Register Daily Newsletters My Bookmarks My Queries (D. Forum) My Replies (D. Forum) My Articles My Inbox (PM) Feedback/ Suggestions
Tax Management India. Com
Law and Practice  :  Digital eBook
Research is most exciting & rewarding

   For Sales / Support:
WhatsApp WhatsApp 9911796707
Case Laws Acts Notifications Circulars Classification Forms Manuals Articles News D. Forum Highlights Notes
TMI - e-Newsletter     TaxTMI    The High Court considered the maintainability of a...     TaxTMI    The High Court addressed the issue of time...     TaxTMI    The High Court reviewed a challenge to an...     TaxTMI    The High Court addressed the issue of tax levy and...     TaxTMI    The Securities and Exchange Board of India (SEBI)...     TaxTMI    The Securities and Exchange Board of India has...     TaxTMI    The Government of India, Ministry of Commerce and...     TaxTMI    The letter addresses concerns/queries on newly...     TaxTMI    The circular issued by the Insolvency and...     TaxTMI    The High Court held that prosecution u/ss 276C,...     TaxTMI    The Competition Commission of India found that the...     TaxTMI    The High Court addressed an issue where the...     TaxTMI    The 116th meeting of the Board of Approval (BoA)...     TaxTMI    The case involves a query regarding the...     TaxTMI    The High Court considered a case involving the...     TaxTMI    Latest Case-Laws     TaxTMI    Latest Notifications + Circulars     TaxTMI    GST Council Decisions     TaxTMI       Right Stop
  TMI - Tax Management India. Com
Follow us:
  Facebook   Twitter   Linkedin   Telegram

TMI Blog

Home

System Audit of Professional Clearing Members (PCMs)

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... ired to submit information with regard to exceptional major Non-Compliances (NCs)/ minor NCs observed in the System Audit as per format enclosed as Annexure 4 and are required to categorically highlight those observations/NCs/suggestions pointed out in the System Audit (current and previous) which remain open. 5. The Systems Audit report including compliance with SEBI/CCs circulars/guidelines and exceptional observation format along with compliance status of previous year observations shall be placed before the Governing Board of the PCM and then the report along with the comments of the Management of the PCM shall be communicated to CCs within one month of completion of audit. 6. All CCs are jointly advised to devise the appropriate uniform penalty structure for PCMs to ensure that system audit reports are submitted to them within defined timelines as well as audit observations are closed within defined timelines. 7. The provisions of the Circular shall come into force with immediate effect. The first audit shall be conducted for FY 2023-24. 8. The circular is issued with the approval of the competent authority. 9. This circular is being issued in exercise of the powers conferred .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... n of the Audit, after approval of the Governing Board (or equivalent governance structure as applicable to the entity). PCMs, who have conducted clearing activities during the audit period are liable for submission of the System Audit report. g. In the Audit report, the Auditor shall include its comments on whether the areas covered in the Audit are in compliance with the norms/ directions/ advices issued by SEBI, Clearing Corporation, internal policy of the PCM, etc. Further, the Audit report shall also include specific non- compliances (NCs), observations for minor deviations and suggestions for improvement. The audit report shall take previous audit reports into consideration and cover any open items therein. The Auditor should indicate if a follow-on audit is required to review the status of NCs. h. For each of the NCs/ observations and suggestions made by the Auditor, specific corrective action as deemed fit may be taken by the PCM. The management of the PCM shall provide its comments on the NCs, observations and suggestions made by the Auditor, corrective actions taken or proposed to be taken along with time-line for such corrective actions. i. The Audit report along with the .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... , CISM (Certified Information Securities Manager) from ISACA, GSNA (GIAC Systems and Network Auditor), CISSP (Certified Information Systems Security Professional) from International Information Systems Security Certification Consortium, commonly known as (ISC). c. The Auditor shall have experience in working on Network audit/IT audit/governance/IT service management frameworks and processes conforming to industry leading practices like CobiT/ ISO 27001 and beyond. d. The Auditor should have the capability to undertake forensic audit and undertake such audit as part of system audit, if required. e. The Auditor must not have any conflict of interest in conducting fair, objective and independent audit of the PCM. It should not have been engaged over the last three years in any consulting engagement with any departments / units of the entity being audited. f. The Auditor should not have any cases pending against it, which point to its incompetence and/or unsuitability to perform the audit task. g. The proposed audit agency must be empanelled with CERT-In on the date of appointment as auditor and date of submission of audit report. h. Any criteria, in addition to the aforesaid criteria, .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... Branch offices (location, owned/ outsourced), if applicable b. Connectivity amongst PDC, NS and DRS, if applicable c. IT infrastructure / applications pertaining to the activities done as a PCM. d. System Architecture e. Network architecture f. Telecommunication network 3. IT Governance 3.1. Whether IT Governance framework exists to include the following: a. IT organization structure including roles and responsibilities of key IT personnel; b. IT governance processes including policy making, implementation and monitoring to ensure that the governance principles are followed; 3.2. IT policies and procedures a. Whether the organization has a defined and documented IT policy. If yes, is it approved by the Governing Board (GB)? b. Is the current System Architecture, including infrastructure, network and application components describing system linkages and dependencies, documented? c. Whether defined and documented Standard Operating Procedures (SOPs)/Policy for the following processes are in place. i. IT Assets Acquisition ii. Access Management iii. Change Management iv. Backup and Recovery v. Incident Management vi. Problem Management vii. Patch Management viii. Data Centre Operation .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... was undertaken. d. Is the review of processes to ensure data integrity post implementation of new application or system followed by implementation team? e. User awareness f. Processing of new feature request g. Fault reporting / tracking mechanism process for resolutions h. Testing of New releases / Bug-fixes Testing process (automation level) i. Version Control History, Change Management process etc. j. Development / Test/ Production environment Segregation k. New Release in Production Promotion, Release note approvals l. Production Issues / disruptions reported in the previous audit report, root cause analysis corrective actions taken, if any m. Software Development Stage n. Software Design to ensure adequate system capacity to enable functioning in a degraded manner in the event of a crash. o. Software Testing framework, methodology and process guideline p. Any other controls, as deemed fit, by the PCM 4.4. Data Communication/ Network Controls a. Network Administration Link, Path, Redundancy, No single point of failure, high availability, fault tolerance, Monitoring, breakdown resolution etc. b. WAN Management Connectivity provisions for business continuity. c. Connection Permi .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... through appropriate strategies including simulations, DR drills, system recovery, etc. 4.9. IT/Network Support IT Asset Management a. Utilization Monitoring including report of prior year utilization b. Capacity Planning including projection of business volumes c. Capacity and performance management process for the network/systems d. IT (S/W, H/W N/W) Assets, Licenses maintenance contracts e. Comprehensive review of Assets life cycle management (Acquisition, commissioning, deployment, monitoring, maintenance and de commissioning) and relevant records related to it. f. Insurance g. Disposal of Equipment, media, and other electronic waste as per applicable waste disposal guidelines etc. 4.10. Segregation of Data and Processing facilities The system auditor should check and comment on the segregation of data and processing facilities in case the member is also running other business. 5. Entity Specific Software used for or in support of trading/clearing systems / peripheral systems and critical processes. 6. Human Resources Management 6.1. Screening of Employee, Third party vendors / contractors 6.2. Onboarding 6.3. Offboarding 6.4. Consequence Management (Incident / Breach of polici .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

