Porject On Banking Information System Audit

PROJECT ON BANKING INFORMATION SYSTEM AUDIT
SUBMITTED TO:
SIR YASIR ALI
SUBMITTED BY:
M.NAVEED AHMAD 8324
HUMAIRA WAKEEL 8310
UMER HAYAT 8321
MUZAMMIL HAYAT 8317
M.NAWAZ 8327
DEPARTMENT OF BANKING AND FINANCE
G.C UNIVERSITY FAISALABAD.

TABLE OF CONTENTS
TOPIC............................................................................................I
TABLE OF CONTENTS......................................................................II
ACKNOWLEDGEMENT...................................................................... IV
DEDICATION................................................................................... V
EXECUTIVE SUMMARY.................................................................... V I
1 INTRODUCTION.......................................................................7
1.1 BRIEF HISTORY OF MCB ...........................................................7
1.2 HISTORY OF MCB......................................................................7
1.3 PRIVATIZATION .........................................................................7
1.4 AFTER PRIVATIZATION................................................................7
1.5 MCB BANK TODAY.....................................................................7
2 VISION & MISSION STATEMENT......................................................8
2.1 AWARDS...................................................................................8
2.1.1 EURO MONEY AWARD............................................................8
2.1.2 ASIA MONEY AWARD..............................................................8
2.2.1 CORE VALUES.......................................................................8
2.2.2 OBJECTIVE OF MCB BANK.......................................................9
3 ORGANIZATIONAL HIERARCHY MCB...............................................10
3.1.1 MANAGEMENT LEVEL..............................................................10
3.1.2 ORGANIZATIONAL SETUP........................................................11
3.1.3 MCB GROUP STRUCTURE........................................................12
3.1.4 BRANCH NETWORK................................................................13
3.1.5 ORGANIZATION STRUCTURE OF MCB.......................................13
4 PRODUCTS OF MCB BANK............................................................14
5 DEPARTMENTS OF MCB ...............................................................16
5.1 ORGAN GRAM MCB....................................................................17
6 WAYS OF COMMUNICATION IN A BANK.........................................18
7 MCB BANK IT NETWORK & COMMUNICATION..................................20
7.1 INTRODUCTION OF SAZTEL........................................................20
7.2 SAZTEL SERVICES IN IT ............................................................21
7.3 SAZTEL PROVIDING SOLUTIONS IN BANKING INDUSTRY................21
7.3.1 NETWORKING .......................................................................21
7.3.2 WIRELESS.............................................................................22
7.3.3 SECURITY..............................................................................22
7.3.4 CREDIT/DEBIT CARD SYSTEM IN NETWORK...............................23
7.3.5 MAINTENANCE.......................................................................24
7.3.6 VOIP....................................................................................24
7.3.7 PARTNERS OF SAZTEL............................................................24
7.3.8 MCB ADOPT MICROSOFT E-MAIL HOST TECHNOLOGY...............25
8 EVOLUTION OF IT SYSTEM IN BANK ..............................................26
8.1 RESPONSIBILITIES OF IT DEPARTMENT........................................26
8.2 IT DEPARTMENTS ACCORDING TO FUNCTION...............................27
8.3 STRUCTURE OF IT DEPARTMENT................................................28
8.4 NETWORKS & COMMUNICATION..................................................28
8.5 TYPES OF TOPOLOGIES.............................................................30
9 LIST OF HARDWARE USE IN BANKS...............................................37
10 TYPES OF COMMUNICATIONS USE IN BANKS................................38
11 CALL CENTRE SYSTEM...............................................................39
12 ATM SYSTEM.............................................................................41
13 TPS & PAYROLL TPS..................................................................41
14 SECURITY & RISK......................................................................42
15 MAIN SOFTWARE USE IN BANKS IN MCB......................................42
15.1 FINANCIAL CONTROL SYSTEM IN MCB.......................................42
15.2 SCREEN SHOOTS OF ORACLE G-L SYSTEM...............................42
15.3 PREVIOUS SYSTEM & MCB NEED FOR NEW SYSTEM..................45
15.4 BENEFITS OF ORACLE G-L SYSTEM...........................................45

15.5 TRAINING OF ORACLE G-L SYSTEM...........................................46
15.6 BACKUP OF MCB SYSTEM........................................................48
16 AUDIT COMMITTEE OF MCB.........................................................49
17 FIVE DEFINITIONS OF BISA, HISTORY & BENEFITS............................50
18 INFORMATION SYSTEM AUDIT OF MCB (NOTES)... ...51
19 RECOMMENDATION & CONCLUSION............................................85
19 REFERENCES......................................................................86
Acknowledgement
We take this opportunity to express profound gratitude and deep regards to our guide Sir
YASIR ALI for his exemplary guidance, monitoring and constant encouragement throughout
the course of this project. The blessing, help and guidance given by him, time to time shall
carry me a long way in the journey of life on which we are about to embark.
I am obliged to my Bank fellows colleagues for the valuable information provided by them. I
am grateful for their cooperation during the period of my project.
Lastly, we thank ALLAH ALMIGHTY, our Parents, Brothers, Sisters and friends for their
constant encouragement without which this project would not be possible.
Dedication
This project is dedicated to our fathers, who taught us that the best kind of knowledge to
have is that which is learned for its own sake. It is also dedicated to our mothers, who
taught me that even the largest task can be accomplished if it is done one step at a time
and also dedicated to our honorable Lecturer SIR YASIR ALI who gave us this opportunity
and provide us necessary information about this project.
Executive Summary
In this project students come to know the real difference between theory and practice and
they are also introduced to the outside business world. An important requirement of this
project is to compile a report about the activities of that organization in which the student
has studied the organizations Audit program.
I survey Audit program in MCB BANK LIMITED. This report provided us great opportunity
to equip myself with knowledge, techniques, application and tools used in an
organization.
The report covers various features of knowledge. It starts with the brief history of Bank,
covers current status, mission statement, vision statement, Audit system, the bank
position today and in the past decade, hierarchy etc.
The major portion of this report explains the Audit System of MCB BANK LTD. Division of
departments and their activities highlights the working of MCB BANK LTD and my
learning experience elaborates how much these visits were useful for us.
Concluding the report there are certain recommendations and suggestions for the bank in
order to have improvements.
The source of information for the preparation of project includes the written notes extracts
from banking audit and verbal discussion with bank officials.
We hope this report will help in understanding various aspects and features of Auditing in
MCB BANK LTD. And will be equally important for Banking & finance students and
persons making future banking.
ORGANIZATIONAL BACKGROUND
BRIEF HISTORY OF MCB BANK LIMITED

Before separation of Indo Pak, the need for more Muslim banks was felt. And Muslims
having strong financial capacity were thinking to invest in this sector as well. This was the
idea which provided the way for setting up MUSLIM COMMERCIAL BANK Ltd known as
MCB. This was the third Muslim bank in the subcontinent.
HISTORY
This bank was incorporated under companies act 1913 on 9 th July, 1947 (just before
partition) at Calcutta. But due to changing scenario of the region, the certificate of
incorporation was issued on 17th August, 1948 with a delay of almost 1 year; the certificate
was issued at Chitagong. The first Head office of the company was established at Dacca
and Mr. G.M. Adamjee was appointed its first chairman. It was incorporated with an
authorized capital of Rs. 15 million.
After some time the registered office of the company was shifted to Karachi on August
23rd, 1956 through a special resolution, now recently the Head office of MCB has been
transferred to Islamabad in July, 1999 and now Head office is termed as Principle
Office.
This institute was nationalized with other on January 1st, 1974. At that time it had 506
branches and deposits amounting to Rs. 1,640 million.
PRIVATIZATION
When privatization policy was announced in 1990, MCB was the first to be privatized upon
recommendations of World Bank and IMF. The reason for this choice was the better
profitability condition of the organization and less risky credit portfolio which made'' it a
good choice for investors. On April 8th, 1991, the management control was handed over
to National Group (the highest bidders). Initially only 26% of shares were sold to private
sector at Rs. 56 per share.
AFTER PRIVATIZATION
Ten years after privatization, MCB is now in a consolidation stage designed to lock in the
gains made in recent years and prepare the groundwork for future growth. The bank has
restructured its asset portfolio and rationalized the cost structure in order to remain a low
cost producer.
After privatization, the growth in every department of the bank has been observed.
Following are some key developments:
Launching of different deposit schemes to increase saving level.
Increased participation on foreign trade.
Betterment of branches and staff service level.
Introduction of Rupee Traveler Cheques & Photo Credit Card for the first time in Pakistan.
MCB BANK TODAY
MCB today, represents a bank that has grown with time and experience. A major financial
institution, in scope and size, it symbolizes a fully growing tree evergreen, strong, and firmly
rooted. MCB is one of the leading banks of Pakistan with a deposit base of about Rs. 280
billion and total assets of around Rs.300 billion.
The Bank has a customer base of approximately 4 million, a nationwide distribution network
of over 1,000 branches and over 450 ATMs in the market.
During the last fifteen years, the Bank has concentrated on growth through improving
service quality, investment in technology and people, utilizing its extensive branch network,
developing a large and stable deposit base.
SOCIAL SECTOR: The bank activity participating in the Prime Minister self-employment
Scheme. The application received from various applicants is being processed on merit and
disposed off as quickly as possible.
Vision Statement
To be the leading financial provider, partnering with our customers for a more
prosperous & secure future
Mission Statement
We are a team of committed professionals, providing innovative and efficient

financial solutions to create and nurture long-term relationships with our
customers. In doing so, we ensure that our shareholders can invest with
confidence in us.
AWARDS
MCB Bank has won many awards, which is a clear proof of its good performance. It has
won Euro money awards and Asia Money awards.
Euro money Awards
Best Bank Award 2008
Best Bank in Pakistan Award 2006
Euro money Award 2003 for the "Best Bank in Pakistan".
Best Domestic Bank Award 2000
Asia Money Awards
The Best Domestic Commercial Bank Award 2005
The Best Domestic Commercial Bank Award 2004
CORE VALUES
INTEGRITY:
We are the trustees of public funds and serve our community with integrity. We believe in
being the best at always doing the right thing. We deliver on our responsibilities and
commitments to our customers as well as our colleagues.
RESPECT:
We respect our customers values, beliefs, culture and history. We value the equality of
gender and diversity of experience and education that our employees bring with them. We
create an environment where each individual is enabled to succeed.
EXCELLENCE:
We take personal responsibility for our role as leaders in the pursuit of excellence. We are
a performance driven, result oriented organization where merit is the only criterion for
reward.
CUSTOMER CENTRICITY:
Our customers are at the heart of everything we do. We thrive on the challenge of
understanding their needs and aspirations, both realized and unrealized. We make every
effort to exceed customer expectations through superior services and solutions.
INNOVATION:
We encourage and reward people who challenge the status quo and think beyond the
boundaries of the conventional. Our teams work together for the smooth and efficient
implementation of ideas and initiatives.
OBJECTIVES OF MCB
The following are the objectives of MCB Bank Limited.

