(INFORMATION TECHNOLOGY SECTION)
TO ALL OFFICES
DATE : 16.01.2006.
INFORMATION TECHNOLOGY CIRCULAR NO: 03/2006.
INFORMATION TECHNOLOGY OPERATIVE GUIDELINES .
Detailed guidelines
with regard to computerization branches were circulated to all offices from time
to time.
Guidelines
in respect of computerized branches have been consolidated by subsuming the
operative part of subsequently issued circulars as per Annexure
Incumbent Incharge of the
branches are advised to adhere to the guidelines contained in Annexures for
meticulous compliance..
GENERAL
MANAGER
Encl: As above(I
to IX)
(Annexure
to Circular No: 3/2006)
Annexure-I
Reg
: Guidelines for Operation/Maintenance of Computers.
Introduction :
Competition in providing banking and financial services today is fierce. In order to take up increasing work load at the branches, provide improved customer service and ensure better house keeping, bank has taken up computerization at branch level in a big way. Bank has fixed the target of computerization of all the branches upto 28/02/2006. For this purpose the bank has introduced the bilingual software named "BANCMATE" developed by M/s. Natural Technologies (P) Ltd., Jaipur with extensive customization support provided by PNB and the customization team of RRBs Sponsored by PNB. This is a total Branch Automation Software Package: Various options available in the software are listed in the main menu are as under: -
Passwords :
The super user password should not be used for Routine work and it should not be disclosed to anyone including vendor. The following steps be used for passwords control.
(a) Each operator/supervisor should have unique user-ID.
(b) All persons working on computer should use their own user 10 and Password. A person should not be allowed to work on computer using other's password.
(c) In order to ensure proper security and control, passwords should be changed periodically (15days)
(d) Passwords are privileged in formation and therefore should not be disclosed to anyone.
(e) One can change one's own password, if it exists already. However, in case an old password has to he cancelled or a new one has to be created, the Manager will do it through his/her function making corresponding entry in the authorized user register.
(f) Manager's password will be put in a sealed cover and kept under double custody. In the absence of the Manager, the officiating person will open this cover and use the password only for the purpose of changing it. This is to be recorded in the authorized user/deviation register and thereafter he/she should use the new password, which will be changed again, when the permanent in charge Manager resumes duty.
A declaration in the following format is to be obtained from persons working on computer :
I .declare that while working on computer as operator/supervisor during the discharge of my duties, I will insure strict confidentiality of my password permitting me access to computer.
Sign. Name Designation
Name .
Designation
Place :
Date :
(g) Software provided a feature for identifying persons, who operate the Machine. In other words all transaction entered into the computer alongwith the User-ID of the persons entering the data and that of person authorizing it. While generating reports, User-ID of the person are printed on the report for verification. This will help in fixing responsibility on the concerned staff.
Custody of Keys of
Computers:
In the morning the respective keys will have to handed over to concerned staff: against their signature, who should keep the keys under their custody during operations. In the evening after completion of operations the keys are to be collected back and should be kept under joint custody/custody of two officials. The duplicate keys are to be entered in the key register and kept in the cash sale under joint custody.
Back up Operations :
As a precautionary measure against loss of data due to any reason, it is necessary to maintain separate copies of the Important master and transaction data on backup media. The procedure of copying and storage of data as a contingency measures is called backup operation. It is generally taken at the end of the date.
Ψ Backup Media should be kept in tire proof cabinet under dual custody.
Ψ Backup for 3 working days immediately proceeding the current date for both transaction and master tiles should always be available in the branch.
Ψ Month end backup should always be taken and the backup media be properly preserved..
Ψ Backup of latest version of the software package provided by the vendors should be preserved in the branch.
Ψ
One set of backup media should be stored at the nearest branch
i.e. off site preferably daily or at least on weekly basis. One set of month end
backup taken on backup media is also to be maintained ill a nearby
branch/office. This is part of contingency planning and in case of any major
disaster. th..: operation can be resumed with the help of off side backup.
Precautions to be
taken:
Error free backup of data is to be taken out on backup media everyday without exception. If any error message is flashed/displayed it should be immediately taken note and necessary remedial measures be initiated.
Ψ Such backup taken every day should be preserved for a minimum period of 7 days so that in case of latest backup being corrupted backup of earlier days are available to resume operations.
Ψ Backup taken at the end of the month are to be preserved permanently. Retention period will be as applicable to ledgers in manual system.
Ψ
Detail of backup should be entered in the backup register.
Maintenance of
Records:
In any mechanized system one of the most important aspects is maintenance of records and data as the data is no longer available in visible or readable format. Data is stored and retrieved only by use of software package and therefore it becomes essential to maintain appropriate records for proper control over entire operations. The reports can be classified as under :
(a) Transaction Reports: (Cash Book, '1'1'. Journal, Clg. Journal)
(b) Accounting Reports : (Long Book, Day Book, System voucher report. GL effected head etc.)
