• Investment World
• eWorld
• Catalyst
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Port Info

• Ships in Ports
  
  

Archives

• Yesterday
• Datewise
• Resources

Group Sites

• The Hindu
• Business Line
• The Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

Kripa Raman

Mumbai , Jan. 10

IT may soon become mandatory for all listed Indian corporates to get their information systems audited, with their chief executive officer, chief financial officer and the chief information officer having to take direct responsibility for the functioning (or malfunctioning) of their companies' IT systems.

A task force consisting of the Securities & Exchange Board of India officials as well as members from the Information Systems Audit and Control Association (ISACA) is working on such a policy.

"The recommendations and framework for the policy should be ready in six months' time," said Mr Venugopal Iyengar, Vice-President, ISACA, Mumbai Chapter.

ISACA is a US headquartered body, which provides the Certified Information Systems Auditors (CISA qualification); this certification is currently held by about 2000 Indian nationals.

Currently, it is mandatory only for banks and financial entities in the country to get this audit done, under the RBI's Information Systems Audit Policy.

This was brought in early for banks on account of the increasing quantum of financial transactions becoming technology-dependent.

Once IS audits are made mandatory, IS auditors and the chief information officer of a company will have to send a report to the management explicitly stating that their audit is effective; and the CEO and CFO will have to sign that too.

Some Indian companies are already voluntarily doing it; companies such as TCS who have large clients abroad, and multinationals in India get these audits done, according to ISACA members.

The process required for such an information systems audit would create an hierarchy of accountability when it comes to technology issues.

"Just as there is the Sarbanes-Oxley Act in the US under which the CEO and CFO personally undertake responsibility in the matter of financial audits, there are information Systems (IS) audits too for which the CEO, CFO and Chief information officer would take up the responsibility," said Mr Joy Anthony, who heads the consultancy practice at PCS.

However, the consultancy world perceives an immediate shortage of qualified IS audit experts once such a requirement is made mandatory across industries in the country.

"Already, the big four consultancies as well as the top Indian IT companies like TCS and Satyam are sending audit professionals for helping foreign clients implement the Sarbanes-Oxley Act. It has become akin to the Y2K opportunity for Indians," said an ISACA Indian chapter member.

Another problem is that IS audits could get prohibitively expensive for smaller Indian companies, disproportionate to their revenues and profits, said Mr Iyengar.

Maintaining one's CISA qualification alone is expensive and could cost more than $1,500 a year apart from several other certifications that such professionals usually hold.

Indian CISA professionals who work overseas earn as much as $200 an hour! But supply could pick up as demand escalates.

But, as more and more activities happen online, it would be imperative to protect customers and investors, not to mention the company, from risks arising from technology glitches, said CISA professionals.

The RBI itself does quarterly risk assessment of its Web site, said Mr Anthony.

Recently, the RBI floated a tender for technology audit of the bank's critical infrastructure, starting with such an audit of its public debt office - negotiated dealing system (PDO-NDS) facility which takes care of online trading and settlement of Government securities.

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Shantha Biotech unveils new vaccine delivery device

Copyright © 2005, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line