CREATING AND MANAGING VALUES:
The first objective of MCB Bank limited is to create and manage the values, which is one of
the back bones of the objective of any well organized and managed organization.
HUMAN CAPITAL:
The second objective of MCB Bank is to take care of the Human capital, which is a
necessary thing for the development and prosperity of any well established organization.
BEST PLACE TO WORK:
The third objective of MCB Bank Limited is to make it a place, which is much feasible and
comfortable for employees of the bank. The MCB is always conscious in developing such
place where employees of the bank feel easiness.
TECHNOLOGY
The forth objective of MCB Bank Limited is to bring new and latest technology in the
operations of the bank. AT MCB, technology has a direct relation with your needs; it is a
mean for creating value and convenience for the customer. Over the last few years MCB
has invested heavily into strengthening its technology backbone. Today it is leading the way
in banking technology and setting new standards for the banking industry, penetrating into
the local market, listening to the needs of the people and educating them of simple financial
products and services that create both value and convenience. MCBs strength lies in
providing a technological base at the grass roots level of the society with a challenge to
educate and assimilate such systems across vast cultural and economic backgrounds.
ORGANIZATIONAL HIERARCHY OF MCB
MANAGEMENT LEVEL
The organization chart within a department and in different offices is as follows:
Divisional Heads .. Head Office
Regional Head (EVP) .. Regional Office
Zonal Head (VP) ... Zonal Office

Branch Manager .. Branch
(VP, AVP, GRADE 1, 2, 3)
ORGANIZATIONAL SETUP OF MCB
MCB Group Structure

BRANCH NETWORK
The following is the Branch Network of MCB Bank Limited.
Sector wise position of circle is as follows;
Consumer Sector 810 Branches
ORGANIZATIONAL STRUCTURE OF MCB
As MCB is a banking company listed in stock exchange therefore it follows all the legalities
which are imposed by concerned statutes Mr. Muhammad Mansha is Chairman & Chief
Executive of the company with a team of 10 directors and 1 vice chairman to help in the
business control and strategy making for the company.
Operational Management of the bank is being handled by a team of 10 professionals. This
team is also headed by Mr. Muhammad Mansha. The different operational departments
are Consumer Banking & IT division, financial division & Inter branch division, Banking
operations division, HR & Legal division, financial control & Audit division, Credit
management division, Commercial Banking division, Corporate Banking division, Treasury
management & FX Group and lastly Special Assets Management (SAM) Group.
For effective handling of branches, it has been categorized into three segments with
different people handling each category. These categories are:
a) Corporate Banking
b) Commercial Banking
c) Consumer Banking
Corporate Banking:
These are branches which have an exposure of over Rs. 100 million. Usually includes
multinational & public sector companies.
Commercial Banking:
The branches which has a credit exposure of less than Rs. 100 million but having a credit
portfolio of more than Rs. 20 million (excluding staff loans)
Usually branches in large markets and commercial areas come under this category.
Consumer Banking:
These are the branches which have exposure up to Rs. 20 million and these include all the
branches which are neither corporate nor commercial branches.
PRODUCTS OF MCB BANK
1. MCB Rupee Traveler Cheques
2. Mahana Khushali Scheme

3. MCB Khushali Bachat Account
4. Capital Growth Certificate Scheme
5. Fund Management Scheme

6. Fax Press
7. Utility Bill Collection

8. MCB Mobile Banking
9. MCB Islamic Banking Services
10. MCB Car Cash
11. MCB Locker
12. MCB Master Card
THE FUTURE OF MONEY:
13. MCB Smart Card
14. Remit Express
Fastest to Pakistan Anywhere in Pakistan.

15. MCB Pyara Ghar
16. MCB Virtual
17. MCB Business Sarmaya
18. MCB Car 4 U
DEPARTMENTS OF MCB BANK LTD

The purpose of banks is to provide services to the general public. And for this purpose
different banks provide different services to the people in different forms. The MCB Bank is a
commercial bank, in modern time commercial banks play a very important role and their
functions are manifold. The main functions and services which MCB Bank Limited provides
to different peoples are as follows.
Open Different accounts for different peoples
Accepting various types of deposits
Accepting various types of deposits
Granting loans & advances
o Undertaking of agency services and also general utility functions, few of those areas
under;
Collecting cheques and bill of exchange for the customers.
Collecting interest due, dividend, pensions and other sum due to customers.
Transfer of money from place to place.
Issuing of travelers cheques and letters of credit to give credit facilities to travel.
Accepting bills of exchange on behalf of customers.
Purchasing shares for the customers.
Undertaking foreign exchange business.
Furnishing trade information and tendering advice to customers.
For proper functioning of branches and the overall bank has been divided in different
departments. These departments handle different jobs so that division of work is there for
improvement of functions and also it is easy to control the situation. The general division
in a branch is as follows:
1. Cash department
2. Deposit department
3. Advances & credit department
4. Remittance department
5. Foreign exchange department
ORGAN GRAM OF MCB BANK LTD
WAYS OF COMMUNICATION IN A BANK
In house communication example: Notice board at MCB BANK LTD
AUTOMATION
A very good office environment is supported by strong office automation. The automation
includes the installation of telephone system, telex, fax, power generator and UPS etc. Now
we shall discuss each activity performed in lieu of office automation.
TELEPHONE SYSTEM
A telephone exchange system by Digital Communication is installed to communicate with
the outside world. This is very helpful as the most of the business these days is performed
through telephones.
Operator is responsible for the incoming calls only. She receives all the calls and connects
them to person concerned. A staff member, who wants to call outside, has to dial `0' to clear
the line or can ask the operator to dial the number he wants. The telephone operator dials a
number for the convenience of any staff member who has to talk urgently or is busy doing
something else.
INTERCOM
All the staff members are connected through intercom system. The telephone system
serves as reaching out to the employees in least possible time.
TELEX
To disseminate some urgent information, a telex system is installed to cater the need of
disseminating information.
FAX
For an instant reception or dissemination anywhere in the world a Fax machine is installed.
Faxes, these days have become an important part of the business environment for a rapid
transmission. Steps like this show the management's commitment towards building up a
strong MIS to stay in the market as one of the better organization. A facsimile machine from
XEROX is there to serve the purpose.
ELECTRIC TYPE WRITER
Electric typewriters are also there for typing of different documents.
PHOTOCOPY MACHINE
Photocopy machine of XEROX is installed in order to have copies of different documents to
save time and extra costs of getting photocopies from the market. It has really facilitated
the activities being performed and saves cost and human effort
E MAIL
In-house communication plays a very vital role in any organization. MCB BANK LTD has its
own internal electronic mailing system with which it communicates with all the employees of
the bank. The mailing address consists of the name of the employee followed
by @mcb.com.pk
Apart from the employees individual mailing addresses, clients may send a mail on the
banks main e-mail address. Thus in such a case if that mail is meant for a particular
employee then its hard copy (print out) is sent to him.
NOTICE BOARD
A big notice board is placed in all the branches of MCB BANK LTD. It is placed on key
locations i.e. on the left side of the entrance gate/door.
The notice board contains a copy of the memo; information regarding any new products
launched by the bank, branch license, schedule of charges, JDs, newly announced prize
bond list, gazzetted holidays , some good news paper cuttings etc.
MCB BANK IT NETWORK AND COMMUNICATION
Mr. Shahid Mirza

Message from the MD
INTRODUCTION OF SAZTEL:
Saztel has passed the milestone of providing systems and solutions for more than 25 years
in the field of IT. It is a vindication of our policies and practices to have successfully operated
over this period and continue to do so. Saztel is the longest running organization in Pakistan
providing these services, enabling us to gain valuable experience about the technology, the
environment and our valuable customers. The fact that many organizations have come and
gone in the meantime, gives us encouragement that we are on the right path and have full
confidence of our IT users. Saztel's experience and know-how has enabled it to choose
quality products, giving the customers a definite edge in efficiency and cost effectiveness.
SAZTEL is Pakistans premier IT Systems Integrator with the capacity and experience for
providing strategic technology solutions that achieve real business results in diverse
industries.
Established in 1985, the company has been built from a technical base with a strong focus
on providing a high quality service and delivering solutions with a technological advantage.
Innovation, attention to detail and integrity have been the cornerstones of SAZTEL's growth
and success.Ongoing technical and business training programmes, client and industry
research and investment in specialized network equipment continue to keep SAZTEL at the
forefront of the Networking industry.Whilst working closely with industry leading vendors,
SAZTEL continues to remain mostly manufacturer independent and consultative in its
approach to ensure best fit solutions to both public and private sector clients.
Saztel can deliver its solutions and services countrywide with presence in all the major cities
of Pakistan.SAZTEL offers various services in Information Technology to its
customers, some of which are listed below:
Identification of Customer needs for IT infrastructure.
Provide IT Solutions on turnkey basis.
Network design of Local Area Network.
Network design of Wide Area Network.