(c) Control Reports: Exceptional Transaction, Access log, Check print temporary OD, Rejected transactions.
(d)
Balancing Reports: Balance Book.
(e) Ledger Prints:
(f) Other Reports: Cheque Book issue register, standing instructions, Stop payment. Limitation, Nomination etc.
Check Sum:
One of the salient features of computer software is printing/displaying a control number called checksum. This is generated by the Machine at the end of the day. During next day, the machine ask for the checksum at the Day begin and verities it with the information available with it. In case the two figures do not match the system warns that the data has been tampered with and should not be used. Long book should be generated again to ascertain that there is no tempering with the data and Day end back up should be restored and checksum be generated again.
Control over Print
outs:
(1) All reports generated from computer should be signed by the operator and checked by the officer/Manager.
(2) Report such as Access log, Exceptional transaction. Rejected transactions, Checksum. GL effected head reports should be signed by the operator and the Manager himself.
(3)
Reports are to be tiled in separate folders and their preservations
period is as per existing bank guidelines applicable to manual operations.
Control over CTDS/Floppies
etc. :
CTDs/Floppies are considered as security items for all purposes. All precautions applicable for security forms are to be strictly adhered to. Damaged media should be kept separately so that they do not get mixed, lip with other floppies/CTDs/DAT in use.
Ledger Printing
Ledger sheets for all A/cs. are to be printed quarterly
for the 1ST three quarters. At the end of the 4th quarter
the ledger sheet are to be printed for full financial year and the ledger sheets
printed for the earlier 3 quarters are destroyed. The sheets should be got bound
after mentioning the period should be preserved as per manual system.
Registers:
The following register are to be maintained:
(A) Stationery Register: Enter detail of Stationery bought for computer use and taken issued for use.
Backup Register
(B) Vender Visit Register
(C) Error Rectification Register
(D)
Authorized Register
(E)
Checksum Register
(F)
Daily Balance Register for all Heads
SF. RD. FD.TL. AS THE CASE MAY BE
|
Date |
Balance as per GL |
Balance as per Balance Book |
Diff. if any |
Sign. of Operator |
Sign of Officer / BM |
|
|
|
|
|
|
|
REGISTERS FORMATS :
Backup Register
Machine No._________________
|
Date |
Time |
CD No. |
Line of content of CD |
Operators user ID Sign. |
Officer user ID Sign. |
|
1 |
2 |
3 |
4 |
5 |
6 |
|
|
|
|
|
|
|
Backup Media
Index/Details Register Part- I
Floppy /CT/DAT Details :
|
Date of issue |
Floppy/CT/DAT No. |
Issue to |
Purpose |
Computer No. & Application for which it is used. |
Sign. of Receiver |
|
1 |
2 |
3 |
4 |
5 |
6 |
|
|
|
|
|
|
|
Backup Media Index/
Register Part- II
Floppy Index :
Floppy /CT/DAT Number Dt. Of issue Dt. Of intil use
|
Date |
Floppy/CT/DAT No. |
Contents |
PC No and application for which it is used |
Signature of person who used it |
Sign. of Custodian |
|
1 |
2 |
3 |
4 |
5 |
6 |
|
|
|
|
|
|
|
Error rectification
Register
|
Date |
PC No. |
Application |
Transaction No. |
A/c. No. |
Nature of Error |
Amt. Envolved if any |
Rectification detail |
Used ID of Operator |
Signature of Officer |
|
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
|
|
|
|
|
|
|
|
|
|
|
Authorised user Register
|
Date |
Name of user |
User ID |
Level of Operation & purpose |
Introducer Detail |
Signature |
||||
|
|
|
|
|
Name |
User ID |
Level |
User |
Introducer |
|
|
1 |
2 |
3 |
4 |
5a |
5a |
5a |
6a |
6b |
|
|
Dt. Of closer of user |
Who closed the user |
Reasons for closing the user |
|
|
7 |
Level |
ID |
|
|
|
|
|
|
Machine Break
Down/Vendor Visit Register :
Vendors Name and
Address :
..
Contact person &
Telephone No. :
..
|
Date |
Time |
Nature of problem |
Action taken by branch |
Name of vendors representative who attended the problem |
Time arrival |
Time departure |
Rectification detail |
Status |
Signature of officer |
|
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
|
|
|
|
|
|
|
|
|
|
|
Balances are to be taken from the computer. Periodicity will be the same as the manual operation, These should be flied in folders, The Balance printout should contain the certificate as under :
Balance as per Ledger .
Balance as per GL Head .
Sign of Operator .
Sign of Officer .
