1 / 11

ISACA Malta – MFSA

ISACA Malta – MFSA. MFSA The Banking Unit’s On-Site Inspection Function. ISACA Malta -MFSA. On-Site Supervision Risk-based approach Review specific risk areas for ‘major’ banks ‘Top-down’ review for other institutions Supervisory cycle of 24-30 months

khanh
Download Presentation

ISACA Malta – MFSA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ISACA Malta – MFSA MFSA The Banking Unit’s On-Site Inspection Function

  2. ISACA Malta -MFSA On-Site Supervision Risk-based approach Review specific risk areas for ‘major’ banks ‘Top-down’ review for other institutions Supervisory cycle of 24-30 months On average two visits annually at each major institution Once every 24-30 months at other institutions

  3. ISACA Malta - MFSA Inspection Plan • Annual Plan set by the Unit On the basis of: • Areas of concern identified through previous on-site reviews • Risk areas or operations indicated through off-site analysis of returns • Otherwise when up for regular review

  4. ISACA Malta - MFSA Specific Risk Areas • Credit portfolio • Treasury/International Division • Deposit accounts/Prevention of Money Laundering • Corporate governance • IT issues • Internal Audit function • Risk management function • Documentary credits/ IBCs/Guarantees • Verification of off-site returns

  5. ISACA Malta - MFSA Objectives of IT Review • Does not involve a technical review • Evaluation of IT set-up • Assessment of risk emanating from IT area • Review of internal control procedures • Adequacy of human resources and training

  6. ISACA Malta - MFSA Methodology • Inspection questionnaire • Interviews with internal audit • Analysis of External Auditors’ Management Letter • Analysis of policy documents related to the IT area • Evidence of physical set-up of hardware • Interview officials from each section within the IT Dept • Perusal of related documentation

  7. ISACA Malta - MFSA On-Site Review • Organisational chart of the Dept • Assess set-up to identify possible risks • Analyse functions performed by different sections within the IT Dept • Identify shortcomings within each section eg continuity risk, overlap of duties etc

  8. ISACA Malta - MFSA Policies and Procedures • Policies on back-ups eg frequency, storage • Policies on e-mail eg archiving of messages • Policies on internet usage eg access • Policies on passwords eg changes, composition • Communication of policies eg distribution of manual, bank circulars • Work procedures formalised by each section within the Unit

  9. ISACA Malta - MFSA Hardware and software • Control of physical access to main server/back-ups • Mitigation of external attacks eg firewalls • Distinguish between in-house and external applications • Perusal of maintenance agreements relating to both hardware and software • Ensure all agreements are being renewed • Follow up on any problems encountered

  10. ISACA Malta - MFSA Back-ups and contingency planning • Ensure that back-up policies are being followed • Check on data safes and cabinets • Check on the existence of a disaster recovery plan • Enquire whether plan has been tested • Ensure that any identified shortcomings have been addressed

  11. ISACA Malta - MFSA • Addressing shortcomings • Meeting with management • Submission of inspection report • Declaration from the institution’s directors • Follow-up through correspondence, further on-site visits etc

More Related