Design & installation of remote and local Surveillance Systems.
Security solutions for Intranet, Extranet & Internet Customers.
Supply of Communications Equipment and warranty support.
Installation & Maintenance (under contract) of Networking Products.
Provide repairing facility on SAZTEL supported equipment.
Implementation of Structured Cabling Projects.
SAZTEL PROVIDING SOLUTIONS IN BANKING INDUSTRY
Networking
The computer network is a key component of any organization. It enables you to monitor,
control, manage, and optimize your enterprise. It facilitates in converting your ambitions into
reality.
An optimized and reliable I.T. network is the key to your success. We have over 25 years of
expertise and experience striving to help you achieve this. We provide networking solutions
based on our customer needs, not what particular vendors are offering; complete OEM-
independent solutions.By designing, implementing, and maintaining IT infrastructure through
highly trained, experienced and certified technicians and engineers we leave our clients with
a standard of excellence and satisfaction. We have withstood the test of time and have been
in this business long enough to witness the success of our solution designs over decades,
time and time again. Our Network Solutions provide your small business or enterprise with a
complete network design, installation with implementation with commissioning. This
encompasses:
Switches
UPS
Routers
LAN/WAN
Copper/Fiber Infrastructure
Data Center Design/Implementation

Wireless
Wireless technology provides an easy solution to an enterprise that has one or all of the
following requirements or restraints:
Service Provider Independent Connectivity
Full ownership and control
Connectivity at Difficult/Remote Locations
2nd Media redundant link (as a backup)
We are the pioneer of connectivity including wireless technology in Pakistan. We provide

wireless technology under license from the PTA. Our wireless solution pre-dates the
establishment of the PTA under the authority of the Ministry of Communications.
Wi-Fi (Individual AP or campus wide)
Wireless ISM Band Radios
Licensed Frequency Radios
Wireless Surveillance Solutions
Security
Saztel provides security solutions designed and implemented by experienced and

certified professionals.
For your Physical Network:
Campus CCTV
Intrusion Prevention Systems with Access Control
For your Virtualized Network:
Firewalls
Anti-Virus
Network Access Control
Credit / Debit Card Systems and Networks
Installed, commissioned and maintain the data communication Network for the Credit
Card System used for POS terminal access for American Express, Citi Bank, MCB
Bank and United Bank Ltd.Saztel has also installed the POS terminal Access System
for Shell Pakistan for their Fleet Cards.
Financial Institutions
Installed and maintains Country wide Data communication networks for various financial
institutions including the network with the largest number of routers in the country.
SAZTEL enjoys a good relationship with most of the banks operating in Pakistan.
Citibank has been a SAZTEL customer since 1985. SAZTEL has over the years,
supplied and
Installed Modems, X.25 Switches, Multiplexers, Data Encryptions and Radio Modems at
Citi Bank locations throughout Pakistan.
Citibank was the first financial institution to employ data Communication in Pakistan.
Designed, installed and maintain the Country-wide LAN/WAN & Power infrastructure for
the
State Bank (Central Bank) of Pakistan. It was a World Bank funded project with more
than 3500
Nodes &seventeen locations throughout Pakistan.
Habib Bank is the largest bank in the private sector. Saztel has installed & maintain
wireless links to 100 branches of the Bank. Saztel has also designed and installed a
Metropolitan Network consisting of five locations in Karachi, using core Ethernet switches.
Saztel has supplied to MCB Bank, hundreds of Modems, Routers, Switches and Wireless
Radios for its Head Office and Bank Branches. MCB Bank also has the largest ATM
Network in Pakistan.
National Bank of Pakistan, utilizes SAZTEL supplied Modems and other networking
equipment to link its Remote Branches to its head office.
Saztel has designed and installed more than 30 wireless links for the of Remote Bank
Branches in various cities of Pakistan for Bank Alfalah.
SAZTEL has provided security solutions and advices to banks and other organizations
such as Citibank, National Bank, HBL and CDC.
Maintenance
An optimized and reliable network is the key to your success. Running your network to failure
is never an option. The cost in maintaining your network to prevent that failure is fractional
compared to the loss of revenue due to downtime or due to loss of reputation; a luxury, your
enterprise cannot afford. With simple steps, we will perform a free consultation of your
network and then giving you a solution based on our findings.
UPSs
PCs
Printers
Telecomm Systems (VoIP/PABX)
Complete Data Centers
Saztel Maintenance solution offers 24x7 service and support for all your IT needs. We have a
broad range of packages available tailored to your desired level of service. Let us show you
the Saztel experience so you can focus on more important things.
VOIP
Operational costs can be reduced drastically by better utilization of your existing resources.
One such example is in using your existing IT infrastructure to transfer your voice signals and
data. Apart from being cost effective, it also simplifies the user interface by allowing a unified
coding system throughout your enterprise, allowing you to reach different departments or
even different offices with ease. By shifting their intra- and interoffice communication to IP our
customers have saved Crores of rupees per year.
Partners of SAZTEl
MCB BANK ADOPTS MICROSOFT EMAIL HOSTING TECHNOLOGY
By Kayvon Ghoreshi, TMCnet Contributing Writer
MCB Bank has had a reputation of maintaining a technological edge when it comes to online
banking, email hosting, and other communication networks. In order to help it stay on top,
MCB has collaborated with Microsoft (News - Alert). Among the services available, it will
be adopting Microsoft Exchange Server, Microsoft Active Directory, Microsoft Office and
Microsoft System Center Configuration Manager in order to give it a better advantage over
competitors.
This action falls in line with MCB Banks strategy of establishing the largest online branch in
the country. The idea of e-banking has slowly swept through the financial sector. With its
convenience and ease of use, the online option is very amiable to consumers giving all the
more reason for banks to adopt the technology. Through things like improved email hosting,
which allows MCB employees to connect securely and collaborate from virtually any device,
the organization can offer users everything their business needs to succeed.
This will enable the technology function to deliver the best quality of services to its internal
and external customers while changing the experience and productivity through a facilitation
model, stated Imtiaz Mahmood, head of Information Technology Group, MCB Bank Ltd, in a
statement.
Aasim Ashraf, division head of ITSM (Project Director), MCB Bank Ltd sees this as a good
step forward. He added, "Acquiring these Microsoft solutions is a major step which will not
only enhance MCB Bank's Employees' productivity but will also help us to change the
dynamics of the Infrastructure optimization model from standard to rationalized in a phased
approach."
This upgrade with Microsoft products shouldnt come as a surprise for MCB Bank. Like
many other institutions, it pushes for efficiency. This latest investment in Microsofts services
will allow them to improve efficiency by 30 percent due to the improved network, email
hosting, and communication abilities between the staff and their customers
Evolution of IT Systems in Banks

About 2.5 decades ago the concept of automation and computerization was almost non-
existent in Pakistani banks. The first commercial bank to adopt technology as a policy was
MCB (Muslim commercial Bank) and launched numerous aggressive technology projects
including the Mnet before 1990.Around 1996 United Bank Limited (UBL) in collaboration
with other banks including Allied Bank developed a comprehensive banking package called
Unibank. This package was adopted by many leading banks and it received reasonable
popularity.Between 2001 and 2005 State Bank of Pakistan also aggressively invested in
computerization and started projects focusing on increasing internal efficiency, external
linkages with commercial banks and Data warehousing. SBP's initiatives in this regard
created motivation and confidence in other commercial banks to reserve budgets for
computerization. Prior to 2000 no commercial bank in Pakistan had an ERP installed. Some
foreign banks operating in Pakistan were exceptions as they were using banking ERP suites
but their primary servers were outside Pakistan. Real activity in terms of automation in
commercial banks started after 2002 when commercial banks including small banks and
new startups also reserved huge budgets for computerization including the development of
modern IT infrastructure, expansion of ATM networks and implementation of banking off-the-
shelf packages/solutions.
RESPONSIBILITY OF ITS DEPARTMENT
All communication throughout the branches and data centers.

Monitoring the services of existing application inside the organization.
Monitoring of critical applications
Providing services to production application.
Network and other connectivity medium.
Security of existing and new application.
Security of networks.
In-house Security issues.
ITS DEPARTMENTS ACCORDING TO FUNCTION
Network and Communication:
This department is responsible for managing all the network and communications inside
and outside the organization.
Services Management:
This department is responsible for to providing the services to the new and existing
application running inside the organization.
Relationship Management:
This department provides the services to enhance the number of customer in the
organization,
E.g. SMS alert, Gift, Wedding wishes.
Security and Risk:

All the security which is related to organization are managed by the IT department.
E.g. CCTV cameras, Firewall.
Technology Support and Services:
This department is responsible to handle all the technical issues of all the branches and
this department also provides the services of personal visit in the different branches to
check the hardware components and ATM performance.
STRUCTURE OF ITS DEPARTMENT

NETWORK & COMMUNICATION
This department is responsible for managing all the network and communication inside and
outside the organization.
LAN: A local area network is a computer network that interconnects computer within a limited
area such as a home, school, computer laboratory or office building using network media.
WAN: A wide area network is a network that covers a broad area (i.e. any
telecommunications network that links across metropolitan, regional, national or

international boundaries) using leased telecommunication lines.
MAN: A metropolitan area network is a network that interconnects users with computer
resources in a geographic area or region larger than that covered by even a large local
area network (LAN) but smaller than the area covered by a wide area network (WAN).
INTERNET: A global computer network providing a variety of information and
communication facilities, consisting of interconnected networks using standardized
communication protocols.
INTRANET: A local or restricted communications network, especially a private network

creating using World Wide Web software.
EXTRANET: An extranet is a computer network that allows controlled access from outside
of an organizations intranet. Extranet are used for specific use cases including business to
business (B2B).
TYPES OF TOPOLOGY
Network Topology is the schematic description of a network arrangement, connecting

various nodes (sender and receiver) through lines of connection.
BUS Topology
Bus topology is a network type in where every computer and network device is connected
to single cable.
Features of Bus Topology
1. It transmits data only in one direction.
2. Every device is connected to a single cable

Advantages of Bus Topology
1. It is cost effective.
2. Cable required is least compared to other network topology.
3. Used in small networks.
4. It is easy to understand.
5. Easy to expand joining two cables together.
Disadvantages of Bus Topology
1. Cables fails then whole network fails.
2. If network traffic is heavy or nodes are more the performance of the network decreases.
3. Cable has a limited length.
4. It is slower than the ring topology.
RING Topology
It is called ring topology because it forms a ring as each computer is connected to another
computer, with the last one connected to the first. Exactly two neighbours for each device.
Features of Ring Topology
1. A number of repeaters are used and the transmission is unidirectional.
2. Date is transferred in a sequential manner that is bit by bit.
Advantages of Ring Topology
1. Transmitting network is not affected by high traffic or by adding more nodes,
as only the nodes having tokens can transmit data.
2. Cheap to install and expand
Disadvantages of Ring Topology
1. Troubleshooting is difficult in ring topology.
2. Adding or deleting the computers disturbs the network activity.
3. Failure of one computer disturbs the whole network.

STAR Topology
In this type of topology all the computers are connected to a single hub through a cable. This
hub is the central node and all others nodes are connected to the central node.
Features of Star Topology
1. Every node has its own dedicated connection to the hub.
2. Acts as a repeater for data flow.
3. Can be used with twisted pair, Optical Fibre or coaxial cable.
Advantages of Star Topology
1. Fast performance with few nodes and low network traffic.
2. Hub can be upgraded easily.
3. Easy to troubleshoot.
4. Easy to setup and modify.
5. Only that node is affected which has failed rest of the nodes can work smoothly.
Disadvantages of Star Topology

1. Cost of installation is high.
2. Expensive to use.
3. If the hub is affected then the whole network is stopped because all the
nodes depend on the hub.
4. Performance is based on the hub that is it depends on its capacity
MESH Topology
It is a point-to-point connection to other nodes or devices. Traffic is carried only between two
devices or nodes to which it is connected. Mesh has n (n-2)/2 physical channels to link
in devices.
Types of Mesh Topology
1. Partial Mesh Topology: In this topology some of the systems are connected in the same
fashion as mesh topology but some devices are only connected to two or three devices.
2. Full Mesh Topology: Each and every nodes or devices are connected to each other.
Features of Mesh Topology
1. Fully connected.
2. Robust.
3. Not flexible.
4.
Advantages of Mesh Topology
1. Each connection can carry its own data load.

