Internal Auditing in the Capital Market

?????INTERNAL AUDIT & CONTROL ACTIVITY IN A CAPITAL MARKET FIRM

?

Table of Contents

Expectations of an Internal Audit Manager in a Capital Market Firm.

What do Capital Market Firms do?

The glossary of key terms used in the Capital Market

The Risk faced by firms in the Capital Market

Internal Audit Preliminary Reviews & Risk Assessment.

?

?

?Expectations of an Internal Audit Manager in a Capital Market Firm.

??????????????????????????????????????????????JD-001

Own and understand end-to-end business processes for an audit, independently assess the risks and design audit plan.

Perform detailed first level of review of all audit workpapers, planning and fieldwork, and prepare for second level of director review. Provide timely project evaluation to staff.

Supervise audit project day-to-day audit activities, understand and interact with business, coordinate with other audit teams, and be accountable for timely completion of project deliverables and milestones.

Draft audit report and auditing findings, and vet the issues with issue owner. Effectively communicate testing results to stakeholders and explain exceptions.

Add value to business management on current or emerging risk, control, and governance matters.

Monitor management's remediation of identified issues and test the effectiveness of the remediation.

Assist in design portfolio coverage approach, perform quarter business monitoring activities, including analyzing business trend, regulatory changes, process change, and market events.

Conduct internal training sessions to share knowledge and best practices.

????????????????????????????????????????JD-002(Citibank).

Manage a small to medium sized team of Internal Audit professionals that delivers audit reports and other audit activities, in accordance with Internal audit and regulatory standards. Develop more junior talent and provide coaching to team members.

Collaborate with teams across the business and determine impact on the overall control environment and audit approach

Advise and assist the business on change initiatives, while advancing integrated auditing concepts and technology adoption

Apply an in-depth understanding of Internal Audit standards, policies and technology to a specific product or function

Use communication skills to influence a wide range of internal audiences including product, function, or regional executive management partners.

????????????????????????????????????????????JD-003

Conducts audit engagements for Capital Markets to critically assess management and internal control processes, approving the nature, extent and timing of the audit, its execution and the formulation of insightful audit reports. Reports on audits to provide clear, concise and memorable insights on issues and potential issues to assist management in fulfilling mandates.

This work provides vital assurance to the Board of Directors and senior management on the quality of internal control systems and reduces the risk of loss and reputational damage to the Company. This work is instrumental in identifying unacceptable/high risk circumstances that could lead to material impact on profitability or reputation. Provides independent assurance on the quality and effectiveness of internal control, risk management, and governance systems and processes to support senior management and the Board in protecting BMO and its reputation.

Acts as a trusted advisor to assigned business/group.

Influences and negotiates to achieve business objectives.

Identifies emerging issues and trends to inform decision-making.

Provides critical input to Chief Auditor/Assistant Chief Auditor on the practical aspects of the audit and its execution.

Helps to develop annual audit plan.

Provides input into Corporate Audit processes identifying opportunities to simplify.

Executes audits in full recognition of the risks of the group that encompass the inherent risks, control risks and internal/external environment and regulatory risks. This may encompass individual audits and broader capstone audits of Enterprise level functions/processes.

Conducts advisory engagements and other engagements as required.

Determines impact of changing strategies, tactics, risks and initiatives on audit, advisory and investigative services.

Identifies and evaluates the impact of new and emerging technology and technology risk on the organization’s processes and control environment.

Utilizes data analytics in advisory engagements to improve quality and efficiencies.

Develops an awareness of business strategies, policies and standards providing meaningful insights based upon knowledge and research which will continue to improve the Enterprise management and control processes.

Maintains the independence of the audit practice and its personnel.

Develops insightful discussion points contributing to audit reports that provides fair and balanced assessment of governance, risk and control processes based on audit work performed. Deliverables must be objective, clear, concise and timely.

Identifies control deficiencies and provides a fair and balanced assessment of their magnitude.

Maintains working knowledge of the industry, regulatory, broad economic environment, and internal environment, as to the development of new strategies and plans, opportunities and risk, to obtain an understanding of the control environment.

Ensures that all audit procedures executed are conducted in accordance to Corporate Audit Methodology as confirmed by it’s Quality Assurance program and/or regulatory examination results.

Applies sound judgement in the execution of the assigned work and ensures open lines of communication.

Develops and maintains good working relations with key stakeholders.

