Applications Controls Auditing
Approach is to first understand how the application is set up in terms of the following:
- logical access architecture: how do users/objects gain access to/interface with the application?
- For upstream applications interfacing with this application- what is the method of interface and how secure and reliable is it?
- what checks are in place to prevent unauthorised trading (e.g. limits checks; connectivity to the exchange not bypassing internal controls; authorised trading books; checks to confirm algorithms are valid
Input and Processing Controls within the application
What are the data input and validation checks in place?
How are the completeness and accuracy of the data validated before further processing?