Privacy on the Internet, appropriate preventative measures should be taken to minimize the likelihood of these problems occurring. These measures include the careful design and location of data centers, data entry controls and security features to prevent unauthorized access to computer equipment and the use of passwords to restrict access to programs and data. Since preventive actions cannot be fully effective, it is imperative that managers also develop corrective action systems. They should be aimed at identifying and limiting the impact on business of events that are beyond the control of banks and threaten the operations of banks.
These should include doubling the ability of telecommunications and computer networks to cope with the risk of failure, as well as harmonization procedures for error detection and large-scale disaster relief plans. In addition, any carefully designed IT policy should include insurance against losses associated with employee fraud, data replacement costs, and the destruction of software or hardware. Internal Audit Managers and directors are also responsible for checking, monitoring and testing computer management systems to ensure their day-to-day effectiveness and usefulness in terms of business activity. A regular program of independent testing of safety procedures and control by inspectors, auditors or consultants should be established. This program should be able to detect inconsistencies in controls before they seriously compromise banking operations. The frequency and importance of audits conducted in any sector should reflect the risk that banks are exposed to in the event of a failure in security and control procedures.
What to know about data security? Privacy on the Internet. From the point of view of supervisory authorities, it is necessary to evaluate both the relevance of the institution’s IT policy and the effectiveness of its internal IT monitoring and audit system. One way to do this is to assess the situation using questionnaires or reports, but these functions are most often the responsibility of external inspectors and auditors. A simple questionnaire or report usually provides preliminary guidance to supervisory authorities, but cannot be considered as a substitute for a detailed analysis of computer security or audit specialists. The subject is technically complex, and in each bank systems and equipment show significant differences in the causes of interference and the control methods used.
In such a specialized area, it would be particularly useful for supervisors to draw on the experience of external auditors. They should be encouraged to provide the necessary resources for this part of their responsibilities. Banks should draw the attention of external auditors to this issue by including in the letter of commitment a clause stating that the external auditor periodically evaluates the reliability of IT procedures that are vital to the institution’s operations, as well as the quality of the information. the effectiveness of internal computer control. In addition, external auditors should include in their annual report to senior management the deficiencies and deficiencies that they identified during the audit in this particular area. While supervisors do their work mainly through on-site inspections, inspectors also conduct interviews, check documentation, and spot checks. Personal information.
However, it will probably be difficult for them, due to their limited number or the limitation of their qualifications, not to mention budgetary and other restrictions, to follow the evolution of new computer systems. Today, it is necessary to include computer specialists in the inspection, the training of which corresponds to the degree of perfection of the bank systems to be checked. Both inspectors and auditors regularly use computer tools or reference manuals developed by regulatory bodies with the assistance of specialized agencies for their work in the IT field; these tools are extremely valuable.