IMPACT OF COMPUTERS ON BANK
Like in all other areas, computers have left their impact on banking industry also. The computers have not only affected the traditional banking services such as demand deposits, consumer loans, savings, they have influenced the form and extent of such services. Most of the banks have been computerized these traditional services in major branches to eliminate the difficulties of manual calculations and crediting procedures. The main advantage of banks computerization over manual book-keeping systems are increased speed and accuracy. A whole day transactions are processed and posted on the same night and reports are available on the next morning, which is not available with manual book-keeping system. Not only this even the monthly statements are sent out of time without over time working of banks personal.
Banks developed/introduced Management Information System (MIS) to plan, operate and control commercial banking operations in an efficient manner. One more important area, which has been affected by computerization, is customer’s services. One such important service offered by banks is Automated Teller Machines (ATM’s), which are capable of dispensing cash and routine financial transactions such as deposits, transfer between accounts etc at 24 hrs a day 365 days a year. ATM’s are located either on or off bank premises.
‘Anywhere Branch Banking’ that is home or office banking (online/phone) are spreading fast in which customers can transact there banking activity not only when they want, but also with their convenience. Concept of EFT (Electronic Fund Transfer) is also being at a rapid growth rate introduced by banking industry to make financial transactions and simpler cutting transactions across geo-graphical boundaries and organizational barriers. Technology is also helping banks in order to over come the barriers of national boundaries and incompatible currencies. Organizing likes Society for Worldwide Inter bank Fund Transfer (SWIFT) provide a fast, reliable and secure method of international funds transfer. To conclude, it may be said that shifting to electronic banking is inevitable at this stage; in order to keep pace with the ever-growing needs of trade, commerce both at national and international level. However, computerization should be backed up with through planning, careful organizing and co-ordination amongst various departments within a bank. Thus, computers do offer great prospects to banking but they also accentuate the need for great thinking and proper care.
ADVANTAGES OF OVER MANUAL SYSTEM
1. Limitations of manual systems in banks.
ü Maintenance of multiple ledgers.
ü Errors on posting, calculations, totaling etc.
ü Enormous amount of time is spent for balancing of books.
ü Consolidation of accounts becomes laborious.
ü Inter bank reconciliation become tedious with millions of entries to be entered, checked, processed and matched.
Benefits of computer system. The most important advantage of computerized information system can be attributed to the following characteristics of computers: Storage, processing speed secondary capabilities. The table describes some advantages.
CAPABILITES | ADVANTAGE |
Storage | 1. It can store huge quantity of data in simpler & cheaper manner and moreover it is an document form 2. Faster retrieval of information is possible. |
Processing | Computers can manipulate and analyze huge quantity of data at a very high speed, which makes easier for the company to store the data & analyze it at a faster speed, which is not possible with manual systems. |
Networking | 1. Information can be shared at geographically speed places. 2. Different companies or branches of the same company can share it. 3. Messages can be transferred almost instantly. |
Q.2. Discuss on security aspects of banks computerization/mechanization?
Introduction. Computerization of banks brought a massive change of benefits to the international community; along with the gains they even brought some operations risks.
Banking business is due with goodwill & faith in the companies name & their strategies to satisfy their customers. Computerization of banks means vast amounts of money circulates in the form of data in computers so apart form saving the assets of banks safeguarding the computers has become prim importance to banks because the entire data is with computers. So in order to provide better services to customer’s banks has to minimize risks in computerized systems. The various risks from which any computerized system has to be protected are as under.
1. Natural calamities. 2. Operational risks.
3. Manual risks/ human errors 4. Malicious risks.
1. Natural catamites. These are fire, flood, earthquake etc. in entire world computers can be damaged due to the above causes or natural causes. These can be minimized if we follow the following aspects.
- Installation of fire alarms and fire fighting equipment; organizations with large computer installation should be well equipped with latest warning system such as smoke detectors etc.
- Maintaining duplicate copies of data. Companies should make backup copies of variable data and store them at different locations. There would be helpful to retrieve the data from backup devices if the primary data is affected from natural calamities. Computers generally backup the data automatically before the system is shutdown.
