Poslovanja bank si ni mogoče zamisliti brez uporabe informacijske tehnologije oz. računalniško podprtih informacijskih sistemov. Ta predstavlja ključen poslovni vir, ki banki prinaša tako koristi kot tudi negativne vplive, ki se med drugim kažejo v izpostavljenosti banke tveganjem iz naslova uporabe informacijske tehnologije. Slednja lahko zaradi neustreznega obvladovanja ogrozijo zanesljivost in varnost delovanja informacijskega sistema banke ter posledično njeno poslovanje.
Ker banke zaradi svoje osrednje vloge v gospodarskem sistemu predstavljajo enega izmed ključnih dejavnikov finančne stabilnosti, morajo poslovati skrbno in varno. Zato so predmet nadzora Banke Slovenije, hkrati pa so z zakonom obvezane k ustanovitvi službe notranje revizije kot ene izmed funkcij notranjih kontrol. Naloge službe notranje revizije so zakonsko opredeljene in med drugim obsegajo tudi presojo informacijskega sistema vključno z elektronskim informacijskim sistemom in elektronskimi bančnimi storitvami.
Notranji revizorji morajo svoje naloge izvajati skladno z Mednarodnimi standardi strokovnega ravnanja pri notranjem revidiranju (angl. International Standards for the Professional Practice of Internal Auditing), ki zahtevajo vključevanje področja informacijske tehnologije med notranjerevizijske naloge, kar zahteva, da notranji revizor dovolj dobro pozna informacijsko tehnologijo tako z vidika njene uporabe v bančnem poslovanju kot z vidika ključnih tveganj. Navedeno pa lahko v praksi predstavlja težave, saj notranji revizorji običajno ne razpolagajo s specifičnim znanjem, potrebnim za opravljanje revizij informacijskih sistemov zlasti kadar gre za ozko usmerjena področja. Zato je Inštitut za notranje revizorje (angl. The Institute of Internal Auditors) izdal Globalne smernice za revidiranje tehnologij (angl. Global Technology Audit Guide), ki jih lahko notranji revizorji uporabijo kot pomoč pri izvajanju revizij informacijskih sistemov.
Cilj naloge je tako bil predstavitev Globalnih smernic za revidiranje tehnologij ter prikaz njihove uporabe in primernosti pri izvajanju revizij informacijskih sistemov s strani notranjih revizorjev v banki.
informacijska tehnologija;informacijski sistemi;banke;notranja revizija;tveganje;
Banking business cannot be imagined without the use of information technology or computerized information systems. This is the key business resource that brings banks both benefits and negative effects. The negative effects can be seen in a bank's exposure to risks arising from the use of information technology. The latter may, due to improper management, undermine the reliability and security of the information systems of a bank and consequently its business.
Banks, because of their central role in the economic system, are one of the key factors in financial stability, and therefore they must operate carefully and securely. Consequently, they are subject to supervision by the Bank of Slovenia and are legally required to establish an internal auditing department as one of the functions of internal controls. The tasks of the internal auditing department are defined by law and include the assessment of information systems, which includes electronic information systems and electronic banking services.
Internal auditors should carry out their tasks in accordance with the International Professional Practices Framework of Internal Auditing, which requires the integration of information technology with internal auditing functions. This requires that the internal auditor has sufficient knowledge of information technology in terms of its use in banking and in terms of key risk. In practice, this may be a problem, since internal auditors usually do not have specific knowledge necessary to carry out audits on information systems, especially when it comes to narrowly directed areas. Therefore, the Institute of Internal Auditors released the Global Technology Audit Guide, which can be used by internal auditors to assist in carrying out audits on information systems.
The aim of the project is to provide internal bank auditors with global guidelines for using auditing technologies and to demonstrate their use and suitability in carrying out audits on information systems. |
information system;bank;internal audit;audit of information systems;risk of information technology; |