Actively monitors change management initiatives and identifies potential risks.

Actively participates and supports Corporate Audit change initiatives.

Maintains and enhances professional audit qualifications in line with industry standards.

Focus is primarily on business/group within BMO; may have broader, enterprise-wide focus.

Provides specialized consulting, analytical and technical support.

Exercises judgment to identify, diagnose, and solve problems within given rules.

Works independently and regularly handles non-routine situations.

Broader work or accountabilities may be assigned as needed.

?

??????????????????????????What do Capital Markets Firms do?

Firms operating in the capital market play a vital role in facilitating the flow of funds between investors and borrowers. They provide various financial services and products to meet the needs of both individual and institutional clients. Here is a detailed explanation of how firms in the capital market operate:

Financial Intermediation: Capital market firms act as intermediaries between investors and borrowers. They help investors allocate their capital effectively and provide access to investment opportunities. On the other hand, they assist borrowers in raising capital by connecting them with potential investors. This intermediation function helps bridge the gap between those who have surplus funds and those who require funding.

Investment Banking: Investment banks are key players in the capital market. They provide a range of services, including underwriting, mergers and acquisitions (M&A) advisory, initial public offerings (IPOs), debt and equity financing, and corporate restructuring. Investment banks assist companies in raising capital, facilitate strategic transactions, and provide financial advisory services.

Brokerage Services: Capital market firms offer brokerage services, acting as intermediaries in securities transactions. They enable individuals and institutional investors to buy and sell securities such as stocks, bonds, and derivatives. Brokerage firms provide trading platforms, research, investment advice, and execution services to clients. They earn commissions or fees for facilitating trades.

Asset Management: Capital market firms engage in asset management activities, including managing investment portfolios on behalf of clients. They offer a variety of investment products such as mutual funds, exchange-traded funds (ETFs), and separately managed accounts. Asset management firms aim to generate returns for their clients by investing in a diversified range of securities across different asset classes.

Research and Analysis: Firms in the capital market conduct research and analysis to provide insights and recommendations to clients. They analyze market trends, economic indicators, and company-specific information to assist investors in making informed decisions. Research departments produce reports, financial models, and investment strategies that clients can utilize in their investment decisions.

?

Risk Management: Capital market firms have dedicated risk management functions to identify, measure, and mitigate risks associated with their operations. They employ risk management frameworks, models, and analytics to assess market risk, credit risk, liquidity risk, and operational risk. Risk management teams work closely with other departments to ensure risks are effectively managed within acceptable limits.

Compliance and Regulation: Firms operating in the capital market are subject to regulatory requirements and compliance obligations. They have dedicated compliance departments that monitor and ensure adherence to relevant laws, regulations, and industry standards. Compliance teams establish internal controls, conduct risk assessments, and implement measures to prevent money laundering, insider trading, and other prohibited activities.

Technology and Infrastructure: Capital market firms heavily rely on technology and robust infrastructure to facilitate their operations. They invest in advanced trading platforms, data management systems, risk management tools, and cybersecurity measures. High-speed connectivity and reliable infrastructure are crucial for executing trades, managing portfolios, and maintaining secure information systems.

Client Relationship Management: Firms in the capital market place great importance on building and maintaining strong relationships with clients. They provide personalized services, tailored investment advice, and efficient customer support. Relationship managers work closely with clients to understand their investment goals, risk tolerance, and preferences, and offer suitable investment solutions.

Corporate Governance: Capital market firms prioritize strong corporate governance practices to ensure transparency, accountability, and ethical conduct. They establish clear organizational structures, define roles and responsibilities, and implement governance policies and procedures. Boards of directors oversee the firm's operations, risk management, and compliance with legal and regulatory requirements.

?

?

Key Terminologies used in Capital Market

Here is a glossary of key terminologies in capital market operations:

Capital Market: The market where financial instruments such as stocks, bonds, and other long-term securities are bought and sold.

Securities: Financial instruments representing ownership or debt obligations of an entity, such as stocks, bonds, or derivatives.

Stock Exchange: A regulated marketplace where securities are traded among buyers and sellers. Examples include the New York Stock Exchange (NYSE) and NASDAQ.

Stock: A type of security representing ownership in a corporation. Stockholders are entitled to dividends and voting rights.

Bond: A debt instrument issued by corporations, municipalities, or governments to raise capital. Bonds pay periodic interest to bondholders and repay the principal at maturity.