Operations:
Operator should put rubber stamp and the transaction number generated by the system along with his/her initials on all the source documents (Vouchers etc.) from which transactions are entered. Officer should check the entry posted by the operator with the voucher and after finding its genuiness and ensuring that vouchers/instruments posted bear the necessary rubber stamp and initials of the operator should authenticate it. The format of the Rubber Stamp is suggested as under :
Transaction No. ___________________
Posted by ___________________
Checked by ___________________
General Guidelines:
Ψ Officer Order is to be issued to all staff members for Job allocations.
Ψ Guidelines for operation of computer should be got noted from the concerned staff members.
Ψ Officer who is authorized to start the Day open operation should collect the Keys of Computer from the BM/Concerned officials and perform his duty of Day Open. He/She then hand over the keys of' computer to be operated by operator to the operator.
Ψ The officer who is authorized Day end duties should perform this job and after generating the Mandatory Statements, handover the keys to the BM/concerned officials.
Ψ The following reports are to be mandatory generated daily - Cash Book. tr. Journal, CIg. Journal (Branch daily clearing), Long 800k, Day book, GL effected head, Exceptional transactions report, System Voucher Report.
Ψ All report should be checked from vouchers (as per existing guidelines of manual system) by the concerned officer and should be signed by the operator and the checking officer.
Ψ Exceptional Transaction, GL effected head should also be signed by the BM.
Ψ Checksum report should be signed by the 8M/Designated officials.
Ψ Morning checking is to be done by the concerned officer/8M with Long Book generated by the system at the time of Day end. Each and every entry must be checked with respective vouchers.
Ψ Whenever an operator/officer has to leaves his computer. he should logout/lock the computer so that no one can continue to work without authorized access.
Ψ Complete secrecy of password should always be maintained.
Ψ The Managers of computerised branches shall give a certificate in the MMC that final long book is being checked with the vouchers.
Ψ It must be ensured that vouchers are prepared for every transaction in the system.
Ψ A Register should be maintained for indicating change in parameters. Intt. chart. Intt. on loan /advances. Indicating the date of change and the changed rate.
Ψ It should be ensured that user ID in respect of employees transferred, resigned, suspended, terminated or taken out of computrised operations are deleted.
Ψ Random checking of user ID which have been reflected in the transaction report should be cross checked with the attendance register of the concerned date.
Ψ Random checking of non-financial transactions like changes made in rate, limit etc. should be cross verified from the control registers to ensure that adequate controls exists for modifying the parameters.
Ψ We are taking up the matter with the vendor for supply of manuals having operational guidelines of the software.
Ψ Random test checking of intt. applied, incidental charges debited be taken.
Ψ Computers is a part of branch SFF and therefore, they should be numbered and entered in the SFF Register.
Ψ A register be maintained for the problems faced.
Ψ Exceptional transaction report should be checked to ensure that exceptions done during the day have proper authorization. Manager and concerned officials should scrutinize the report minutely and put their initials against the entry authorized by them.
Ψ Signatures of operators/officers should be obtained daily on the transaction detail report in taken of having made/authorizing the entry under his/her password.
Ψ Before posting of intt. in A/cs. detailed Intt. Sheet print be taken, Intt. be checked and this intt. Sheet be kept ip folder for checking by the Inspectors.
All the incumbents In charge are advised to note these guidelines/instructions for meticulous compliance/safe guard the bank's interest.
Gen. Manager
(Annexure
to Circular No 3/2006)
Annexure-III
Reg
: Common Irregularities
observed in the computerised branches and
tips for good working.
Guidelines were issued from time to time for proper functioning of the software/computers. Some of the problem areas are as under:
Ψ Cash Book, Tr. Journal are not checked with vouchers and signed.
Ψ Morning checking i.e. long book is not checked with vouchers and signed.
Ψ All the prescribed reports are not printed, checked and filed.
Ψ Ledgers are not being printed.
Ψ There is no proper control over passwords.
Ψ Balance register for the on line Modules are not maintained.
Ψ A monthly certificate is to be submitted to Head Office as under :
Ψ "The software is functioning properly and all the books are tallied." If there is any problem. It should be reported.
Ψ Some branches are submitting untallied weekly. If such is the case the diff. be located, weekly be corrected manually and inform the LT. cell at Head Office for rectification of error immediately. It should also be entered in the error rectification register.
Ψ 3 more files of Backup with name as under be made and back up be taken at these times Current backup at 11.00 A.M.
12.00 noon
01.00 P.M.
Ψ In case the system develops any fault, restore the backup, pertaining to that time entry Before on lining of new Modules, I.T. cell at Head Office must be informed so that discrepancies are checked the time of on lining of Module.
Ψ Before on-lining the Modules the Master print outs are to be printed, compared with original, signed and kept in safe custody for permanent record. It is the base record on which the computer is functioning. Please refer our cir. No. 47/03 dated 22/10/2003.
Ψ The super user password should not be used for authorization of entries.
