Audit is one of the major management and technical activities to identify all the possible risks in any organization. A security audit is a type of audit that provides a fair and measurable way to examine how secure a system or site really is. In the very nature financial sectors especially, banks are more exposed to risk or security threat than any other sectors, while they are highly aggravated to adopt new technology. Although, security is a never ending process that requires continuous follow up but it is rapidly changing. Therefore, Banking industries frequently need to identify their current security status and adopt the required updated Information Security and audit.
The study has been conducted on the Ethiopian Banking Industry using mixed research method as a research paradigm and questionnaire and interview are used as a method of data collection. The survey result is used for identifying the readiness of banking industry to adopt security audit, identify the required criteria’s and advise the industry to come up to better security auditing process. Questionnaires were prepared based on ISO, NIST and ICT readiness check list for developing country. Finally the research proposes 12 minimum security requirements, auditors’ responsibility towards those requirements and presents the status of Ethiopian banking industry. Consequently, the total results of security implementation in Ethiopian banking industry based on survey study stood at 46.2%, which shows the industry is found in an embryonic stage of security audit readiness.
EBA® Volume 1, Feb 2015: for your further reading please refer https://www.linkedin.com/pulse/ethiopien-bank-industries-radinasse-information-audit?published=t
Shemlse G/Medhin Kassa, CISA, MSCS, CEH
Leave a Reply.