Solution

The consulting services covered a complete audit and assurance of the entire Koshaaru system with due regard to the following: IT performance; internal controls of the system; compliance with external requirements (laws, regulations and agreements); an evaluation of the governance structure of the IT system.

Services provided

  • Risk assessment of the pension system, the Maldives Pension Administration Office, and the IT system: risks related to all processes of the pension system such as – enrolment of members, contributions, investment and valuation of pension assets, movements in and out of portfolios (member choices), reporting: generation of account statements, fund reports etc., retirement: changing of portfolio, subsequent valuation and disbursement of benefits, reconciliation of payments, compliance and enforcement, calculation of administrative fees, fines and penalties – have been identified and assessed.
  • Assessment of the effectiveness of preventive, detective and corrective controls associated with identified risks: physical access controls verified; logical access controls verified; data protection verified, assessing whether data can be accessed or changed without proper authentication and accountability; input controls verified, determining if there are controls in the system to ensure that only valid and correct data can be entered; processing controls verified, assessing if controls exist to ensure that all data is processed and accurately accounted for, and accuracy of system calculations ensured; output controls verified, assessing if controls are in place to ensure that output confidentiality is maintained according to its classification level; interface controls verified; the processes and tools used to report, track, approve, fix, and monitor changes on the system verified; backup and disaster recovery plan for the systems verified; system scalability verified, assessing whether the information system and related infrastructure can adequately support anticipated growth.