Go to Top

Information Systems Audit of an Insurance Company in Bhutan

The Assignment
MaGC was appointed to audit the Information Systems (IS) of a leading Insurance company (Public Sector Undertaking) in Bhutan. The Management was desirous to determine – the integrity and accuracy of outputs from its information systems, and the Return on its IS Investments.

MaGC Approach
IS Audit – MaGC used a combination of structured interviews, observation, walkthroughs, User Survey, Key Managers Survey, sample testing of software in test environment, etc. to determine the robustness of the IS. Audit observations were classified based on their impact on Timeliness, Reliability, Accuracy, and Completeness of information from IS. Observations were also categorised based on risk criticality as High, Medium, and Low. Recommendations to improve the IS were provided using MaGC’s 3PT© framework.

Computation of Return on Investment (ROI) from IS – MaGC conducted research on commonly used models for computing ROI on IS investments. A model was developed to suit client’s business and was refined with inputs from the Management. MaGC collected data to calculate the various components. Assumptions made were validated with Management. The final ROI was computed for each software individually as well as Organisation-wide.

The Output
The output was a detailed audit report which was presented to the Management and Audit Committee. The MaGC team worked with the Management to roadmap and prepare an action plan to address the gaps identified in the Audit report.

Click here to read the complete success story