priyanndb_1.0

7/30/2019 priyanndb_1.0

1/71

Application Controls Review

Information Technology Risk and Assurance (ITRA)

NDB Bank PLC

E0

Cheque Book Management

7/30/2019 priyanndb_1.0

2/71



NDB Bank PLC

E1

Cheque books stock entry

CPU BA (Banking Assistance)

(CPU Inputter)

Officer In charge

(CPU Authorizer)

Blank cheque books

received by the CPU

Received cheque books

stock detail Approve stock entry

details.

Enter stock entry

Get approval for stock

entry.

Print stock received

receipt

Updated stock registry

7/30/2019 priyanndb_1.0

3/71



NDB Bank PLC

E2

Issuing of Cheque Book

Branch BA(Banking Assistance)

(CPU Inputter)

Officer In charge

(CPU Authorizer)

Send the customer

request to CPU for

a cheque book

N1: Customer can request a cheque by fax/letter/formN2: Forward the request to Branch Manager if the account status is not RegularN3: The inputter writes down the cheque books details in a manual registry before printing the cheque books.

Request letter

N1

Verify the signature

and the current

account status

Approve the cheque

book request

Print the cheque

book

Enter cheque books

request details.

Authorized cheque books

records

Printed Cheque

book

Authorize

chequebook issue

Issue the cheque

book to the

customer

Authorized cheque

books

Unauthorized cheque

book recordsVerified request

N3

N2

7/30/2019 priyanndb_1.0

4/71



NDB Bank PLC

E

CH01 Check type field can be omitted whenregistering received check stock details in the

system.

Medium

Test Reference T-CH10

Observation When banking assistance receiving blankcheck books , they need to register the stock

details in the system. Banking assistance has

to mention the check types (privilege

cheque/normal cheque ) whenever they

registering the received stocks, however it

can be omitted by the banking assistance.

When banking assistance issuing a checks

books to customers, the check type field

would be blank, if the type was blank at thecheque receiving stage.

Implications The cheque book count in either category

would be erroneous in the system. Therefore,

issuing cheques to customers would not be

properly supported by the system.

Recommendations Check type field must be set as necessary

field when registering check stocks in the

system.

Managements

Comments

3

Check type field canbe left as blank.

Blank check type

field.

7/30/2019 priyanndb_1.0

5/71



NDB Bank PLC

E4

Executive Summary

Cheque Book Management

When banking assistance receiving blank cheque books he has to register them in the stock inventory system. Banking assistance has to mention

check type and stock series in the system. Cheque type can be privilage cheque/normal cheque .However this cheque type field can be omitted bythe banking assistance when registering check books. As the result it makes difficult to count different type of cheque in the stock.

7/30/2019 priyanndb_1.0

6/71



NDB Bank PLC

E5

Bank Draft

7/30/2019 priyanndb_1.0

7/71



NDB Bank PLC

E6

Issuing of bank draft

Customer CPU In putter CPU Authorizer

Check customer

bank draft request

N1: Customer can request bank draft by letter /fax/application from

Bank draft received

by customer

Enter bank draft

request

Getting approval for bank

draft request Approve the bank draft

request

Print bank Draft

Approved Bank draft

N1

Customer requesting

a bank draft

Bank draft request is

received

Eligible bank draft

request

Issuing bank draft

to customer

7/30/2019 priyanndb_1.0

8/71



NDB Bank PLC

E7

BD01 Bank draft validity period can be less the 180days

High

Test Reference T-BD13

Observation When banking assistance issuing bank draft

to customers the validity period need to bemention in the bank draft slips. In this period

only the bank draft slips can be utilized for

encasement . The NDB bank define 180

days as validity period for the bank draft,

however system allows to produce bank draft

less then 180 days validity dates.

Implications This will violating the business rules of the

NDB bank policy. If customer received with

less validity period of bank draft then theyhave very short time to encashment the bank

draft, as the result customers would

dissatisfy about the bank and it could affect

the reputation of the bank .

Recommendations System should not allow to produce bank

draft slips with less validity period.

Managements

Comments

Bank draft only valid

for 100 days

Only 100 days

validly bank draft

7/30/2019 priyanndb_1.0

9/71



NDB Bank PLC

E8

Executive Summary

Bank Draft

Bank draft validity period has been set as180 days for NDB bank. However this 180 day validity period can edited by the banking assistance when

issuing to customer therefore it is only has limited time period to encash the bank draft.

