); (5) review procedures and processes in the management of information security incidents, after the testing under (4) is carried out, at least once a year; (6) evaluate the results of the testing under
relevant technology element Identify and assess risks arising from IT Understand, identify, and test relevant ITGC Conclude on risks arising from IT and determine audit response Evaluate deficiencies in ITGC
· Forms 2 Does the firm have policies and procedures for the retention of firm’s documentation for a period of time sufficient to permit those performing monitoring and review procedures to evaluate the
inspection to evaluate its compliance with its policies and procedures? – Monitoring Process If yes, please specify 1) Who perform such function e.g. in-house, outsource, network firm? 2) How often the firm
Questionnaire A Monitoring the Firm’s Quality Management Policies and Procedures Firm's Reference /Guidance Notes Description A1 Does the whole firm perform inspection to evaluate its compliance with
established internal control is rectified as follows: (1) monitor, inspect and evaluate the effectiveness of the operating procedures of the work unit responsible for the following functions by an independent
internal control is rectified as follows: (1) monitor, inspect and evaluate the effectiveness of the operating procedures of the work unit responsible for the following functions by an independent auditor
the assessment process to evaluate the qualifications of the applicants seeking licenses to operate digital asset businesses. If an applicant is qualified, SEC will propose Minister of Finance to