2. It is robust.
3. Fault is diagnosed easily.
4. Provides security and privacy.
Disadvantages of Mesh Topology
1. Installation and configuration is difficult.
2. Cabling cost is more.
3. Bulk wiring is required.
TREE Topology
It has a root node and all other nodes are connected to it forming a hierarchy. It is also
called hierarchical topology. It should at least have three levels to the hierarchy.
Features of Tree Topology
1. Ideal if workstations are located in groups.
2. Used in Wide Area Network.
Advantages of Tree Topology
1. Extension of bus and star topologies.
2. Expansion of nodes is possible and easy.
3. Easily managed and maintained.
4. Error detection is easily done.
Disadvantages of Tree Topology
1. Heavily cabled.
2. Costly.
3. If more nodes are added maintenance is difficult.
4. Central hub fails, network fails.

LIST OF HARDWARE USE IN THE BANKS
Servers
Router
Hubs
Modems
Scanners
Printers (inkjet/LaserJet)
UPS
Others
Lease Line
ISDN Lines
Wireless Network
LAN cabling
TYPES OF COMMUNICATION USED IN BANKS
Internal communication
External communications
1. Internal communication:
It means communication within the organization is called internal communication. It includes all
communication between different level peoples within the organization. It may be informal or
formal function or department providing communication in various forms to employees.
Upward communication
Downward communication
Horizontal communication
Diagonal communication
Upward communication
Upward Communication is the process of information flowing from the lower levels of
a hierarchy to the upper levels. This type of communication is becoming more and more popular
in organizations as traditional forms of communication are becoming less popular. The more
traditional organization types such as a hierarchy, places people into separate ranks.
Upward communication helps employees to express their requirements, ideas, and feelings. For
the top management, upward communication is an important source of information for business
decisions. It helps in alerting top management about the requirement of changes in
organizations. Upward contribution is the core contributor of business process re-engineering in
many organizations.
Downward communication:
Downward communication is the flow of information and messages from a higher level inside an
organization to a lower one. Effective downward communication is crucial to an organization's
success.
Horizontal communication:
In organizations and organisms, lateral communication works in contrast to traditional top-down,
bottom-up or hierarchic communication and involves the spreading of messages from individuals
across the base of a pyramid.
Diagonal communication:
The sharing of information among different structural levels within a business. For example,
diagonal communication could involve higher level management communicating to lower level
management a shift in organizational objectives, as well as the ensuing dialog about how best
to achieve the new goals.
2. External communication:
External communication is the transmission of information between a business and another
person or entity in the company's external environment. Examples of these people and entities
include customers, potential customers, suppliers, investors, shareholders, and society at large.
Call center System
Call Center
s
The state of the art MCB call center is the right choice to keep you in step with your ever hectic
schedule by providing you round the clock services relating to your Bank Accounts, Visa cards
and MCB Lite at any point in time.
Our well-abreast and dedicated call center team is available 24 x 7, 365 days a year to ensure
that your daily financial obligations are taken care of guaranteeing you a good nights sleep.
Welcome to the MCB Phone Banking Experience: 111-000-MCB (622)
MCB Call Center Offerings
Value Added Features
Call Rating Feature
Regional Languages
Financial Services
Account Balance Inquiry
Funds Transfer Request
Debit card Transactions Details
Last Six Transactions Details
All Credit Card Related Requests and Payments.
24 Hours Visa Debit, MCB Lite, Prepaid, Credit Card Blocking
Bill Payments (PTCL, SSGC, SNGPL, KESC, HESCO, IESCO, Mobilink,

Ufone, Zong, Telenor)
Purchase Vouchers (Mobilink, Ufone, Zong, Warid Telenor).
Non-Financial Services
MCB Credit & Prepaid Card Activation
Credit Card Address Change Request
Internet Banking Activation
24 Hours Complaint Registration
Mobile Banking Activation
MCB Lite Activation
MCB Products related information
MCB Bank charges
Why wait for tomorrow to make a request or transactions, give us a call and we will
take care of all your financial needs. 24 x 7 x 365.
ATM SYSTEM
TRANSACTION PROCESSING SYSTEM (TPS)
TPS is a information system which collect, store, modify and retrieve the transaction from an
organization. A transaction that generate a modify data eventually store in the computer. The
TPS is managed with the helpful transaction processing monitor.
PAYROLL TRANSACTION PROCEESING SYSTEM (TPS)
Payroll TPS is designed to get information and recorded of the employee from their department
to calculate their earnings it get information from employee department and the links into
previous record. After verification the reports are sent to management.
SECURITY & RISKS
CCTV cameras
Total 08 cameras are located in the MCB BANK D.Ground Branch. Four on the ground
floor and two on the upper floor, and storage capacity of two weeks and covered large
area and also available in ATM and Server room.
Main Soft ware use in MCB Bank

FINANCIAL CONTROL SYSTEM IN MCB BANK
The Financial control department makes sure that all the financial transactions comply
with state laws, rules and regulations.
The department is responsible for centrally processing and recording the transaction. This
department also ensures that enough funds are available before the bank engages in
commitment.
This department is also responsible for generation the annual reports in compliance with
the companys ordinance 1984.
The financial control department uses the oracle GL as its information that our group has
selected as a part of our assignment for the MIS course.
Oracle GL is the product of Oracle E-Business tool which the organization has acquire as
its plate form for managing its business transaction and maintaining records.
Oracle General Ledger works seamlessly with other Oracle E-business suite products to
drive better decision making, sustainable financial discipline, regulatory compliance, and
optimized business processes.
These are some screen shoots of the Oracle General ledger Look like:
THE PREVIOUS SYSTEM AND THE COMPANYS NEED FOR A NEW SYSTEM
The Financial Control Department before switching over to Oracle E-Business Suites
Oracle GL system used an in-house developed system called Financial Control System.
This was implemented so as to meet the business needs of the company at that time,
however as the company expanded and its branches increased at a phenomenal rate and
it started to offer new services, the Financial Control System could no longer meet the
complex needs of the department. Apart from this, there were the usual system break
downs which resulted in increased cost (time cost because it required some time to repair
the system and monetary cost because it required having separate personnel for training
new employees).A need was felt that a new system had to be brought in to the
department that would integrate smoothly with the organization and the departments
information management needs and at the same time also be reliable. Therefore, after a
period of searching and evaluating various information systems, the company bought a
new information system, the Oracle Financial Suite and one of the elements of this
financial suite was Oracle GL which was perfectly suited for the Financial Control
Departments requirements.
BENEFITS OF ORACLE GL TO THE ORGANIZATION/ DEPARTMENT/ END USERS

AND ITS SALIENT FEATURES
Oracle provide its end user friendly interface
Not require any specialized training
End Use can know how this system with minimum training
Generate accounting report with accounting standard in Pakistan
System makes it easy to customized report
Provide high data integrity
The Oracle GL provides high Data Integrity by making sure that the data that is saved will
be available for future use and will not have any errors. Data retrieval or data recovery is
also made easy by the system and the end users of the system are saved from spending
too much time or effort in trying to recover data that may normally be hard to find in other
systems.
INFORMATION PROVIDED BY THE SYSTEM
This system enables the department in making General Ledgers for the bank, completing its
transactions, maintaining accounts and balances of the bank and its customers and with the
help of that it helps the department to balance the accounts and generate Financial
Statements (the MCB generates the following financial statements with the help of this
system: Balance Sheet; Profit and Loss account; Cash Flow statement and Statement
of Changes in Equity). The system then saves and documents all these reports and financial
statements into its database for future use and referencing. This information is not only
useful for preparing reports and financial statements for the bank but is also used in times
such as making audit reports, company reports, etc
END USERS OF THE SYSTEM AND THE DEPARTMENT IT CATERS TO

Since Oracle GL is a financial software system designed to for an organizations financial
needs and caters to an organization like MCBs financial needs. Its end users will be
people related to finance. In this case, employees in MCBs
Financial Control Division
Are the end users of the system? All the employees in this department have been
properly trained to use this system. The system itself has also been highly customized to
suit all the needs of the department and meet its requirements in an efficient and cost
effective manner
TRAINING OF THE END USERS

-
The training involved people from Oracle visiting the organization which was the MCB
head office.
This course will also address the standards for using these interfaces.
Basic technical functionality of the core Financials applications
Technical overview of Oracle General Ledger.
Customers, and Assets
Major business functions associated with the financial applications
Flow of application information through major tables
The objectives of the sessions were the following
Describing the Oracle General Ledger
Identifying the primary business functions that can be performed using each
Oracle Financials application
Describing the Oracle Financials applications integration and data flow among
applications
Over viewing the default account sources, multi-organization architecture, andthe use of
Multiple Reporting Currencies
Lastly, the attendants were made familiar with the following:
Major business functions of Oracle General Ledger
Oracle General Ledger entity relationship diagrams related to it

s m a j o r functions
Major tables by business function
The attendants returned as soon as the training sessions ended, ready to carry
out their tasks with the new system.
TECHNICAL SPECIFICATIONS OF THE INFORMATION SYSTEM
Hardware
HP Blade Server
Software
Oracle e-Business Suite R12
Operating System
Linux Environment
Input
Financial data
Output
Financial statements like ledgers, balance sheet etc.
Processing
Batch processing
Storage
Both Hot-sites and Cold-sites (to be discussed later in the report)
BACKUPS
MCB has both cold sites and hot sites for its new financial system the Oracle General
Ledger.
Since its not a multinational organization, it has its hot sites in Pakistan only.
The cold sites are the various regional headquarters in the country.
The hot site is the main headquarter in Karachi at the I.I. Chundrighar Road.
Backups are scheduled on a daily bases in the off-peak hours (late nights).
This time of the day has been selected due to the fact that during the day the
systems are overworked enough to be able to do in real time. Hence, batch processing
suits this organizations culture.
PROBLEMS WITH THE SYSTEM
In our interview with the banks employees who worked on the system, it
seemed they were very satisfied with the system and considered that the Oracle GL
was a perfect fit for their department. The IT department too was very satisfied
with the Oracle software and t o l d u s t h a t t h e n u m b e r o f c o m p l a i n t s t h a t
t h e y p r e v i o u s l y u s e d t o r e c e i v e f r o m t h e i r employees when they were
using their in-house software was very high. Ever since the introduction of
Oracle GL, those complaints have almost entirely
disappeared because of w h i c h t h e e f f i c i e n c y o f t h e d e p a r t m e n t s h a s
a l s o r i s e n . S o f o r t h e e n d u s e r s o f t h e organization, the software had
no flaws other than that some employees thought that the software could be
further customized in a better way to suit their business better.
AUDIT COMMITTEE OF MCB BANK
Mian Mohammad Mansha

Chairman
Sheikh Mukhtar Ahmed

Member
Shehzad Salam
Member
AUDITORS OF MCB BANK
A.F. Ferguson & Co.