2. Operational risks. These risks are generally of two types namely power failures and breakdowns.
- Power failure. A breakdown in the power supply to have a very serious consequence, if the computer system is functioning on online mode. Sometimes it even leads to breakdown of the system through out the country and the activities are hanged up in the entire country of the particular bank.
- Breakdowns. Computers being machines are prone to mal functions of breakdown. The effect could be either very minor or disasters. Ex: The display terminal may not function, it could be repaired or the work could carry on without being caused. If the primary storage device of the system crashes the damage would be huge as all data was lost. The real loss was disturbances in banking operations for a period of time. Physical cost of repair is insignificant as compared to the loss of business for that period of time.
3. Human errors. In banks, erroneous data leads to a lot of problems. It also becomes very difficult to trace out or locate an error since an enormous number of transactions are entered into computer everyday. Therefore data validation is done at each and every step of data entry. The data entered is checked for authentication either with information stored in database or with master files.
4. Malicious Risks. The greatest threat to any computer installation being in small or large organizations eminates from its own employees or outside people who are ill to the organization or they can be called as hackers.
(A) Damage by employees. Any organization is most vulnerable to a attack from within organization. Such an attack is most unexpected and most of the times they are hardly any safeguards to take care of such a situation.
(B) Damage by hackers. In this age of corporate warfare, where the market place is the battle field and the large corporation are the armies, people can step to any depth to destroy the competition. You must be wondering as to who are these people called hackers if you know there professional definition – Hackers are essentially intelligent people who have a very good knowledge of computers but are unable to find suitable outlet to exhibit there knowledge or talent.
Some safety measures built into the software to fight against the above mentioned risks are as under:
- Daily cross verification of all data entered into system. A checklist could be generated which could be checked in detail and if the entries are too many to be created, a random verification could be done. Any wrong entries in the data would mostly be deleted during the cross verification. In a computerized banking system the check list can also contain the totals of debit and credit of all transactions entered for the day. The total debits should b equal to total credit for all the data entered. If they do not tally, some transactions has been wrongly entered or some figures have been manipulated.
- Maintenance of message log : A message log could be maintained which would keep all in coming requests to the system. It would also keep a note of the files or accounts accessed by the users. Therefore even if an outsider uses or accessed the system and manipulated the accounts, which could be seen in message log.
- Encryption of all data: Strict monitoring to ensure that accesses to encryption keys is to be authorized persons only.
Q.3. What are the different approaches to bank mechanization?
The following are various approaches to banks mechanization.
Local processing with batch updates.
Online updates
Remote computing facility with batch inputs.
Online system with mini-computer networking with main frame computers.
Local processing with batch updates. The following are the routine works, which are carried out in a typical branch banking.
a. Cheques and vouchers meant for other banks are totaled and remitted.
b. The Cheques received over the counter of for cleanings must be checked off and filed.
c. The bank office has to be handled opening and closing of A/c’s.
d. Discounting of Cheques is to be performed.
In some branches a manual front office may be there to transfer the data into computer in the back office, at the end of the day. Everyday at the end of banking hours the computer operators starts entering the data of the day’s transactions into the computer. After the processing of there data is over, the bank officials can obtain the following information.
Total cash deposits and withdrawals during the day.
Cash receipts and withdrawals are to be recon ciliated with the opening days balance in order to arrive next days opening balance.
Balance in the customer A/c to be reconciled after taking into all the debits and credits posted in the day.
General ledger of the bank to be printed out.
To check whether contingency reserve is maintained or not.
Online updates. It may be defined as the direct linking of an operation or equivalent to a computer system, so that any stimulus provided by that operation is immediately accepted by system. The following are the two examples, were online processing approach can be adopted.
a). Foreign exchange transactions. When the bank enters into a contract to buy or sell foreign exchange on behalf of its clients the transaction is immediately entered into the computer of that authorized foreign exchange dealing branches.
b). ATM’s.ATM’s function on the principle of online updation of data. These ATM’s are linked to a central computer, which contains the database of customer a/c’s. The database is centrally updated with the data provided from the ATM’s that are connected to it.
c). Remote computing facility with batch inputs. In this case large computer systems installed at the head office. The HO’s gets bank information daily from all its branches, which are spread out through out the country. The inter bank transactions comprises like drafts drawn at one branch and paid at another city by the corresponding bank for which each branch needs to prepare a daily statement and send it to the head office, which orders the corresponding bank to pay money.
