4
from legacy system to the CBS. It was observed that the cooperative banks under
the guidance of Punjab StCB have completed migration audit, whereas the other
cooperative banks visited have not attempted migration audit and also do not
have plans to go for it.
There were two types of amounts in the migra account, one is technical
suspense, which is due to non-finalization of the account heads from legacy
accounts to the CBS, which will be sorted out soon after finalizing the account
heads with their proper mapping. The second is the old unreconciled entries
which were pending for a long time, in some cases more than 5 years. Some
banks are giving attention towards reconciling the migra account while others
could not give any plans for migration audit. Audit of the data migration to
ensure accuracy of the data in legacy system and that posted to CBS, is not
conducted in the banks except Punjab StCB. In Punjab StCB also the migration
audit of its main branch was not conducted.
4.5 Audit Log-Ins
: In all the banks visited no User IDs were created for the
auditors / inspectors with the audit type user work class. The auditors were
getting information using User IDs of other staff in the banks. The Punjab StCB
indicated that NABARD Regional Office advised them to create only that number
of User IDs as the number of staff. This was misinterpreted by the banks that
other than bank staff, even auditors should not be given User IDs. However, the
Punjab StCB indicated that they have created one User ID for Audit type after our
discussions.
4.6 User Access to CBS
: Proper user access to CBS is essential for safeguarding
the authenticity of the transactions under CBS as well as prevention of frauds.
The banks need to have user access policy in their banks. However, none of the
banks visited have understanding of the user access policy which forms part of
their IT Policy. The discussion on the access of the CBS by the authorized
personnel and proper use of User IDs and passwords, with Gurgaon CCB,
revealed that they are unable to enforce the discipline as the staff members are
not keeping their user names and passwords a secret. As a remedial measure the
bank is planning for biometric authentication instead of password for the user
log-in process. This process of biometric access to CBS is seen in State Bank of
India. In Panchakula CCB, it was learnt that the User Ids of staff of the bank were
used by the temporary staff recruited by the bank. Due to staff shortage, the
bank has put in place more temporary staff than regular staff. There is no policy
in the bank for creating User IDs for temporary staff in CBS. Hence, in the
absence of User IDs for temporary staff, the IDs of regular staff were used by
them for day to day transactions. However, the regular staff were not aware of
the transactions posted by the temporary staff in their names. Hence, fixing the
responsibility for the transactions may not be possible in the system defeating
the very purpose of accountability.
4.7 Generation of Audit and Inspection Statements:
In the absence of
generation of reports from the CBS in all the banks, the banks are taking a print
file of the General Ledger Heads and working on them in MS Excel spreadsheet
