SEBI has issued a consultation paper seeking public feedback on creating an online monitoring system for stock broker audits. The proposed web-based portal would enable stock exchanges to oversee system audits in real-time, ensuring quality audits and that auditors physically visit broker premises. The framework aims to address issues such as poor audit quality, non-qualified auditors, and lack of oversight during the audit lifecycle. Currently, system audits are conducted without physical visits or adequate evidence, leading to inconsistencies. The new system will monitor audit activities, improve auditor accountability, and provide a platform for auditors to submit reports and evidence digitally. The proposal includes enhancing the auditor’s responsibilities, setting up criteria for auditor qualifications, and enabling exchanges to track and supervise audits. The consultation is open for public comments until December 26, 2024, with the goal of strengthening the system audit process and ensuring that audits meet regulatory standards.
Securities and Exchange Board of India
Consultation Paper on Online Monitoring of System Audit of Stock Brokers
Dec 03, 2024| Reports : Reports for Public Comments
Click here to provide your comments
Page Contents
1. Objective
1.1. The objective of this consultation paper is to seek comments from public on proposal of creating online monitoring and supervision mechanism (web based portal) by stock exchanges to monitor system audit process of stock brokers on concurrent basis.
1.2. The proposed framework seeks:
♦ to enhance the quality of the audit and to make the auditor more responsible for the system audit,
♦ to ensure that auditor is physically visiting stock broker’s premises to check IT systems and not outsourcing the audit activity,
♦ to enable auditors to submit audit evidences, audit report, ATR etc., through web portal for speedy processing, to cover technical glitch related aspects in system audit etc.
2. Background
2.1. SEBI vide circular dated November 06, 2013 laid down the framework for conducting the System audit of stock brokers. The said framework specified the frequency of the system audit based on the Categorisation of stock broker’s usage of the technology. Further, the Terms of Reference (ToR) also varies based on the said Categorisation and risk emanating from the usage of technology. Further, in consultation with exchanges, SEBI has also standardised the ToR of the audit across the market. Hence the elaborative risk based framework for the system audit of the stock brokers has already been in place from November 2013. The applicability of the frequency of system audit for stock brokers as per existing provisions is as under:
| Frequency of system audit | No. of stock brokers |
| Half Yearly (stock broker providing Algo trading facility) | 419 |
| Yearly (stock broker using CTCL/NNF and is depository participant) | 266 |
| Once in Two Years (stock broker using CTCL/NNF and is not depository participant) | 86 |
| Not Applicable (not required to conduct system audit) (stock broker using Exchange provided Terminals & ASP) | 418 |
| Total | 1189 |
2.2. Based on the audit reports analysed by exchanges as well as SEBI, following risk/gaps are observed in the life cycle of the system audit of Stock brokers:
2.2.1. System audits are carried out without the physical visits to the premises of stock brokers.
2.2.2. The poor quality of the system audit due to inadequate samples and the types of the audit evidences riled upon.
2.2.3. System audit is being conducted by non-qualified auditors.
2.2.4. Nonexistence of independent source for verification, monitoring and supervision of the process of pre-audit, during the audit and the post-audit.
2.3. Therefore, it is felt that the close monitoring and supervision of system audit by exchanges is required in order to further strengthen the process of carrying out the audit, the quality of the audit findings and required depth while conducting the audit. Hence, it has been decided to carry out the comprehensive review of audit process to align it with regulatory intent and encompass certain regulatory aspects with regard to technology and systems of stock brokers.
3. Need for online monitoring and supervision
3.1. In order to improve the overall audit process, to enhance the quality of the audit and to make the auditor more responsible for the system audit of the stock brokers, the online mechanism would become pre requisite to reach out to the large number of auditors and stock brokers.
3.2. The online monitoring and supervisory framework for conducting system audit ensure that the audit is conducted in a manner prescribed including overseeing of the evidence relied upon by the auditor and to having complete visibility on system audit life cycle of stock broker.
3.3. The proposed online mechanism will ensure that the auditor has verified the required IT infrastructure personally and verified the systems before submitting the audit report.
