IT Readiness of insurance organisations in Sri Lanka for information systems auditing

Abstract

The current trend in business world is to use It wherever it's possible. So lots of manual systems and procedures have been replaced with Computer Systems over the years. There is no difference in the insurance industry also. Central Database. Data Ware housing. Online fund Transferring and Corporate Web sites or Intranet are no more strange terms in the insurance industry. But the controlling and detecting methods or in other words internal audit techniques have not been changed over the period accordingly. This is the area where traditional internal auditing lags and IS Auditing gains the lead. But in Sri Lanka where most of the CEOs are accountants who are not very familiar with IT still believe traditional Internal Auditing will do the job for them. As a result of it frauds, errors and mistakes have been in creased in the insurance business during the last decade. This is a critical issue in an industry where a company has to look after customers' money for 20to30years. Insurance simply means sharing the risk among a large number of people in the society at a price. In Sri Lanka, there is a rapid growing interest about insurance is visible among people not only in Colombo & suburbs but also in remote areas. As a result of this trend ,almost all the insurance companies invested heavily in the industry during last few years. At the same lime all the insurance companies are in a heavy competition in order to increase their share in the market. liven though these companies use lot of tactics to improve e the awareness about insurance, they have only captured less than 10% of the potential market or in other words less then 10% of the Sri Lankan population owns an insurance policy. Bui as mentioned earlier if the tendency is to increase the number of frauds, errors and mistakes in the industry customers will loose their faith on insurance and it will hinder the growth of the industry. So the Information Systems Auditing in insurance industry can be recognized as an industry requirement under current circumstances. So in this research my objective was to develop a framework or a guideline to implement and practice IS Auditing in Sri Lankan Insurance organizations. So I think the two given guidelines in Chapter 6.2 will cater for an industry requirement in the Insurance industry in Sri Lanka.