M. Yousuf Adil Saleem & Co.Chartered accountants
DEFINITIONS OF BISA
An information technology audit, or information systems audit, is an examination
of the management controls within an Information technology (IT) infrastructure. The
evaluation of obtained evidence determines if the information systems are
safeguarding assets, maintaining data integrity, and operating effectively to achieve
the organization's goals or objectives. These reviews may be performed in conjunction
with a financial statement audit, internal audit, or other form of attestation engagement.
The collection, storage and processing of financial and accounting data that is used by
decision makers. An accounting information system is generally a computer-based
method for tracking accounting activity in conjunction with information technology
resources. The resulting statistical reports can be used internally by management or
externally by other interested parties including investors, creditors and tax authorities.
Information systems Auditing is a systematic process of collecting and evaluating
evidence/information to access whether the information security systems.
Analysis and evolution if a banks information system (weather manual or

computerized) i detect and rectify blockages, duplication, and leakage of information.
The objectives of this audit are to improve accuracy, relevance, and timelines of the
recorded information.
A bank technology audit, or information systems audit, is an examination of the
management controls within an information technology infrastructure of bank.
HISTORY OF BISA
In the past decade, with the increased technology adoption by Banks, the complexities
within the
IT environment have given rise to considerable technology related risks requiring effective
management.
This led the Banks to implement an Internal Control framework, based on various
standards and its own control requirements and the current RBI guidelines. As a result,
Banks management and RBI, need an assurance on the effectiveness of internal controls
implemented and expect the IS Audit to provide an independent and objective view of the
extent to which the risks are managed.
As a consequence, the nature of the Internal Audit department has undergone a major
transformation and IS audits are gaining importance as key processes are automated, or
enabled by technology. Hence, there is a need for banks to re-assess the IS Audit
processes and ensure that IS Audit objectives are effectively met.
The concept of IT auditing was formed in the mid-1960s. Since that time, IT auditing has
gone through numerous changes, largely due to advances in technology and the
incorporation of technology into business.
Currently, there are many IT dependent companies that rely on the Information
Technology in order to operate their business e.g. Telecommunication or Banking
company. For the other types of business, IT plays the big part of company including the
applying of workflow instead of using the paper request form, using the application control
instead of manual control which is more reliable or implementing the ERP application to
facilitate the organization by using only 1 application. According to these, the importance
of IT Audit is constantly increased. One of the most important role of the IT Audit is to
audit over the critical system in order to support the Financial audit or to support the
specific regulations announced e.g. SOX.
BENEFITS OF BISA
Banking Audit in Information system is increasing day by day and becoming the focal
point of the independent audit, compliance audit, and operational audits. Through Auditing
the Organization get benefits in many ways, which are as under:
Standardization.
Improve business efficiency.
Improve system and process controls.
Plan for contingencies and disaster recovery.
Manage information & developing systems.
Prepare for the independent audit.
Evaluating the effectiveness and efficiency related to the use of resources.
Reduce risk and enhance system security
Prevent and detect errors as well as fraud.
Information System Audit of MCB

Bank
Compiled by Spandane
Compiled by Spandane 2 Information System Audit of
Banks
Index Information System Audit of Banks
Para Topic
1.0 Hardware installed at Data Centre / Branch
2.0 Installation of Computers
3.0 Server Farm / Room
4.0 Scanner
5.0 Fire Extinguishers
6.0 Physical Security
7.0 Insurance:(Electronic Equipment Policy)
8.0 Hardware Maintenance
9.0 UPS
10.0 Anti-Virus
11.0 Software
12.0 Software Maintenance
13.0 Back up
14.0 Data Purging
15.0 LAN Security
15.1 Login Controls
15.2 Password Controls
15.3 Data Access Controls
15.4 Terminal Controls
15.5 Temporal Controls
15.6 Dial up Controls
15.7 Back up Controls
15.8 Firewalls
16.0 Data Security
17.0 Registers
18.0 Print outs
19.0 Scanning
20.0 Miscellaneous
Information System Audit of
Compiled by Spandane 3 Banks
Para Topic
21.1 Review of ATM Operations
21.2 ATM Cost Sheet
21.3 ATM Registers
22.1 Disaster Management
23.1 Rating
24.1 Major Irregularities requiring urgent attention
Definition of Information system Audit
Information systems Auditing is a systematic process of collecting and

evaluating
evidence / information to access whether the information security systems
I Safeguards assets effectively
Ii Maintain data integrity
Iii Achieve goals of the organization effectively,
Iv Result in efficient use of available information system resources.
Computer Process under CBS
Sr. No. To confirm----Operational Manager done these activities

Whether day-begin has already been done by Data Centre?
1 yes
Re-check on network to be done before service hours.
2 Yes
New user application forwarded by branch manager (also transfers,
3 retirements,
resignations)
yes
End of Day hand over by branch
4 yes
5 Exception and other reports
yes
www.spandane.com
Banks
Scope of Information system Audit of Banks
Data D. R.
Sr. No. Branch Centre Centre
1 Hardware Control Yes Yes Yes
2 Environmental Control Yes Yes Yes
3 Access Control Yes Yes Yes
4 Data Protection Control Yes Yes Yes
5 Data Access Control Yes Yes Yes
6 Network Control Yes Yes Yes
7 CommunicationControl Yes Yes Yes
8 Personnel Control Yes Yes Yes
9 Service Control Yes Yes Yes
10 Back up Control Yes Yes Yes
I S Audit of Branches
Scop
Sr. No. e
1 Security Hardware and SoftwareCCTV camera 2weaks recording
safe
2 Hardware register, user register Yes all components are up to
date
3 Back up and Disaster recovery practices..yes we maintain
backup setup
4 Report circulation and authentication .yes timing reports send to
management
5 AMC facilities & its monitoring yes we watch out all visitors through
CCTV
6 Voucher marking transaction number ...branch manager check daily
transaction
7 a) Revenue Test Check .Branch deposit plus or Negative on daily basis
b) Availability of IS Policy, Disaster Management Policy..yes we have backup
sys
c) Number of users attached to the branch vs. physically present and its
reconciliation. Our branch have 13 employee & all perform their work
actively
www.spandane.com
From: Report BISA

MCB
Bank Bank LTD
Branch / Data Centre / D. R.
Location Centre
Subject Banks
Date of
Review 26/05/201 5
Sr. No. Particulars Observations

Hardware installed at Data Centre /
1.0 Branch:
Average
Item Qty. age
Computer System with Hard
1.1 Disk 10 7 to 10 year
Computer System without Hard
1.2 disk 1 15 to 18 year
1.3 Servers 3 7 to 10 year
1.4 Thin-client 1 Max 20 year
1.5 Router 2 5 to 7 year
1.6 Switches 18 5 to 10 year
1.7 Hubs 3 10 to 15 years
1.8 Modems 2 5 to 10 years
1.9 Scanners 2 5 to 10 years 5
1.10 Printer (Dot Matrix) 2 10 to 20 years
1.11 Printers (Inkjet/LaserJet) 4 5 to 10 years
1.12 Passbook Printers 0
1.13 UPS 2 Minimum 2 year
1.14 Others LCD, Mouse,Keybords, 10 5 to 10 years
1.15 Lease Line 2
1.16 Dial up net work 0
1.17 ISDN Lines 0
1.18 Wireless Network 2
1.19 LAN Cabling 6
1.20 Generator 2
1.21
1.22

2.0 Installation of Computers:

Refer Annexture-1 /Computer Dos & Donts.
Whether computers are maintained in dust
2.1 free
Environment? Dos
2.2 Whether computers were kept clean? Dos
Whether separate electrical supply line has
2.3 been
provided for computer equipment with Dos
Necessary circuit breakers?
Whether computers have been housed
2.4 in
separate cabins or on kept at the counter
with Dos
facility of locking?
Whether ear thing for electrical line is
2.5 checked at
periodic intervals? (Reading on the voltage Dos
meter on neutral points should show
between
0-5 ampere)
Whether Ear thing of the building is
2.6 checked at Donts
periodic intervals?
2.7 Whether detailed map of the cable lay out Dos
including the hubs is available with the
branch?
(It will facilitate fast repairs to LAN cable
faults)
Whether HUBS have been installed in a
2.8 secured
place? (To avoid possible physical
tampering) Dos
Whether LAN cables have been allowed to
2.9 trail
on the floor? Donts
Whether any heavy article is kept on the
2.10 cables? Dos
(To avoid possible data loss)
Whether EDP department monitors
2.11 Volume /
Space information
periodically? Donts
2.12 Whether LAN Network diagram is available?
(Branch/DC/DR) Dos

Server Farm /
3.0 Room:
Whether server room is away from the
3.1 main
door, windows, passage and customer
area? Yes
Whether server room is located not
3.2 endangered
by rain, wind, dust etc. which will reduce
the
life of the server? Yes
3.3 Whether AC provides adequate cooling and
humidity for the server farm
/room? Yes
Whether additional ACs has been installed
3.4 to
work in rotation with a Timer? No
Whether instrumen
3.5 temperature measuring t
and smoke & fire detectors has been
installed in Yes
server room?
Ambient temperature normally recommended is 18 C. yes
3.6 Whether server room is locked? Yes
3.7 Whether entry to server room is restricted? Yes
Whether the new user entry policy has
3.8 been set,
documented and evaluated regularly? Yes
Whether entry of outsiders to server room
3.9 is
approved by competent official? Yes
Whether record of visitors & reason for
3.10 allowing
access to server room has been
maintained? Yes
Whether access is controlled through
3.11 biometric
or smart cards in order to prevent
authorized Locked system
access?
3.12 Whether controlling devices are in working
condition? Yes
Whether AMC has been given for
3.13 maintenance
of controlling
devices? No
Whether audit trails of key card access
3.14 systems No

is checked daily?
Whether failed logs are
3.15 investigated? Yes
3.16 Whether Monitoring or Surveillance system
(CCTV) has been installed in Data Centre? Yes
3.17 Whether numbers of cameras are adequate Yes
to
cover the entire
area?
Whether recording is done simultaneously
3.18 by
all cameras? Yes
Whether control panel displays the images
3.19 from
all cameras in a single screen with a facility Yes
change over to the particular
camera?
Whether notice board namely Area is
3.20 covered
by CCTV has been displayed in the data
centre? Yes
How many days recording of CCTV are
3.21 made
available? 2 weak
Whether server has been installed in a
3.22 room
with atleast one wall of glass panel
permitting No
the view from
outside?
3.23 Whether Data centre follows the Password
Policy at all times? Yes
3.24 Whether is it supervised? Yes
Refer Sr. No.15.2 / Password
Whether System Administrator access is
3.25 under
the two factor Operational manager & chief
access? cashier
3.26 Group Ids should not be made but only
individual to pin responsibility. Whether Yes
complied?
Whether server is password
3.27 protected? Yes
Whether server room is maintained clean
3.28 and
not used for storage of any
record? Yes
Whether printer has been kept in server
3.29 room?
Yes