Derivative: A financial instrument derived from an underlying asset, such as stocks, bonds, commodities, or currencies. Examples include options, futures, and swaps.

IPO (Initial Public Offering): The process by which a privately held company offers its shares to the public for the first time, becoming a publicly traded company.

Underwriting: The process of guaranteeing the sale of securities issued by a company. Underwriters purchase the securities from the issuer and sell them to investors.

Brokerage: A firm or individual that facilitates buying and selling of securities on behalf of clients. Brokers earn commissions or fees for executing trades.

Market Order: An order to buy or sell a security at the best available price in the market at the time of execution.

Limit Order: An order to buy or sell a security at a specific price or better. The order is executed only if the specified price is reached.

Short Selling: The practice of selling borrowed securities with the expectation of buying them back at a lower price in the future, profiting from the price decline.

Margin Trading: Trading securities using borrowed funds from a broker, with the securities held as collateral.

Dividend: A distribution of a portion of a company's profits to its shareholders. Dividends are usually paid in cash or additional shares of stock.

Volatility: The degree of price fluctuations in a security or market. Higher volatility indicates greater price swings.

Liquidity: The ability to buy or sell a security quickly and easily without significant price impact. High liquidity implies a large number of buyers and sellers.

Market Capitalization: The total value of a company's outstanding shares. It is calculated by multiplying the current market price per share by the total number of shares outstanding.

ETF (Exchange-Traded Fund): An investment fund that trades on stock exchanges and holds a portfolio of securities. ETFs offer diversification and are designed to track specific indices.

Mutual Fund: An investment vehicle that pools money from multiple investors to invest in a diversified portfolio of securities. Mutual funds are managed by professional fund managers.

Diversification: The strategy of spreading investments across various assets or sectors to reduce risk.

All or none or AON: in investment banking or securities transactions, "an order to buy or sell a stock that must be executed in its entirely, or not executed at all".

Ask price or Ask: the lowest price a seller of a stock is willing to accept for a share of that given stock.[2]

Bear market: a general decline in the stock market over a period of time. See Market trend.

Bookrunner: in investment banking, usually the main underwriter or lead-manager/arranger/coordinator in equity, debt, or hybrid securities issuances.

Bull market: a period of generally rising prices. See Market trend.

Closing print: a report of the final prices for the day on a stock exchange.

Fill or kill or FOK: "an order to buy or sell a stock that must be executed immediately"—a few seconds, customarily—in its entirety; otherwise, the entire order is cancelled; no partial fulfilments are allowed.

Green sheet: a document that accompanies a prospectus for most initial public offerings, and describes the basic terms of the offering that are of the most important to a registered representative.

Greenshoe: A special arrangement in a share offering, for example an IPO, which enables the investment bank representing the underwriters to support the share price after the offering without putting their own capital at risk.

Reverse greenshoe: a special provision in an IPO prospectus, which allows underwriters to sell shares back to the issuer.

Immediate or cancel, IOC, or accept order: "an order to buy or sell a stock that must be executed immediately"; if the entire order is not available at that moment for purchase a partial fulfillment is possible, but any portion of an IOC order that cannot be filled immediately is cancelled, eliminating the need for manual cancellation.

Institutional investor: an entity which pools money to purchase securities, real property, and other investment assets or originate loans.

Market top: the highest point of trading before the market shifts from a bull market to a bear market.

Market trend: the tendency of financial markets to move in a particular direction over time.

Public float or Free float: the portion of shares of a corporation that are in the hands of public investors as opposed to locked-in stock held by promoters, company officers, controlling-interest investors, or government.

Pump and dump or P&D: a form of securities fraud that involves artificially inflating the price of an owned stock through false and misleading positive statements, in order to sell the cheaply purchased stock at a higher price.

Runoff or run-off: the period at the end of a stock market trading session originally reserved for printing end-of-trading share prices and values onto ticker tape; now used to describe trades at the end of a session that may not be announced or reported until the start of the next session.

Stub: the stock representing the remaining equity in a corporation left over after a major cash or security distribution from a buyout, a spin-out, a demerger or some other form of restructuring removes most of the company's operations from the parent corporation.

Theoretical ex-rights price: a situation where the stock and the right attached to the stock is separated.

Trade: the buying and selling of financial instruments.