7/30/2019 priyanndb_1.0

10/71



NDB Bank PLC

E9

Pay orders

7/30/2019 priyanndb_1.0

11/71



NDB Bank PLC

E10

Issuing of pay orders


Check customer

pay order request

N1: Customer can request bank draft by letter /fax/application fromN2:

Bank draft received

by customer

Enter pay order

request

Getting approval for pay order

request Approve the pay order

request

Print pay order

Approved Bank draft

N1

Customer requesting

pay order

Pay order request is

received

Eligible pay order

request

Issuing bank draft

to customer

7/30/2019 priyanndb_1.0

12/71



NDB Bank PLC

E11

PO01 Pay orders validity period can be less the 180days

High

Test Reference T-PO14

Observation When banking assistance issuing pay orders

to customers the validity period need to bemention in the slips. The pay orders slips can

be utilized for encasement only in this period.

The NDB bank define 180 days as validity

period for the pay order ,however system

allows to produce pay orders less then 180

days.

Implications This will violating the business rules of the

NDB bank policy. If customer received with

less validity period of pay orders then theyhave very short time to encash the pay

orders. As the result customers would

dissatisfy about the bank services and it

could affect the reputation of the bank .

Recommendations System should not allows to produce pay

orders slips. with less validity period.

Managements

Comments

Pay order valid

for 100 days

only .

Pay order valid for

100 days.

7/30/2019 priyanndb_1.0

13/71



NDB Bank PLC

E12

Executive Summary

Pay order

Pay order validity period has been set as180 days for NDB bank. However this 180 day validity period can edited by the banking assistance when

issuing pay order to customer therefore it is only has limited time period to encash the bank draft.

7/30/2019 priyanndb_1.0

14/71



NDB Bank PLC

E13

Telegraphic Transfer

7/30/2019 priyanndb_1.0

15/71



NDB Bank PLC

E14

Payments Through Telegraphic Transfer


Check customer

Telegraphic Transfer

request

N1: Customer can request Telegraphic Transfer by letter /fax/application from/e-windows systemsN2:

Enter customer

Telegraphic transfer

request

N1

Customer requesting

for Telegraphic

Transfer

Eligible Telegraphic

Transfer

Telegraphic request is

received

Approve customer

Telegraphic request

Getting approval for customer

Telegraphic Transfer request

Print debit advice of

payments to customer

Telegraphic transfer

Approved Telegraphic

TransfersPayment receipt

received by the

customer

Issue debit advice

7/30/2019 priyanndb_1.0

16/71



NDB Bank PLC

E

TT01Benifeciery account number can be omittedwhen making payments through telegraphic

transfer.

High

Test Reference T-TT06

Observation When banking assistance paying out moneyto their customers invoice through electronic

fund they need to mention the beneficiary

name, account number and destination bank

details in the transfer, however account

number is not set as mandatory field for the

transaction therefore it could be omitted

when making the payments through

telegraphic transfer.

Implications If account number is not mention in thetelegraphic transfer instruction then the

payment will not be executed correctly.

Recommendations Beneficiary account number should be set as

mandatory field when making payments

through telegraphic transfer.

Managements

Comments

15

Beneficiary account

number can be

omitted.

Beneficiary account

number can be left

as blank.

7/30/2019 priyanndb_1.0

17/71



NDB Bank PLC

E

TT02Benifeciery bank name and its SWIFT codecan be omitted when making payments through


High


Observation When banking assistance paying out moneyto their customers invoice through electronic


name, account number and destination bank/

SWIFT code details in the transfer, however

bank name /SWIFT code is not set as

mandatory field for the transaction therefore

it could be omitted when making the

payments through telegraphic transfer.

Implications If bank name /SWIFT is not mention in thetelegraphic transfer instruction then the

payment will not be executed correctly.

Recommendations Bank name/SWIFT code should be set as


through telegraphic transfer.

Managements

Comments

16

Beneficiary bank name

and SWIFT code can

be blank

Beneficiary bank name

and SWIFT code can

be omitted.

7/30/2019 priyanndb_1.0

18/71



NDB Bank PLC

E

TT03 Outward remittance currency format can beLKR format when making payments through


High


Observation Telegraphic transfer facility provide customerscan pay their invoice to their foreign clients in

their currency format, therefore the currency

field must contain only the foreign currency not

the LKR currency format. However system

allow to set a telegraphic transfer in LKR

format currency as well.

