Depository Participant audit

This query is : Resolved

Querist : Anonymous

Querist : Anonymous (Querist)

07 May 2011 Hello guys!

If there is any sort of audit programme available or check list available on DP audit, plz share the same.

Thanx

CS Bijoy

CS Bijoy (Expert)
Follow

16 May 2011 Check list for auditing of Depository Participant are pointed below:

I. Audit of Organisational Structure :

1. Whether the Participant has adequate infrastructure, including staff, commensurate with the level of activity.

2. Whether the organisational structure is such that the accountability, proper role definitions and segregation of duties are in place.

3. Whether organisational structure and level of supervision are adequate for the number of branches/franchisees and the number of client accounts handled.

4. Whether there is effective system/procedure in place to keep the management informed about exceptional events like problems in hardware or any component of hardware/software, back-up, UPS telephone line, reduction in space to business ratio, staff to business ratio, reducing hard-disk space, decreasing speed of machine, etc.

5 Whether there is effective system/procedure to report exceptional transaction-related issue, like failure in delivery instruction, failure of transaction leading to auction of clients, delay in confirmation to clients, loss of certificates sent for Demat, complaints from clients that they have not received credit for the securities etc. ? Describe the same.

6 Whether there is a system/procedure for reporting attempted frauds, misappropriation of securities, etc., by clients or by any employee of the participant/franchisee. Describe the same.

II. Audit of DPM Operations :

1. Whether back-up is taken on a daily basis as per the procedure prescribed by NSDL and whether a second copy of the back-up tapes is stored at a remote site away from the operational site.

2. Whether Emergency Repair Disk is created fortnightly or immediately after any hardware/software configuration changes made in the server, whichever is earlier. (Circular No. NSDL/PI/2002/1262 dated July 29, 2002)

3. Whether back-up of RAID Controller Configuration taken on monthly basis or immediately after disk/raid controller repairs/upgrade is made, whichever is earlier. (Circular No. NSDL/PI/2002/1262 dated July 29, 2002)

4. Whether back-up of Speed-e-downloads (including digital signature) taken and a copy of the same is sent to remote site.

5. Whether the procedure and frequency of download and upload of response file from the Speed-e-server as per NSDL requirements (at least-times in a day).

6. Whether the DPM system is working satisfactorily without any downtime and whether systems’ support for its hardware is available at all times from its vendors.

7. Whether size of the equipment/memory /disk-space, back-up tapes, etc., is maintained in relation to level of business operations.

8. Whether all the equipments are under appropriate AMC/warranty.

9. Whether the variable access scheme as suggested by NSDL (association of DPM user to proper groups, rights given to user groups as per the requirements, maker-checker concept) has been put into operation.

10. Whether alternative method of communication with NSDL, namely, dial-up, is working or not.

11. Whether the DPM system is physically and logically well protected from unauthorised access.

12. Whether anti-virus software is loaded/upgraded from time to time on the DPM system.

13. Whether the Circulars and other information sent by NSDL on the MS Exchange is read regularly.

14. Whether any external software other than the DPM software, SQL, Windows NT, Internet Explorer, MS Exchange or any other software specifically permitted by NSDL is found loaded on the DPM system.

15. Whether the DPM system is connected to LAN/WAN of the Participant with the permission of relevant authorities.

III. Audit of Account opening procedures :

1. Whether proof of identity and residence is collected as per NSDL requirements. (Circular No. NSDL/PI/2000/1394 dated April 09, 2000)

2. Whether necessary documents are collected from clients such as corporates, NRIs, OCBs, FIIs, etc.

3. Whether necessary documents are collected from Speed-e users at the time of opening Speed-e account, resetting password, adding pre-notified accounts, etc.

4. Whether the procedure for dispatch of the smart card and the PIN (in case of Speed-e users) is diligently followed by the DP, i.e., sending the smart card and the PIN separately.

5. Whether DP has maintained the records in its internal database with respect to details of Speed-e application forms as per NSDL requirements.

6. Whether an agreement is executed with every client.

7. Whether the client is given copy of the agreement and the schedule of charges.

8. Whether there is a system in place to ensure that the client accounts are not opened in the name of the partnership firm, proprietorship firm or in the name of HUF.

9. Whether the client signature has been appropriately stored in physical form and scanned into the system.

10. Whether the data entry in the system is strictly and completely in accordance with the information furnished by the client in the account opening form and as per NSDL requirements.