Two-tier tender offer: an offer to purchase a sufficient number of stockholders' shares so as to gain effective control of a firm at a certain price per share, followed by a lower offer at a later date for the remaining shares.

Variable prepaid forward contract: an investment strategy that allows a shareholder with a concentrated stock holding to generate liquidity for diversification or other purposes.

Widow-and-orphan stock: a stock that reliably provides a regular dividend while also yielding a slow but steady rise in market value over the long term.

Witching hour: the last hour of stock trading between 3 pm (when the bond market closes) and 4 pm EST (when the stock market closes), which can be characterized by higher-than-average volatility.

Triple witching hour: the last hour of the stock market trading session (3:00-4:00 P.M., New York City local Time) on the third Friday of every March, June, September, and December, when three kinds of securities expire - stock market index futures, stock market index options, and stock options.

Yellow strip price or Touch price: in the UK stock market (LSE), the highest bid price or lowest offer price, shown on the SEAQ or SETS screen in a yellow strip.

?

?

?

?

?

?

?

?

?

?

The Keys Risk AREAS in Capital Markets & Investment Banking

Investment banking involves various risk areas due to the nature of the services provided and the complexity of financial markets. Some key risk areas in investment banking include:

Market Risk: Investment banks are exposed to market risk stemming from changes in market prices, interest rates, foreign exchange rates, and commodity prices. Fluctuations in these variables can impact the value of investment portfolios, trading positions, and investment banking activities.

Credit Risk: Investment banks face credit risk when counterparties, including clients, fail to fulfil their financial obligations. This risk arises from lending activities, underwriting securities, and trading derivatives. Default or credit downgrade of clients can lead to significant losses and impact the bank's financial stability.

Liquidity Risk: Liquidity risk refers to the potential difficulty in meeting short-term funding needs or selling assets without incurring significant losses. Investment banks rely on access to liquid markets to fund their operations, and disruptions or illiquidity in the markets can pose liquidity risks.

Operational Risk: Operational risk arises from inadequate or failed internal processes, systems, or human errors. It includes risks associated with settlement failures, fraud, cyber-attacks, technology failures, and compliance breaches. Operational risks can lead to financial losses, damage to the bank's reputation, and operational disruptions.

Legal and Regulatory Risk: Investment banks operate in a heavily regulated environment, and non-compliance with laws and regulations can result in significant penalties, legal actions, and reputational damage. Changes in regulations, such as those related to capital requirements, risk management, and client protection, pose compliance challenges.

Reputational Risk: Reputational risk arises from negative public perception or damage to the bank's reputation due to operational failures, regulatory violations, unethical conduct, or involvement in controversial activities. Reputational damage can harm client relationships, result in loss of business, and impact the bank's long-term viability.

Counterparty Risk: Counterparty risk refers to the potential loss arising from the default or financial instability of a counterparty, such as other financial institutions, clients, or trading partners. Investment banks engage in transactions with various counterparties, and the failure of a significant counterparty can have adverse consequences.

Systemic Risk: Investment banks are exposed to systemic risks that stem from broader economic or financial market conditions. Systemic risks can arise from economic downturns, financial crises, or contagion effects from the failure of other financial institutions. These risks can impact the stability of the entire financial system.

Conduct Risk: Conduct risk relates to the potential for the bank's employees or representatives to engage in unethical behaviour, market manipulation, conflicts of interest, or misconduct that may harm clients, investors, or the integrity of the market. Breaches in conduct risk can result in legal and regulatory repercussions, financial losses, and reputational damage.

Strategic Risk: Strategic risk refers to risks associated with the bank's strategic decisions, such as entering new markets, expanding product offerings, or mergers and acquisitions. Poor strategic decisions or failure to adapt to changing market conditions can result in financial losses, competitive disadvantages, and loss of market share.

Managing and mitigating these risk areas is crucial for investment banks to maintain financial stability, protect their reputation, and ensure compliance with regulations. Robust risk management frameworks, effective internal controls, and ongoing monitoring and assessment are necessary to address these risks appropriately

?

Internal Audit Preliminary Reviews & Risk Assessment.

The first you will have to do as an Internal Auditor once you resume in a capital market firm, or any firm is to conduct a preliminary risk assessment on the following areas of the Business:

1.???Corporate Governance: You must observe the tone at the top and the body language of the leaders of the business towards risk management, ethics and good conduct and the effectiveness of the reward and punishment mechanism inherent in the system. You can quickly check this by reading up Investigation files, discussing with staff on ground (most effective). You will ask the following questions:

·????????Are the board and the management involved in compliance setting and monitoring?