Ψ In case of problems in Hardware, complaint be lodged at HCL, Jalandhar (Tel. No.2225039), get the. complaint number and enter it in the vendor visit register (Hardware). If the complaint is not solved within 24 hours, inform the GAD Cell at Head Office.
Ψ On the front page of the computer register, note the branch code and Bank code and data base. In case the hardware get damaged the data is to be restored in other computer.
Without these codes data cannot be restored. Please treat is urgent. It can be seen My Computer-C Drive-Windows-Bancmate-It will display the required code.
Ψ Tr. Journal should not be disbanded.
Ψ In case the hardware get damaged, inform the NIC, Gurdaspur (TeI.223034,35) [Electronic equipments ins. Cover note No.19185 period from 24/05/04 to 23/05/05] for the same, get the surveyor deputed and follow up till the receipt of the claim. Copy of the letter be also forwarded to GAD section for information & follow up.
Ψ Balances be printed. Note be given on it as prescribed, sign it and file it in the balance file as per prescribed norms.
Ψ MMC be submitted on the prescribed new format.
Ψ If there is overdraft in the deposit A/cs., it should be immediately reported to Head Office.
Ψ Before on-lining new modules, first set parameters as per Bank Rules.
Ψ Computer audit is to be conducted by the inspectors, Area Manager & sr., Managers at regular intervals.
Ψ While feeding the existing A/c. of SF the last transaction date be given on which actual Dr./Cr. Was made in the A/c. (excluding intt. entry), otherwise the system will not transfer A/c. to in-operative/unclaimed category on the actual date on which it falls due. However, in case of loan A/e. the system will calculate the intt. from the last date of transaction.
Ψ As the MMC is to be submitted on new performa. A daily balance register be maintained at the branch as under:
GL Head - SF
|
Date |
Balance as per GL |
Balance as per ledger |
Diff. If ant |
Sign. of operator |
Sign. of officer/B.M. |
Remarks |
|
|
|
|
|
|
|
|
Similarly is the case of RO, FD, Loan, Sundry, Suspense etc. Allot few pages to each head in a register.
Ψ Master data creation should be done from a reliable person. Head Office has not made arrangement with any person. It is the responsibility of concerned B.M. He should not be allowed to any other work, except data feeding. In some branches they have changed the parameters thus causing problems. Password should not be disclosed to them. A password for data entry be made and allot to them & delete the same after MDC is created.
Ψ After calculation of intt. and before its posting, detailed intt. sheet be printed, intt. be checked.
General Manager
ANNEXURE-IV
(Annexure to Circular No. 3/2006)
REG
:
GUIDELINES FOR PASSWORD.
Purpose
The guidelines for password details the steps required
for creating strong passwords for: the information infrastructure, management
& protection of the passwords against misuse.
The guidelines for password extends to all the employees information systems resource available in the Bank at any place.
Responsibilities
The responsibility of effective implementation of guidelines for passwords lies with all the employees of the Bank involved in creation of passwords.
Guidelines
Passwords are an important aspect of security. They are the front line of protection for user accounts. A poorly chosen password may result in the compromise of Bank's entire network.
The password selection should be done by keeping the following factors into account :
Ψ A password should be a combination of mixed case alphanumeric characters.
Ψ Password should be minimum 6 characters in length
Ψ As a general rule the following character sets should be included in every password.
o Uppercase letter such as A,B,C;
o Lowercase letters such as a,b,c;
o Numerals such as 1,2,3; and
o Special characters such as $, ?, &
Ψ A password that can be memorized easily should be used, so that it need not be noted down.
Ψ A password that can be typed quickly without much effort should be used. This makes it harder or someone to know your password by standing in close proximity.
Ψ A password that is easy to remember by the user and difficult to guess or break by other should be used.
Ψ Due care should be taken to change passwords at periodic intervals as the system/application of the Bank demands and the guidelines in force.
o Password of key role-holders such as System Administrators should be preserved and held under dual control in a sealed envelope kept in a fire resistant cabinet stored in a secure location so as to enable access to an identified authorized person in the event of an unavoidable circumstance arising out of the absence of the password holder/s.
o Passwords must be changed at regular intervals, and should be chosen privately by the individual users.
o Password changes must be forced in the System/application software by putting in place a specific expiry period after which a user's password should not be accepted.
o After a predetermined number of failed attempts the system should not allow the user any access and a lockout must be activated.
o Reusing of password should not be allowed.
