<html><head></head><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div id="yui_3_16_0_ym19_1_1460003366048_88048"><span>My bad,</span></div><div id="yui_3_16_0_ym19_1_1460003366048_88048"><span><br></span></div><div id="yui_3_16_0_ym19_1_1460003366048_88048"><span id="yui_3_16_0_ym19_1_1460003366048_88082">CBK does provide comprehensive guidelines on IS/IT audits for banks as @</span></div><div id="yui_3_16_0_ym19_1_1460003366048_88048"><span><br></span></div><div id="yui_3_16_0_ym19_1_1460003366048_88048" dir="ltr"><span id="yui_3_16_0_ym19_1_1460003366048_88171"><a href="https://www.centralbank.go.ke/images/docs/legislation/risk-management-guidelines-january-2013.pdf" id="yui_3_16_0_ym19_1_1460003366048_88170">https://www.centralbank.go.ke/images/docs/legislation/risk-management-guidelines-january-2013.pdf</a><br></span></div><div id="yui_3_16_0_ym19_1_1460003366048_88048" dir="ltr"><br></div><div id="yui_3_16_0_ym19_1_1460003366048_88048" dir="ltr">Pg 53: ICT Risk Management.</div><div id="yui_3_16_0_ym19_1_1460003366048_88048" dir="ltr"><br></div><div id="yui_3_16_0_ym19_1_1460003366048_88048" dir="ltr">The guidelines are straight out of the ISACA manuals.</div><div id="yui_3_16_0_ym19_1_1460003366048_88048" dir="ltr"><br></div><div id="yui_3_16_0_ym19_1_1460003366048_88048" dir="ltr">So the problem is not that folks are not aware of what needs to be done. Perhaps it is a simple case of not doing what the regulation demands. With the new CBK governor cracking whip, perhaps things will improve - assuming he stays long enough before our MPs find a clause to delete him :-)</div><div id="yui_3_16_0_ym19_1_1460003366048_88048" dir="ltr"><br></div><div id="yui_3_16_0_ym19_1_1460003366048_88048" dir="ltr">walu.</div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1460003366048_88049"><br></div><div class="yahoo_quoted" id="yui_3_16_0_ym19_1_1460003366048_88055" style="display: block;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;" id="yui_3_16_0_ym19_1_1460003366048_88054"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;" id="yui_3_16_0_ym19_1_1460003366048_88053"> <div dir="ltr" id="yui_3_16_0_ym19_1_1460003366048_88052"> <font size="2" face="Arial" id="yui_3_16_0_ym19_1_1460003366048_88051"> <hr size="1" id="yui_3_16_0_ym19_1_1460003366048_88050"> <b><span style="font-weight:bold;">From:</span></b> Walubengo J via kictanet <kictanet@lists.kictanet.or.ke><br> <b><span style="font-weight: bold;">To:</span></b> jwalu@yahoo.com <br><b><span style="font-weight: bold;">Cc:</span></b> Walubengo J <jwalu@yahoo.com><br> <b><span style="font-weight: bold;">Sent:</span></b> Friday, April 8, 2016 4:23 PM<br> <b id="yui_3_16_0_ym19_1_1460003366048_88262"><span style="font-weight: bold;" id="yui_3_16_0_ym19_1_1460003366048_88261">Subject:</span></b> Re: [kictanet] Why ISACA is cracking the whip on individual auditors<br> </font> </div> <div class="y_msg_container" id="yui_3_16_0_ym19_1_1460003366048_88266"><br><div id="yiv4805268669"><div id="yui_3_16_0_ym19_1_1460003366048_88265"><div style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;" id="yui_3_16_0_ym19_1_1460003366048_88264"><div id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10508"><span id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10507">Mr. President Paul Roy,</span></div><div id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10565"><span><br clear="none"></span></div><div id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10509"><span id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_11380">I totally concur.</span></div><div id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10563"><span><br clear="none"></span></div><div id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10567"><span id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10566">We must stop the 'Enron' effect from consuming us in .KE</span></div><div id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10510"><span><br clear="none"></span></div><div dir="ltr" id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10512"><span id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10511">As for IS/IT Audits, I suspect that they are rarely (or perhaps shoddily) done since they seem not to be explicitly expected @</span></div><div dir="ltr" id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10512"><span id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_11162"><a rel="nofollow" shape="rect" id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_11161" target="_blank" href="https://www.centralbank.go.ke/index.php/regulations-and-guidelines">https://www.centralbank.go.ke/index.php/regulations-and-guidelines</a><br clear="none"></span></div><div dir="ltr" id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10512"><br clear="none"></div><div dir="ltr" id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10512">As such, Info Systems Audits tend to be an 'after-thought' executed after the Accounting professionals are with the Financial audits.</div><div dir="ltr" id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10512"><br clear="none"></div><div dir="ltr" id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10512">As the Ministry of ICT embarks on reviewing the ICT policy, this point should be at the back of our mind -how to lay the blueprint for future legislation around IS/IT audits.</div><div dir="ltr" id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10512"><br clear="none"></div><div dir="ltr" id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10512">walu.