Abstract
The Information Technology (IT) is a complex system used to conduct and process banking transactions. As a consequence, banking relies heavily on IT. Since banking transactions take place on an IT driven system, the systems’ infrastructure and security become the bank’s core functions. However, IT does have its risks and challenges, such as confidentiality issues, security breaches, non-compliance with regularity and poor quality services. IT governance is a framework that ensures that an organisation’s IT infrastructure supports the achievement of its corporate objectives. In the banking industry, IT governance plays a vital role, especially in the internal auditing function. Internal auditors are mandated by the Institute of Internal Audit’s standards to provide reasonable and objective assurance regarding the proper functioning of IT departments. This study considers the role of the internal audit function in IT governance in the South African banking industry. The study also highlights the IT governance risks that exist in the banking industry in South Africa. This is achieved through an extensive literature review on the governance frameworks and recommended practices for effective governance as well as the role and responsibilities of internal auditors in reducing IT risks. The study used purposive sampling to examine the integrated annual reports of the major banks in South Africa. The findings show that the banks demonstrate sound internal control systems while their internal audit approach reflects the effective and efficient implementation of systems, with embedded risk management practices, to ensure risk reduction.
M.Com. (Computer Auditing)