DON'ts while selecting a password:
o Do not use first or last name in any form.
o Do not use spouse or partner's name or that of children.
o Do not use any other information easily attributable to the user like vehicle registration numbers, telephone numbers, social security numbers, the branch of automobile, home or street name etc.
o Do not use a password of all digits, or all alphabets as it significantly increases the portability of crack on password being successful.
o Do not use a word contained in the dictionary.
o Do not ever use a password shorter than six characters.
o Do not reveal a password orally over the phone/e-mail etc. to anyone including the superiors and do not talk about a password in front of others.
o Do not hint at the format of a password, as it is likely to give a clue to someone.
o Do not share a password with family members/co-workers.
o Do not use the "Remember password" feature of applications;
o Do not write down passwords/store them anywhere in office;
o Do not store passwords in a file on any computer system without encryption;
If any account or
password is suspected to have been compromised, escalate the incident to the
concerned Higher Authority for appropriation action.
There is no exceptions to the above guidelines.
These are general guidelines. However, in addition to above, specific guidelines may be issued from time to time, which needs to be adhered to.
Gen. Manager
ANNEXURE-V
(Annexure to Circular No. 3/2006)
REG : REPORT ON
COMPUTER AUDIT.
We are aware of the benefits of adopting new technologies and
computerization. But it needs to be understand that technology changes the
business processes and we are embarking on an unchartered territory as far as
control are concerned. As Control Vigilance Commissioner said, technology is a
way like Lord Vishnu, who is described as "bhagia krita bhagia narhana".
He is both the 'creator of fear and destroyer of fear'. So if proper
check and guidelines are not adhered, it .lci1ds to frauds but if these both are
observed, we can check frauds.
Guidelines are issued from time to time for upkeep and functioning
of computers. We have prepared a Report on Computer Audit (Annexure enclosed).
Inspectors while conducting the regular inspection will fill this report and
handover to the Branch Manager with Inspection Report. Similarly, Area Managers
and Senior Managers while conducting the short inspection will conduct the
Computer Audit and submit the report to B.M. and copy to Inspection Cell, Head
Office.
Gen. Manager
Encl: as above
Branch: . Area: . Distt. : ..
Date of Audit
Note :
1. The expected response to each point is positive (Yes) but if any negative response (No) is observed, it should be treated as a problem area existing in the branch.
2. One copy of the report is handed over to the branch and the acknowledgement copy to be submitted to Head Office.
|
|
|
Yes |
No |
Remarks |
|
1. |
Safeguarding of Assets: |
|
|
|
|
|
A. Physical Security |
|
|
|
|
1.1 |
Computer is being kept in safe and good condition |
|
|
|
|
1.2 |
Printer is being kept in safe and good condition |
|
|
|
|
1.3 |
UPS is being kept in safe and good condition |
|
|
|
|
1.4 |
No load other than of computer and printer is connected to UPS system. |
|
|
|
|
1.5 |
Anti-Virus software is loaded on the computer |
|
|
|
|
1.6 |
All computer hardware items are properly numbered |
|
|
|
|
1.7 |
Inventory Register of hardware items is properly maintained |
|
|
|
|
1.8 |
Circulars related to computer operations and user manuals are properly maintained and are in knowledge of all staff members. |
|
|
|
|
|
B. Logical Security |
|
|
|
|
1.9 |
Control
over creation/addition/deletion of users is exercised. |
|
|
|
|
1.10 |
Number of
Supervisor users is limited to 2 or 3 |
|
|
|
|
1.11 |
Users acknowledge allotment and use of User-ID (User Name) in password register. |
|
|
|
|
1.12 |
User names are as per banks service records |
|
|
|
|
1.13 |
Access levels of users commensurate with the duties allotted. |
|
|
|
|
1.14 |
Each officer/staff has only one user-ID |
|
|
|
|
1.15 |
Passwords are changed at periodic intervals by the users. |
|
|
|
|
1.16 |
User log out when leaving the work table each time |
|
|
|
|
1.17 |
User-Ids of staff transferred, suspended or on long leave are deleted. |
|
|
|
|
2. |
Data Integrity: |
|
|
|
|
|
A. Input Controls: |
|
|
|
|
2.1 |
Master printouts are complete, correct and bear authentication |
|
|
|
|
2.2 |
Transactions are scrutinized with source documents and authorized |
|
|
|
|
2.3 |
Input source documents (e.g. cheques, vouchers, other instruments) bear authentication for data entered/authorized. |
|
|
|
|
2.4 |
Register is maintained up-to-date for input of limits sanctioned, drawing limits and interest rate slabs in advance accounts |
|
|
|
|
2.5 |
Changes in limit sanctioned and interest rate slabs are input timely and confirmed immediately |
|
|
|
|
2.6 |
Total number of input source documents (voucher) is tallied daily with cash book/summary report |
|
|
|
|
2.7 |
Status of inoperative accounts is appropriately changed to frozen or account is closed and balance transferred to dormant account. |
|
|
|
|
|