</div><div class="yiv4805268669qtdSeparateBR" id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10513"><br clear="none"><br clear="none"></div><div class="yiv4805268669yahoo_quoted" id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10529" style="display:block;"> <div id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10528" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;"> <div id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10527" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;"> <div class="yiv4805268669yqt0109894178" id="yiv4805268669yqt02433"><div dir="ltr" id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_11385"> <font id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_11384" size="2" face="Arial"> </font><hr size="1"> <b><span style="font-weight:bold;">From:</span></b> Paul Roy via kictanet <kictanet@lists.kictanet.or.ke><br clear="none"> <b><span style="font-weight:bold;">To:</span></b> jwalu@yahoo.com <br clear="none"><b><span style="font-weight:bold;">Cc:</span></b> Paul Roy <roykoikai@gmail.com><br clear="none"> <b><span style="font-weight:bold;">Sent:</span></b> Friday, April 8, 2016 2:55 PM<br clear="none"> <b><span style="font-weight:bold;">Subject:</span></b> [kictanet] Why ISACA is cracking the whip on individual auditors<br clear="none"> </div> <div class="yiv4805268669y_msg_container" id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10526"><br clear="none"><div id="yiv4805268669"><div dir="ltr" id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10525">Dear Listers,<div><br clear="none"></div><div>On November 13, 2015 I wrote to the CBK governor Dr. Njoroge expressing concerns over the conduct of audit firms in Kenya. Top of my agenda was to instill discipline to the auditors in Kenya and restore confidence to shareholders over reported state of their business. This was as a result of the collapse of Imperial bank with blames pointing to weak audit practices and some sort of collusion.</div><div><br clear="none"></div><div id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10524">As you may know, I am the current President of ISACA Kenya the body that certifies and regulates IT/System Auditors(CISA). ISACA has a code of conduct for all it's professionals working in the cybersecurity, assurance, audit and risk management functions. All certified members know that they are required to adhere to strict ethical standards.</div><div><br clear="none"></div><div id="yiv4805268669yui_3_16_0_ym19_1_1460062114377_10532">That's why in the wake of the mounting blames on poor audits and in particular IT audits, as an association we are going to investigate individual auditors and recommend that they are struck off their title should they be found culpable. Further we are going to work with CBK to enforce that all IT/System auditors must be fully certified and also be in good standing with professional bodies ICPAK, ISACA & others.</div><div><br clear="none"></div><div>By holding individuals accountable will help eliminate instances of collusion and professional negligence in performance of IT/System Audits and give shareholders and the regulator a true reflection of their financial institutions.</div><div><br clear="none"></div><div>Your views and suggestions are welcome.</div><div><br clear="none"></div><div>regards,</div><div><br clear="none"></div><div>Paul Roy Owino.</div><div>ISACA President.</div><div><br clear="none"><div><div><br clear="none"></div><br clear="none">
</div></div></div></div><br clear="none">_______________________________________________<br clear="none">kictanet mailing list<br clear="none"><a rel="nofollow" shape="rect" ymailto="mailto:kictanet@lists.kictanet.or.ke" target="_blank" href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a><br clear="none"><a rel="nofollow" shape="rect" target="_blank" href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet">https://lists.kictanet.or.ke/mailman/listinfo/kictanet</a><br clear="none"><br clear="none">Unsubscribe or change your options at <a rel="nofollow" shape="rect" target="_blank" href="https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com">https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com</a><br clear="none"><br clear="none">The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.<br clear="none"><br clear="none">KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.<br clear="none"><br clear="none"></div></div> </div> </div> </div></div></div></div><br><div class="yqt0109894178" id="yqt17190">_______________________________________________<br clear="none">kictanet mailing list<br clear="none"><a shape="rect" ymailto="mailto:kictanet@lists.kictanet.or.ke" href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a><br clear="none"><a shape="rect" href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" target="_blank">https://lists.kictanet.or.ke/mailman/listinfo/kictanet</a><br clear="none"><br clear="none">Unsubscribe or change your options at <a shape="rect" href="https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com" target="_blank">https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com</a><br clear="none"><br clear="none">The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.<br clear="none"><br clear="none">KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.</div><br><br></div> </div> </div> </div></div></body></html>