Скачать презентацию Auditing Brokerage Investment Activities Keith Wenk Senior Скачать презентацию Auditing Brokerage Investment Activities Keith Wenk Senior

48437cc385ea4467567b002c328e529d.ppt

  • Количество слайдов: 56

Auditing Brokerage & Investment Activities Keith Wenk Senior Manager Audit & Enterprise Risk Services Auditing Brokerage & Investment Activities Keith Wenk Senior Manager Audit & Enterprise Risk Services Deloitte & Touche

Agenda • Overview • Areas of Risk – – – – New Account Opening Agenda • Overview • Areas of Risk – – – – New Account Opening Client Transactions Clearance & Settlement Custody Account Monitoring Corporate Actions Securities Lending • Questions 1

Overview Overview

Overview Goals for the session: • Highlight risks and control activities related to various Overview Goals for the session: • Highlight risks and control activities related to various brokerage and investment activities • Discuss sampling and profiling ideas related to each of these activities • Audit procedures and strategy • Evaluate results to provide constructive comments 3

Overview (cont. ) Themes to focus on include: • Identifying populations of relevance in Overview (cont. ) Themes to focus on include: • Identifying populations of relevance in sampling populations – Look for ways to make better selections than trying to look for a needle in a haystack • Varying testing timing and procedures – Avoid typical audit schedules and selection dates 4

Overview (cont. ) Themes to focus on include (cont. ): • Efficient testing – Overview (cont. ) Themes to focus on include (cont. ): • Efficient testing – Leveraging time spent in various departments to address multiple issues • Utilizing technology to enhance audit procedures – Narrow large populations through data interrogation 5

Overview (cont. ) Errors Due to the current economic situation, the risk of error Overview (cont. ) Errors Due to the current economic situation, the risk of error is higher than ever, thanks to: – Corporate layoffs – Outsourcing – Early retirements (forced or otherwise) 6

Overview (cont. ) Fraud Similar to errors, the fraud risk has increased for the Overview (cont. ) Fraud Similar to errors, the fraud risk has increased for the same reasons Fraud committed to cover up errors is also a significant concern – Fear of losing job could cause error concealment 7

New Account Opening New Account Opening

New Accounts – Risks • Accounts are opened for non-existent clients • Account information New Accounts – Risks • Accounts are opened for non-existent clients • Account information is incomplete, not received at all, and/or inaccurate • Account opening is not properly authorized 9

New Accounts – Risks (cont. ) • Proper restrictions are not placed on the New Accounts – Risks (cont. ) • Proper restrictions are not placed on the account • The client name, address and instruction file are not kept current and becomes invalid 10

New Accounts – Key Controls • All new account information is prepared and approved New Accounts – Key Controls • All new account information is prepared and approved by management prior to trading • Is there a QA process as part of the controls that can be leveraged off of? • Focus on times of year when errors might be more likely to occur. • Confirm account information with client • Usually a process to mail new account information to client, have all controls in process been considered, including physical mailing? 11

New Accounts – Key Controls (cont. ) • Conditions requiring restrictions on accounts are New Accounts – Key Controls (cont. ) • Conditions requiring restrictions on accounts are identified • Consider which restrictions are critical, and actually test whether restriction was enforced • The accounts of officers and employees and their known relatives are identified so transactions in such accounts can be reviewed by designated personnel • Utilize technology to search through client addresses and compare to employees • Consider doing similar searches for name variations 12

New Accounts – Key Controls (cont. ) • Client authorized account information changes through New Accounts – Key Controls (cont. ) • Client authorized account information changes through a Letter of Approval (LOA) or other kind of approval • Should be a process to mail out letter, should be testing both mail and comparison of content to LOA • Search records for frequency of account information changes, using data interrogation 13

New Accounts – Key Controls (cont. ) • Client statements are periodically mailed or New Accounts – Key Controls (cont. ) • Client statements are periodically mailed or made available electronically unless requested by the client in writing and a designated official has approved the request • Vary timing of testing, avoid same time as last year or quarter ends • Actually compare statement data to client systems • Have you actually tested electronic statements for accuracy and delivery? • Hold mail accounts should receive additional focus 14