Implications Currency can be set in LKR format for the

telegraphic transfer imply it is violating the

business rules of the NDB bank policy.Recommendations Currency field must only contain foreign

currency except LKR format.

Managements

Comments

17

Credit currency can

be LKR format.

Currency can be

LKR format.

7/30/2019 priyanndb_1.0

19/71



NDB Bank PLC

E

TT03 Outward remittance currency format can beLKR format when making payments through


High


Observation Telegraphic transfer facility provide customerscan pay their invoice to their foreign clients in

their currency format, therefore the currency

field must contain only the foreign currency not

the LKR currency format. However system

allow to set a telegraphic transfer in LKR

format currency as well.



business rules of the NDB bank policy.Recommendations Currency field must only contain foreign

currency except LKR format.

Managements

Comments

18

Credit currency can

be LKR format.

Currency can be

LKR format.

7/30/2019 priyanndb_1.0

20/71



NDB Bank PLC

E19

RTGS Fund Transfer

7/30/2019 priyanndb_1.0

21/71



NDB Bank PLC

E20

Payments Through RTGS Transfer


Check customer

RTGS Transfer request

N1: Customer can request RTGS Transfer by letter /fax/application from/e-windows systemsN2:

Enter customer RTGS

Transfer request

N1

Customer requesting

for RTGS Transfer

Eligible RTGS Transfer

RTGS request is received

Approve customer

RTGS request

Getting approval for customer

RTGS Transfer request

Print debit advice of

payments to customer

RTGS transfer

Approved RTGS

TransfersPayment receipt

received by the

customer

Issue debit advice

7/30/2019 priyanndb_1.0

22/71



NDB Bank PLC

E

RT01Benifeciery account number can be omittedwhen making payments through transfer.

High


Observation When banking assistance paying out money

to their customers invoice through electronicfund they need to mention the beneficiary

name, account number and destination bank

details in the transfer, however account

number is not set as mandatory field for the

transaction therefore it could be omitted

when making the payments through RTGS

transfer.

Implications If account number is not mention in the

RTGS transfer instruction then the payment

will not be executed correctly.



through RTGS transfer.

Managements

Comments

21

7/30/2019 priyanndb_1.0

23/71



NDB Bank PLC

E

RT02Benifeciery bank name and its SWIFT codecan be omitted when making payments through

RTGS transfer.

High


Observation When banking assistance paying out moneyto their customers invoice through RTGS


name, account number and destination bank/

SWFT code details in the transfer, however

bank name /SWIFT code is not set as

mandatory field for the transaction therefore

it could be omitted when making the

payments through RTGS transfer.

Implications If bank name /SWIFT is not mention in the

RTGS transfer instruction then the payment

will not be executed correctly.




Managements

Comments

22

7/30/2019 priyanndb_1.0

24/71



NDB Bank PLC

E

RT03 Outward remittance currency format can beforeign currency format when making payments


High


Observation RTGS transfer facility provide customers can

pay their invoice to their Local clients in LKR

currency format, therefore the currency field

must contain only the LKR currency not the

foreign currency format. However system

allow to set a RTGS transfer in foreign format

currency as well.



business rules of the NDB bank policy.

Recommendations Currency field must only contain LKR

currency not foreign currency format.

Managements

Comments

23

NDB B k PLC

7/30/2019 priyanndb_1.0

25/71



NDB Bank PLC

E24

Sweep Facility

A li ti C t l R iNDB B k PLC

7/30/2019 priyanndb_1.0

26/71



NDB Bank PLC

E25

Setup Maintenance Sweep Facility

Customer Brach CPU Inputter CPU Authorizer

Check customer

Maintenance Sweep

Facility request

N1: Customer can request Maintenance Sweep Facility by letter to Brach Manager /Regional ManagerN2:

Stamp Received date

and time and verify

custom signature

N1

Customer requesting

for Maintenance

Sweep Facility

Eligible customer

request

Customer request

is received

Approve customer

Maintenance Sweep

Facility setup

Getting approval for

Sweep Facility request

Forward customer

Sweep Facility

request Setup customer

Maintenance Sweep

Facility request

A li ti C t l R iNDB Bank PLC

7/30/2019 priyanndb_1.0

27/71



NDB Bank PLC

E26

Setup Surplus Sweep Facility

Customer Brach CPU Inputter CPU Authorizer

Check customer

Surplus Sweep Facility

request

N1: Customer can request Surplus Sweep Facility by letter to Brach Manager /Regional ManagerN2:

Stamp Received date

and time and verify

customer signature

N1

Customer requesting

for Surplus Sweep

Facility

Eligible customer

request

Customer request

is received

Approve customer


setup

Getting approval for

Sweep Facility request

Forward customer

Surplus Sweep

Facility request Setup customer


request

Application Controls ReviewNDB Bank PLC

7/30/2019 priyanndb_1.0

28/71



NDB Bank PLC

E

SW01Inappropriate rules can be chosen whenexecuting the sweep facility .

