- 30 Marks
Question
FINPAY FINANCIAL SOLUTIONS LIMITED
FinPay, an innovative payment service bank, operates from its office on Lagos Island, overseeing all financial transactions, customer interactions, and relationships nationwide. The bank streamlines its processes for customer convenience, embracing the digital age.
Customers’ bank accounts are linked to their GSM phone numbers, with the initial zero removed. All banking operations, from account creation and deposits to withdrawals and account closure, are conducted seamlessly through the bank’s mobile App, which can be easily downloaded from popular App stores.
Access to the bank’s mobile App is allowed using an account number and a private six-digit PIN. A prospective customer completes the onboarding process by uploading scanned passport photos, ID card, utility bill, alongside providing other essential personal information, like name, NIN, telephone number, email address, and residential address.
To facilitate transactions, a four-digit PIN linked to the customer’s debit card is activated at Automated Teller Machines (ATMs). Additionally, customers can leverage USSD codes for payments. Customers are required to use their registered phone numbers on their smartphones when transacting businesses with the bank.
In the event of a declined transaction, swift resolution is a priority. Debits are promptly reversed, ensuring customer satisfaction. Customers can report issues directly through the mobile App or via email, and FinPay’s responsive support team resolves matters without necessitating a visit to the bank’s physical office. This efficiency cements FinPay’s reputation as a leading online bank in Nigeria.
FinPay expedites the delivery of debit cards to customers, ensuring they reach their designated addresses within 48 hours of account creation. Furthermore, a proactive follow-up call is made just 24 hours after opening an account, enhancing the overall customer experience.
With a focus on catering for tech-savvy Nigerian youths, FinPay is steadily expanding its customer base. The bank even offers small, easily accessible loans over a six- month period, further attracting and retaining a young clientele. Some customers instruct FinPay to pay monthly DStv subscriptions or send amounts to third parties on regular basis, by activating a prompt on the mobile App.
For added convenience, FinPay features a responsive chatbot, named Bobo. Customers can engage with Bobo through the bank’s mobile App, website, and social media channels, providing another layer of support and accessibility. This comprehensive approach positions FinPay as a forward-thinking financial institution at the forefront of digital banking in Nigeria.
Required:
a. Highlight FOUR of the benefits an online system offers to FinPay and its customers. (8 Marks)
b. Identify and explain FIVE General controls and FIVE Application controls embedded in FinPay‟s system. (10 Marks)
c. Explain THREE areas the auditors will give special considerations because of the the audit risks associated with the online real-time system that dominates FinPay‟s operations.
(12 Marks)
Answer
a. The benefits an online system offers to Finpay and its customers include:
i. Immediate entry of transactions into the system (for example, transfer to or from the customer done on smart phones, electronic point of sale (POS) terminals, ATMs, or direct from other banks);
ii. Immediate updating of the customers‟ accounts (such as the immediate updating of the customer’s records as soon as a transfer is made);
iii. Effective enquiry system (such as immediate answers to balance enquiries from customers);
iv. Offer of uninterrupted banking services to customers round the clock, even on public holidays and at night;
v. Enabling real-time engagement, with the use of its Bobo chatbot;
vi. Immediate access to credit, with the use of data analytics, without human intervention;
vii. Enhancing automatic handling of routine transactions, for example, payment of monthly utility bills and DStv subscriptions, regulate payments to third parties;
viii. Cost effectiveness to customers and the bank;
ix. Provision of banking services at any location; and
x. Resolution of issues without physical attendance at bank’s physical office.
b. Controls embedded in FinPay system
i. General controls include:
Access controls: Customers‟ transactions are processed immediately by the online systems. All unauthorised access to the programs and data files are prevented since the customer has a six-digit password;
Programming controls are in-built to prevent or detect unauthorised changes to standing data, like monthly loan deductions, or monthly payments to DStv;
Transaction logs are available on FinPay’s General Ledger Application System. This is even accessible on the customers‟ devices. This can be used to create an „audit trail‟;
Firewalls are used. These protect FinPay’s General Ledger Application System from unauthorised access via the internet; and
FinPay complies with regulatory KYC (Know You Customer) requirement by collecting NIN, telephone number, passport photograph, ID card, utility bill, and residential address.
ii. Application controls include:
Before opening any account for any customer, FinPay’s system digitally verifies the customer’s NIN information, telephone number, ID card, and utility bill with issuing authorities; There is pre-processing authorisation. A customer is required to log on to FinPay system with his/her telephone number and password before s/he can use the mobile App;
Program checks (for example confirmation of customer’s account balance and the transaction PIN before transactions are consummated. This includes checking the number of digits in the password and PIN);
„Balancing‟. This is evident in the fact that when a transfer is declined, the debit entry is reversed;
Customer’s account number is derived from his/her registered telephone number; and
FinPay links all transactions with the customer‟s registered telephone number or the bank‟s debit card.
c. Areas the auditors will give special consideration because of audit risks associated with Finpay’s operations
i. The skills and knowledge needed by auditor to understand Finpay’s fully automated banking system are very high. This knowledge is to help in identifying the operational risks to which Finpay is exposed and how to mitigate them.
ii. The Finpay’s system covers a very broad geographical market (even beyond Nigeria). The remote access granted customers exposes the system to potential high cyber security risks. The auditor should be aware of industry practices on how this risk is mitigated.
iii. Transaction integrity may be lost in the Finpay‟s system. The auditor should obtain knowledge of CBN‟s regulatory sandbox and guidelines and should examine that Finpay complies with these laws and guidelines. This can result in reputational damages if it occurs.
iv. There is the risk of inadequate audit trail. The auditor should test and confirm that this risk is mitigated by adequate logs, backups and a robust ERP system.
- Topic: Auditing in a Computerized Environment
- Series: MAY 2024
- Uploader: Samuel Duah