Whether record of failure of lease line /dial

3.30 up
net work has been maintained and
analyzed? Yes
4.0 Scanner:
4.1 Whether scanner has been kept under lock,
Available at
when not in use? Manager room
If scanner is attached to a particular
4.2 terminal,
whether the said terminal is password No
protected?
Fire
5.0 Extinguishers:
5.1 Fire extinguishers of CO2 inert gas type can
only be used on computer equipment (in
the Good condition
event of fire breaking out)
Whether fire extinguishers have been
5.2 installed? Yes
5.3 If yes, whether in up to date condition? Yes
5.4 Next service due on After one year
Whether staff members have been
5.5 given No
adequate training to use fire extinguishers
in
case of need?
6.0 Physical Security:

Yes
Records assets in
6.1 Whether computer items are properly purchase book
numbered and entered in the dead
stock
register?
Whether machines under warranty period
6.2 are
marked separately with date of Yes
purchase?
Whether physical verification of computers
6.3 etc.
is done
periodically? Yes
If yes, date of last such verification & by
6.4 whom? Operation Manager
Yes
6.5 Whether any discrepancy was noticed?

Whether any items have been sent for

6.6 servicing
/ repairs? No
Whether any item is in irreparable
6.7 condition? No
Whether any surplus hardware is lying with
6.8 the Yes
branch? With whom?
Insurance:(Electronic Equipment
7.0 Policy)
Whether insurance policy has been
7.1 taken? Yes
Adam general
i Insurance Company insurance
Not detail
ii Policy Number available
iii Sum insured 5000000
iv Valid up to 5 year
v Risk covered 5000000
vi Premium 25000 t0 50000
Whether movement of hardware from one
7.2 office
to another office is informed to Insurance Yes
company?
Not detail
7.3 Details of pending claims: available
i Date of incident / loss etc. No
ii Loss estimated No
iii Survey carried on No
iv Existing status No
8.0 Hardware Maintenance:

Whether service contract (AMC) has been
8.1 given Yes / No Period
for following items? Yes 5 year
Computer System with Hard
i Disk Yes 5 year
ii Computer System without Hard disk Yes 5 year
iii Servers Yes 5 year
iv Thin-client Yes 5 year

v Router Yes
vi Switches Yes
vii Hubs Yes
viii Modems Yes
ix Scanners Yes
x Printer (Dot Matrix) Yes
xi Printers (Inkjet/Laserjet) Yes
xii Passbook Printers No
xiii UPS Yes
xiv Others Yes
xv Lease Line Yes
xvi Dial up net work No
xvii ISDN Lines No
xviii Wireless Network Yes
xix LAN Cabling Yes
Whether preventive maintenance is

8.2 done? No
8.3 If yes, what is the frequency? No
8.4 Date of last such maintenance No
Comments on quality of service ----
8.5 Preventive No
Comments on quality of service ----

Breakdown
Whether a log-sheet of hardware

8.6 (Computers,
UPS & Printers) problems is
maintained? No
If yes, whether updated
8.7 regularly? No
Whether visit report of service personnel
8.8 are

reviewed by Branch official, EDP

department? Yes
Whether name, address, telephone
8.9 numbers,
Name of the concerned engineer etc. is
noted in No
the said register?
Who is the system administrator of the
8.10 Branch / Operation Manager
Data Centre / D. R. Centre?
9.0 UPS:
Whether power supply has been provided
9.1 to
Computers through UPS? Yes
9.2 Whether UPS room is locked? Yes
Whether entry to UPS room is
9.3 restricted? Yes
9.4 Whether UPS system is free of load from
electrical equipments such as fan, AC, tube Yes
lights etc.?
Whether batteries are kept for charging
9.5 after
Office hours? Yes
Whether periodic checking of UPS &
9.6 batteries is
done? Yes
Whether record to that effect has been
9.7 kept? Yes
What is the duration for which computer
9.8 system 2 hours on UPS
can function on UPS?
When UPS was put to use
9.9 last? Daily
What was the approx.
9.10 duration? Daily 6 hours
Whether register has been maintained to
9.11 record
power failure? yes
Whether loss of data is confirmed after
9.12 every Automatic convert to UPS
power failure?

10.0 Anti-Virus:
10.1 Whether Anti-virus software is used? Yes
Saztel provides security
10.2 Details. solutions
Whether this is the licensed copy of

10.3 software? Yes
Whether the said version is
10.4 latest? Yes
10.5 Date of last updating. 2 months before
Whether the anti-virus program is activated
10.6 at
fixed time? No
Whether Anti-virus software has been
10.7 loaded Yes
even on PCs with hard disk?
11.0 Software:
11.1 Which software does the branch use? Sona ware software
11.2 Whether it is latest? Yes
11.3 Whether it is authorized copy? Yes
Whether MS-Office installed at the branch is
11.4 an
authorized copy of software? Yes
Whether any unauthorized software is
11.5 installed
at the branch? To Specify. No
11.6 Whether any games have been installed in
server / hard disk? No

Whether any Authorized Freewares is
11.7 installed? Yes
Whether any unauthorized Freewares have
11.8 been No
installed?
Whether latest service pack for operating
11.9 system
software (OS) has been
installed? Yes
12.0 Software Maintenance:

Who is responsible for software
12.1 maintenance? IT Head
13.0 Back up:

13.1 Whether back up is taken of data, index & Yes
program?
13.2 If yes, when? Last year
Whether back up register is
13.3 kept? Yes
Whether signed by concerned officer and
13.4 time is Yes
recorded?
13.5 Whether Hard_disk-to-Hard_disk back up is Yes
taken?
If yes, when? Last year
Where back up cartridges are stored in
13.6 fireproof
cabinet? Yes
Whether back up is sent to HO, locker,
13.7 nearby
branch etc.? Yes
If yes, whether record is
13.8 kept? Yes
Whether back up is taken home by
13.9 Manager? No
If back up is taken on floppies, whether
13.10 floppies
are formatted periodically and replaced
at Yes
regular intervals?
13.11 Whether back up has been taken in latest Yes
device?
Whether back up was tested for
13.12 restoration? Yes
Whether monthly back up is
13.13 taken? Yes
Whether yearly back up is
13.14 taken? Yes
Busines
13.15 Whether Disaster Recovery and s Refer Para 22
Continuity Plan has been documented and Yes

tested periodically?
14.0 Data Purging:

Whether top management authorizes
14.1 data Yes
purging?
Whether back up before and after purging
14.2 has Yes
been taken?
If yes, whether tapes have been properly
14.3 labeled
indicating the date, period & other
details? Yes
Where purged data has been stored? (On
14.4 the
server in another volume or on the node
with Yes
hard disk or on a standalone
PC)
Whether access to the purged data has
14.5 been
restricted? Yes
Whether all the required reports before
14.6 purging
are printed and filed? Yes
Whether manual record of the purging has
14.7 been
kept? Yes
14.8 When purging was done last? 4 months before
15.0 LAN Security:

Whether following controls are
observed? Yes all topologies
15.1 Login Controls:
Whether User Management norms have
i been
defined and documented? Yes
ii Whether users are approved by HO? Yes
Names of all staff members should be incorporated in User Master.
Yes
Login should be done by employee code. It is suggested to have
uniformity by
inserting short name as initials. e.g. DVP (First name, fathers/husbands
name and
surname) Yes

Auto Log off should be activated in case Login is not done for 2 days.
Activation rights should be with HO EDP only. Yes
iii Whether User Approval application is
maintained? Yes
iv Whether users are created by HO EDP? Yes
Whether all users are uniquely
v identified? Yes
Whether unlocking of accounts of users
vi whose
accounts are locked is carried out after
obtaining Yes
unlocking requests & duly approved by
competent
authorities?
After how many unsuccessful attempts at
vii login,
a user is locked out? Yes
Any restriction on number of logins in a
viii day? 3 time
Whether the duration of inactivity before
ix screen Yes
gets locked has been stipulated?
Whether any staff member possesses
x multiple
levels or more than one user-id in the
system? No
Whether any dummy user-id has been
xi created No
in the system?
Whether branch has suspended user-ids of
xii staff
on long leave, transferred, deputed for
training Yes
etc?
Whether branch obtains acknowledgement
xiii from
every user at the time of creation /
allotment of Yes
user-ids?
Password
15.2 Controls:
i Whether Password is masked at the time of Yes not show password
entry?
Whether system compels the user to
ii change the
Password when he logs in for the first
time? Yes
Compiled by Information System Audit of

Spandane 17 Banks
Whether user is disabled on entering

iii erroneous
password on three consecutive
occasions. Yes it is blocked
What is the frequency stipulated for
iv change of Yes
password?
Whether Password expires automatically
v after
stipulated number of days? Yes
Whether system ensures that Password
vi is
alphanumeric? (Preferably) Yes
Whether system ensures that Password
vii is Yes
alphanumeric & one special character?
(Preferabl
y)
viii Whether system ensures that login id and
Password is not he
same? Yes
Whether system ensures that changed
ix Password
is not the same as last 12-15
Passwords? Yes
x Whether system ensures that the Password
should of minimum 8 characters and
maximum yes
12 characters?
xi Whether Password policy has been
documented? No
Whether branch has maintained Password
xii Issue
and Password Changes
Registers. No
Whether branch official reviews the user
xiii login
status report and record his remark in that No
regard in Password Issue
register?
Whether undertaking is obtained from the
xiv staff
for maintaining secrecy and confidentiality
of Yes
the password?
Whether guessable passwords have been
xv listed
to debar its use? Not give answer (not know)
Whether user Id is case sensitive?
xvi (Preferably) Yes
xvii Whether Password is case sensitive? Yes

(Preferably)
Whether copy-paste of user id and
xviii password
has been disabled? (Preferably to be
done) Yes
15.3 Data Access Controls:

