ISACA Malta – MFSA MFSA The Banking Unit’s On-Site Inspection Function.

Slides:

Advertisements

Similar presentations

Checking & Corrective Action

Advertisements

Alignment of COBIT to Botswana IT Audit Methodology

All Rights Reserved, Duke Medicine 2007 IT Security Presented by: Trisha Craig and Don Elsner Principal Auditors – IT Audit Duke University 1.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

REGULATIONS ON INVESTMENT ADVISERS

Information Technology Control Day IV Afternoon Sessions.

Information Systems Audit Program (cont.). PHYSICAL SECURITY CONTROLS.

INTERNATIONAL BEST PRACTICES IN ON-SITE INSPECTIONS OF INSURERS Thomas E Power Senior Manager, Emerging Market Practice Bearing Point.

Auditing Computer Systems

Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.

Learning Objectives LO1 Distinguish between management and auditor’s responsibilities regarding an auditee organization’s internal controls. LO2 Explain.

© 2003, Educational Institute Chapter 12 Systems and Security Maintenance Managing Technology in the Hospitality Industry Fourth Edition (469T or 469)

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Computer Security: Principles and Practice

Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.

FPSC Safety, LLC ISO AUDIT.

1 Disaster Recovery Planning & Cross-Border Backup of Data among AMEDA Members Vipin Mahabirsingh Managing Director, CDS Mauritius For Workgroup on Cross-Border.

NID Password Change Frequency PIC Submission dated 7/10/13 University Audit and Finance & Accounting Tax.

Disaster Recovery Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

9 July 2008Evaluation of audit of PIFC systems1 Workshop on audit/evaluation of Public Internal Financial Control Systems (PIFC) Jurrie Vos.

Tan Jenny 23 September 2009 SESSION 4: Understanding Your IT Control Environment & Its Readiness.

ICT School Policies 6 th November Suggested Policies for Schools Not always a requirement, but useful to cover you, your school and the students.

MIFOS TRAINING SLIDES. 2 KNOW YOUR CUSTOMER KNOW YOUR CUSTOMER It is the policy of (ENTER YOUR ORGANIZATION’S NAME HERE) to comply with the (ENTER REGULATORY.

Discussion Forum Bridge Consulting 9 November 2012.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Discovery Planning steps (1)

Auditors: Why do they ask all those questions? LGC Resource April 2015 Penny Austin, Assistant Director – IS Local Government Audit.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Overview of Systems Audit

Report about controlling activity and its results in the programme in 2013 TOP Monitoring Committee Meeting

SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.

CORPORATE GOVERNANCE Regulatory expectations and current good practice Charles Cattell The Cattellyst Consultancy.

Fatigue Management Rule Russell Smith Nuclear Energy Institute (NEI)

Chapter Three IT Risks and Controls.

Time plan DescriptionMain measures 1-Preparation the prescription of establishing the AML unit and method of choosing, appointment, competency assessment.

Rich Archer Partner, Risk Advisory Services KPMG LLP Auditing Business Continuity Plans.

CCAB Training Providers Event 17 November 2008 Reviews Required by QAC Heather Briers Director Chartered Accountants Regulatory Board.

Presented by: Meg Boyd The Blue Mountains Drinking Water System: DWQMS Overview.

How to evaluate ICT use for small organisations Session 2.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

The Auditors are Coming (Part I) Prepare for Federal Program Fiscal Monitoring Visits July 26, 2006.

Preventing Common Causes of loss. Common Causes of Loss of Data Accidental Erasure – close a file and don’t save it, – write over the original file when.

Nick Simms Director, Cornwood Risk Management

Chapter 8: Preliminary Survey & Internal Control Review

Cyber Security & Fraud – The impact on small businesses.

Federal Aviation Administration Presented to: By: Date: Oversight Throughout the Supply Chain: Is It Adequate? DOT OIG Audit: Assessment of FAA's Risk-Based.

NPL and Risk Management Advisory IFC – ASROS Cooperative Project Russian Federation.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Guide - Recordkeeping for business activities carried out by contractors Natalie Dewson Senior Advisor Government Recordkeeping Programme Archives New.

Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.

IMFO Annual Conference – 2015 S21: Good Governance & Oversight B2B.

©2000 Bank for International Settlements 1 F I N A N C I A L S T A B I L I T Y I N S T I T U T E BANK FOR INTERNATIONAL SETTLEMENTS On-site Examination.

College Reviews An Overview Presented by Howard Lutwak, CIA Director of Internal Audit January 2004.

GCSE ICT Systems Analysis. Systems analysis Systems analysis is the application of analytical processes to the planning, design and implementation of.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.

LO3 Know the features and functions of information systems.

©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley The Demand for Audit and Other Assurance Services Chapter 1.

Chapter 8 Auditing in an E-commerce Environment

Privacy Audit and Privacy Seal Barbara Körffer & Dr. Thomas Probst Independent Centre for Privacy Protection Independent Centre for Privacy ProtectionSchleswig-Holstein.

Page 1 Portfolio Committee on Water and Environmental Affairs 14 July 2009.

Inter-American Development Bank BIMILACI 2007 QUALITY PROCUREMENT Third Party Review May 2007 Project Procurement Division.

Okaloosa County Clerk of Courts Honorable Don Howard Formalizing the Internal Audit Function.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Internal Control Principles

Alignment of COBIT to Botswana IT Audit Methodology

Policies and Procedures to Protect you, your Office and your Data

Regulatory 101 Elizabeth Hammond and Patrick Brennan NC Office of the Commissioner of Banks August 1, 2019.

Presentation transcript:

ISACA Malta – MFSA MFSA The Banking Unit’s On-Site Inspection Function

ISACA Malta -MFSA On-Site Supervision Risk-based approach Review specific risk areas for ‘major’ banks ‘Top-down’ review for other institutions Supervisory cycle of months On average two visits annually at each major institution Once every months at other institutions

ISACA Malta - MFSA Inspection Plan Annual Plan set by the Unit On the basis of: Areas of concern identified through previous on-site reviews Risk areas or operations indicated through off-site analysis of returns Otherwise when up for regular review

ISACA Malta - MFSA Specific Risk Areas Credit portfolio Treasury/International Division Deposit accounts/Prevention of Money Laundering Corporate governance IT issues Internal Audit function Risk management function Documentary credits/ IBCs/Guarantees Verification of off-site returns

ISACA Malta - MFSA Objectives of IT Review Does not involve a technical review Evaluation of IT set-up Assessment of risk emanating from IT area Review of internal control procedures Adequacy of human resources and training

ISACA Malta - MFSA Methodology Inspection questionnaire Interviews with internal audit Analysis of External Auditors’ Management Letter Analysis of policy documents related to the IT area Evidence of physical set-up of hardware Interview officials from each section within the IT Dept Perusal of related documentation

ISACA Malta - MFSA On-Site Review Organisational chart of the Dept Assess set-up to identify possible risks Analyse functions performed by different sections within the IT Dept Identify shortcomings within each section eg continuity risk, overlap of duties etc

ISACA Malta - MFSA Policies and Procedures Policies on back-ups eg frequency, storage Policies on eg archiving of messages Policies on internet usage eg access Policies on passwords eg changes, composition Communication of policies eg distribution of manual, bank circulars Work procedures formalised by each section within the Unit

ISACA Malta - MFSA Hardware and software Control of physical access to main server/back-ups Mitigation of external attacks eg firewalls Distinguish between in-house and external applications Perusal of maintenance agreements relating to both hardware and software Ensure all agreements are being renewed Follow up on any problems encountered

ISACA Malta - MFSA Back-ups and contingency planning Ensure that back-up policies are being followed Check on data safes and cabinets Check on the existence of a disaster recovery plan Enquire whether plan has been tested Ensure that any identified shortcomings have been addressed

ISACA Malta - MFSA Addressing shortcomings Meeting with management Submission of inspection report Declaration from the institution’s directors Follow-up through correspondence, further on-site visits etc