·????????What is the tone at the top? Do they promote strong proactive compliance culture? Do they recognize the priority of compliance?

·????????What is the experience and independence of the personnel with compliance responsibility?

·????????How does the firm identify and address compliance risk and its compliance program in:

v?Branch examinations

v?Audits

v?New Product Reviews

v?Surveillance

v?Attitude to whistleblowing.

Internal Audit Areas of Activity

Internal audit activities in an investment bank are designed to provide independent and objective assurance to the organization's management and board of directors. These activities help evaluate and improve the effectiveness of risk management, internal controls, and governance processes. Some key internal audit activities in an investment bank include:

Risk Assessment: Internal auditors assess the bank's risk management framework to identify and prioritize key risks. They analyse market trends, regulatory requirements, and internal processes to understand the risk landscape and determine areas that require focused attention.

Compliance Audits: Internal auditors review the bank's compliance with applicable laws, regulations, and industry standards. They assess the bank's policies, procedures, and controls to ensure adherence to legal and regulatory requirements, including anti-money laundering (AML), know-your-customer (KYC), and data privacy regulations.

?

Financial Audits: Internal auditors conduct financial audits to assess the accuracy and reliability of financial statements. They review the bank's financial transactions, accounting practices, and reporting processes to ensure compliance with accounting standards and internal policies. Financial audits help provide assurance on the integrity of financial reporting.

Operational Audits: Internal auditors evaluate the efficiency and effectiveness of operational processes within the investment bank. They assess the bank's operational controls, identify process inefficiencies, and make recommendations for improvement. Operational audits cover areas such as trade processing, settlement, treasury operations, and information technology systems.

Internal Control Evaluation: Internal auditors assess the design and effectiveness of internal controls within the investment bank. They review the bank's control environment, including segregation of duties, authorization processes, and access controls. Internal control evaluations help identify control weaknesses and recommend enhancements to mitigate risks.

Fraud Detection and Prevention: Internal auditors play a crucial role in detecting and preventing fraud within the investment bank. They conduct investigations, analyze suspicious activities, and assess the adequacy of fraud prevention measures. Internal auditors also provide guidance on fraud risk mitigation and raise awareness of potential fraudulent practices.

Governance Audits: Internal auditors evaluate the bank's corporate governance practices, including board oversight, risk appetite, and ethical conduct. They assess the bank's compliance with governance standards and make recommendations to strengthen governance processes and enhance accountability.

IT Audits: Internal auditors review the bank's information technology (IT) systems, including cybersecurity controls, data privacy, and IT governance. They assess IT risks, evaluate controls over IT infrastructure and applications, and provide recommendations to enhance IT security and resilience.

Follow-up and Reporting: Internal auditors follow up on the implementation of previous audit recommendations and assess their effectiveness. They prepare reports detailing audit findings, recommendations, and management action plans. These reports are shared with senior management, the board of directors, and relevant stakeholders to ensure transparency and accountability.

Continuous Improvement: Internal auditors continuously assess and enhance their own audit processes and methodologies. They stay updated on emerging risks and industry best practices to ensure the effectiveness and relevance of internal audit activities.

?

Amidst all mentioned areas of Internal Audit Activity, the key areas are for me are : Risk Management and Evaluation of Internal Controls on Operations.

While conducting your Audit, your interest should be in identifying exceptions in these areas.

Note while designing your Internal Audit Plan annually, preference should be given to Operations. (Operational Risk).

?

OPERATIONAL CONTROLS IN A CAPITAL MARKET FIRM

1.???Opening and Handling of Clients Accounts:

Mandatory account opening procedures are clearly defined and followed. Such procedures

may include:

(a)?recording and retention for future reference of all relevant client information (such as the true identities of the client, the beneficial owner(s) and representatives who are authorised to issue instructions, as well as the financial position and investment experience and objectives of the client), related specimen signatures, and supporting documentation;

(b)?reviewing and confirming client information gathered, using criteria approved by the Management;

(c)???ensuring that the client is provided with adequate information about the firm and the services to be provided to the client, together with other relevant documents such as relevant risk disclosure statements (particularly where the firm possesses discretionary authority over the account or where derivative financial products will be transacted on the client's behalf), and the nature and scope of fees, penalties and other charges the firm may levy.

