What changed
RBI has formally introduced IS audit requirements for UCBs, replacing the earlier EDP audit advisory from 2002. Banks must now adopt an IS audit policy tailored to their operations and conduct annual audits covering critical branches, with reports available to statutory auditors before their audit.
What it means for you
UCBs must integrate IS audit into their risk management framework due to increased technology adoption and associated risks. This ensures that electronic banking, CBS, and other digital services are audited for security and compliance, protecting both the bank and its customers.
What you must do
- Adopt or update an IS audit policy aligned with your bank's size, business complexity, and computerization level.
- Conduct annual IS audits for all critically important branches, preferably before the statutory audit.
- Place IS audit reports before the board and ensure compliance within the timeline set in the audit policy.
- Implement these instructions by the end of the current accounting year (March 31, 2015).
Who it affects
All Primary (Urban) Cooperative Banks, Chief Executive Officers of UCBs, Statutory auditors of UCBs, Board of Directors of UCBs
What is the key difference between the earlier EDP audit and the new IS audit requirement?
The earlier 2002 circular advised UCBs to introduce EDP audit on a perpetual basis. The new circular specifically mandates an IS audit policy, annual audits for critical branches, and board oversight, reflecting the increased technology risks from CBS and digital banking.
Which branches must be covered under the annual IS audit?
All critically important branches, defined by the nature and volume of business, must be audited annually. The audit should be completed before the statutory audit so that findings are available to statutory auditors.
What is the deadline for implementing these IS audit instructions?
UCBs must implement these instructions during the current accounting year, which runs from April 1, 2014, to March 31, 2015.