Professional Documents
Culture Documents
Broking It Audit Project 1
Broking It Audit Project 1
DRAFTBROKING
INTERNALPRIVET
JK
Oct, 2019
AUDIT REPORT
LIMITED–
CHENNAI REGION OFFICE
SYSTEM AUDIT REPORT
FOR OCTOBER-2018 TO SEPTEMBER-2019
FOR APRIL 21 TO SEPTEMBER 21
00 00 00 00
2
SETTING THE CONTEXT
SETTING THE CONTEXT
3
SETTING THE CONTEXT
Purpose and Objective of Audit:
• Determine whether the management control framework is effectively designed and operating as intended; and
• Assess the degree to which the Department is in compliance with the applicable policies and standards.
• To check the effectiveness of controls in the system
• To check the security controls in the system
Audit Approach:
• Walkthroughs to gain current process understanding and feel the internal control environment.
• Sample transactions review and data analysis to validate process understanding.
• Identify risks inherent to the processes
• Testing of control checks of the system by using dummy data
• Test effectiveness of existing controls and identify control/efficiency gaps for risk mitigation
• Discuss and agree on recommendations to address control / efficiency gaps in addressing key risks.
• Adhered to the applicable standards and guidelines by ISACA and ICAI in execution of audit
Audit Team:
• Jitendra Thakur: Partner & QA Control
• Chirag Goyal : Director Overall Lead
• Nutan Menaria : Execution Lead & GRC Consultanats
• Abhishek: Network Security Consultant
• Mridul: System Anylist
4
SETTING THE CONTEXT
Audit Scope:
To Verify System controls and capabilities in-
• Order Tracking
• Order Status
• Rejection of orders
• Communication of Trade Confirmation
• Client ID Verification:
TO Check Risk Management System
• Online risk management capability
• Order alert and reports
• Back testing of effectiveness of RMS
• Log management
To Verify Password Security
• Organization access policy
• Authentication capability
• Password best practices
TO Check Network Integrity
• Seamless connectivity
• Network architecture
• Firewall configuration
5
SETTING THE CONTEXT
Audit Scope
To Verify Access Controls
• Access to server rooms
• Additional access controls
To Verify Backup and Recovery
• Backup and recovery policy
• Log generation and data consistency
• System redundancy
To Verify IT Infrastructure Management
• IT Governance & Policy
• IT Infrastructure planning
• IT Infrastructure Availability Including SLA Parameters
6
Design System Operational
Critical Root Cause: Deficiency
a External
Deficiency Ineffectiveness
Recommended Action
7
Design System Operational
Major Root Cause: Deficiency Deficiency Ineffectiveness
a External
Recommended Action
8
Design System Operational
Medium Root Cause: Deficiency Deficiency
a
Ineffectiveness
a External
Recommended Action
9
Design System Operational
Minor Root Cause: Deficiency Deficiency
a
Ineffectiveness
a External
Recommended Action
10
DISCLAIMER
• The procedures performed are limited in nature and extent to those that we have determined best to meet the function’s
requirements, based on information available with us.
• Since we have focused only on specific areas, which were identified and agreed with you in advance, our scope and procedures
may not disclose all issues and / or other significant matters about the department / company, or reveal all errors, irregularities
and frauds in the underlying information.
• The major objective of this Internal Audit review was to understand the key activities and controls in the processes designed and
established, review the design effectiveness of processes and controls, assess the operating effectiveness of controls and provide
recommendations for process and control improvement.
• The approach employed during this engagement does not constitute a comprehensive review of operations and is subject to the
level of bias in the method of sample selection.
• The issues identified & proposed action plans in this report are based on our discussions with the people engaged in the process,
review of relevant documents / records & our physical observation of the activities in the process.
• This document is solely for your information and is not to be used for any other purpose or distribution to any other party without
prior written consent of JCN
11
Thank You