B. Process Controls: |
|
|
|
|
2.8 |
Day end is being on same day |
|
|
|
|
2.9 |
Consistency check is carried out daily |
|
|
|
|
2.10 |
Interest calculation/application in advance accounts is done timely |
|
|
|
|
2.11 |
Minimum balance chargescalculation/application in SB.CD accounts is done on regular basis |
|
|
|
|
2.12 |
Folio charges calculation/application is done regularly |
|
|
|
|
2.13 |
TOD charges calculation/application is carried out daily. |
|
|
|
|
2.14 |
Date seal is being done regularly and dates are not being left open for more than 7 days. |
|
|
|
|
2.15 |
Data prior to current six months has been purged |
|
|
|
|
|
D. Output Control: |
|
|
|
|
2.16 |
Following computer reports are generated, scrutinized and available: Ledgers, jottings, supplementary, transaction logs, day end reports |
|
|
|
|
2.17 |
Interest applied report, charges applied report are generated and are available. |
|
|
|
|
2.18 |
Output/reports are checked, signed and filed chronologically, bound, stacked and available. |
|
|
|
|
3. |
Backups: |
|
|
|
|
3.1 |
Backups are taken and preserved as per system and procedure prescribed by head office |
|
|
|
|
3.2 |
Day wise and date wise backup daily |
|
|
|
|
3.3 |
Date wise backup on Zip disk daily |
|
|
|
|
3.4 |
Zip disks are kept in cash safe |
|
|
|
|
3.5 |
One set of backup on zip disk is being started outside the branch |
|
|
|
|
4. |
General |
|
|
|
|
4.1 |
Computer functioned certificate is being sent to head office every month end. |
|
|
|
|
4.2 |
Computer training has been imparted to all concerned personnel |
|
|
|
|
4.3 |
Last report on computer audit has been complied with |
|
|
|
|
4.4 |
Computer operation register for maintaining record of hardware/software problems, password creation/deletion maintenance, important dates as of entries is being properly maintained and is being kept up to date |
|
|
|
|
4.5 |
Telephone numbers of contact persons and their names, who should be contacted in case of problem are properly displayed |
|
|
|
|
4.6 |
Adequate control is exercised to ensure proper use of computer stationery |
|
|
|
|
4.7 |
Balances of all the on line modules are tallied as per guidelines issued vide cir. No .. dated and there is no over draft in deposit A/cs. For the period since last inspection. |
|
|
|
Date : .. Signature : ..
Place : . Name of Auditor: ..
ANNEXURE-VI
(Annexure to Circular No. 3/2006)
Reg : Transferring of Ales.
to NPA category.
The loan A/cs. which become NPA are to be transferred to NPA category. The procedure for this purpose to be adopted in Computer is as under :
Operation _ NPA _ NPA Marking Single A/e.
Ψ Give the name of Activity then open the Window.
Ψ Now write the A/c. No.____________, Give new Asset class, Date of NPA and then enter the amt. of Intt. to be derecognized (if not automatically come). After this Authorize the NPA marking.
Note: System will automatically debit the derecognize Intt. from the income and credit to Sundry Provision NPA. Only Manual vouchers are to be made for record.
Security Value:
If the borrower has sold the security. Its value can be made Zero from the following option:
Operation _ Account _ A/c. Edit-Credit limit - Suspension of security. Then authorize the same.
Debit in NPA A/cs. :
If any amt. like BC letters amt. or other charges are to be debited in the NPA A/e., these are to be debited from the following option:
Operation _ NPA _ NPA entry.
(Please do not debit in NPA A/cs. through voucher option).
Transferring of Ale. from NPA to Standard:
If any account is to be transferred from NPA category to standard. Do it. From the following option:
Operation _ NPA _ NPA to standard.
Give account type, select the A/c. which is to be transferred. Click the box. Then click on OK and save. Then authorize it.
General Manager
ANNEXURE-VII
(Annexure to Circular No. 3/2006)
REG
:
REVISION IN THE FORMAT OF MANAGER'S MONTHLY CERTIFICATE (MMC)
Manager's Monthly
Certificate (MMC) is a crucial return which is required to be submitted by the
Incumbent of the branch to H.O. at the end of every month. Through this return,
the Incumbent reports the status of vital aspects of housekeeping like position
of balancing of books, physical verification of security forms and
assets/securities etc. charged to the Bank which directly impinge on the safety
of Bank's interests.
The existing form has been
in use for a very long time and was designed to cater to the requirements of
manual banking operations. However, at present 33 offices of our Bank have been
computerized and the remaining are likely to be computerized in this year. This
has necessitated a re-orientation in the monitoring of house keeping of a
branch.
In view of the above, it
was fell necessary to revise the existing MMC form so that it is compatible with
the changed requirements in the computerized environment. Accordingly, the
existing MMC form has been revised and a copy of the same is enclosed for the
record and information of the branches/offices.
Some columns of the revised
format are not applicable for the time being but these were included keeping in
view the future changes in the system. BMs should write N.A. in these columns.
