The following guidelines shall be prescribed for the conduct of system audit of Stock Brokers (SBs).
Monitoring and Supervision of System Audit process through online mechanism:
Stock Exchanges shall establish a web-based platform to oversee the system audit lifecycle of stock brokers. The platform shall track the audit process, capture the auditor’s geo-location to confirm physical visits, and ensure secure access for authorized auditors via OTP authentication.
Standardization System Audit Process and Audit Report:
Pre-Audit:
- Stock Exchanges shall monitor the audit process via a web portal.
- SBs must provide auditor details, appointment letter, audit period, and audit plan, including proposed physical visit dates and IT systems coverage.
During Audit:
- Auditors must log in to the exchange’s web portal from the SB’s location via OTP authentication.
- The web portal shall capture the auditor’s geo-location to confirm physical visits.
- Auditors must update visit details, including entry/exit time, interactions, and systems covered.
- Evidence collection shall include inspecting physical assets, records, and system-generated reports.
- Exchanges may conduct surprise visits for QSBs and sample SBs.
- Auditors shall assess third-party virtual assets, and SBs must provide SOC-II compliance or other prescribed certifications.
Post-Audit:
- Exchanges shall provide a standardized audit report template for uniformity.
- The system audit report must cover IT infrastructure, systems audited, sample size, and methodology.
- The audit report and Action Taken Report (ATR) shall be submitted via the web portal.
- QSBs must get prior approval from their Governing Board and SCOT/TC before submission, while other SBs require approval from an authorized official.
Framework for Empanelment of System Auditors:
Appointment & Eligibility:
- Stock Exchanges shall empanel system auditors based on prescribed criteria, focusing on auditor qualifications, experience, firm size, and skilled personnel.
- The empaneled auditors list shall be available on the web portal.
Independence & Conflict of Interest:
- Auditors must remain independent, with a cap on appointments/reappointments to prevent conflicts and ensure audit quality.
Audit Cost Standardization:
- Exchanges, in consultation with SEBI, shall issue guidelines for audit cost rationalization based on factors like clients, turnover, and IT infrastructure.
Empanelment for QSB Audits:
- Additional criteria shall be prescribed for system auditors auditing QSBs.
Reappointment & Cooling-off Period:
- Auditors can serve for three consecutive years, followed by a two-year cooling-off period. Compliance shall be monitored via the web portal.
Reassessment of Audit:
- Critical audit areas shall be identified on the web portal, and reassessment shall be conducted by the same auditor if deficiencies are found.
De-empanelment:
- Auditors with repeated deficiencies shall be de-empaneled, and their cases may be referred to NFRA/ICAI/ISACA for action.
The web portal shall be developed by stock exchanges within six months from the issuance of this circular. Exchanges to ensure availability of adequate resources in terms of technology and manpower for implementation, adherence and support of requirements.
The proposed framework for Monitoring and Supervision of the System Audit of the Stock Brokers (SBs) through technology based measures shall come into force for the audit period FY 2025-26.
About the Author
