Mr. President Paul Roy, I totally concur. We must stop the 'Enron' effect from consuming us in .KE As for IS/IT Audits, I suspect that they are rarely (or perhaps shoddily) done since they seem not to be explicitly expected @https://www.centralbank.go.ke/index.php/regulations-and-guidelines As such, Info Systems Audits tend to be an 'after-thought' executed after the Accounting professionals are with the Financial audits. As the Ministry of ICT embarks on reviewing the ICT policy, this point should be at the back of our mind -how to lay the blueprint for future legislation around IS/IT audits. walu. From: Paul Roy via kictanet <kictanet@lists.kictanet.or.ke> To: jwalu@yahoo.com Cc: Paul Roy <roykoikai@gmail.com> Sent: Friday, April 8, 2016 2:55 PM Subject: [kictanet] Why ISACA is cracking the whip on individual auditors Dear Listers, On November 13, 2015 I wrote to the CBK governor Dr. Njoroge expressing concerns over the conduct of audit firms in Kenya. Top of my agenda was to instill discipline to the auditors in Kenya and restore confidence to shareholders over reported state of their business. This was as a result of the collapse of Imperial bank with blames pointing to weak audit practices and some sort of collusion. As you may know, I am the current President of ISACA Kenya the body that certifies and regulates IT/System Auditors(CISA). ISACA has a code of conduct for all it's professionals working in the cybersecurity, assurance, audit and risk management functions. All certified members know that they are required to adhere to strict ethical standards. That's why in the wake of the mounting blames on poor audits and in particular IT audits, as an association we are going to investigate individual auditors and recommend that they are struck off their title should they be found culpable. Further we are going to work with CBK to enforce that all IT/System auditors must be fully certified and also be in good standing with professional bodies ICPAK, ISACA & others. By holding individuals accountable will help eliminate instances of collusion and professional negligence in performance of IT/System Audits and give shareholders and the regulator a true reflection of their financial institutions. Your views and suggestions are welcome. regards, Paul Roy Owino.ISACA President. _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

IT Audit for banks require very sharp-ended subject matter expertise. As someone smack in that space, it amazes us to see audit firms pretending and proposing to conduct IT Audits yet they have zero knowledge on how particularly, core banking systems work. On Fri, Apr 8, 2016 at 2:55 PM, Paul Roy via kictanet < kictanet@lists.kictanet.or.ke> wrote:

Dear Listers,

On November 13, 2015 I wrote to the CBK governor Dr. Njoroge expressing concerns over the conduct of audit firms in Kenya. Top of my agenda was to instill discipline to the auditors in Kenya and restore confidence to shareholders over reported state of their business. This was as a result of the collapse of Imperial bank with blames pointing to weak audit practices and some sort of collusion.

As you may know, I am the current President of ISACA Kenya the body that certifies and regulates IT/System Auditors(CISA). ISACA has a code of conduct for all it's professionals working in the cybersecurity, assurance, audit and risk management functions. All certified members know that they are required to adhere to strict ethical standards.

That's why in the wake of the mounting blames on poor audits and in particular IT audits, as an association we are going to investigate individual auditors and recommend that they are struck off their title should they be found culpable. Further we are going to work with CBK to enforce that all IT/System auditors must be fully certified and also be in good standing with professional bodies ICPAK, ISACA & others.

By holding individuals accountable will help eliminate instances of collusion and professional negligence in performance of IT/System Audits and give shareholders and the regulator a true reflection of their financial institutions.

Your views and suggestions are welcome.

regards,

Paul Roy Owino. ISACA President.

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/kmachuhi%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.