Auditing Your Core Banking Application: A Practical Guide for Auditing Finacle, Flexcube, Globus, Banks, Equinos, Phoenix

Auditing core banking applications has remain a daunting task for Information System Auditors and other IT Assurance professionals in the industry. This is due to the barrage of technical, system and operational controls that need to be checked and validated to ensure system security. Given the importance of the core banking application in the financial system sector (banking industry) as the central repository for customer, accounting and transactional data, the need to ensure its confidentiality, integrity and availability cannot be overemphasized. From maintaining customers' deposit balances and mandates, processing transaction requests to maintaining General Ledger (GL) balances and consolidated balance sheet and statements of the bank, the integrity of the core banking application and data/records emanating from it must not be questionable at any given time. As such, it is the duty of Information Systems Auditors and other IT Assurance professionals to develop a robust and comprehensive audit program for the assurance of their institution's core banking application.

This eBook was put together to close identified knowledge/skill gaps in the auditing and security review of core banking applications by IT Auditors and other Assurance professionals. The book provides a step by step guide on how to review the various aspects of core banking applications by giving insight on the test procedures to be carried out to assure the adequacy and effectiveness of technical, system and operational/process controls in and around the core banking application and business service functions. From cash, teller and branch operations, to funds transfer, customer relationship management (CRM), trade services (visible & invisible), DOM transfers, treasury, credit/loan administration, operational and market risk management, assets and liability management, financial controls and applications support, system and operational controls gaps in the highlighted areas were effectively covered. This book serves for use in auditing some of the popular core banking applications such as Finacle, Flexcube, Globus, Banks, Equinox and Phoenix given similarities in their architecture as well as common operational and system controls. The following areas of the core banking application and operational processes will be covered.

• User access management and authentication (logical access controls).

• Separation of duties (workflow management and imputer/authorizer controls).

• Security features and business parameter setup.

• Users business and service requirements.

• Data encryption and key management.

• Application security.

• Input and output controls.

• Operational procedures and controls.

• Data backup and restoration.

• Batch job processing and end-of-day processing.

• Application support and scripting/development.

• System controls.

• Business continuity management and disaster recovery

• Change management.

• Log management.

• System monitoring and availability management.

• Data centre services.

• Capacity management.