11. Whether there is adequate mechanism to ensure that all the account opening forms accepted are in fact entered in the DPM system and the client is given the client ID only after account comes in ‘Active’ status. (Circular No. NSDL/PI/98/583 dated November 18, 1998)

12. Whether there is a mechanism in place to ensure that the changes in the demographic details are updated in the DPM system (say, for change of address, etc.) based on proper authorisation and only after collecting new proof of address from the client.

13. Whether the procedure followed for opening the accounts and servicing illiterate person followed as per NSDL requirements. (Circular No. NSDL/PI/2000/0709 dated May 03, 2002)

14. Whether any supplementary agreement/ letter of confirmation, etc. is executed in addition to standard DP Client agreement.

15. Whether adequate documents maintained for closure/freezing/unfreezing of client account. This included the procedure followed by the Participant in respect of accounts, which did not have any balance at the time of closing the account.

IV. Audit of Demat request :

1. Whether there is a system/procedure in place to prevent acceptance of securities, which are not admitted to NSDL system.

2. Whether Demat requests received are sent to the registrars within seven days from date of receipt of the request from the client at branch/franchisee/collection centre or controlling office.

3. Whether there is a system in place, which ensures that certificates are sent by the Participant to the correct address of the registrar/company.

4. Whether there is a system/procedure in place to inform the client in case of rejection of Demat request.

5. Whether there is a system/procedure in place for mutilating/defacing certificates in the prescribed manner received for Dematerialisation.

6. Whether there is a provision for safekeeping the securities received until they are dispatched to Issuer/Registrar & Transfer Agent.

7. Whether there is a system in place to analyse the exact reasons for Demat rejections and Demat delays and taking corrective actions, especially, when the rejects or delays were attributable to the participant.

V. Audit of Delivery Instructions :

1. Whether and how all the clients have been informed of the schedule of acceptance deadlines for delivery instructions.

2. Whether there is a system in place to date and time stamp all the delivery instructions received from the clients on both the Participant copy and the client copy.

3. Whether there is a system in place to suitably stamp the delivery instructions received beyond the aforementioned deadlines as received at clients’ risk and would be executed on a best-effort basis.

4. Whether the delivery instruction slips issued to clients (including inter-depository transfer instruction slips) have pre-stamped client ID and pre-printed serial number and there is control over issue of instruction slips to the clients.

5. Whether delivery instruction booklets are issued to the clients based on the requisition slips only.

6. Whether loose delivery instruction slips are issued to the clients? If yes, what is the procedure? (Circular No. NSDL /PI/2000/341, dated March 24, 2000 and NSDL/PI/2000/499, dated April 18, 2000)

7. Whether there is control over blank instruction booklets.

8. Whether there is control over instruction slip number at the time of acceptance from the clients? If yes, whether the slip number validation is done manually or in back-office software.

9. Whether adequate information is made available to clients on DP-IDs, ISINs, Corporate Action details, etc.

10. Whether the client instructions are being executed in DPM system as per the execution date given by the clients.

11. Whether there is a system in place to monitor successful execution of instructions keyed in the DPM system.

12. Whether the instructions are executed as per the delivery instruction form given by the client. The Participant should also verify the signature of the client and fully satisfy itself that instruction is indeed given by the client himself.

13. Whether adequate measures have been taken to protect the Participant in case fax instructions are accepted. Whether it is ensured that the original instructions are collected and there is a method in place to prevent the double execution of the same instruction.

14. Whether there is system in place to inform the client in case of failed instructions. If yes, describe the same.

15. Whether there is a system/procedure in place to rectify erroneous transfers done by the Participant or any other Participant ? If yes, describe the same.

16. If the Participant is accepting delivery instructions accompanied by computer printouts from the Clearing Member/Client, whether the conditions prescribed for such acceptance are being met.

VI. Back office software :

1. Whether DP uses the back-office software for the purpose of depository related activities.

2. What activities are carried out in the back office with respect to depository related activities ? (E.g., data entry with respect to Account opening, Demat, remat/repurchase, settlement, pledge, Stock Lending and Borrowing, Statement of Transaction, etc.)

3. Whether there is a stationery control (slip number validation) in the back office with respect to the following :

Record of issuance of delivery instruction slips to the clients including issuance by branches, if any;

Receipt and processing of instruction slips received from clients;

Provision for blocking of instruction slip numbers, which are already used or reported lost/misplaced/stolen.

4. Whether Statements of Transaction are (or any other reports like client master report, etc.) sent from the back office ? If yes, whether the details of the same matches with statement or report generated from DPM.

5. Whether back office (including website) is updated regularly for the transactions done on the DPM.

6. Whether the back-up of data residing in back office (or any data maintained in electronic form) with respect to depository operations is taken daily.

Message likes : 2 times