Report on the Description of the National Settlement Depository Controls, Suitability of Controls Design and Operating Effectiveness,
12 October, 2015
3
1.
Assertion by Management
We have prepared the accompanying description of non-bank lending institution Closed Joint
Stock Company "National Settlement Depository" (hereinafter referred to as "NSD") internal
control system for user entities of the system and their auditors who have a sufficient
understanding to consider the description, along with other information, including information
about controls operated by user entities of the system themselves, when obtaining an
understanding of user entities’ information systems relevant to financial reporting. We confirm,
to the best of our knowledge and belief, that:
a.
the accompanying description at pages 8-34 fairly presents internal control system for
processing user entities’ transactions throughout the period February 18
to August 18, 2015.
The criteria used in making this assertion were that the accompanying description:
i
presents how the system was designed and implemented, including:
(1)
the types of services provided including, as appropriate, classes of transactions
processed;
(2)
the procedures, within both information technology and manual systems, by
which those transactions were initiated, recorded, processed, corrected as
necessary;
(3)
the related accounting records, supporting information, and specific accounts
that were used to initiate, record, process transactions;
(4)
how the system dealt with significant events and conditions, other than
transactions;
(5)
relevant control objectives and controls designed to achieve those objectives;
including complementary user entity controls contemplated in the design of the
service organization's controls;
(6)
controls that we assumed, in the design of the system, would be implemented by
user entities, and which, if necessary to achieve control objectives stated in the
accompanying description, are identified in the description along with the
specific control objectives that cannot be achieved by ourselves alone; and
(7)
other aspects of our control environment, risk assessment process, information
system (including the related business processes) and communication, control
activities, and monitoring controls that were relevant to processing.
ii
the description includes relevant details of changes to the service organization’s system
during the period the period February 18
to August 18, 2015.
iii
does not omit or distort information relevant to the scope of the system being described,
while acknowledging that the description is prepared to meet the common needs of a
broad range of user entities of the system and their auditors, and may not, therefore,
include every aspect of the system that each individual user entity of the system and its
auditor may consider important in its own particular environment.
b.
the controls related to the control objectives stated in the description were suitably designed
and operated effectively throughout the period the period February 18
to August 18, 2015.
The criteria used in making this assertion were that:
i
the risks that threatened the achievement of the control objectives stated in the
description were identified;
