KARACHI, Dec 12: The State Bank of Pakistan (SBP) on Monday issued fresh guidelines for the security of information system in banks and development financial institutions (DFIs) asking them to carry out audit of their systems by an internal or a third party auditor.

“Banks and DFIs should get their IT services audited by internal or third party auditors to ensure that adequate security and controls are in place,” said a circular issued by the SBP.

The internal or third party auditors, so engaged, should review the IT related internal controls, evaluate and validate the effectiveness of control systems. The risk-based information system audit should also ensure that the banks and DFI’s systems and information technology are adequately secured, and are meeting the needs of the business, the circular added.

“The banks and DFIs are encouraged to establish an independent internal information system audit function for regular monitoring of IT organizational setup and activities,” said the circular.

The board and the management were asked to ensure that the independence, authority and accountability of the information system audit function are maintained and established by an appropriate organizational setup in line with the best international practices.

“The selection of new computer software ensuring its compatibility with internal controls and supervisory requirements is of paramount importance,” said the SBP.

The banks and DFIs were told to ensure a smooth switch-over from existing software platform to the new one, while managing the pace of its implementation.