The Reserve Bank of India plans to get its information systems and technology audited by reputed firms. It has called for ‘expression of interest’ from reputed professional firms that have the capacity to conduct these reviews and make appropriate recommendations.
Broad areas identified for the information systems/information technology audit are as below:-
(a) Periodical onsite IT control assessments/evaluations/reviews
(b) Special reviews/ scrutinies
(c) Audit of IT projects at design and/or pre-implementation stage
(d) Performing post-implementation reviews/audits of IT projects
(e)Taking up application software audits/reviews, including Web applications and
(f) Conducting security audit of IT infrastructure in the regional offices & central office departments/data centres
Review of IS/IT Policies (including information security policy/policies), processes, procedures and IT/IS controls for their adequacy and effectiveness vis--à-vis frameworks/standards such as COBIT, COSO, ITIL, ISO 27001.
‘IS/IT audit’ may involve a combination of domains, including information technology governance, risk management, access controls, network security, vulnerability assessment, IT operations, cyber crime, IT outsourcing, and business continuity.