High

Test Reference T-SW06

Observation When banking assistance setting up the

sweep facility according to the customer

requirement they need to mention the rules

as well. The rules field has been set as

mandatory field, however rules field display

inappropriate parameters to setting up the

sweep facility therefore inappropriate rules

can be applied when setting the sweep

facility.

Implications If the incurrent rules are applied when setup

the sweep facility then then changes in the

sweep facility will not be executed correctly.

Recommendations Only irrelevant parameters should be

displayed in the rules field.

Managements

Comments

27


7/30/2019 priyanndb_1.0

29/71



NDB Bank PLC

E28

Executive Summary

Sweep Facility

When making sweep setup for customer requirement the rules need to be chosen. The rule can be MAIN/SURP however irrelevant parameters

also displayed by the system. If any of the irrelevant parameter chosen as rules then sweep setup wont work properly. As the result only relevant

parameters only must display for rules.


7/30/2019 priyanndb_1.0

30/71



NDB Bank PLC

E29

Current Account


7/30/2019 priyanndb_1.0

31/71


Information Technology Risk and Assurance (ITRA)E 30

Opening Current Account

Customer Branch CPU

Banking Assistance Manager

Request to open acurrent account

Mandate Check documentsand mandates

Deposit

Authorized

Current account

Get approval from

Manager

Enter current

account details to

the system

Current account

updated

Scan and verify the

signature enter into

the system.

Approved request

Approved current

account

Scan documentsMake deposit in newly

open current account


7/30/2019 priyanndb_1.0

32/71

pp


Closing of Current Account

Customer Branch CPU

Manager Banking Assistance

Request to close acurrent account

N1: Cash pay out to the customers.N2: Letter informing closing of account to customer

Accept the accountclosing request letter

Update GL

Authorized account

closing

Request letter Enter accountclosing details

Store account

closing details

Approved account closing

request

Get approval from

manager

Closed accounts details Enter

N2

N1


7/30/2019 priyanndb_1.0

33/71

Information Technology Risk and Assurance (ITRA)E

CA01 Current account can be open for minorcustomers.

Low

Test Reference T-CA33

Observation Minor customers only have eligibility to open

a saving account in NDB bank, they dont

have facility to open a current account atNDB bank, however system does allows to

open a current account for minor customers

as well.

Implications Business rules

Recommendations System should prevent to open a current

account for minor customers

Managements

Comments

32


7/30/2019 priyanndb_1.0

34/71


CA02 Current NRFC account can be opened in LKRformat.

Medium

Test Reference T-CA14

Observation Foreign customers are eligible to open a

current NRFC accounts at NDB bank. The

NRFC account currency field must be inforeign currency format and not in the LKR

format, however system does allow to open a

current NRFC account with LKR as currency

format.

Implications

Recommendations System should prevent to open a NRFC

current account with currency as LKR format.

ManagementsComments


7/30/2019 priyanndb_1.0

35/71


Standing Orders


7/30/2019 priyanndb_1.0

36/71


Setup standing orders

Customer Branch CPU Inputter CPU Authorizer

Customer

request for

standing orders

N1: Customer can request standing orders through letter/formN2: Incomplete customer request will be returned to branch for completeness.

Authorized customer

standing order s

Get approval from

CPU authorizer

N1

Check completeness

of standing order

request

Receivedcustomer request

Approved

standing order

Enter customer

standing orders

request.

Email requesting

CPU to setup a

standing order.

Received standing

order request

N2


7/30/2019 priyanndb_1.0

37/71


ST01 All the charges codes are not displayed in thesystem, when executing charges for a customer

standing order request.

Low

Test Reference T-ST24

Observation When setting a standing order, there will be a

small charges will be getting from customerto execute the request. Charges codes can

be vary according to the customer standing

order request, however system does not

display all the available charges codes (SO6)

to set a standing orders charges.

