The IT audit consists of an evaluation of the information system: in terms of robustness with respect to security and reliability of data, and the availability of the system to carry out the business requirements.
Many MFIs in the process of transforming from small institutions to highly computerized institutions should now ensure a high level of security, reliability and availability of their information systems.
However, many MFIs lack the resources and procedures to adequately protect their IT systems and customer data. Controls and IT audit frameworks designed in other contexts (i.e., for financial institutions operating in more sophisticated technical environments) are not well adapted to bringing an MFI up to standard: their complexity and requirement levels are too demanding in most cases. It is therefore difficult for MFIs to set up adequate IT security and audit plans. At best, the issue will remain on the to-do list for the coming years.
HORUS has developed a pragmatic approach to helping MFIs improve IT security and risk management, using our proven audit methodology and based on the international ITIL and COBIT standard best practices.
Taking into consideration the actual technical and economic environment, our evaluations and recommendations focus on identifying the main risks and priorities.
A four-step approach