REVISED (version 2) RISK RATING MODEL FOR SELECTION OF BRANCHES FOR EDP AUDITS FOR

THE YEAR-2010
DATA ENTRY SHEET
REGION NAME Lahore Central
BRANCH NAME: Anarkali Branch Lahore
BRANCH CODE: 0303
Sr.No. RISK RATING PARAMETER Branch Data/Value
1- BRANCH BASIC PROFILE
a) Branch Category (with reference to No. of staff members) II

b) Communication Status (Off-line/ On-line) On-line (WL)

c) Availability of ATM(s) No

d) Availability of Data Encryptor No

e) Availability of CCTV/ Survillence System Yes

f) Total No. of PCs at the branch 9

g) No. of PCs running EBS/ BBO application 5

h) Availability of Smoke Detection System No

2- BRANCH IT PROFILE (DOMESTIC IT APPLICATIONS)

a) Computerized Banking Application BBO

b) NBP Advance Salary Yes

c) NBP Saibaan Yes

d) NBP Karobar Yes

e) Any other IT based Banking Product (Remittance Module etc.) No

f) Changes in Branch's Key IT Application (e.g. BBO to EBS) during the year No

3- BRANCH IT PROFILE (THIRD PARTY IT APPLICATIONS)

a) SWIFT No

b) Western Union Money Transfer System Yes

c) SAMBA Yes

d) Any Others (Utility Bills Collection System, eCIB etc) Yes

4- BRANCH BUSINESS PROFILE

a) Deposits (Total No. of accounts) 3,000

b) Advances (Total No. of accounts) 587

c) Avg. Daily Transactions (All types) 118

5- BRANCH CONTROL ENVIRONMENT (As per Previous EDP Audit Report)

a) Documentation & updation of Duties & Computer User IDs at branch Absent

b) Segregation of critical duties & Succession planning in EBS/BBO/ATM operations Partially Present

c) Password privacy & restricted access to critical IT equipment Present

Disaster Recovery Arrangements (Data/ Application & power Back-up, Security

d) Alarm & fire fighting arrangements etc)
Not Audited

e) Adequate recording of hardware/software maintenance log Partially Present

f) Checking/ balancing/maintenance of financial & non-financial reports Absent

g) Input of fake/ incomplete/ incorrect Data in EBS/ BBO Yes

h) Execution of Un-liscened/ Irrelevent/unapproved Software at branch Yes

i) Anti-virus software presense/ up-dation Present & Updated

Above 5 entresi,
j) Outstanding ATM Settlement Entries O/S for more than 1 week

k) Position & Layout of Network wiring Concealed

6- AUDIT RATING/ FINDINGS OF PREVIOUS EDP AUDIT

a) Audit Rating D

b) Total No. of findings reported 25 or More

c) Total No. of findings diarized 5 or More

7- COMPLIANCE OF PREVIOUS EDP AUDIT REPORT

a) Status of Clearance Certificate Outstanding

b) Delay (if any) in submission of Clearance Certificate Not Audited

c) No. of Diaries Outstanding as per CC 3 or More

 I Off-line
II On-line (WO)
III On-line (WL)

EBS
BBO

Yes
No
Not Audited
A
Not Audited
Accepted
Outstanding
Not Audited

Present
Partially Present
Absent

Not Audited

Absent
Not Updated/ Not Audited

Present & Updated

Concealed
Not Concealed
0
Less than 3
3 or More

With in Due Date

Delay more than 15 days
Not Audited
 On-line (WO)
On-line (WL)

e than 15 days
 REVISED (version 2) RISK RATING MODEL FOR SELECTION OF BRANCHES FOR EDP AUDITS FOR THE YEAR-2010
BRANCH NAME: Anarkali Branch Lahore BRANCH CODE: 0303 REGION: Lahore Central

Sr. Maximum Branch Data/ Branch Risk

RISK RATING PARAMETER CRITERIA FOR SCORING
No. Score Value Score
1- BRANCH BASIC PROFILE SCORE=1 SCORE=2 SCORE=3
a) Branch Category (with reference to No. of staff members) Category-I Category-II Category-III 3 II 2
b) Communication Status (Off-line/ On-line) Off-line On-line (wired) On-line (wireless) 3 On-line (WL) 3
c) Availability of ATM(s) No ATM 1 ATM more than 1 ATMs 3 No 1
d) Availability of Data Encryptor Yes No --- 2 No 2
e) Availability of CCTV/ Survillence System Yes No --- 2 Yes 1
f) Total No. of PCs at the branch Less than 3 Less than 8 8 or More 3 9 3
g) No. of PCs running EBS/ BBO application Less than 3 Less than 6 6 or More 3 5 2

h) Availability of Smoke Detection System Yes No --- 2 No 2

TOTAL SCORE OF PARAMETER 1 : 21 14
2- BRANCH IT PROFILE (DOMESTIC IT APPLICATIONS) SCORE=1 SCORE=2 SCORE=3
a) Computerized Banking Application EBS BBO --- 2 BBO 2
b) NBP Advance Salary No Yes --- 2 Yes 2
c) NBP Saibaan No Yes --- 2 Yes 2
d) NBP Karobar No Yes --- 2 Yes 2
e) Any other IT based Banking Product (Remittance Module etc.) No Yes --- 2 No 1
f) Changes in Branch's Key IT Application (e.g. BBO to EBS) during the year No Yes --- 2 No 1
TOTAL SCORE OF PARAMETER 2 : 12 9
3- BRANCH IT PROFILE (THIRD PARTY IT APPLICATIONS) SCORE=1 SCORE=2 SCORE=3
a) SWIFT No Yes --- 2 No 1
b) Western Union Money Transfer System No Yes --- 2 Yes 2
c) SAMBA No Yes --- 2 Yes 2
d) Any Others (Utility Bills Collection System, eCIB etc) No Yes --- 2 Yes 2
TOTAL SCORE OF PARAMETER 3 : 8 7
4- BRANCH BUSINESS PROFILE SCORE=1 SCORE=2 SCORE=3
a) Deposits (Total No. of accounts) less than 1000 less than 3000 3000 or moe 3 3,000 3
b) Advances (Total No. of accounts) less than 300 less than 1000 1000 or more 3 587 2
c) Avg. Daily Transactions (All types) less than 100 less than 1000 1000 or more 3 118 1
TOTAL SCORE OF PARAMETER 4 : 9 6