Whether users are given only the rights
i that are
essential for carrying out their duties? Yes
15.4 Terminal Controls:

Whether computer system has been
i instructed Yes
to restrict particular user to particular
terminals Saztel provided
only?
15.5 Temporal Controls:

Whether the user and terminal is provided
i with Yes
computer facility only during specified
times in
a working day?
15.6 Dial up Controls:

Whether dial back provision is made in
i case
outsider is allowed to access a
computer No
through telephone
connection?
15.7 Back up Controls: Refer Sr. No. 13
15.8 Firewalls:
Whether comprehensive list of what should
i be
allowed / disallowed through the Firewall
has
been compiled, approved and kept up to
date? No
Where do you place
ii firewalls? IT room

The placement is situation specific and the auditor needs to be convinced

about the
logic of the decision. Yes
How do you secure them against
iii unauthorized
access from internet, extranet and
intranet Yes
users? e.g. Are inner firewalls placed
around all
critical, financial and transactional
systems?
The placement is situation specific and the auditor needs to be convinced
about the
logic of the decision. Yes
Is the firewall placed in between the
Iv network Yes
router and network or given
application?
This is the minimum security level to be achieved by such a location in
addition to
its proper
configuration. Yes
Whether entry and exit through any
V network
port not required by the organization has
been No
prevented?
Permitting entry through not required ports is leaving the back door open.
vi Whether firewalls are updated at regular
intervals? Yes
vii If yes, How often? No answer
viii Is it updated when a patch is available? Yes
What initiates a
ix review? Yes
Firewalls too need regular updation like the anti virus files which have to
be
updated for the new signature list for the software to use.
Whether ingress and egress filtering is
x used? Yes
xi Whether you follow the filtering rules? No answer
If yes, Produce the
list. No answer
If users are allowed to connect from the
xii internet
to the internal network, whether access is No answer
restricted to either a virtual private network
(VPN) or an encrypted software session?
How is
it restricted?

The Auditor should be convinced by the information systems engineer

about the
security assurance in such a situation. No
Whether access to the management
xiii interfaces of
routers, firewalls and other network
appliances
has been adequately secured? e.g. Are
these Yes
devices are also subject to appropriate
passwords policy enforcement or whether
two
factor authentication has been
employed?
All security measures would be defeated if the set up of the firewall itself
was not
under a secure procedure. Yes
16.0 Data Security:

Whether branch parameters, subsystem
16.1 codes, Yes
standing instructions and holiday file have
been
properly created / updated by EDP/Data
Centre?
Whether interest tables have been
16.2 updated? Yes
Whether slab rates have been up
16.3 dated? No
If yes, whether checked by officer & record
16.4 to No
that effect has been
kept?
Whether any changes in the data such as
16.5 DP, Yes
special instruction etc. are authenticated
by
branch officials and record to that effect is
kept?
16.6 Whether copies of HO Circular for change in Yes
interest rates, service charges etc. are
readily
available?

17.0 Registers:
Whether following registers are maintained Whether up
17.1 & if Whether to
maintained
yes, whether up to date? ? date?
Dead stock register for
i computers Yes No
ii Back up register Yes Yes
iii Back up movement register No No
iv Hardware problems register Yes Yes
v Software problems register Yes Yes
No No
vi Due date diary for AMC answer answer
Software release updating
vii register No No
Visit register for AMC
viii personnel No No
ix Power failure register No No
x User register No No
Computer data change
xi register Yes Yes
xii Register of computer consumables such as
floppies, cartridges, tapes, ribbons,
printed Yes Yes
stationery etc.
xiii Register of destroyed floppies Yes Yes
xiv Password Issue No No
xv Password Changes No No
xvi
xvii
18.0 Print outs:

18.1 Whether following print outs are taken, Print Check Signi Filing
checked, signed and filed properly? outs ing ng
i Day book yes yes yes Yes
ii Scroll yes yes yes Yes
iii Supplementary Cash yes yes yes Yes
iv Supplementary Clearing yes yes yes Yes
v Supplementary Transfer yes yes yes Yes

vi Trial balance yes yes yes Yes

vii Balancing statements yes yes yes Yes
viii Debit balance report yes yes yes Yes
ix Exception transaction report yes yes yes Yes
x All O. K. Statement yes yes yes Yes
xi General ledger yes yes yes Yes
xii Loan ledger yes yes yes Yes
xiii Deposit ledger yes yes yes Yes
xiv Parameter file print out yes yes yes Yes
xv Master file print out Yes yes yes Yes
modificatio
xvi Account opening. Closing, n
(relevant master) Yes yes yes Yes
xvii Audit trail print out Yes yes yes Yes
18.2 Whether prescribed reports are printed Yes

regularly?
19.0 Scanning:
Whether signature are scanned &
19.1 authorized
regularly? Yes
SB CD CC/ TDR
OD
No No No No
Running account number answer answer answer answer
No No No No
Signature scanned up to answer answer answer answer
No No No No
Confirmed up to answer answer answer answer
Whether scanned signatures of dormant

19.2 account
are deleted? yes
Compiled by Information System Audit of

Spandane 23 Banks
20.0 Miscellaneous:
20.1 Whether staff is rotated on regular basis? No
Whether stamp is affixed on cheques,
20.2 credit
slips, withdrawal slips, vouchers etc.
indicating Yes
transaction number, scroll number and
initials
of operating staff?
Whether consumables are kept under lock
20.3 & Yes
key?
inspecte
20.4 Whether consumables are d Yes
periodically
?
If yes, date of last
20.5 inspection 1 month
Whether internet connection has been
20.6 provided? Yes
If yes, how control is exercised on its
20.7 usage? No control
20.8 Details of time utilized since April No answer
20.9 Whether all users manuals have been
numbered & entered in Register to monitor
the Yes
movement
?
21.0 ATM:
Refer Annexture 2
21.1 Review of ATM Operations yes
Refer Annexture 3
21.2 ATM Cost Sheet yes
Refer Annexture 4
21.3 ATM Registers yes
22.0 Disaster Management:

22.1 Whether Bank has a Disaster Management Yes
Policy?
Whether Disaster has been
22.2 defined? Yes
Where Disaster site has been
22.3 located? Yes
Whether Disaster site complies the
22.4 following: -
i Whether located in different seismic zone? No

Whether the same is equipped with all

ii office
connections? Yes
Whether the same is equipped with
iii network Yes
levels?
iv Whether adequate Power supply / UPS are Yes
available?
Whether D. R. is tested
22.5 periodically? Yes
If yes, what is the
22.6 frequency? After a month
(Should be checked atleast once in a
quarter)
Whether media back up is tested
22.7 periodically? No
Whether D. R. site personnel are
22.8 rotated No
periodically?
If yes, what is the
22.9 frequency? No
Whether Router has been installed at D. R.
22.10 Site? No
This is necessary in case Data Centre is isolated due to power failure /
exhaustion
of UPS backup / Communication network gets isolated at DC/Building
housing
Direct
DC is seriously affected. current
In US, The DR Facility is tested on the assumption that the State has
suffered a
nuclear hit.
22.11 Whether branch net work gets connected
from
D. R. Centre on failure of Data Centre No
connection?

23.0 Rating: High Risk / Medium Risk /

Low Risk
No answer
24.1 Major Irregularities requiring urgent attention:
No answer
Signature
Name
Designation
Department
Banks
Annexture-1 forming part of IS Audit of Banks. (Sr. No. 2)
From: Report
Bank
Branch
Computer Dos &
Subject Donts
Date
Sr. No. Observations All Yes
On computer
System Whether
you-----
1 Keep your computer system in a cool, dry and dust-free

environment?
2 Ensure that the power switches in a system unit, monitor

and printer are in the OFF position before switching on the
mains?
3 Switch off the monitor, system unit and the printer, before
switching off the mains?
4 Clean the computer work area everyday; cover your

system at the end of the day.
5 Keep your system away from room walls to ensure proper

airflow around the computer?
6 Park the hard disk and then shift it, when the unit needs to
be transferred from one side to another?
7 Handle the floppy drive lever gently?
8 Ensure that there is no diskette in the floppy drive before

switching off the system unit?
9 Clean the keyboard regularly?
10 You use vacuum cleaner to clean keyboards to extract the

dust collected in between the keys?
11 Use mouse pad?
You make sure to place the mouse on a clean surface in case

12 you do
not have mouse
pad? Yes
B Printer
Whether you-----
Choose a flat, sturdy surface with enough room for the
1 paper to
flow freely in and out of the printer? Yes
(If you use continuous fan-fold paper, you will need space
behind
the printer (or underneath with its bottom-feeding) for a
stack of
paper)
Position the printer so that its connections namely, power
2 cord and Yes
computer cable will not interfere with the paper flow?
Position the feed paper stack and the printed output such
3 that one
does not interfere with the flow of the
other? Yes
Position the feed paper stack such that the paper advances
4 straight No
up? (If the stack is slightly away or off-centre, it causes the
paper to
mis-feed)
5 Use the paper thickness lever (if your printer has one) No
appropriately?
Use the paper thickness recommended in the printer
6 manual? No
Turn the power off, unplug the power cord and disconnect
7 the
printer cable when performing any kind of cleaning
operation? Yes
Clean the insides of the printer? (To clean the printer,
8 remove the
printer cover and the ribbon cartridge. To clean the inside of
the Yes
printer, use a soft brush to whisk lint and dust away from
the print
head area. The outside of the printer case can be cleaned
when
needed with a damp rag and alcohol. A vacuum cleaner is
very
useful for sucking out the paper particles from the inside of
the
printer.
Use the printer cover? (It is a dust protection cover, noise
9 buffer Yes
and paper cutter, all in one)

Turn off the power and slide the print head to the left edge
10 before
removing the old cartridge> Yes
(This will prevent the printer head cable from getting
damaged)
C Whether you----
Eat or drink near the
1 computer? Yes
Smoke inside the computer
2 room? No
(Smoke is injurious to computer health
also)
3 Allow direct sunlight to fall on your computer? Yes
(It is necessary to avoid warping of magnetic media)
Run any electric equipment like a vacuum cleaner in the
4 vicinity of No
the computer when it is on?
5 Switch on the system with a data floppy in the drive? No
Insert or remove the diskette when the drive select indicator
6 is Not know
glowing?
Switch off the system when the hard disks drive, i.e. when
7 the Not know
indicator is glowing?
8 Strike the keys as hard as those of a manual typewriter?
(Keyboard keys soft touch) Yes
Rest your hands on the
9 keyboard? No
Keep anything on the
10 keyboard? No
Use the keys after switching off the
11 system? No
12 Stretch the cable at the keyboard end? No
(This may lead to snapping of the wires inside the cable)
13 Turn the paper feed knob when the printer is printing. Yes
Turn the platen knob in the reverse
14 direction? Yes
15 Move the print head manually when the printer is on? Yes
16 Pull the mouse cable? No
Expose the mouse to excessive
17 moisture? No
18 Subject the mouse to impact? No
(Do not let it fall and do not place the keyboard on it.)
Banks
Annexture-2 / Review of ATM Operations (Sr. No. 21)
From: Report
Bank
Branch
Subject Review of ATM Operations
Date of
Review
1 Whether following ATM Registers are maintained & if yes,

whether updated? Refer Annexture-4 for Formats of ATM
Registers)
Sr. Name Whether Whether up
No. maintained? dated?
1.1 ATM Card Applications Issued Yes Yes
1.2 ATM Card Applications received Yes Yes
1.3 ATM Cards received from HO Yes Yes
1.4 ATM Cards Issued Yes Yes
1.5 ATM Complaints Register Yes Yes
1.6 ATM Cards stolen, lost, damaged Yes Yes
1.7 ATM Hot Card register Yes Yes
1.8 ATM Cash balance register Yes Yes
1.9 ATM Daily Transaction Register Yes Yes
1.10 ATM Deposit Register Yes Yes
1.11 ATM Suggestion register Yes Yes
1.12 ATM Breakdown register Yes Yes
1.13 ATM Cost Sheet (Refer Annexture-3) Yes Yes
2.0 Reconciliation of ATM Cards etc.