3.4. The proposed online monitoring mechanism will enhance reach of the exchanges to identify the deficiencies in the audit process before the completion of audit and also enable them to interact with the auditor during the audit process.
3.5. The proposed framework will also create the independent source (i.e. stock exchanges) for monitoring and supervision of the system audit of the stock brokers.
4. Proposed Framework
The proposed monitoring and supervision framework for the system audit of stock brokers shall include provisions w.r.t. online mechanism to be developed by stock exchanges for conducting system audit, monitoring of entire audit process through the said online mechanism, enhanced requirement for auditor, empanelment provisions etc. The proposed draft framework of monitoring and supervision of the system audit of stock brokers is provided in Annexure A.
4.1. Applicability of the provisions:
The provisions will be applicable to all the stock brokers who would be required to carry out the system audit as per the SEBI circular dated November 06, 2013.
4.2. Summary of the framework:
i. The proposed framework will enable exchanges to monitor and supervise the system audit through online web portal. The exchanges would be required to develop web portal for monitoring and supervising the process of system audit of stock brokers.
ii. The proposed framework inter-alia includes appointment of the auditor, process being followed by auditor, submission of the audit report and ATR etc. The framework ensure that the audit process take place through the web portal developed by stock exchanges.
iii. The proposed framework ensures that only the authorised auditor or the authorised partners in the audit firm would carry out the audit by physical visits at the premises of the stock brokers which will be supervised by exchanges.
iv. The proposed framework laid down enhanced obligation on system auditor to verify certain key technology aspects.
v. Stock exchanges shall lay down the eligibility criteria for empanelment of the system auditors with focus on qualification of auditors (rather than audit firm) and prescribe additional eligibility criteria for the system auditors of Qualified Stock Brokers (QSBs).
5. Public Comments
5.1 The comments are invited on the proposals mentioned in the consultation paper. The comments/ suggestions should be submitted latest by December 26, 2024, through the following link: https://www.sebi.gov.in/sebiweb/publiccommentv2/PublicCommentAction.do?doPublicComments=yes
5.2 In case of any technical issue in submitting your comment through web based public comments form, you may write to [email protected] with the subject: “Public comments on Proposed Provisions for online monitoring of system audit of stock brokers.”
General Manager
Technology, Process Re-engineering, Data Analytics Division (TPD)
Market Intermediaries Regulations and Supervision Department
Securities and Exchange Board of India
SEBI Bhavan II, Plot No. C-7, “G” Block, Bandra Kurla Complex
Bandra (East), Mumbai – 400 051
Issued on: December 03, 2024
Annexure A
DRAFT CIRCULAR
SEBI/HO/MIRSD/TPD/P/CIR/2024/XXX
December 03, 2024
To,
All Stock Exchanges
All Stock Brokers
Dear Sir / Madam,
Framework for Monitoring and Supervision of System Audit of Stock Brokers (SBs) through technology based measures.
1. SEBI vide Master Circular No. SEBI/HO/MRD2/PoD-2/CIR/P/2023/171 dated October 16, 2023 in Clause 8.2 of Chapter 2 has specified the comprehensive framework for System Audit for Stock Brokers (SBs)/Trading Members (TMs). Considering the complexities of technology and system used by stock brokers and emanating technology risk thereof, there is a need to further strengthen the system audit framework. Therefore, it has been decided to introduce technology based mechanism to monitor and supervise the way in which the system audits are conducted and to prescribe eligibility criteria for the empanelment of auditors to ensure that audits are conducted in a stipulated manner.
2. Based on the discussions with Stock Exchanges (SEs) and Technical Advisory Committee (TAC) of SEBI as well as in Intermediary Advisory Committee (IAC) wherein representative of ICAI was also invited, the following guidelines are prescribed for the conduct of system audit of SBs.
3. Monitoring and Supervision of System Audit process through online mechanism:
3.1 Stock Exchanges shall develop web portal/ web based platform and create technology based mechanisms to monitor and supervise the entire system audit lifecycle of a stock broker.
