Starting from five (5) prominent commercial banks (all corporate head office in Dhaka, Bangladesh): Janata Bank, Pubali Bank, IFIC Bank, Woor Bank (Korean Bank), CBC (Commercial Bank of Cylon), I conducted IT audit at Bangladesh Bank (The Central Bank) in two phases. First time it was ITGC (IT General Control) audit and in the second phase, IT security audit on Bangladesh Bank policy, Core Banking System, SAP including its administrative module and few other financial modules, Payment systems, SWIFT, Bangladesh Bank Internet and Intranet, Arrays of customer and bank focused custom software and development, Data centre, Infrastructure and network security, NDC, IT staff job responsibilities etc.
In the case of other 5 commercial banks: the core banking systems, data centre, database, backup and security systems are hosted and controlled locally at the local bank premises, but the foreign banks maintain all these in the respective country – namely, Woori Bank at Korea and CBC (Commercial Bank of Cylon) at Colombo, Sri Lanka. For these five banks, I conducted ITGC (IT General Controls) on the basis of generic ISO27001 (ISMS) requirements and following other prominent control standards objectives of Grant Thornton. There were major areas, where the audit was done: System Administrative security, Execution of Applications and Software maintenance and development. All these commercial banks are so far updated in question of the infrastructure and security deployment and maintenance of core banking systems and other financial applications.
My experience implies that, more or less the IT setup of all Banks in Bangladesh are being robust, secured and matured day by day – although there were observations and necessary recommendations. The Board of Directors and the top managements are seriously concerned about investing for the best possible IT infrastructure and network, best and reliable CBS (core banking system), payment systems, access security and cryptographic area and, of course, a bunch of efficient IT staffs are employed for ensuring the industry standard banking services. In all the cases, I found, the management are proactive and cooperative to the technical staff to patronize the mission critical banking system for the sake the best possible customer service. One thing must be remembered that nothing is full-proof and the best and robust in operational and security aspect as expected in comparison with the systems of world standard banking communities – but thinks are going ahead to cope up with the ever changing technology pace.