Regional Audit Office (C) Lhr MIS Section

 Sr. Maximum Branch Data/ Branch Risk
RISK RATING PARAMETER CRITERIA FOR SCORING
No. Score Value Score
5- BRANCH CONTROL ENVIRONMENT (As per Previous EDP Audit Report) SCORE=1 SCORE=2 SCORE=3
a) Documentation & updation of Duties & Computer User IDs at branch Present Partially Present/ Not Audited Absent 3 Absent 3
b) Segregation of critical duties & Succession planning in EBS/BBO/ATM operations Present Partially Present/ Not Audited Absent 3 Partially Present 2
c) Password privacy & restricted access to critical IT equipment Present Partially Present/ Not Audited Absent 3 Present 1

Disaster Recovery Arrangements (Data/ Application & power Back-up, Security

d) Alarm & fire fighting arrangements etc)
Present Partially Present/ Not Audited Absent 3 Not Audited 2

e) Adequate recording of hardware/software maintenance log Present Partially Present/ Not Audited Absent 3 Partially Present 2
f) Checking/ balancing/maintenance of financial & non-financial reports Present Partially Present/ Not Audited Absent 3 Absent 3
g) Input of fake/ incomplete/ incorrect Data in EBS/ BBO No Not Audited Yes 3 Yes 3
h) Execution of Un-liscened/ Irrelevent/unapproved Software at branch No Not Audited Yes 3 Yes 3
i) Anti-virus software presense/ up-dation Present & Updated Not updated/ Not Audited Absent 3 Present & Updated 1

Above 5 entries, Above 5 entresi,

No Entry O/S for Below 5 entries,
j) Outstanding ATM Settlement Entries more than one week O/S for more than 1 week
O/S for more than 1 3 O/S for more than 1 3
week week

k) Position & Layout of Network wiring Concealed Not Concealed -- 2 Concealed 1

TOTAL SCORE OF PARAMETER 5 : 32 24
6- AUDIT RATING/ FINDINGS OF PREVIOUS EDP AUDIT SCORE=1 SCORE=2 SCORE=3
a) Audit Rating A or B C / Not Audited D 3 D 3
b) Total No. of findings reported less than 16 Less than 25/ Not Audited 25 or More 3 25 or More 3
c) Total No. of findings diarized 0 Less than 5/ Not Audited 5 or More 3 5 or More 3

TOTAL SCORE OF PARAMETER 6 : 9 9

7- COMPLIANCE OF PREVIOUS EDP AUDIT REPORT SCORE=1 SCORE=2 SCORE=3
a) Status of Clearance Certificate Accepted Not Audited Outstanding 3 Outstanding 3
Delay not more than 15 days/ Delay more than
b) Delay (if any) in submission of Clearance Certificate With in Due Date
Not Audited 15 days
3 Not Audited 2

c) No. of Diaries Outstanding as per CC 0 Less than 3/ Not Audited 3 or More 3 3 or More 2
TOTAL SCORE OF PARAMETER 7 : 9 7

SUMMARY OF RISK RATING SCORE Branch: Anarkali Branch Lahore (0303) Region: Lahore Central
Sr. # Parameter Discription Maximum Score Risk Score Attained by the Branch Risk %
1 BRANCH BASIC PROFILE 21 14 66.67%
2 BRANCH IT PROFILE (DOMESTIC IT APPLICATIONS) 12 9 75.00%
3 BRANCH IT PROFILE (THIRD PARTY IT APPLICATIONS) 8 7 87.50%
4 BRANCH BUSINESS PROFILE 9 6 66.67%
5 BRANCH CONTROL ENVIRONMENT (As per Previous EDP Audit Report) 32 24 75.00%
6 AUDIT RATING/ FINDINGS OF PREVIOUS EDP AUDIT 9 9 100.00%
7 COMPLIANCE OF PREVIOUS EDP AUDIT REPORT 9 7 77.78%
TOTAL: 100 76 76.00%

Regional Audit Office (C) Lhr MIS Section

 Sr. Maximum Branch Data/ Branch Risk
RISK RATING PARAMETER CRITERIA FOR SCORING
No. Score Value Score

(Khurram Jahangir Mughal)

OG-I/Section Incharge (MIS)

Regional Audit Office (C) Lhr MIS Section

Regional Audit Office (C) Lhr MIS Section
Regional Audit Office (C) Lhr MIS Section
Regional Audit Office (C) Lhr MIS Section
 I Off-line
II On-line (WO)
III On-line (WL)
V

EBS
BBO

Yes
No
Not Audited
A
C
D
Accepted
Outstanding
Not Audited

Regional Audit Office (C) Lhr MIS Section

 Present
Partially Present
Absent

Not Audited

Absent
Not Updated/ Not Audited
Present & Updated

0
Less than 4
4 or More
Not Audited

With in Due Date

Delay more than 15 days
Not Audited
Delay Not more than 15 days

Regional Audit Office (C) Lhr MIS Section

Regional Audit Office (C) Lhr MIS Section