1 / 18

Ashutosh Pednekar, FCA, CISA, ISA (ICA), LLB (Gen), B.Com. Partner, M P Chitale & Co. November 6, 2007

Ashutosh Pednekar, FCA, CISA, ISA (ICA), LLB (Gen), B.Com. Partner, M P Chitale & Co. November 6, 2007. IRDA – ICAI Round Table Meeting on Insurance Industry IS Audit & IT systems in Insurance Industry. Acknowledgements.

tracy
Télécharger la présentation

Ashutosh Pednekar, FCA, CISA, ISA (ICA), LLB (Gen), B.Com. Partner, M P Chitale & Co. November 6, 2007

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ashutosh Pednekar,FCA, CISA, ISA (ICA), LLB (Gen), B.Com.Partner, M P Chitale & Co. November 6, 2007 IRDA – ICAI Round Table Meeting on Insurance Industry IS Audit & IT systems in Insurance Industry

  2. Acknowledgements • Material published by Information Systems Audit & Control Association (ISACA) – the leading association of professionals in Information Systems (IS) Audit, Control, Security & Governance • Thoughts of • Mr.Samir Shah, CFO, HDFC General Insurance Co. Ltd. & • Ms.Anagha Thatte, Partner, M P Chitale & Co.

  3. Disclaimers • No representation or warranties are made by the ISACA with regard to this presentation by Ashutosh Pednekar. ISACA has no responsibility for its contents. • These are my personal views and can not be construed to be the views of M/s. M. P. Chitale & Co., Chartered Accountants or IRDA or ICAI. • These views do not and shall not be considered as professional advice. • This presentation should not be reproduced in part or in whole, in any manner or form, without my written permission.

  4. IT systems in Insurance Industry • Need to cater to two broad segments • Policy Management  Premium / Commission / Claims / Opex • Fund (Investment) Management • Needs of the industry • Flexibility & scalability to handle complexities of • existing & new products • various delivery channels • Regulatory compliances and its reportings • Integration capabilities between multiple systems • Robustness  a labour intensive industry with wide geographical spread • Availability

  5. Complex Instruments and Strategies Market Convention Regulatory Demands Increasing HR Complexities Increased Transaction Volumes Reliance on Technology & Information Systems Growing Complexities & Pressures are Increasing Risks... Increased Operational Risk

  6. Business Process & Information Assets • These two are inextricably linked. • Each Business Process leads to • Creation of Information at every stage • Storing it • Updating on real-time basis • Using it • Protecting from misuse – intentional or otherwise

  7. People Computers Knowledge Management (Digitizing Knowledge) Data Information and IT Resource Management Enterprise-wide Information Assets = Data and information embedded/stored in

  8. IS Risk Management • Objective : • Minimizing likelihood (frequency) and intensity(business impact) of loss of : • confidentiality C • integrity I • availability A • of information. …. the CIA Principle

  9. CIA - Vulnerabilities & Exposures Users Human errors Integrity Confidentiality Information Hackers Systems Bugs Manipulating processes Availability Competitors Acts of God

  10. IS Audit Initial Steps • Assess reliance placed by the Management on the system efficacy & the reliance placed by them on IT systems to • take managerial decisions • take operating level decisions • conduct operations • Get a feel of the IS Risk as perceived by the Top Management

  11. Business Process Reengineering Technical Infrastructure & Operational Practices Management, Planning & Organization of IS Protection of Information Assets Business Application Systems & Controls Systems Development Life Cycle Disaster Recovery & Business Continuity IS Risk Mitigation : Building Blocks Building Blocks

  12. IS Audit Areas • Compliance with IS Security Policy & Procedures • Includes an assessment of the understanding of the policy & procedure requirements across the organization • Hardware • Monitoring • Sizing • Upgradations

  13. IS Audit Areas… • Software – core as well as end-user applications • Licensing • Version Control • Upgradations • Patch implementation

  14. IS Audit Areas… • Logical Controls • Need to do basis • Controls have to be for data as well as programs • Authorization protocols • Conflict of interest, if any to be identified • Physical Controls • Network management

  15. IS Audit Areas… • Operations Management • Within data center • At Ops level • At corporate level • At branches & outlets • With field staff • Controls over outsourced agencies have to be equally stringent, if not more • Focus on vulnerabilities at the agency level • Adequacy of SLAs • BCP / DRP

  16. Control over the IT Processes that satisfies the Business Requirements for IT by focusing on Summary of IT Goals is achieved by Key Controls is measured by Key Metrics IS Audit Methodology COBIT® Technique

  17. IS Audit  value adds • Vetting the IS Policy & Procedures for their adequacy • Functionality Reviews • Pre Implementation Reviews • Post Implementation Reviews • Source Code Audit • Ethical Hacking / Penetration Testing

  18. Thank you: ashu01@mpchitale.com

More Related