3.2 Stock Exchanges shall monitor process of carrying out of system audit of SBs through online monitoring mechanism. As part of the monitoring mechanism, exchanges shall capture the geo location of the auditor to ensure that physical visit is carried out by auditor in the premises of the stock broker.
3.3 The web based monitoring & supervision framework shall be accessed by the auditor during the audit. Exchanges shall ensure that only the authorized auditor or person of the audit firm shall have access to the web portal while conducting audit through secure OTP mechanism.
4. Standardization System Audit Process and Audit Report
Pre audit requirements:
4.1 In order to ensure that the appointed auditor conducts the audit, Stock Exchanges shall monitor the process of carrying out of system audit through web portal in following manner:
4.2 SBs are mandated to provide following details through web portal before the commencement of system audit:
– Details of audit members such as name, address, registration no., membership no., PAN, qualification, mobile number etc.
– Date of appointment of auditor, period of audit, copy of auditor appointment letter.
– Audit plan including proposed dates for physical visit by auditor, list of proposed coverage of IT systems/processes,
– SBs/TMs name, address, PAN, SEBI registration no. etc.
Requirements during the audit:
4.3 During every visit to the SBs’ premises, auditor shall log in to the web portal of the exchange from SBs’ location. The log in shall be enabled only to authorized auditor through secured mechanism such as OTP on mobile device of the auditor.
4.4 Web portal shall capture the geo location of the auditor to confirm physical visits by the auditor.
4.5 During audit, the auditor shall provide following details through online web portal:
– Audit start date, Date of visit, entry time, exit time, audit team members visited, person with whom interacted, details of systems covered, audit end date etc.
– Evidence shall be collected by inspecting physical assets, records/documents, testing of relevant systems, system generated reports etc.
– To start with, system auditor is required to submit audit evidence on web portal in case of audit of QSBs.
4.6 Exchanges shall define parameters of system audit for which evidence is required to be uploaded by the auditor.
4.7 Exchanges shall conduct surprise visit to the premises of QSBs to verify the audit being actually carried out by authorized auditor or authorize persons of audit firm. The exchanges may explore the possibilities of surprise visit to other SBs on a sample basis.
4.8 The system auditor shall carry out offsite assessments of the virtual assets provided by third party vendors (cloud services – SaaS, PaaS, IaaS etc.). SBs/TMs shall obtain SOC-II compliance from vendors and provide it to the auditor. Exchanges may also prescribe suitable certification/compliance to be obtained from third-party vendors and maintained by SBs/TMs.
Post audit requirements
4.9 Stock Exchanges shall define standardized template for the system audit report in order to maintain uniformity of audit reports across SBs/TMs. The standardised template of the audit report shall be made available on the web portal which can be filled up by the auditor and submit it to SBs/TMs through the web portal.
4.10 The system audit report shall be comprehensive and shall include all areas pertaining to system and technology used by SBs including details of locations/sites covered, IT infrastructure/applications, systems covered during audit, ddistribution of critical and non-critical IT systems, internal and external systems, sample size chosen, criteria used to choose it, the percentage of the total that was chosen as a sample etc.
4.11 The system audit report and the Action Taken Report (ATR) shall be submitted to Exchanges through web portal. The ATR shall be validated by the same auditor who has carried out the system audit.
4.12 QSBs are mandated to submit the system audit report and the ATR to Stock Exchanges after approval from their respective Governing Board and Standing Committee on Technology (SCOT) or equivalent Technology Committee (TC). Other SBs/TMs are mandated to submit the system audit report and the ATR to Stock Exchanges on approval of Proprietor/Partner or equivalent responsible official through SCOT or TC.
5. Framework for Empanelment of System Auditors
5.1 Appointment of Auditor: Stock Exchanges are required to empanel system auditors. The eligibility criteria for such empanelment shall be prescribed such as qualification, experience, minimum no. of partners required in an audit firm, minimum experience of conducting audits required for the auditor, minimum no. of skilled employees required etc. and norms for de-empanelment. The eligibility criteria shall emphasized on the experience and qualification of auditors rather than only on the experience of the audit firm. The list of the empaneled auditors shall be made available on the web portal.