..... Corrective Actions proposed by auditor Deadline for the corrective action Management response in case of acceptance of associated risks Whether similar issue was observed in any of the previous 3 Audits (7) (8) (9) (10) (11) (12) (13) Description of relevant Table heads 1. Audit Period This indicates the period of audit 2. Description of findings/observations Description of the findings in sufficient details, referencing any accompanying evidence 3. Status/ Nature of Findings The category can be specified, for example: a. Non-compliant (Major/Minor) b. Work in progress c. Observation d. Suggestion 4. Risk Rating of finding - A rating has to be given for each of the observations based on its impact and severity to reflect the risk exposure as well as the suggested priority for action Rating Description HIGH Represents weakness in control with respect to threat(s) that is /are sufficiently capable and impacts asset (s) leading to regulatory non-compliance, significant financial, operational and reputational loss. These observations need to be addressed with utmost priority. MEDIUM Represents weakness in control with respect to threat(s) that is /are sufficiently capable and impacts a .....

X X   X X   Extracts   X X   X X

→ Full Text of the Document

X X   X X   Extracts   X X   X X

 

 

 

 

Quick Updates:Latest Updates

What's New:
    Latest Case Laws
What's New:
    Latest Notifications
What's New:
    Latest Circulars
H: Court said pay 20% of tax, not interest! Follow statutes for fair ruli...
C: Revised Monetary Limits for Adjudication of Show Cause Notices in Cent...
C: Release of foreign exchange for Miscellaneous Remittances
F: ITC on RCM - allowability
F: ITC eligibility on houseboat
C: Online submission of Form A2: Removal of limits on amount of remittance
H: Court rules no tax on software royalties to foreign resident, citing D...
H: Court clarifies no need to deduct tax on payments to non-residents. Pr...
H: High Court decision: Trust denied exemption due to filing error. Trust...
H: The Tribunal decided the property purchase right transfer as long-term...
H: Employees' foreign travel reimbursement is taxable. TDS liable to be d...
H: Appellate Tribunal rules in favor of assessee on income classification...
H: ITAT ruled no speculative transactions as actual delivery to buyer. In...
H: Society wins tax appeal! Tribunal says society exempt from sec.13 rule...
H: The tax tribunal overturned a decision to reassess a taxpayer based on...
H: Income from investments in non-cooperative banks not eligible for dedu...
H: High Court case on denial of cross-examination for supari classificati...
H: Tribunal boosts value of imported goods due to undervaluation alert, c...
H: In a customs case, penalties & confiscation found unjustified due to p...
H: Dispute over customs duty refund denied by tribunal. Appeal assessment...
F: GST implication on sale of coal
C: Reduction in denomination of debt securities and non-convertible redee...
N: Securities and Exchange Board of India (Mutual Funds) (Amendment) Regu...
F: Income tax return filling
A: PLACE OF SUPPLY OF GOODS TO UNREGISTERED PERSON UNDER SECTION 10(1) OF...
A: Revenue department cannot vivisect the business agreement to create demand
F: Wrong document submitted in response to SCN
A: MONETARY LIMIT FOR FILING APPEAL BEFORE TRIBUNAL, HIGH COURT AND SUPRE...
A: Navigate through the E-Register Trademark.
A: Legal heirs can be adjudicated for act or omission of deceased taxpayer