(d)?ensuring that the client is provided with adequate information regarding his rights including if applicable, coverage under one of the investor compensation fund arrangements;

(e)???procuring execution of applicable client account agreements as required under relevant law, rules, regulations and codes; and

(f)??reviewing and approving new account applications and amendments to existing accounts, along with related supporting documentation, by designated staff.

In the case of discretionary accounts, special procedures are implemented and followed which may include

a) executing a discretionary account agreement which sets out the investment objectives and strategies of the client and the precise terms and conditions under which such discretion will be exercised;

b) regular reviews of the performance of the account conducted by designated staff member(s) independent of the staff handling the account;

c) providing the client with regular statements and timely ad hoc reports on account balance and transaction details, especially when the account balance falls below agreed levels or when large orders for the account are pending or executed; and

d) clearly delineating the investment decision making process from the dealing process: order tickets similar to those used for non-discretionary agency business are completed and time-stamped to record the actual time the orders are initiate.

?

?

?

2.??Providing Investment Advice

Where the firm is in the business of offering investment advice for remuneration, or has entered into a contractual advisory arrangement with a client, and in the course of such business, gives investment recommendations or advice, special procedures are implemented

and followed which may include

a) establishing clear requirements and procedures regarding adequacy of research work and preparation and retention of documentation supporting the recommendations and advice;

b) providing to the client in writing details of the fees, charges and penalties applicable to the recommended investment scheme; and

c) documenting (and providing a copy to the client) the rationale underlying investment advice rendered or recommendations made. Such advice and recommendations must be suitable taking into account the client's particular investment experience, objectives and financial position.

?

3.??Dealing Practices

The firm puts in place procedures to ensure that its staff's trading activities are not prejudicial to the interests of its clients. Staff members are required to disclose to the firm, on joining and regularly afterwards (at least semi-annually), details of holdings and trading activities in which they have an interest in relation to specific securities, futures and other investment products in which the firm deals in or in respect of which the firm acts as an investment adviser or commodity trading adviser.

Staff members of a firm which is, or belongs to a group within which a group member is, a member of an exchange is required to trade through staff accounts in relation to products traded on that exchange. All transactions for staff accounts must be separately recorded and diligently monitored by independent senior management.

(a)?The firm clearly defines parameters in relation to the acceptance by staff member(s) or the firm of gifts, rebates, benefits-in-kind or "soft-dollar" benefits received from clients or other business contacts. These include the circumstances under which acceptance is permitted and approval required.

?

(b)?Effective procedures are established to ensure that whenever the firm or its staff member(s)have an interest in a transaction with a client (i.e. a direct/cross transaction), this fact is disclosed to the client prior to the execution of the relevant transaction. For example, the firm may maintain a register of direct and cross trades which also records the name of the client and the firm account involved, the person contacted and the time when the consent was received. The register is reviewed regularly (at least monthly) by designated staff member(s) performing the compliance function or a senior staff member in the dealing department.

?

?

(c)??Order handling procedures are clearly documented and followed. Such procedures may include a) Orders are recorded, using standard order forms, and time-stamped promptly upon initiation or receipt and are required to be transmitted to the dealer, floor trader or operators of terminals for automated trading systems within a reasonable time period, normally immediately. This applies to both agency orders and internally generated orders (e.g. orders for the proprietary accounts, staff accounts, funds managed by the firm and working orders.

?

This recording procedure may be modified to take into account the different types of orders in different markets so long as it provides an audit trail.

b) Prior to executing a client order, the following items are checked by designated staff:-

i. the status of the account (active, closed or being on an internal watch list, etc.);

ii. applicable account limits, if any (for example trade, position, credit);

iii. the sufficiency of available funds or available credit in the relevant account; in the case of a sell order, the sufficiency and availability of securities or the existence of necessary securities borrowing arrangements, if applicable;

v. the authority and applicable limitations thereon of the person placing the order;

vi. where the order is received by facsimile or telex, such order is reviewed by senior staff

and, if in doubt, the client is called to check the validity and authority of the order

prior to execution;

vii. the services and products the account is authorized to use/trade; and

viii. any special conditions stated in the client agreement or reported by other operating

departments within the firm, for example margin position.

