Audit Plan For An Internal Audit

1183 Words5 Pages
BACKGROUND According to the audit plan approved by GARC for 2016, an internal audit was undertaken of the IT function in Auckland in April 2016. For KVB Group, most of the IT services are delegated to BancLogix System Co. Limited in Hong Kong, a fully-owned subsidiary of KVB Kunlun Holdings Limited. BancLogix provides both IT operations and application development services for the whole KVB Group. A small IT operation team is based in KVB Kunlun International (HK) Limited to provide an infrastructure level and partial application level support to the listed company and its subsidiaries. There are two on-site IT support staff based in Auckland, who support both KVB Kunlun New Zealand Limited and KVB FX Limited. They report functionally to the IT operation team under the listed and non-listed companies in Hong Kong. There is also one IT developer based in Auckland reports to the development team in Hong Kong. Different from Group’s IT function in Hong Kong, IT operations in New Zealand had not regularly reviewed by the external auditor PricewaterhouseCoopers as part of their annual Financial audit for KVB New Zealand companies. However, New Zealand management engaged a local IT vendor, Spark Digital to review the KVB IT New Zealand infrastructure in June 2015. Spark’s audit report highlighted the aging IT infrastructure along with a general lack of maintenance as a critical risk to KVB’s business. After that, a “Top Down” replacement approach was proposed by New Zealand management in the “NZ IT Operations enhancement plan” in July 2015 to define and implement a new Information Technology strategy. RFP had been conducted and finally ICONZ had been selected as IT partner to implement this improvement exercise. IT infrastructure and... ... middle of paper ... ...to meet its requirements under the group IT blueprint, stronger internal or external IT resources need to be appointed to support this improvement exercise. As mentioned in Spark’s report and Group IT Hong Kong’s IA report, the current Auckland Disaster Recovery site for ForexStar is dysfunctional and lack of switch over testing. Although it is rather than only local IT’s responsibility, management should still pay attention since this is a requirement for FMA licensing application. Among a number of issues that need to be addressed, prioritised actions are required to improve the network security, clean up and make an accurate inventory of company IT asset which could be a basis for better access control and system maintenance. Works are also required in relation to service level management with suppliers as well as strengthen the physical security of IT assets.

More about Audit Plan For An Internal Audit

Open Document