Implications There is a high possibility that the banking

assistance can enter wrong charge code

when executing the standing orders request

for customer request

Recommendations All the standing order charges codes must be

display by the system when executing the

standing order for customer request.

Managements

Comments

36

SO6 standing order charge code

not displayed by drop down

menu


7/30/2019 priyanndb_1.0

38/71


ST02 Irrelevant work profile parameters aredisplayed in the system when setting a standing

orders through SLIPS.

Low

Test Reference T-SA33

Observation When banking assistance uploading the

standing orders through SLIPS system theyneed to choose work profile parameter as

one, however the system display irrelevant

parameters for work profile option.

Implications If banking assistance wrongly choose

different parameters for work profile when

executing the standing orders through SLIPS

then the customer standing order request will

not be executed successfully.

Recommendations System must display only one as work

profile option when executing the standing

orders through SLIPS.

Managements

Comments

37

Work profile parameters can be

inaccurate information.


7/30/2019 priyanndb_1.0

39/71


Customer Creation


7/30/2019 priyanndb_1.0

40/71


Customer Creation

Customer Banking Assistance (In Putter) Banking Manager (Authorizer)

Fill madedate form

and provide required

documents

N1: Customer provide NIC/Birth Certificate/Company Registration as an identity proof.N2: Copies of customer documents will be forwarded to CPU for storage purpose.

Filled mandate form

and documents

Authorized customer

Check mandate form

and documents.

Enter customer

details in the

system

Get approval from

Branch Manager

Approved Customer

request

N1

N2


C t A d t

7/30/2019 priyanndb_1.0

41/71


Customer Amendment

Customer Banking Assistance (In Putter) Banking Manager (Authorizer)

Customer request to

make edition of theirdetails.

Customer

documents

Authorize customer

edited details.

Check customer

documents.

Edit customer

details in the

system

Get approval from

Branch Manager

Approved Customer

request


7/30/2019 priyanndb_1.0

42/71


CC01Passport number and legal document numbercan be different for foreign customers.

High

Test Reference T-CC06

Observation Whenever banking assistance registering a

foreign customers they have to enter

passport number and legal documentnumber for customer registration. However

system does allow to enter different numbers

as passport and legal document numbers.

Implications Customer passport number can be different

from legal document number ,which can

make inaccuracy data being stored in the

database about the customer information.

Recommendations System should validated foreign customer

passport characters with legal document

characters.

Managements

Comments

41

Passport legal ID

number PP12345678

Passport number is

PP123456


7/30/2019 priyanndb_1.0

43/71


CC02System does allow to register less the18years old person as an individual customer.

High


Observation When inputting new individual customers to

the system banking assistance need to input

date of birth of the customers for initialregistration. Individual customer need to be

adult and atlease18 years older person

,however system does allow to open an

individual customer who is less then 18

years old.

Implications It is not comply with NDB business rules

allow to open an individual customers who is

less than 18 years old.

Recommendations System should not allow to open an

individual customers who age is less than 18

years old.

Managements

Comments

42

Date of birth is 01 of

May 2000 and age

is less then18.

Individual customer

age is less the 18.


7/30/2019 priyanndb_1.0

44/71


CC04 Customer can be create with inaccuratedate of birth and NIC number.

High


Observation When banking assistance registering a

individual/ foreign customer in the system

they need to input date of birth of thecustomers because it is a mandatory field,

however the system not validating date of

birth with NIC numbers logic format.

Therefore system does accept customers

with wrong date of birth and NIC number.

Implications The NDB bank need to sent crib report to

central banks every month about customer

details who fail to pay their due lone fee in

given time period, however if NDB sent thewrong customer details (Date of birth and

NIC number) then crib wont be executed

successfully.

Recommendations System should validate NIC number with

date of birth.

Managements

Comments

43

NIC number not

validating with date

of birth.

Date of birth is not

validating with NIC

number.


7/30/2019 priyanndb_1.0

45/71


CC05 Customer email address can be inaccuratewhen creating the new customers to the system.

High


Observation When banking assistance registering a new

customers to the system, banking

assistance need to mention the customerscontact details(email address) in the system.

However customer email address can be

inaccurate.

Implications If NDB introduces a new services and they

want to promoted their new service to

customer through email, then the

promotional message will not be reached to

customers who have wrong email address in

the system.

Recommendations System should validate email address with

standard email address.

