Download presentation
Presentation is loading. Please wait.
Published byDevin Madden Modified over 10 years ago
2
Ashutosh Pednekar, FCA, CISA, ISA (ICA), LLB (Gen), B.Com. Partner, M P Chitale & Co. November 6, 2007 IRDA – ICAI Round Table Meeting on Insurance Industry IS Audit & IT systems in Insurance Industry
3
© Ashutosh Pednekar, M.P.Chitale & Co. 2 Acknowledgements Material published by Information Systems Audit & Control Association (ISACA) – the leading association of professionals in Information Systems (IS) Audit, Control, Security & Governance Thoughts of Mr.Samir Shah, CFO, HDFC General Insurance Co. Ltd. & Ms.Anagha Thatte, Partner, M P Chitale & Co.
4
© Ashutosh Pednekar, M.P.Chitale & Co. 3 Disclaimers No representation or warranties are made by the ISACA with regard to this presentation by Ashutosh Pednekar. ISACA has no responsibility for its contents. These are my personal views and can not be construed to be the views of M/s. M. P. Chitale & Co., Chartered Accountants or IRDA or ICAI. These views do not and shall not be considered as professional advice. This presentation should not be reproduced in part or in whole, in any manner or form, without my written permission.
5
© Ashutosh Pednekar, M.P.Chitale & Co. 4 IT systems in Insurance Industry Need to cater to two broad segments Policy Management Premium / Commission / Claims / Opex Fund (Investment) Management Needs of the industry Flexibility & scalability to handle complexities of existing & new products various delivery channels Regulatory compliances and its reportings Integration capabilities between multiple systems Robustness a labour intensive industry with wide geographical spread Availability
6
© Ashutosh Pednekar, M.P.Chitale & Co. 5 Growing Complexities & Pressures are Increasing Risks... Increased Operationa l Risk Market Convention Regulatory Demands Increased Transaction Volumes Complex Instruments and Strategies Increasing HR Complexities Reliance on Technology & Information Systems
7
© Ashutosh Pednekar, M.P.Chitale & Co. 6 Business Process & Information Assets These two are inextricably linked. Each Business Process leads to Creation of Information at every stage Storing it Updating on real-time basis Using it Protecting from misuse – intentional or otherwise
8
© Ashutosh Pednekar, M.P.Chitale & Co. 7 = Data and information embedded/stored in Data Information and IT Resource Management Enterprise-wide Information Assets Knowledge Management (Digitizing Knowledge) Knowledge Management (Digitizing Knowledge) ComputersPeople
9
© Ashutosh Pednekar, M.P.Chitale & Co. 8 IS Risk Management Objective : likelihood intensity Minimizing likelihood (frequency) and intensity (business impact) of loss of : confidentiality C integrity I availability A of information. CIA …. the CIA Principle
10
© Ashutosh Pednekar, M.P.Chitale & Co. 9 CIA - Vulnerabilities & Exposures Confidentiality Information Manipulating processes Competitors Integrity Availability HackersSystems Bugs Acts of God Users Human errors
11
© Ashutosh Pednekar, M.P.Chitale & Co. 10 IS Audit Initial Steps Assess reliance placed by the Management on the system efficacy & the reliance placed by them on IT systems to take managerial decisions take operating level decisions conduct operations Get a feel of the IS Risk as perceived by the Top Management
12
© Ashutosh Pednekar, M.P.Chitale & Co. 11 IS Risk Mitigation : Building Blocks Building Blocks Business Process Reengineering Management, Planning & Organization of IS Business Application Systems & Controls Systems Development Life Cycle Disaster Recovery & Business Continuity Protection of Information Assets Technical Infrastructure & Operational Practices
13
© Ashutosh Pednekar, M.P.Chitale & Co. 12 IS Audit Areas Compliance with IS Security Policy & Procedures Includes an assessment of the understanding of the policy & procedure requirements across the organization Hardware Monitoring Sizing Upgradations
14
© Ashutosh Pednekar, M.P.Chitale & Co. 13 IS Audit Areas… Software – core as well as end-user applications Licensing Version Control Upgradations Patch implementation
15
© Ashutosh Pednekar, M.P.Chitale & Co. 14 IS Audit Areas… Logical Controls Need to do basis Controls have to be for data as well as programs Authorization protocols Conflict of interest, if any to be identified Physical Controls Network management
16
© Ashutosh Pednekar, M.P.Chitale & Co. 15 IS Audit Areas… Operations Management Within data center At Ops level At corporate level At branches & outlets With field staff Controls over outsourced agencies have to be equally stringent, if not more Focus on vulnerabilities at the agency level Adequacy of SLAs BCP / DRP
17
© Ashutosh Pednekar, M.P.Chitale & Co. 16 IS Audit Methodology is achieved by Key Controls by focusing on Summary of IT Goals that satisfies the Business Requirements for IT Control over the IT Processes is measured by Key Metrics C OBI T ® Technique
18
© Ashutosh Pednekar, M.P.Chitale & Co. 17 IS Audit value adds Vetting the IS Policy & Procedures for their adequacy Functionality Reviews Pre Implementation Reviews Post Implementation Reviews Source Code Audit Ethical Hacking / Penetration Testing
19
© Ashutosh Pednekar, M.P.Chitale & Co. 18 Thank you : ashu01@mpchitale.com
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.