The Institute of Internal Auditors - India [Home Page]
Home | About us | Organisation | Membership | Chapter Info. | Guidance | Certifications | Knowledge Links | Training | Careers | Contact
The Institute of Internal Auditors - India
Quick Search
Keywords:
Menu
  Hyderabad Chapter
  Bangalore Chapter
  Bombay Chapter
  Calcutta Chapter
  Delhi Chapter
  Madras Chapter
   
Quick Poll
Has your company adopted a Code of Conduct for all employees?
Yes No
Previous Results
   
   
The Institute of Internal Auditors - India  
  CONTRIBUTION BY MS. UMA RAMANI, IDFC  
 

 

Background

Our company is a wholesale financial institution catering to the infrastructure sector. Over the last few years we have gone on a major expansion mode by way of acquisitions. We have acquired an institutional broking firm and a mutual fund. The IT Dept in IDFC has been a technology enabler by matching the user requirements with the technology available. The integration of the newly acquired firms with the IDFC platform had thrown up a challenge. The Information Technology Internal Audit team at our company is viewed as a consultant rather than a post facto investigator or a fact (fault) finder. Thus this role is viewed very positively.

Observations

  • The primary challenge here was that the newly acquired companies were in a totally different business. More online/real time than our company and therefore the integration process also needed to be almost real time.

  • The second challenge was not so much in the integration but more so in the disintegration as the MF business was part of an international bank with a global presence.

  • The plan for integration had to be foolproof as we had to move them to our network over the weekend.

  • The new company information technology and security stance had to be known to help in the preparation of the plan for integration. This was also required for providing appropriate support and upgrade.

    • Actions/Recommendations

  • The Internal Audit function was involved from the start and did a detailed analysis of the information technology and security posture.

  • After which a gap analysis was undertaken to see where the newly acquired companies stand as compared to our company.

  • Based on these a detailed action plan was drawn for the shift over and integration.

  • A WAN network was designed based on the requirements and for better control.

    • Value-Add

    The benefits of the involvement of the IT Internal Audit team over and above the recommendations were: Determine the control objectives, controls, process and procedures for information security management system for the group to:

  • Conform to the requirements of ISO27001 and all relevant legislation or regulations.

  • Conform to the identified information security requirements

  • are effectively implemented and maintained.

  • Perform as expected.

  • Some of the smaller branches also connected to the central VPN network. Although this was expensive, it was recommended to have better control over use of resources and also to lower the risk of unmonitored internet use.

  • The primary location of Mutual Fund was still located in the Bank premises and thus could not be connected via lease line. This challenge was overcome with the recommendation to connect to primary network via internet using VPN tunneling.

  • The IT Internal Audit team had a broader perspective as compared to the IT Infrastructure or Applications personnel and also understood the requirement of the management in ensuring that a plan well suited was prepared and implemented.

  • The IT Internal Audit with its collaborative approach, worked along with the Infrastructure and the Applications team for a smooth transition.

  Site developed by
  Satyam Computer services Pvt. Ltd.
Copyright © 2003 The IIA-India. All rights reserved.