Managements

Comments

44

Wrong email

address as

customer address

Wrong email

address as

[email protected]


7/30/2019 priyanndb_1.0

46/71


CC06 Customer telephone number can beinaccurate when creating a new customers to the

system.

High



customers to the system, banking assistanceneed to mention the customers contact

details( telephone number) in the system.

However customer telephone number can be

inaccurate.

Implications If NDB bank want to contact a customer for

business purpose. Then it is not possible for

NDB bank to contact the customer who has

wrong telephone number in the system.

Recommendations System should validate telephone numbers

with valid srilankan telephone number

standards.

Managements

Comments

45

Incorrect phone

number as abcd

Customer phone

number is incorrect.


7/30/2019 priyanndb_1.0

47/71


CC03 Date of birth and initial is being used as NICnumber for minor customers

High


Observation Whenever minor customer need to be

registered in the system by banking

assistance they need to fill NIC number fieldfor identification. However minor customers

they do not have NIC number because they

are less the 18 years old as the result their

date of birth and initial is being used as NIC

number for them.

Implications

Recommendations It is not comply with NDB business rules



Managements

Comments

46


7/30/2019 priyanndb_1.0

48/71


Customer Creation

47


CC01P t b d l l d t b

7/30/2019 priyanndb_1.0

49/71


CC01Passport number and legal document numbercan be different for foreign customers.

High












passport characters with legal documentcharacters.

Managements

Comments

48

Passport legal ID

number PP12345678

Passport number isPP123456


CC02System does allow to register less the18

7/30/2019 priyanndb_1.0

50/71


CC02System does allow to register less the18years old person as an individual customer.

High








years old.




Recommendations System should not allow to open anindividual customers who age is less than 18

years old.

Managements

Comments

49


May 2000 and age

is less then18.

Individual customer

age is less the 18.


CC04 Customer can be create with inaccurate

7/30/2019 priyanndb_1.0

51/71


CC04 Customer can be create with inaccuratedate of birth and NIC number.

High














successfully.


date of birth.

Managements

Comments

50

NIC number not


of birth.


validating with NIC

number.


CC05 Customer email address can be inaccurate

7/30/2019 priyanndb_1.0

52/71


CC05 Customer email address can be inaccuratewhen creating the new customers to the system.

High






inaccurate.






the system.Recommendations System should validate email address with


Managements

Comments

51

Wrong email

address as

customer address

Wrong email

address [email protected]


CC06 Customer telephone number can be

7/30/2019 priyanndb_1.0

53/71


CC06 Customer telephone number can beinaccurate when creating a new customers to the

system.

High






inaccurate.





Recommendations System should validate telephone numberswith valid srilankan telephone number

standards.

Managements

Comments

52

Incorrect phone

number as abcd

Customer phone



CC03 Date of birth and initial is being used as NICHi h

7/30/2019 priyanndb_1.0

54/71


CC03 Date of birth and initial is being used as NICnumber for minor customers

High








number for them.

Implications




Managements

Comments

53


CC01Passport number and legal document numberHigh

7/30/2019 priyanndb_1.0

55/71


p gcan be different for foreign customers.

High












passport characters with legal documentcharacters.

Managements

Comments

54

Passport legal ID

number PP12345678

Passport number isPP123456


CC02System does allow to register less the18High

7/30/2019 priyanndb_1.0

56/71


y gyears old person as an individual customer.

High








years old.




Recommendations System should not allow to open anindividual customers who age is less than 18

years old.

Managements

Comments

55


May 2000 and age

is less then18.

Individual customer

age is less the 18.


CC04 Customer can be create with inaccurateHigh

7/30/2019 priyanndb_1.0

57/71


date of birth and NIC number.High














successfully.


date of birth.

Managements

Comments

56

NIC number not


of birth.


validating with NIC

number.


CC05 Customer email address can be inaccurateHigh

7/30/2019 priyanndb_1.0

58/71


when creating the new customers to the system.High






inaccurate.






the system.Recommendations System should validate email address with


Managements

Comments

57

Wrong email

address as

customer address

Wrong email

address [email protected]


CC06 Customer telephone number can bei t h ti t t th Hi h

7/30/2019 priyanndb_1.0

59/71


inaccurate when creating a new customers to the

system.

High






inaccurate.





Recommendations System should validate telephone numberswith valid srilankan telephone number

standards.

