[kictanet] CBK lacks tech savvy team to survey local lenders

Thu Apr 28 15:20:53 EAT 2016

Disclosure: bank's so called 'IT audit' is part of what puts food on table
in my house.

The correct approach is Enterprise IT audit; looking at (core) system,
data, processes. Then people and bank's strategy. Subject matter expertise
(SMEs) on core system is must have for most Kenyans bank's, but as ESB's
get adoption, that necessity will diminish.

The worst mistake bank's make is to get 'IT audit' from conventional
auditors. Technology side is cryptic, and unless you have someone who can
ask the right questions, auditors will be made to find out what the bank IT
team wants them to find out.

Central banks IT audit should simply be outsourced to SMEs. Experts will
not apply for employment with cbk.
Also, you will not yet find the SMEs registered with a sector association.
At the moment, highly qualified persons capable of doing a proper IT audit
are so few, the world needs them more than they need the world.

Unless central banks act fast (moreso in kenya), there will be faceless
banks operating outside the regulator. Purely driven by peer to peer and
non conventional delivery channels.

Km
On Apr 27, 2016 5:41 PM, "waudo siganga via kictanet" <
kictanet at lists.kictanet.or.ke> wrote:

> Hi Kivuva,
>
> My understanding, although of course open to correction, is that IT
> Systems Auditors are essentially certified auditors with specialist
> training and skills to audit "through" and "around" IT systems. I would
> envisage someone with an auditing qualification backed up with a
> supplementary qualification is systems auditing but at the end of the day
> this person is an AUDITOR. In addition the training for today's certified
> auditors already includes systems audit as a subject. So the key skill is
> auditing, supplemented by systems knowledge. If this is the case then these
> professionals are already covered under statutory provisions.
>
> Waudo
>
> On Wed, Apr 27, 2016, at 04:25 PM, Mwendwa Kivuva via kictanet wrote:
>
>
> On 27 April 2016 at 16:12, Paul Roy <roykoikai at gmail.com> wrote:
>
> Last - As long as I am a the helm of ISACA Kenya, I would like to open up
> our doors to the various experts within the industry who are willing to
> retrain IT auditors, IT Security professionals to consider ISACA as an
> ally. Let us work together, talk to me, come for one of the evening talks
> and let us grow and strengthen the profession.
>
>
> Hi Paul,
>
> Thanks for the elaborate reply.
>
> My main concern is if it's legislated that people with valid IT Systems
> Audit certifications are the only ones doing IT audits for public interest
> organisations. The way only Lawyers can only do certain duties, or CPAs. Is
> this something feasible?
>
> Regards
>
> ______________________
> Mwendwa Kivuva, Nairobi, Kenya
> twitter.com/lordmwesh
>
>
> *_______________________________________________*
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/emailsignet%40mailcan.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/kmachuhi%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20160428/42693584/attachment.htm>