In today’s digital banking environment, information security, IT governance, and operational resilience are fundamental to maintaining trust, regulatory compliance, and financial stability. As an ISO/IEC 27001 Information Security Lead Auditor and IT General Controls (ITGC) Auditor, I have had the privilege of conducting strategic IT security audits for central banks and leading commercial banks across Bangladesh and Nepal, helping strengthen governance over some of the region’s most critical financial systems.
Auditing National Financial Infrastructure
My professional journey includes independent IT security and ITGC audits for:
- Nepal Rastra Bank (Central Bank of Nepal)
- Bangladesh Bank (Central Bank of Bangladesh)
- Janata Bank PLC
- Pubali Bank PLC
- IFIC Bank PLC
- Woori Bank (Korean Banking Operation in Bangladesh)
- Commercial Bank of Ceylon PLC (Sri Lankan Banking Operation in Bangladesh)
These assignments were conducted in collaboration with internationally recognized audit firms under the oversight of national regulatory authorities, applying ISO/IEC 27001 Information Security Management and Grant Thornton IT General Control (ITGC) methodologies.
Protecting Mission-Critical Banking Systems
The audits covered enterprise-wide technology environments supporting national banking operations, including:
- Core Banking Systems (CBS)
- SWIFT and payment systems
- RTGS and cheque clearing platforms
- Financial Management Systems (FMS)
- HR and Payroll Systems
- Anti-Money Laundering (GoAML)
- Data Centres and Disaster Recovery Sites
- Network Security and Cybersecurity Controls
- Database Administration and Backup Strategy
- Identity and Access Management
- IT Governance and Operational Controls
The objective was not simply to verify compliance but to evaluate the effectiveness, resilience, and security of technology environments that support millions of financial transactions every day.
Governance Beyond Compliance
My audit methodology combines internationally accepted standards with practical risk assessment to provide management with meaningful, actionable insights.
Each engagement included:
- Information Security risk assessment
- IT General Controls (ITGC) evaluation
- Security governance review
- Access control and segregation-of-duty analysis
- Disaster Recovery and Business Continuity assessment
- Infrastructure and cybersecurity evaluation
- Executive-level audit reporting
- Practical corrective action recommendations
Rather than producing compliance checklists, the focus was on identifying operational risks, prioritizing remediation, and strengthening institutional resilience.
Executive Reporting That Drives Improvement
An effective audit concludes with more than observations—it delivers a roadmap for improvement.
The audit reports presented to executive management included:
- Risk-based findings and control gaps
- Business impact analysis
- Compliance mapping against ISO/IEC 27001 and ITGC controls
- Prioritized corrective and preventive actions
- Governance enhancement recommendations
- Strategic improvements for operational resilience and cybersecurity maturity
At Nepal Rastra Bank, audit findings and recommendations were presented during executive review sessions attended by senior management, the Office of the Auditor General, and international stakeholders, contributing to ongoing improvements in information security governance and regulatory compliance.
Building Resilient Financial Institutions
Modern financial institutions operate within an increasingly complex threat landscape where cybersecurity, governance, and regulatory compliance are inseparable.
Through my work with central banks and commercial banks, I have supported organizations in strengthening:
- Information Security Governance
- IT Risk Management
- Cybersecurity Readiness
- Regulatory Compliance
- Operational Resilience
- IT General Controls
- Enterprise Risk Management
- Digital Trust
Executive Insight
Technology alone cannot secure a financial institution.
Resilient banking operations are built on effective governance, independent assurance, disciplined risk management, and continual improvement.
Whether auditing a national payment infrastructure, evaluating core banking systems, or assessing enterprise cybersecurity controls, my objective remains the same: to provide management with practical, intelligence-driven recommendations that strengthen operational excellence, regulatory confidence, and long-term organizational resilience.
At Openmind Connect, we combine IT Governance, ISO/IEC 27001, IT General Controls, Enterprise Risk Management, and Digital Transformation to help organizations build secure, compliant, and future-ready digital enterprises.