Our client, a leading broker, engaged us to assess the likelihood a fraud could occur, with the current level of security between the trading systems used in their front and back office.
We provided the organisation with specialist audit services to provide assurance against fraud. This review focused on the areas as outlined below.
- IT Security policies, standards and procedures were analysed for gaps.
- Reviewed the logical security in place on the trading systems used in the Front and Back Office.
- Analysed the network in order to ensure restricted access to programs, data, and other information resources.
- Checked the trading systems for adequate controls relating to approval of trading tickets.
- Analysed access to sensitive data.
- Physical security of the trading room, servers and back office were assessed.
- Segregation of duties was analysed with respect to access to the key applications.
- In order to strengthen the segregation of duties controls, it was recommended that the number of users with access to both key systems should be reviewed and limited only to users who require this access for their daily tasks.
- Where possible, a more integrated solution to the key systems should be introduced.
- A new access control system should be introduced into the trading room that will aid administration and allow management to easily see who can access the room.
- Management should review all accounts that have the facility to change users’ roles and satisfy themselves that this high level of access is appropriate.
- A review of all accounts should occur periodically and accounts that are no longer needed should be removed. Accounts that will be required later (longer term), should be disabled until required.