(d)?Clearly defined policies and procedures are followed regarding the permitted circumstances under which a client order is not required to be immediately exposed to the applicable market for execution (for example, stop loss orders, orders which give the dealer discretionary authority to decide the timing of putting "component" working orders to the market and the size of each working order). Such procedures may include the method used to determine the acceptable price(s) at which a transaction or part transaction(s) may be executed.

?

(e)??Management should establish criteria to cover the review of orders upon receipt or initiation to determine the execution methodology and timing of execution for each order. Clear audit trails indicating the time of transmission and reference to the originating order should be maintained.

?

(f)???Effective procedures regarding the transmission of orders to the dealing room are established. Sufficient information should be given to enable client priority to be established.

?

(g)??Where practicable, a designated senior staff member who is independent of the traders should be assigned to allocate trades executed in accordance with the client priority and sequence of order receipt.

?

???????????????4, Chinese wall

The firm avoids apparent and potential conflicts of interest by establishing and maintaining adequate "Chinese Walls", such as the separation of dealers handling client funds or discretionary orders from those handling proprietary or staff accounts.

Management establishes and maintains policies and procedures regarding "Chinese Walls" to ensure that price-sensitive information privy to the research staff or staff handling corporate finance matters like a takeover and merger should not be available to staff outside those departments, except on a "need to know" basis.

5.??Back office and accounting

v?Transaction/Order forms are transmitted to the designated back-office staff member(s) who enter the details into the firm's own in-house system (whether automated or otherwise). At the end of each business day, the firm's own record of trades is matched by the back-office staff to the trading/clearing lists received from the exchanges or clearing houses and where applicable, to confirmation documents issued by counterparties and executing brokers. Exception reports identifying mis-matched and unusual trades are produced, reviewed and follow-up actions taken, where necessary.

v?All trades are confirmed promptly with the client on whose behalf the trade was executed and, for off-exchange trades, these are also confirmed promptly with the counterparty using reliable and pre-agreed methods such as SWIFT or tested telex.

v?All trade errors are reported to the person responsible for dealing and are allocated to an "error" or "suspense" account for prompt correction or closure of the position. The transactions in this account should be supported by clear documentation explaining the relevant circumstances and reviewed by the staff member(s) performing the compliance and internal audit functions. Any unusual circumstances or patterns should be investigated.

?

?

Risk Management

Risk management policy and measurements

The firm's risk policies measurements and reporting methodologies are subject to regular review, particularly prior to the commencement of the firm's provision of new services or products, or when there are significant changes to the products, services, or relevant legislation, rules or regulations that might impact the firm's risk exposure.

Credit risk

The firm establishes and maintains an effective credit rating system to evaluate client and counterparty creditworthiness. Clearly defined objective measures should be used to evaluate potential clients and determine/review the relevant credit ratings which are used to set appropriate credit limits for all clients, including existing clients. The ratings and applicable limits reflect, among other things:

a) the client's credit rating by reputable credit rating agencies, if any;

b) investment objectives, investment history, trading frequency and risk appetite;

c) past payment records and defaults, if any;

d) the client's capital base and the existence and amount of guarantees and by whom such

guarantees are given, if any;

e) any known events which may have an adverse impact on the client's financial status,

potential for default or accuracy of information stored regarding the client; and

f) where credit is extended to cover margin trading, appropriate haircuts are made to market

value to establish the clients have adequate equity.

The staff performing risk management function utilises appropriate quantitative risk measurement methodologies to effectively calculate and monitor the firm's credit exposure in relation to clients, including: pre-settlement credit exposures (for example marking to market of outstanding trades) and settlement risk (for example exposure caused by timing differences between deliveries versus payment).

The staff performing risk management function ensures that credit risks posed by all clients belonging to the same group of companies are aggregated for purposes of measuring the firm's credit exposure. Particular attention is paid to netting arrangements which may serve to reduce the firm's exposure to credit risk. Care must be taken to ensure that credit exposures are netted only if supported by appropriate executed netting agreements, or other appropriate protections.

The staff performing risk management function specifies trading and position limits for each client based on their respective credit rating and trading needs. These limits are enforced.

The firm's margin policy and procedures are clearly defined, documented and enforced. Matters to be covered in such margin policy include

a) the types of margin which may be called, the applicable margin rates and the method of calculating the margin;

b) the acceptable methods of margin payment and forms of collateral;

c)the circumstances under which a client may be required to provide margin and additional margin, and the consequence of a failure to meet a margin call, including the actions which the firm may be entitled to take; and

d) applicable escalation procedures where a client fails to meet successive margin calls.