Client Transactions Client Transactions

Client Transactions – Risks • Orders are not legitimate client orders and/or not properly Client Transactions – Risks • Orders are not legitimate client orders and/or not properly authorized by clients • Orders are not properly or accurately recorded • Orders are not recorded in the proper period 16

Client Transactions – Risks (cont. ) • All orders are not accounted for and Client Transactions – Risks (cont. ) • All orders are not accounted for and data is not transferred completely and accurately to order entry systems • All orders are not properly executed 17

Client Transactions – Key Controls • Client statements are periodically mailed or made available Client Transactions – Key Controls • Client statements are periodically mailed or made available online • Narrow testing based on account characteristics using data mining – As of trades, accounts with significant trading before statement mailings • A number is assigned to orders when placed, and all numbers are accounted for • Have all types of trades been considered for testing? • Utilizes system testing for order number generation and tracking, IT auditor involvement 18

Client Transactions – Key Controls (cont) • Trade confirmations are generated for clients who Client Transactions – Key Controls (cont) • Trade confirmations are generated for clients who executed orders, including details of the trade • Is there client directed transactions and how are they documented? • Make selections and compare to documentation • Similar issues as those to other client information mailings 19

Client Transactions – Key Controls (cont) • Transactions cleared through clearing organizations (as indicated Client Transactions – Key Controls (cont) • Transactions cleared through clearing organizations (as indicated on the trade date blotter or other internal documents) are compared to contact sheets (clearing reports) from the clearing organizations • Need to design tests based how control operates – If a systematic pair off, need to test accuracy and completeness of the system • When testing trade break resolution, make sure that tests are done of both review control and actual resolution for accuracy 20

Clearance & Settlement Clearance & Settlement

Clearance & Settlement – Risks • All receipts and deliveries of securities and money Clearance & Settlement – Risks • All receipts and deliveries of securities and money are not recorded in the proper period • All receipts and deliveries of securities and money are not accurately recorded • Settled trades are not properly recorded in the books and records 22

Clearance & Settlement – Risks (cont. ) • Settled trades are not recorded in Clearance & Settlement – Risks (cont. ) • Settled trades are not recorded in the proper period • Transactions underlying failed trades or cash movements are not recorded correctly • Receipts and deliveries of securities and money are not for approved transactions • Securities underlying failed trades are not valued correctly 23

Clearance & Settlement – Key Controls • Pre-settlement trade activity for both money and Clearance & Settlement – Key Controls • Pre-settlement trade activity for both money and position are reconciled to the counterparty • Focus testing on higher volume days where items might be missed • Test for both evidence of review and actual performance of reconciliation 24

Clearance & Settlement – Key Controls (cont) • Daily movements of securities and money Clearance & Settlement – Key Controls (cont) • Daily movements of securities and money are balanced and responsibility for the clearance of out-of-balance positions is assigned to specific individuals who have no other duties related to any other aspects of securities processing • Frequency and size of out of balance amounts should be considered • Same position or account out of balance and constantly being “fixed”? 25

Clearance & Settlement – Key Controls (cont) • Accounts are reconciled for cash and Clearance & Settlement – Key Controls (cont) • Accounts are reconciled for cash and securities transactions on a daily basis and reconciling items are promptly investigated for timely resolution • Vary timing of testing and also people being tested • Specific levels of authorization must be obtained when executing cash and securities movements or wire transfers • Actually compare signatures to approval ranges • Use data mining to look for authorization level abuse or frequency of transactions by approvers 26

Custody Custody

Custody – Risks • Securities on hand are not controlled by physical means. • Custody – Risks • Securities on hand are not controlled by physical means. • Securities are not represented accurately by the Company’s records. 28