2.1 ATM applications issued. Yes
2.2 ATM applications received. (2.3+2.4) Yes
2.3 ATM applications not forwarded to HO. No
2.4 ATM applications forwarded to HO. (2.5+2.6) Yes
2.5 ATM Cards received from HO. (2.8+2.9) Yes

2.6 ATM applications pending at HO. Yes
Whether confirmation obtained of
2.7 Sr.no.2.6 Yes
2.8 ATM Cards issued to customers. Yes
ATM Cards not issued to
2.9 customers. No
3.0 ATM Dept. Administration at branch:

Whether officer has been designated to look after
3.1 ATM Operation Manager
operations?
3.2 Whether ATM card & PIN is forwarded to branch? Yes
Whether PIN is forwarded to customer
3.3 directly? Through call center
4.0 Safe Custody of ATM cards:

4.1 Where ATM Cards are kept over night? No
Whether ATM cards are kept under lock & key during
4.2 the Yes
day?
Whether specimen signature is verified while issuing
4.3 ATM Yes
Card?
5.0 Cash Balance Reconciliation:

What time ATM reports are printed and cash is
5.1 verified? No answer
ATM cash balance as per GL
5.2 dated Rs. No answer
ATM cash balance as per
5.3 Register. Rs. No answer
5.4 Difference if any Rs. No answer
5.5 Reasons / Action: No answer
6.0 ATMCardsusageStatistics: ATM is in use from
ATM withdrawals till end of last month:
6.1 Nos. Average: No answer
ATM Withdrawals in last one
6.2 month Nos. 10
6.3 Number of days ATM was not operative? All Days work
6.4 Max. ATM Cash withdrawal in a day? Rs50000
Number of Saving Bank operative
6.5 accounts? 700 a/c
Banks
6.6 Number of ATM Cards issued & % to 6.5 50%
7.0 Other Important Issues:

7.1 Whether ATM is covered under AMC? Yes
7.2 If yes, AMC valid up to Not know
7.3 Whether Branch officials have the contact numbers of Yes
service providers readily available?
7.4 Whether ACs installed in ATM Cabin is covered under Yes
AMC?
7.5 If yes, AMC valid up to Not know
7.6 How many ACs have been installed in ATM Cabin? 1 A/C
7.7 Whether Timer has been installed? No
7.8 If yes, whether Timer is in working condition? No
7.9 Whether Counter has been provided in ATM Cabin? No
7.10 Whether Privacy has been ensured for ATM Cabin? Yes
Whether separate security guard has been deputed
7.11 for No
ATM?
7.12 Whether ATM cabin is kept clean? Yes
Whether Banks Deposit/Loans schemes are displayed
7.13 on Yes
ATM wallpaper / in ATM Cabin?
Whether ATM banner has been displayed at the
7.14 branch? Yes
7.15 Whether HO has given ATM Card Issue Target? Yes
7.16 If yes, No. of ATM cards to be issued during the year. 150
7.17 If No, whether Branch has fixed the Target internally? No
7.18 If yes, No. of ATM cards to be issued during the year. 150
7.19 Whether Insurance Policy has been taken in respect of No
ATM?
7.20 If yes, Sum insured & Insurance Policy valid up to No
7.21 Whether HO has fixed ATM Cash Retention limit? Yes

If yes, whether letter to that effect is on

7.22 record? No
If no, How much maximum cash balance is kept in
7.23 ATM? Rs.1000000
Whether cash bundles have been stored properly
7.24 to Yes
facilitate cash verification?
Whether the branch has kept sufficient ATM Rolls &
7.25 other Yes
stationery?
Who is aware of ATM
7.26 Password? Operation manager
Whether Password has been given to two officials,
7.27 broken in No , one person
to 6 digits each?
Whether ATM pamphlet is printed by
7.28 branch? Yes
If yes, whether kept at counter for distribution to
7.29 customers? Yes
7.30 Whether Staff is aware about ATM parameters such as Yes
maximum amount, no. of withdrawals per day,
charges etc.
Whether facility of Auto Credit is
7.31 offered? No
This facility should be discontinued to avoid fraud.
RECOMMENDATIONS AND FUTURE PLANS ABOUT THE IS
Although Oracle has provided MCB with a highly customized Information

System to suit i t s b u s i n e s s n e e d s , t h e F i n a n c i a l C o n t r o l D i v i s i o n
f e e l s t h a t O r a c l e G L h a s n o t b e e n customized enough to suit their
needs according to their specific needs. Therefore one
recommendation that is notable and must be pointed out is that if the company
purchases a new version of Oracle GL, it should be further customized in a
better way with the specific needs of the Financial Control Division in mind.
S ys t e m e n h a n c e m e n t s o v e r t i m e m i g h t a l s o n e e d t o b e c a r r i e d
o u t t h a t c o u l d i n v o l v e upgrading the server, storage and database
systems. As for the future plans of the Company regarding the information
system, it seems that the company is satisfied with the system and willing to
retain it. It will purchase new versions of the Oracle E-Business Suite as soon
as they are released. In the future, MCB also has expansion plans and
is expected to open branches and start operations in some foreign
countries also. When that happens, a great deal more will need t o b e
i n v e s t e d i n t h e c o m p a n y s i n f o r m a t i o n s ys t e m a n d i t w o u l d
r e m a i n t o b e s e e n whether the company would continue using the
current information system or switch to some other information system.
CONCLUSION
The Oracle E-Business Suite is a top of the line application software

used by businesses around the world. Oracle is a software company
renowned for providing its customers with excellent softwares that provide fast,
easy and efficient business information and support systems which play a
vital part in operational running of a business and coming up with
improved business solutions.MCB aims to keep its business in line with
the top banks and corporations of the country a n d t h e r e f o r e , i t h a s
chosen Oracle E-Business Suite as the application software
t h a t manages and supports its business applications. The Oracle GL
has the important task of maintaining General Ledger Balances of the bank
from around the country and generating reports and financial statements on a
daily basis.
REFERENCES
www.mcb.com.pk
Ayesha Hassan
(AVP at MCB D.Ground Branch)
Malik Touseef
(OG III IT Officer)
Sara Naumaan
(CRO at MCB D.Ground Branch)
Muhammad Nawaz
(HR Officer)
95

Porject On Banking Information System Audit

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Porject On Banking Information System Audit

Загружено:

Авторское право:

Доступные форматы

PROJECT ON BANKING INFORMATION SYSTEM AUDIT

SIR YASIR ALI

M.NAVEED AHMAD 8324

HUMAIRA WAKEEL 8310

UMER HAYAT 8321

MUZAMMIL HAYAT 8317

DEPARTMENT OF BANKING AND FINANCE

G.C UNIVERSITY FAISALABAD.

15.4 BENEFITS OF ORACLE G-L SYSTEM...........................................45

BRIEF HISTORY OF MCB BANK LIMITED

We are a team of committed professionals, providing innovative and efficient

The following are the objectives of MCB Bank Limited.

ORGANIZATIONAL HIERARCHY OF MCB

The organization chart within a department and in different offices is as follows:

Divisional Heads .. Head Office

Regional Head (EVP) .. Regional Office

Zonal Head (VP) ... Zonal Office

ORGANIZATIONAL SETUP OF MCB

MCB Group Structure

Consumer Sector 810 Branches

ORGANIZATIONAL STRUCTURE OF MCB

PRODUCTS OF MCB BANK

1. MCB Rupee Traveler Cheques

2. Mahana Khushali Scheme

5. Fund Management Scheme

7. Utility Bill Collection

THE FUTURE OF MONEY:

13. MCB Smart Card

14. Remit Express

Fastest to Pakistan Anywhere in Pakistan.

DEPARTMENTS OF MCB BANK LTD

In house communication example: Notice board at MCB BANK LTD

Mr. Shahid Mirza

Identification of Customer needs for IT infrastructure.

Provide IT Solutions on turnkey basis.

Network design of Local Area Network.

Network design of Wide Area Network.

Security solutions for Intranet, Extranet & Internet Customers.

Supply of Communications Equipment and warranty support.

Installation & Maintenance (under contract) of Networking Products.

Provide repairing facility on SAZTEL supported equipment.

Implementation of Structured Cabling Projects.

SAZTEL PROVIDING SOLUTIONS IN BANKING INDUSTRY

Data Center Design/Implementation

Service Provider Independent Connectivity

Full ownership and control

Connectivity at Difficult/Remote Locations

2nd Media redundant link (as a backup)

We are the pioneer of connectivity including wireless technology in Pakistan. We provide

Wi-Fi (Individual AP or campus wide)

Wireless ISM Band Radios

Licensed Frequency Radios

Wireless Surveillance Solutions

Saztel provides security solutions designed and implemented by experienced and

For your Physical Network:

Intrusion Prevention Systems with Access Control

For your Virtualized Network:

Credit / Debit Card Systems and Networks

Nodes &seventeen locations throughout Pakistan.

Telecomm Systems (VoIP/PABX)

Complete Data Centers

MCB BANK ADOPTS MICROSOFT EMAIL HOSTING TECHNOLOGY

By Kayvon Ghoreshi, TMCnet Contributing Writer