According to a recent circular from the Indian market regulator security exchange board of India (SEBI), mutual fund companies should conduct regular systems audits by an independent CISA/CISM qualified or equivalent auditor. Certified information systems auditor CISA) and certified information security manager (CISM) designations are globally respected information systems (IS) audit certifications from ISACA.
The circular further advises mutual fund organizations to conduct systems audit once in two years. Such system audit reports and compliance status should also be approved by the mutual fund company's trustees.
This is a welcome step by SEBI, considering the Indian financial sector's high dependence on information technology. The circular recommends that the systems audit should be comprehensive, encompassing various aspects such as audit of systems and processes related to integration of front office systems with the back office. The audit should also cover fund accounting systems for calculation of net asset values, financial accounting and reporting system for the asset management company, unit-holder administration and servicing systems for customer service, funds flow process, system processes for meeting regulatory requirements, prudential investment limits, and access rights to systems interfaces.
The systems audit report/findings along with trustee comments should be communicated to SEBI. For the financial year April 2008 - March 2010, the systems audit should be completed by September 30, 2010, the circular recommends.