KARACHI: The Federal Board of Revenue (FBR) has planned to conduct Automated Data Processing (ADP) audit of Pakistan Revenue Automation Limited (PRAL) to ensure the reliability and efficiency of the systems in place.
Federal Board of Revenue (FBR) is already working on improving its data basis but this Audit will help FBR to follow the right path for achieving quality, reliability, accuracy, security and completeness of its data base.
Keeping in view the substantial role of PRAL, audit is obligatory as accountability check to increase efficiency. Audit will be conducted in accordance in accordance with Procurement of Consultancy Services Regulations, 2010.
FBR has invited eligible consulting firms having certified information systems auditor (CISA) and certified information security manager (CISM) credentials from the Information Systems Audit and Control Association (ISACA) and at least five years of relevant experience with specialized skills in auditing information systems.
PRAL is a Private Limited Company 100 percent owned by FBR. FBR and PRAL have been working together since 1994. PRAL is rendering its services in all spheres of Information Technology to FBR. These services include development of new software’s systems, maintenance of existing systems and applications, continuing operational support at various locations of FBR throughout the country.
Systems Audit of PRAL was conducted back in year 2013 and again World Bank conducted System Analysis of its various systems and applications including IRIS, WEBoC, STRIVe, and several reports on FBR/PRAL systems were generated in 2016.
Protecting the information from disclosure to unauthorized parties data confidentiality, integrity and its availability to FBR Operations is one of the many duties of PRAL and Data security is required to protect personal information’s of taxpayers from being modified by any unauthorized parties. PRAL assists FBR in provision of technical assistance wherever ICT related issues are involved.
FBR has developed ICT systems for e-Filing of Income Tax Returns and Web-enabled One Customs (WeBOC) for electronic cargo clearance. The said initiatives were taken to enhance trade facilitation and Ease of Doing Business. However to continuously improve our systems we conduct regular system Audits. Therefore to ensure the reliability and efficiency of the systems in place this audit is proposed to conduct detailed Automated Data Processing (ADP) Audit of PRAL.
The objective of the intended assignment is to conduct a forensic audit of the ICT systems of FBR for quality assurance through testing by qualified professionals. The System Audit is to ensure the quality of systems installed, to know that they are following the required data security and design protocols, have proper rules for data governance and data strategy in place and if not what should be in place.
It is meant to analyze that the systems in place are capable, for complete automation and integration of all FBR’s business processes. The Audit Team is expected to analyze the PRAL’s capability and HR management to carry out the day to functions; its technical governance model; software development protocols; IT-infrastructure available and security mechanisms for systems and operational functionality of systems etc.
The Systems Audit will identify the strengths and weaknesses of the systems so that appropriate corrective measures can be taken.
Scope of Services: The scope of work includes forensic auditing aimed at assuring the quality of the ICT Systems to check any vulnerability against data breaches or system hacking and acquiring general perception about the integrity and security of FBR’s ICT systems. This also includes identification of the degree of changes/ improvements occurred between the time period of any previous System audit and the intended one FBR therefore will provide the Consultants with the Organizational access to its systems and related data that is required to conduct this activity.