Custody – Key Controls • Access to areas containing securities is restricted to authorized Custody – Key Controls • Access to areas containing securities is restricted to authorized personnel, the cage and vault doors are kept locked at all times, and securities are maintained in a fireproof vault • Consider surprise inspections of security measures • Area where sometimes procedures are not enforced for “convenience” sake 29

Custody – Key Controls (cont. ) • A reconciliation is performed between the Company’s Custody – Key Controls (cont. ) • A reconciliation is performed between the Company’s records of positions and the physical securities on hand; any discrepancies are noted in a exception report • • Leverage off of physical counts already done? Make selections of exceptions from various counts Is there an aging of exceptions? Make selections of hard to count securities like limited partnership agreements 30

Custody – Key Controls (cont. ) • A reconciliation is performed for money and Custody – Key Controls (cont. ) • A reconciliation is performed for money and position per settlement and stock record/position systems to the clearing organizations and depositories • Usually an automated task, need to evaluate system controls • Vary dates, people and reconciliations • Look for duplicative correction entries • Client accounts are balanced with the stock record or trust position system • How are discrepancies addressed? 31

Account Monitoring Account Monitoring

Account Monitoring – Risks • Accounts are not maintained in accordance with policies, laws, Account Monitoring – Risks • Accounts are not maintained in accordance with policies, laws, and regulations. • Client accounts are not protected from unauthorized activities. 33

Account Monitoring – Key Controls • Fiduciaries are required to be registered with the Account Monitoring – Key Controls • Fiduciaries are required to be registered with the appropriate regulatory agencies. • Comparison of current clients to various state registrations of fiduciary • Ensure that employee trading activity is in accordance with applicable Company rules and regulatory standards. • Compare employee holding and trading to clients • Any non standard assets in common 34

Account Monitoring – Key Controls (cont) • Review client account documentation to ensure all Account Monitoring – Key Controls (cont) • Review client account documentation to ensure all proper documentation is on file. • Consider restriction changes • Documentation that needs to be renewed (W-8) • Narrow down selections based on account attributes • Monitoring and review of the transactions in client accounts is performed by authorized personnel. • Leverage information obtained to narrow areas of focus in other areas • As of trades, hold mail accounts, large account value swings, negative account values, complaints 35

Account Monitoring – Key Controls (cont) • Computer systems protect information through password restricted Account Monitoring – Key Controls (cont) • Computer systems protect information through password restricted functionality depending on the user. • Need to utilize system auditors • Consider using test accounts to devise different access scenarios • Inactive accounts are monitored or reviewed for suspicious activity. • How are inactive accounts identified? • Zero balance accounts with hold mail 36

Corporate Actions Corporate Actions

Corporate Actions There are two sub categories related to corporate actions: • Instruction Processing Corporate Actions There are two sub categories related to corporate actions: • Instruction Processing • Transaction Processing and Accounting 38

CA Instruction Processing – Risks • All incoming corporate action notices are not retrieved CA Instruction Processing – Risks • All incoming corporate action notices are not retrieved and recorded. • Corporate actions are not recorded in the proper period. • Recorded corporate actions are not valid and/or accurate. 39

CA Instruction Processing – Risks (cont. ) • Securities database is not properly updated CA Instruction Processing – Risks (cont. ) • Securities database is not properly updated to reflect activity. • Incoming and outgoing instructions on securities transactions are not validated, documented and/or traced prior to submission to depositories on a timely basis. • Client securities are used to participate in expiring offers without valid client instruction. 40

CA Instruction Processing – Key Controls • Information is subject to supervisory review/approval. • CA Instruction Processing – Key Controls • Information is subject to supervisory review/approval. • Is there procedure to compare notice to action? • Compare employee holdings to actions worked on • Procedures for timely revision/updating of existing announcements are in place. • Is support for history of action reviewed? 41

CA Instruction Processing – Key Controls • Comparison of multiple information feeds is performed CA Instruction Processing – Key Controls • Comparison of multiple information feeds is performed to identify and report illogical or missing data. • Utilize system auditors as usually automated process • The Company performs a manual review of reports that are produced by the reorganization system detailing all adjustments made. • Do adjustments have supporting information • Look at frequency of adjustments for areas of focus 42