In H.O. statement are consolidated and then fed in to computer systems. The data will be validated for errors, which may occur during data processing, if any errors are found the concerned branches are asked for verification.
Online system with mini-computer networking with main-frame computers. At the individual branch levels all the front office and back office transactions are processed by mini-computers. The processing at these branches are totally on-lined. At regional offices the data received from various branches are processed for any errors and then sent through main-frame computers to H.O.’s. The processed data is then transmitted to the main-frame computers at the H.O.
The above approach is called DDP ( Distributed data processing ).
Q.4. What is need for audit of computerized banking system? What are the various audit controls?
A. Banks normally achieve effective, secure and reliable systems only through the use of appropriate balance of different control techniques. The balance selected varies from bank to bank, reflecting particular risks within each bank and the costs of related security and control procedures. A regular program of independent tests of security and control procedures by auditors helps in identifying lapses before the banking operations are seriously put to risk. The generic organizational function aimed at evaluation of assets safeguarding, data integrity, system effectiveness, and system effectiveness, and system efficiency in computerized system is termed as “Computer audit “.
Objectives of audit for computerized banking system.
To verify the systems and software’s are properly installed and maintained.
Monitor and supervise application development.
To verify that all program changes are adequately tested and documented.
To prevent and detect errors during the program execution.
To verify that program documentation is maintained.
To verify the continuity of operations.
AUDIT APPROACHES.
Auditors are required to perform review of computer applications to evaluate accuracy of IT processing. Computer audit approaches depends on the technical skills of the auditor and sophistication of the computer center being audited. The audit procedures may consist of manual testing process or computer audit programs. These different terminologies are audit around the computer and audit through the computer.
Audit around the computer. In this approach the auditor examines the internal control system for computer installation. On the basis of above the auditor infers about the processing carried out. He does not do direct examination of application software, for him computer is just a black box. However the systems under scrutiny in these cases are simple such as using well tested software, proper physical controls of segregation of duties. In all these cases the auditor needs to examine and satisfy himself. Auditors having little technical expertise can be trained easily for performing audit around computer. However this approach is not useful for big organizations whose systems are complex in terms of size and volume.
Audit through the computer.This approach involves the testing of computers for the use of
Logical and controls existing within the system, and
Records produced by system.
For adopting this approach, the auditor requires technical competence and th level of Examination depends upon the complexity of the application system being audited.
By examining the systems processing through this approach, the auditor can access the systems ability to cope up with changed environment.
AUDIT CONTROLS.
Audit controls are designed to achieve the above objectives and controls can be classified as follows.
I. Administrative controls. These controls ensure that proper procedures are followed to maintain efficiency. An efficient administrative control system will involve the following aspects.
· Segregation of duties between different of organization.
· Adoption of file control measures to ensure that the data files are not used for any other unauthorized purposes.
· Ensures that adequate physical protection and the security measures against such as fire, floods etc have been taken.
II. Security development and documentation controls.These controls cover areas such as development, maintenance and implementation of all systems, and application software. These controls are needed to verify the completeness of system design.
III. Procedural controls. These controls ensure that the whole of the collected data for any application is completely and accurately processed from the data entry to the final output. These controls can be classified as under.
· Input controls. These controls consist of field checks, record checks & batch checks.
· Processing controls. These verify that all the input data is processed and processing of each transaction is accurate.
· Output controls. These controls relate to reconciliation of the output with input data, distribution of output and expectation of reports designed to call the users attention to possible errors or discrepancies.
IV. System security controls. These controls reflect the need to protect computer facilities, equipment, software and data against risks of any sort. With the advent of computers auditing scope available to improve audit productivity. This is possible by an auditors participation in designed state of an application systems as well as by a systematic periodic review of the system itself to ensure that it meets current requirements.
No comments:
Post a Comment