Data Centre- Concurrent Audit

RBI has mandated banks to implement a Concurrent Audit process of Data Centre via circular RBI/2015-16/133 DBS.CO.ARS. No. BC. 2/08.91.021/2015-16, date July 16, 2015. Therefore, DC concurrent audit provides compliance with the Regulator guidelines.

Why choose Riskpro

  • Riskpro has a very efficient team when it comes to the concurrent audit of the data centre. A well-suited team comprising of Certified Information System Auditors, internal Auditors, and Banking Domain expert can collaborate with your organization to ensure the design and operating effectiveness of Data Centre and Disaster Recovery Site IT Operations.
  • We follow a risk-based approach, which is not only exhaustive but also helps you to create a protective ambience around your data systems.
  • Provide assurance on the concept of maker checker compliance for identified payment systems/ solutions.
  • Provide assurance on the concept of Segregation of Duty control between functions.
  • Assist bank in the identification of risk for critical IT operations near to real-time for mitigation
  • Our Approach to Concurrent Audit

    Our Understanding about Requirement

  • Scope Finalisation
  • Chronology of DC Concurrent Audit Activity
  • Concurrence on Escalation Matrix
  • Services provided by Riskpro

    Requirement understanding:
    Riskpro understands that Bank has identified critical areas for the concurrent audit of the data centre to meet compliance with regulatory guidelines

    Scope:
    1.) Data Centre Activities: We conduct a monthly review on compliance of identified domains/ areas in line with Policy, procedures and Standard Operating Procedures of the organisation in IT Management or operations of Data Centre.

    2.) Privilege User Activities: We conduct a review of identified payment applications like Core Banking, SWIFT, Treasury etc. The administrative and transaction logs of the above systems are reviewed.

    3.Chronology of DC Concurrent Audit Activity:

    1 Initial Data Requirement- Last day of the month
    2 Release of Query Sheet- As per agreed TAT
    3 Release of Draft Report- As per agreed TAT
    4 Final Management response timelines- As per agreed TAT
    5 Publish of Final report- As per agreed TAT