
inspecte
20.4 Whether consumables are d Yes
periodically
?
If yes, date of last
20.5 inspection 1 month
Whether internet connection has been
20.6 provided? Yes
If yes, how control is exercised on its
20.7 usage? No control
20.8 Details of time utilized since April No answer
20.9 Whether all users manuals have been
numbered & entered in Register to monitor
the Yes
movement
?
21.0 ATM:
Refer Annexture 2
21.1 Review of ATM Operations yes
Refer Annexture 3
21.2 ATM Cost Sheet yes
Refer Annexture 4
21.3 ATM Registers yes
No answer
No answer
Signature
Name
Designation
Department
Compiled by Spandane 26 Information System Audit of
Banks
From: Report
Bank
Branch
Computer Dos &
Subject Donts
Date
On computer
System Whether
you-----
3 Switch off the monitor, system unit and the printer, before
switching off the mains?
6 Park the hard disk and then shift it, when the unit needs to
be transferred from one side to another?
7 Handle the floppy drive lever gently?
B Printer
Whether you-----
Choose a flat, sturdy surface with enough room for the
1 paper to
flow freely in and out of the printer? Yes
(If you use continuous fan-fold paper, you will need space
behind
the printer (or underneath with its bottom-feeding) for a
stack of
paper)
Position the printer so that its connections namely, power
2 cord and Yes
computer cable will not interfere with the paper flow?
Position the feed paper stack and the printed output such
3 that one
does not interfere with the flow of the
other? Yes
Position the feed paper stack such that the paper advances
4 straight No
up? (If the stack is slightly away or off-centre, it causes the
paper to
mis-feed)
5 Use the paper thickness lever (if your printer has one) No
appropriately?
Use the paper thickness recommended in the printer
6 manual? No
Turn the power off, unplug the power cord and disconnect
7 the
printer cable when performing any kind of cleaning
operation? Yes
Clean the insides of the printer? (To clean the printer,
8 remove the
printer cover and the ribbon cartridge. To clean the inside of
the Yes
printer, use a soft brush to whisk lint and dust away from
the print
head area. The outside of the printer case can be cleaned
when
needed with a damp rag and alcohol. A vacuum cleaner is
very
useful for sucking out the paper particles from the inside of
the
printer.
Use the printer cover? (It is a dust protection cover, noise
9 buffer Yes
and paper cutter, all in one)
Turn off the power and slide the print head to the left edge
10 before
removing the old cartridge> Yes
(This will prevent the printer head cable from getting
damaged)
C Whether you----
Eat or drink near the
1 computer? Yes
Smoke inside the computer
2 room? No
(Smoke is injurious to computer health
also)
3 Allow direct sunlight to fall on your computer? Yes
(It is necessary to avoid warping of magnetic media)
Run any electric equipment like a vacuum cleaner in the
4 vicinity of No
the computer when it is on?
5 Switch on the system with a data floppy in the drive? No
Insert or remove the diskette when the drive select indicator
6 is Not know
glowing?
Switch off the system when the hard disks drive, i.e. when
7 the Not know
indicator is glowing?
8 Strike the keys as hard as those of a manual typewriter?
(Keyboard keys soft touch) Yes
Rest your hands on the
9 keyboard? No
Keep anything on the
10 keyboard? No
Use the keys after switching off the
11 system? No
12 Stretch the cable at the keyboard end? No
(This may lead to snapping of the wires inside the cable)
13 Turn the paper feed knob when the printer is printing. Yes
Turn the platen knob in the reverse
14 direction? Yes
15 Move the print head manually when the printer is on? Yes
16 Pull the mouse cable? No
Expose the mouse to excessive
17 moisture? No
18 Subject the mouse to impact? No
(Do not let it fall and do not place the keyboard on it.)
Compiled by Spandane 29 Information System Audit of
Banks
From: Report
Bank
Branch
Subject Review of ATM Operations
Date of
Review
CONCLUSION
www.mcb.com.pk
Ayesha Hassan
(AVP at MCB D.Ground Branch)
Malik Touseef
(OG III IT Officer)
Sara Naumaan
(CRO at MCB D.Ground Branch)
Muhammad Nawaz
(HR Officer)
95