Report on the Description of the National Settlement Depository Controls, Suitability of Controls Design and Operating Effectiveness,
12 October, 2015
21
5. Description of objectives, respective controls and testing
performed
The table below contains the list of control objectives identified by management relevant to each
business area in scope at NSD:
Area
Control Objective
Settlement and
Depository Services
Objective 1.
Controls provide reasonable assurance that accounts are set up
and administered in accordance with complete and authorized client
agreements and applicable regulations.
Objective 2.
Controls provide reasonable assurance that securities are
booked, removed and transferred between client accounts in a complete,
accurate and timely manner (and are based on client orders and securities
certificates (registering their movements) received from the registrars).
Objective 3.
Controls provide reasonable assurance that payments are
authorised, processed and recorded completely, accurately and on a timely
basis.
Clearing Services
Objective 4.
Controls provide reasonable assurance that clearing
transactions and transfer-agent services are performed completely and
accurately and in a timely manner.
Repository Services Objective 5.
Controls provide reasonable assurance that agreements
concluded in the over-the-counter (OTC) market are completely and
accurately recorded in the register in a timely manner and are only based on
client orders.
Information
Technology
Objective 6.
Controls provide reasonable assurance that changes to existing
systems and applications are authorized, tested, approved, properly
implemented, and documented.
Objective 7.
Controls provide reasonable assurance that logical access to
business-critical systems and applications is restricted to authorized
individuals.
Objective 8.
Controls provide reasonable assurance that business and
information systems recovery plans are documented, approved, tested and
maintained, day-to-day activities could be restored as required, critical data is
regularly saved on back up servers.
Objective 9.
Controls provide reasonable assurance that Information
Technology processing is authorised and scheduled appropriately and
exceptions are identified and resolved in a timely manner.