?

Market risk

Management specifies authorised products and instruments the firm may deal in and enforces effective procedures to ensure compliance. Relevant control techniques may include regular review of the balance sheet and profit and loss accounts, and records of individual traders and trading members for unauthorized investments or transactions; and confirmation of outstanding transactions with the firm's trading partners.

The staff performing risk management function reviews and otherwise enforces on an ongoing basis compliance with trading and position limits in relation to proprietary trading and open positions with respect to each authorized product the firm trades or invests in.

Management establishes and maintains effective risk management measures to quantify the impact on the firm (especially if it deals in derivative financial products) and, if applicable, its clients from changing market conditions. These measures should cover all risk elements associated with the products traded or services provided by the firm. Matters to be covered in such risk measures may include

a) unspecified adverse market movements - using an appropriate value-at-risk or other methodology to estimate potential losses (this is particularly important for firms which take significant proprietary positions in derivative products);

b) individual market factors - measures the sensitivity of the firm's risk exposure to specific market risk factors e.g. interest rate yield curve shifting and changes in market volatility; and

c) stress testing - determining the effect of abnormal and significant changes in market conditions on the firm using various quantitative and qualitative variable assumptions.

To discourage the firm's dealers from engaging in unauthorised trading, risk adjusted performance measures are used, which may impact a dealer's remuneration where the dealer’s activities expose the firm to especially high risks. Dealers who have exceeded in pre-approved limits are subject to appropriate action.

Liquidity risk

Management sets and enforces concentration limits with respect to particular products, markets and business counterparties, taking into account their respective liquidity profile and the firm's approved liquidity risk policies.

Management, Supervision, and Internal Control Standards

Measures of maturity mis-match between sources and funding requirements and concentrations of individual products, markets and business counterparties, are established and regularly monitored.

Management establishes appropriate arrears and default procedures to alert staff member(s)responsible for liquidity management to potential problems and to provide them adequate time to take appropriate action to minimize the impact of client or counterparty liquidity problems.

Operational risk

Management regularly reviews the firm's operations to ensure that the firm's risk of losses, whether financial or otherwise, resulting from fraud, errors, omissions and other operational and compliance matters, are adequately managed. Operational matters covered may include

a) physical and functional segregation of incompatible duties such as trade, settlement, risk management and accounting;

b) maintenance and timely production of proper and adequate accounting and other records, and the ability to detect fraud, errors, omissions and other non-compliance with external

and internal requirements;

c) security and the reliability of accounting and other information, such as exception reports which should accurately highlight unusual activities and facilitate the detection of fraud, errors and significant trends; and

d) staffing adequacy including personnel with relevant and sufficient skills and experience to minimize the risk of loss due to the absence or departure of "key" staff member(s).

An effective business continuity plan appropriate to the size of the firm is implemented to ensure that the firm is protected from the risk of interruption to its business continuity. Key processes in this area include: a business impact study, identification of likely scenarios involving interruptions (for example break down in its data processing systems) and documentation and regular testing of the firm's disaster recovery plan.

The firm has adequate insurance cover for different types of exposures, including but not limited to, fidelity insurance and replacement of equipment and other business and data processing devices.

?

All these are what should be done to ensure transparency, effectiveness and efficiency of operations in the company. Any deviation from this not backed by a written internal policy should form an exception to the Internal Audit activity and should be duly questioned.

?

Unmindful of the details given here on the Auditing in Capital MARKET Environment, the basic Internal Auditing Process still stands. It will serve as a framework upon which this company’s audit will be conducted.

If you are been recruited as the Head of Internal Audit or a Manager in Internal Audit.

·????????Ask the HR Manager or the MD/CEO of the Internal Audit Charter. If there is none, then draft one. (That is the document that will give you authority to work)

·????????Ask if there is an existing Annual Audit Plan, if you joined mid-year. If no, draft quarterly Audit Plan after a complete risk assessment.

·????????Ask if there is an Internal Control Department in the Company, if No, it means you have to double and as an Internal Auditor and Internal Control Leader and do both jobs.

·????????Then draft Internal Control Manual (Procedure) too.

·????????Give appropriate timelines and start work.

·????????Take time to ask questions and study the system before you start making changes.

?

?

Prepared by

Justice Egege,ACA,CFE

?