The Securities Exchange Board of India (SEBI) stated recently that system audits of mutual funds in India must be conducted by CISA/CISM-certified (or equivalent) auditors. ISACA, a global association of 86,000 IT and business professionals and a provider of IT knowledge and certifications, believes that this is a crucial step undertaken by SEBI, considering the importance of systems audit in the technology-driven asset management activity.
ISACA administers the globally respected Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) designations, as well as the newer Certified in the Governance of Enterprise IT (CGEIT) credential.
Avinash Kadam, past international vice president of ISACA, commented, This is a welcome step taken by SEBI to protect the interests of the investors in mutual funds. There is very high dependency on information technology in the financial sector.
Mandatory audits of systems and processes will bring transparency in the complex workings of mutual funds, prove integrity of the transactions and build confidence among the stakeholders.
According to ISACA, the step will be beneficial as it requires a comprehensive audit of systems and processes related to examinations of the integration of the front office system with the back office system.
The audit will also involve the examination of fund accounting systems for calculation of net asset values, financial accounting and reporting system for the AMC, unit-holder administration and servicing systems for customer service, funds flow process, system processes for meeting regulatory requirements, prudential investment limits and access rights to systems interface.
Accordingly, these systems audits will be conducted once every two years. A systems audit report and compliance status will be presented before the trustees of the mutual fund. The systems audit report/findings, along with trustee comments, are to be communicated to SEBI.