Managements

Comments

58

Incorrect phone

number as abcd

Customer phone



CC03 Date of birth and initial is being used as NICn mber for minor c stomers

High

7/30/2019 priyanndb_1.0

60/71


number for minor customersg








number for them.

Implications




Managements

Comments

59


7/30/2019 priyanndb_1.0

61/71


Over Draft


Over Draft Granting

C t B h C C dit O ti

7/30/2019 priyanndb_1.0

62/71


Customers Branch

(Branch Manager)

Consumer Credit Operation

Request for over

draftCheck account

over draft limit and

interest rate

Authorized overdraft

requestAuthorize over

draft

Block fund in the

customer account

Update the account

details (T24)

Eligible over draft

requestRequest letter

Update


OD01 Over draft granted slips can be printed by thebanking assistance before it get approval from High

7/30/2019 priyanndb_1.0

63/71


banking assistance before it get approval from

branch authorizer.

High

Test Reference T-RE15

Observation When banking assistance paying out money

to customer request, if the customer requestis over the limit then it will ask for an

override, however if the override accepted by

the banking assistance subsequently system

will print the over draft slips to customer

before the request being approved by the

branch authorizer.

Implications If banking assistance accidently granted the

money more than the over draft limit amount

then it wont be caught immediately.

Recommendations System should allows to print over draft slips

by banking assistance after it get approval

from branch authorizer.

Managements

Comments

Available area for sale.

Creating a new block with 300 purches.

Newly created block is available for reservation

which is bigger than the whole extent.


7/30/2019 priyanndb_1.0

64/71



OD02 Over draft can be granted without any limitrestriction

High

7/30/2019 priyanndb_1.0

65/71


Test Reference T-RE15

Observation When banking assistance paying out cash to

customer over draft request., if the over draft

request is over the limit then it asked for

override approval from the manager to issue

money to customer ,however system does

allow to grant over draft facility without any

limit restriction.

Implications Banking assistance can grant any amount of

cash to customer request without any

limitation of the over draft.

Recommendations System should allows to print over draft slips

by banking assistance after it get approvalfrom branch authorizer.

Managements

Comments

Available area for sale.

Creating a new block with 300 purches.

Newly created block is available for reservation

which is bigger than the whole extent.


Executive Summary

7/30/2019 priyanndb_1.0

66/71


Over Draft

When Over draft slips is getting printed before branch authorizer authoring it. Therefore when money payout only authorizer can noted the

overdraft.

System allows to grant overdraft without any limitation. When issuing overdraft limit need to be created however system allows for over draftwithout any limit restriction.


7/30/2019 priyanndb_1.0

67/71


Cheque Clearing


Outwars Clearing

Customers Branch CPU Lanka Clear

7/30/2019 priyanndb_1.0

68/71


Slips and Cheque Eligible slips &

cheque

CRN received bycustomers

Scan cheque

and slips

Enter cheque data to

the system(CITS)

Burn a CD (Cheque

Image and Data)

Clearing Process

Receive return

cheque CD

Check with CRN &Lanka clear report

Printing CRN

(Cheque return

notification)

CRN generated

CRN sent to CPU

Inform customer

Cheque text

feild

CD sent to Lanka Clear

for Clearance

Return cheque CD to

CPU

Burning

cheque image

Collect slips

and cheque

Slips and cheque

sent to CPU


Inward Clearing

Lanka Clearing CPU Branch

7/30/2019 priyanndb_1.0

69/71


Inward cheque CD CD received

by CPU

Return cheque CD

CIT sub system Scrutinize the

cheques

Return cheque

(T24)

Enter cheque

details (T24 )

Confirm Return

cheques of branch

Account updating

Account updating

Uploaded cheque

image

Eligible

cheques

Email

(return

cheque of

branch)

Confirmed

return cheque

CD sent to

Lanka Clear


7/30/2019 priyanndb_1.0

70/71


SLIPS (Srilanka Inter Bank Payment System)


Incoming SLIPS Transfer

Banking Assistance CPU

7/30/2019 priyanndb_1.0

71/71


Download inwardsfile & report

copying Files copyinginto SLIPS

destination

Approve the SLIPS

upload

Updated the account

SLIPS files

uploaded into

T24 system.

Accounts get

updated

Get approval for SLIPS

upload.

Getting SLIPS

uploading files

Inwards filescopying into flash

drive

Flash drive givento help desk

N1: Inwards files are downloaded through LCPL(Lanka Clear private Limited ) VPN

N1

Documents

priyanndb_1.0