Products & Services

The company Metasoft Ltd., having accumulated wide experience in the field of information technologies, has the honor to offer the bank IT audit services.

The detailed list of workflows for bank IT audit, performed by the specialists of Metasoft Ltd is given below:

1. The analysis of bank strategy and concerns, seen through the perspective of the client base segmentation, the list of products and the planned sales volumes.
   • Building of the “sales funnel” means generation of specific report (set of reports), containing the following information: what part of profit is brought to the bank by what number of clients by means of what products.
   • Definition of the client groups, bringing the maximum profit.
   • Definition of the products, bringing the maximum profit.
2. Analysis of the business architecture and the present landscape of software systems, performing the current bank tasks.
   • What systems of automation are being used;
   • What tasks are performed by what systems;
   • The completeness of task performance by the current systems and the availability of “power reserve” at loading increase;
   • The technologies, being used; the architecture of the system building (two- or three-tier);
   • Interaction between the systems;
   • What tasks are not automated at the moment;
   • The necessity of functionality automation in future.
3. Analysis of the IT architecture:
   • Server complexes – what server equipment is used at the bank (up-to-dateness, possibility of efficiency increase (availability of clusters, modular structure), class of accessibility, possibility of components monitoring);
   • Bank local and virtual networks topology – technology and structure of computer networking;
   • Routers, firewalls – tools for structured cabling networking and protection devices for local networks;
   • Clients computers -  bank employees’ computers;
   • Communication channels, bandwidth – evaluation of the correspondence of the current technologies of the software used to the bandwidth of communication channels, and also correspondence of the communication channels used to the needs of the bank; 
   • Backup
     • Presence of systems and methods for backup copying and data recovery;
     • Physical backup (presence of the reserve equipment) of the main servers and communication channels;
     • Evaluation of the backup level (“hot” or/and “cold” backup);
   • Emergency power supply systems – availability of the self-contained reserve power supply systems (uninterruptible power supply unit, diesel-generator), evaluation of the time needed to switch to the reserve.
4. Analysis of the system operation environment:
   • Analysis of operation systems of servers and clients’ workstations, methods of installation of updates;
   • User rights control mechanisms, authorization mechanisms, LDAP – availability of the separate centralized system keeping the directory of application systems users; availability of group security policies;
   • Mechanisms for keeping the system log  – availability of the integrated system and method of recording the actions of users of different systems;
   • Mechanisms of remote access – present ability of remote administration (adjustment);
   • Screens, filters, other antivirus devices -  presence of the protection systems against  bogusware (viruses), update procedure, architecture (on servers, client workstations, combined);
   • Systems of software distribution – presence of distribution procedure for updates of application software;
5. Analysis of certificate management system and key information.
   • Presence of the Key Certification Centre (issue and examination of the digital signature certificates);
   • Whether procedures and realization meet the requirements of standards.
6. Analysis of scheduled procedures and loading of processing powers, including peak loading modes.
   • Analysis of uniformity of loading of processing powers in different time intervals (during the day, week, month);
   • Analysis of possibility of simultaneous performance and interference of execution of payment transactions and scheduled procedures (analysis of possibility of servicing clients at the time of peak loading (for example, with payments in the morning and in the evening);
7. Generation of report about the current state of the IT platform with indication of risks and IT platform optimization recommendations.