However, all the columns must be filled, if any column is left blank, it will be
assumed that all is O.K. in this head.
All the Incumbents are advised to send MMC for the month of July 2004 onward on this revised format to Head Office.
Gen. Manager
Encl : as above
From BO : to Head Office
Managers Monthly Certificate (MMC) for ..
|
Sr. No. |
Particulars |
Frequency |
Date when last tallied & verified by the authorized official |
If un tallied up to date, steps taken for tallying for same be given |
PART A TALLYING OF BALANCES
|
01 |
Cash Credit Accounts |
Daily |
|
|
|
02 |
Overdraft accounts |
Daily |
|
|
|
03 |
Current accounts |
Daily |
|
|
|
04 |
Call deposit accounts |
Daily |
|
|
|
05 |
Saving fund accounts |
Daily |
|
|
|
06 |
Recurring deposit accounts |
Daily |
|
|
|
07 |
Fixed Deposit accounts |
Daily |
|
|
|
08 |
Demand loan accounts |
Daily |
|
|
|
09 |
Term loan accounts |
Daily |
|
|
|
10 |
Non-performing assets accounts |
Daily |
|
|
|
11 |
Protested non-borrowal accounts |
Daily |
|
|
|
12 |
TT payment account |
Daily |
|
|
|
13 |
Draft payment account |
Daily |
|
|
|
14 |
Imprest accounts reconciliation |
Weekly |
|
|
|
15 |
Bills purchased and bills discounted |
Fortnightly |
|
|
|
16 |
Cash order account |
Monthly |
|
|
|
17 |
Suspense account |
Monthly |
|
|
|
18 |
Sundries account |
Monthly |
|
|
|
19 |
Travelers cheques and gift cheques payable accounts |
Monthly |
|
|
|
20 |
Mini Deposit accounts |
Monthly |
|
|
|
21 |
Bankers accounts reconciliation |
Monthly |
|
|
|
22 |
CDS (ITP) accounts |
Monthly |
|
|
|
23 |
FOBP/FOUBP/FOBNL/FOUBNLC |
Monthly |
|
|
|
24 |
Inward bills (inland & forgien) |
Monthly |
|
|
|
25 |
Head Office A/c. reconciliation |
Monthly |
|
|
|
26 |
Outward bills (inland & foreign) |
Monthly |
|
|
|
27 |
Suspended interest |
Quarterly |
|
|
|
28 |
Derecoginzed interest |
Quarterly |
|
|
|
29 |
Inoperative accounts (including more than 10 years |
Half yearly |
|
|
|
30 |
Impersonal accounts |
|
|
|
|
|
a) Overdue term deposits |
Half yearly |
|
|
|
|
b) Margin money (LCs & BGs both inland & foreign) |
Half yearly |
|
|
|
|
c) Claims received from organization like DICGC, CGO, CGFT, ECGT etc. |
Half yearly |
|
|
|
|
d) Specify, if any other |
Half yearly |
|
|
|
31 |
Acceptance, Endorsement and other obligations |
Half yearly |
|
|
PART B TALLYING OF BALANCES AND PHYSICAL CHECKING
|
Sl. No. |
Particulars |
Frequency |
Date when last tallied, verified and physically
checked by the authorized official |
If untallied upto date, steps taken for tallying
the same be given. If not checked physically, reasons therefore be given |
|
32 |
Cash Balance including foreign currency |
Foftnighly |
|
|
|
33 |
Petty cash and cash/stamps for postage and telegram |
Monthly |
|
|
|
34 |
Stamps in hand and stock |
Monthly |
|
|
|
35 |
Stock of traveler/gift cheques |
Monthly |
|
|
PART C PHYSICAL CHECKING
|
Sl. No. |
Particulars |
Frequency |
Date when last physically checked by the
authorized official |
If found short, give details and inform action
taken |
|
36 |
Inward bills (inland and foreign) |
Daily |
|
|
|
37 |
Stock of security forms |
Monthly |
|
|
|
38 |
Articles in safe custody |
Monthly |
|
|
|
39 |
Shares, debentures and Government securities |
Monthly |
|
|
|
40 |
Parcels outstanding |
Monthly |
|
|
|
41 |
Furniture and fixtures, besides banks vehicles have been verified physically and are in good condition. |
Half yearly |
|
|
PART D GENERATION AND CHECKING OF REPORTS
|
Sl. No. |
Particulars |
Frequency |
Date when last checked by the authorized official |
In case o no-compliance, give reasons |
|
42 |
Exception report & temporary draft (TOD) report |
Daily |
|
|
|
43 |
Users are activated/de-activated as per daily arrangement register, list of active users is checked daily and passwords of ID users, who have been transferred from the branch or retired from the Bank, have been deleted |
Daily |
|
|
|
44 |
Outstanding in proxy accounts are generated and checked daily. All proxy entries are adjusted with in three days. (Applicable for CBS branches) |
Daily |
|
|
certified as under
01 Cash including foreign currency is being held in the joint custody of Manager / Officer and C / C.
02 All stock, pledged / hypothecated with the bank have been inspected, correctly valued got fully insured (wherever necessary) and are in good condition. Shortage and / or old stocks, wherever observed, have been reported to the Higher Authorities.
