ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > Building Skills and Capacity in the Banking System: A Case Study From India

Building Skills and Capacity in the Banking System: A Case Study From India

Sunil Bakshi, CISA, CISM, CRISC, CGEIT, Consultant
| Posted at 3:07 PM by ISACA News | Category: Certification | Permalink | Email this Post | Comments (2)

Indian banks have deployed IT-based solutions to cater to increasing demands in the banking industry required for a growing economy. Adoption of technology has necessitated improving IT-related skills of experienced bankers. Considering the unavailability of internal IT skills, most banks resort to outsourcing IT activities. This has resulted in over-relying on third-party vendors and slackened the pace of acquisition of skills by bank employees.

Considering these limitations, the Reserve Bank of India (RBI) – India’s central bank – appointed a ‘Committee on Capacity Building’ that has made recommendations relating to particular areas/components of function, such as recruitment, performance assessment, promotion, placement, job rotation, and skills and capacity building. The committee also has made a number of recommendations for certification of staff in specialized areas, emphasizing that banks should make certification mandatory for the following areas:

  • Treasury operations – dealers, mid-office operations
  • Risk management – credit risk, market risk, operational risk, enterprise-wide risk, information security, liquidity risk
  • Accounting – preparation of financial results, audit function
  • Credit management – credit appraisal, rating, monitoring, credit administration
  • Information and cyber security
  • Governance of enterprise IT (GEIT)

The Indian Banks’ Association (IBA), in consultation with RBI, identified 10 institutes, such as the Indian Institute of Banking and Finance (IIBF), the National Institute of Bank Management (NIBM), ISACA, and others, as certifying organizations. ISACA is identified for its certifications in audit, risk management, security and GEIT.

RBI’s directives for banks
RBI had made a compliance requirement for banks in 1999 to perform annual IS audit of IT-based systems deployed and used by banks, with the report of the audit to be submitted to RBI. The notification recognized CISA as a qualifying certification for conducting IS audits.

Another committee provided guidelines for IT governance, information security, IS audit, outsourcing management, business continuity and compliance in 2011. These guidelines recommended banks to use COBIT 5 or similar frameworks for GEIT. Recommendations for other areas include adopting global best practices, including ISO 27001.

In June 2016, RBI issued a notification for banks specifying compliance requirements for cyber security.

Considering these compliance requirements and skills and competency development requirements, banks have already taken steps to recognize ISACA certifications. Some banks provides examination and membership fees reimbursement on passing the examination.

Role of ISACA certifications in skills development of bank staff
ISACA offers certifications in governance of enterprise IT (CGEIT), risk and control (CRISC), information systems audit (CISA), information security management (CISM) and performance-based cyber security (CSXP).

Certified Information Systems Auditor (CISA)
Most banks have made this certification mandatory for IS auditors, both internal and external.

Certified in Risk and Information Systems Control (CRISC)
Most banks have a defined chief risk officer (CRO) to implement enterprise risk management (ERM); however, there is a gap in aligning them with IT risk. CRISC helps bankers in aligning IT risk with ERM.

Certified Information Security Manager (CISM)
CISM is designed for information security and cyber security professionals including CISOs, information security managers and enterprise leadership.

Certified in Governance of Enterprise IT (CGEIT)
CGEIT is designed for senior management personnel who are responsible for overall governance of IT to ensure that investments in IT realize the expected benefits. This certification is ideal for the CIO, CEO, and members of the board of directors. Considering the RBI’s expectations from banks to implement GEIT, this certification is valuable for bankers in understanding the steps to implement an IT governance framework.

CSX Practitioner (CSXP)
This performance-based cyber security certification provides technical skills for much-needed and critically important cyber security responders working in the area of threat intelligence, incident response, SOC, etc.

Current challenges and next steps
Banking professionals with these skills are needed all over India and in many other countries throughout the world. Therefore, IBA has decided to develop and launch e-learning certification courses, and certifications in other areas are being developed by different institutes.

ISACA’s CISA, CISM, CRISC and CGEIT certifications are experience-based; however, there is some level of preparation required. There are 10 ISACA chapters in India, some of which offer review courses. Many banks officers, therefore, may not have access to the review courses conducted by chapters. However, ISACA is launching online review courses for some of its certifications and has moved to global computer-based testing, which should expand accessibility for bankers interested in pursuing these important certifications.


Sandeep A Manager IT Andhra Pragathi Grameena Bank

I am really happy after reading the article, as I have completed 7 years of service in Grameena Bank and learnt about ISACA courses like CISA and achieved the certification. Feeling proud to be CISA and waiting for good opportunity to enhance my career.

Sir, there should be some more inputs to be provided to higher executives of banking sector about importance of above certifications and fill the gap what the Indian banks are facing.

I really appreciate if the Indian banks really identifies the importance of these certifications and there importance in banking verticals.

I am very happy to read this article and hope these certifications gets some more importance as india gearing up with digital banking.

With regards

Sandeep A CISA
SANDEEP978 at 6/17/2017 11:39 AM

Building Skills and Capacity in the Banking System: A Case Study From India

Mr Bakshi,

Your blog is refreshing and insightful to the needs of highly trained IT professional in the Banking System and other economic sectors in growing and developing economies. The Reserve Bank of India (RBI) appointment of a ‘Committee on Capacity Building’ is testament to the shortage of skilled IT and Risk professional not only in India but to other place like Africa.

Africa is currently lagging behind in developing the necessary IT skill sets to Leverage change economic dynamics. Most economics
like India (countries or regional) are embracing technology to enable the economic growth. However, as technology become increasingly perverse there is a greater of CISA, CISM and CISM.

Sir you are spot on.


Owen Gombami MBA, CPA, CFE, CISA Cert Candidate
IT auditor - Schneider Downs.
Pittsburgh, PA

OGombami412 at 6/23/2017 8:17 AM
You must be logged in and a member to post a comment to this blog.