CA Instruction Processing – Key Controls • Validation of client position vs. instructions to CA Instruction Processing – Key Controls • Validation of client position vs. instructions to ensure that clients are long the security (or securities). • Data mining to identify accounts that receive action without positions • Comparison of actions to employee accounts • Management reviews the action files to ensure proper documentation is maintained upon file completion. • Make sure the files are complete, not just evidence of review 43

CA Transaction Processing - Risks • All cash receipts and disbursements of dividends and CA Transaction Processing - Risks • All cash receipts and disbursements of dividends and interest receivable payable are not valid and/or properly recorded. • Dividend and interest receipts and disbursements are not properly valued and/or accurately recorded on a timely basis. 44

CA Transaction Processing – Risks (cont. ) • Dividend and interest receipts and disbursements CA Transaction Processing – Risks (cont. ) • Dividend and interest receipts and disbursements are not recorded in the proper period. • All movement in securities are not recorded in the stock record or trust position system in the current period. 45

CA Transaction Processing – Risks (cont. ) • The stock record or trust position CA Transaction Processing – Risks (cont. ) • The stock record or trust position system does not accurately reflects the movement of securities to/from accounts. 46

CA Transaction Processing – Key Controls • All departmental accounts are reconciled daily. • CA Transaction Processing – Key Controls • All departmental accounts are reconciled daily. • Reconciliation is performed and reviewed • Look for recurring reconciliation items • Look for recurring entries between operational accounts • Timely managerial/supervisory review and approval of critical functions. • Should be signoff authority levels 47

CA Transaction Processing – Key Controls • Management should review activity/exception reports in a CA Transaction Processing – Key Controls • Management should review activity/exception reports in a timely manner and ensure that the appropriate follow-up action has been taken to resolve discrepancies. • Does department switch up responsibilities for exception resolution? • Did management signify review, but resolution does not make sense? 48

Securities Lending Securities Lending

Securities Lending - Risks • Client documentation and approval is not obtained before lending Securities Lending - Risks • Client documentation and approval is not obtained before lending securities. • Transactions are not executed with approved counterparties. • Risk limits are not set and monitored by senior management 50

Securities Lending – Risks (cont. ) • All transactions are not entered into trading Securities Lending – Risks (cont. ) • All transactions are not entered into trading systems completely, accurately and/or in the proper period. • All recorded transactions are not valid. • Underlying collateral is not appropriately valued. 51

Securities Lending – Key Controls • Client authorization is obtained and reviewed before client Securities Lending – Key Controls • Client authorization is obtained and reviewed before client securities are subject to lending. • Have all aspects been documented, including allowable collateral and agreed rates? • Client reporting of lending performed and collateral received? • Counterparties appear on the company’s authorized listing of acceptable counterparties in collateralized transactions. • Considered related parties when setting credit limits • Evidence that limits are distributed to employees 52

Securities Lending – Key Controls (cont. ) • Risk systems are set up to Securities Lending – Key Controls (cont. ) • Risk systems are set up to report when a breach of set risk limits has occurred. • How evidenced? • Systems updated with correct limits? • Who has access to update limits? • Collateralized trading systems are set up to allow only authorized trading personnel to enter trade information. • Utilize system auditors to test functionality 53

Securities Lending – Key Controls (cont. ) • Written confirmations received from counterparties are Securities Lending – Key Controls (cont. ) • Written confirmations received from counterparties are verified against internal records. Any differences are followed up on in a timely manner. • Narrow focus based on size of transactions and unusual rebate rates • Procedures used to value underlying positions are regularly reviewed to determine if the methodology used is appropriate. • Should be a automated process, system control focus • Look for manual price adjustments 54

Questions Keith Wenk kwenk@deloitte. com (415) 783 -4186 Questions Keith Wenk [email protected] com (415) 783 -4186