03 All other securities, including the vehicles, hypothecated to the Bank, have been inspected as per terms of sanction / Head Office guidelines and are fully insured. Exceptions, if any, have been reported to the higher Authorities.
04 All Know your Customer (KYC)and Anti-Money Laundering norms have been fully complied with in respect of all the accounts opened during the month (exceptions, if any are in the annexure).
05 Proper record of cash deposit and withdrawals of Rs. 10 lakh and above has been maintained in the prescribed Register (PND-1021) and fortnightly reports have been submitted to Head Office.
06 Morning checking has been done daily as per the Banks guidelines.
07 there is no delay in remitting TDS (of any kind) to Central Government Account.
08 Head Office A / c. statement has been submitted to head Office for this month.
09 interest, wherever applicable, on delayed collection of cheques / drafts has been paid during the
i) No. of instances of delay .
ii) Amount of interest paid Rs .
All guidelines relating to clean Note Policy of RBI are being strictly adhered to.
11 Certified that all the eligible loans for sanction of refinance from various institutions have been lodged with Head office.
12 All the lease deeds in respects of lockers are held on record and keys of all the lockers are duly entered in the relevant register and held on record.
13 Back ups of day to day operations are being taken as prescribed by the bank and are kept safe at off site locations.
NAME ..
Date
:
..
Note :
.
i)
Before singing, pleased go through the above certifiecates
carfefully and explicity indicate those which are either not complied wi8th or
not applicable.
ii)
Use separate sheet / s wherever required.
ANNEXURE-VIII
(Annexure to Circular No. 3/2006)
Reg
: GENERATION / MAINTANANCE / PRESERVATION OF REPORTS.
Printouts of
reports which are also applicable to manual system have the same rules regarding
custody and controls as prescribed in the book of instructions. Other reports
which are computer specific should be treated at per with ledgers in manual
system as same guidelines are applicable in computerised environment also.
Exceptional Transactions Reports, Access Log, however must be kept in dual
custody of Incumbent Incharge and another officer/2nd man. The period
of preservation should be same as applicable for manual ledgers.
Maintenance of reports and data is one of the most
important aspects, as the data is no longer available and visible or readable
format. Data is stored and retrieved only by use of software package and
therefore, it becomes essential to maintain appropriate record for paper control
over entire operation. The reports can be classified into following major
categories :
a) Audit trails transaction listings.
b) Accounting reports.
- Long book
- Day book
- Cash book
c) Control reports.
- access log
- exception transaction
- checksum
d) Balancing reports
_ Balance book
e) Ledger Prints
f) Other reports
_ Cheque book issue
_ standing instructions
_ stop payment
g)
Rejected transaction reports.
All reports/Printous to be clamed and field in separate folders of files in chronological order.
The
reports should be stored in safe
and secured place in the branch and all other guidelines for maintaining records
as stipulated in book of Instructions are to be strictly adhered to.
In order to maintain record and details of computerised operations, it is essential, to maintain Registers incorporating the details of backups, floppies, stationery etc.
Proper records are to be maintained in respect of the following :
A) CDs, Taps and their movement.
B) Computer Keys and their movement.
C) Stationery details.
D) Machine breakdown/maintenance/vendor visit.
E) Errors during operations and rectification details.
F) Backup users register.
Reports
form a crucial component of the computerised environment. As such utmost care
and precaution should be taken for their generation,
maintenance and precaution.
Different
reports are being generated in an
automated environment. These reports are of
different periodicity, necessity and have relevance to various banking
requirements and also for the purpose of fixing accountability.
GENERATION OF REPSORTS
The different reports to be generated are :
A.1 : Daily : House-keeping
1. Long book
2. Cash book
3. Transfer Journal
4. Clearing Registers (inward/outward)
5. Day book.
6. Standing Instructions Executed/Non Executed Register.
A.2 : Daily Control Reports.
1. Checksum report
2. Access log
3. Exception report
4. Affected report
5. Rejected transactions report
6. Audit trail (financial/non-financial/master data changes like limits/DP/Interest rates etc.
7. Deposits accounts with debit balance i.e. temporary overdraft.
8. List of active users.
B. Weekly :
1. Balance report of Cash credit and overdraft.
2. Weekly statement of affers.
3. Clearing imprest register.
4. Draft payable.
5. Deposit accounts with debit balance & advance accounts with credit balance.
C. Monthly :
1. Suspense/Sundries Outstanding Reports & Ledgers.
2.