5.2 Stock exchanges shall ensure that auditor so appointed shall be independent and do not have any conflict of interest with stock brokers. To address the conflict of interest and to ensure quality in the audit report, exchange shall put in place maximum ceiling on the appointment or reappointment of an auditor.
5.3 Exchanges shall ensure rationalization and standardization of the cost of the conducting system audit from empaneled system auditor considering the large number of SBs and the frequency of the audit requirement.
5.4 Exchanges shall prescribe the additional criteria for empanelment of system auditor for QSBs.
5.5 Re-appointment of auditor: After carrying out three consecutive audits, cooling off period of 2 years may be prescribed for reappointment of the auditor. Monitoring of compliance of this provision shall be done by stock exchanges through web portal.
5.6 Reassessment of audit: Exchanges shall define the critical audit area and place them in the online web portal. The reassessment shall be carried out by the same system auditor if gaps/deficiencies are found in such critical areas of system audit. Further, such reassessment shall also be carried out by such auditor in case of other stock brokers where he has conducted the audit.
5.7 De-empanelment: In case it is observed by stock exchanges that auditor has not done audit prudently or gaps/deficiencies are found in audit report repeatedly, exchanges shall de-empanel such auditor and also refer such matters to the National Financial Reporting Authority (NFRA)/ICAI/ISACA, as applicable for appropriate action against such auditor.
6. Enhanced obligation on the system auditor
6.1 Considering the extensive use of technology by the stock brokers, the system auditor shall verify the following aspects during the audit:
– Reporting of all technical glitches occurred in the system of SBs to the exchanges as per the requirements.
– Remedial steps taken by SBs to resolve technical glitches occurred in past 1 year
– Capacity planning in proportion to increase in clients/turnover etc.
– Software testing and change management/patch management as per
prescribed guidelines (including OMS/RMS systems provided by vendors)
– Implementation of Logging and Monitoring Mechanism (LAMA) to detect technical glitches as prescribed by exchanges in the technical glitch framework. Preservation of logs of LAMA parameters for the prescribed period
– Servers/applications used for placing the orders or routing such orders to exchange are located at SBs’ premise.
– Compliance with the requirements of DR site and conducting live DR drill etc.
7. Other due diligence by Stock Exchanges:
7.1 Exchanges shall carry out due diligence to ensure authenticity of the system audit report. In addition to the same, the system audit report submitted by SB/TM shall be validated against the last submitted report.
7.2 Exchanges may discuss the findings of the system audit of QSBs with the auditor after submission of audit report.
7.3 Stock Exchanges shall prescribe financial disincentive on SBs for instances where serious lacunas found in the system audit process and/or non-closure of observations found during the audit within defined timelines.
7.4 Exchanges shall prescribe the period for preservation of documents such as working papers, logs, screenshots, records of visit to the premises of the entity and other evidence in support of the audit.
7.5 Stock Exchanges are mandated to submit summary of system audits of SBs/TMs to SEBI on half yearly basis giving details of stock brokers who have carried out the audit, action taken on non-compliant stock brokers, details of surprise visits carried and findings thereof, action taken on the auditor if any etc.
8. The web portal shall be developed by stock exchanges within six months from the issuance of this circular. Exchanges to ensure availability of adequate resources in terms of technology and manpower for implementation, adherence and support of requirements.
9. The proposed framework for Monitoring and Supervision of the System Audit of the Stock Brokers (SBs) through technology based measures shall come into force for the audit period FY 2025-26.
10. This circular is being issued in exercise of the powers conferred by Section 11(1) of Securities and Exchange Board of India Act, 1992 to protect the interest of investors in securities market and to promote the development of, and to regulate the securities market.
Yours faithfully,
Vishal Padole
General Manager
Market Intermediaries Regulation and Supervision Department
Email: [email protected]
