[Client]

REGULATORY REPORTING - BROKER DEALER - FUTURES SEGREGATION

KEY ICFR CONTROLS REVIEW
Regulatory Reporting - Broker Dealer - Futures Segregation - Business Process View

Page 2 of 4
Regulatory Reporting - Broker Dealer - Futures Segregation - Business Process View

Numbers correspond to Control number listed in Column A of next Tab ("Control Library")

Page 3 of 4
Regulatory Reporting - Broker Dealer - Futures Segregation - Process Control Library

Identify the Key ICFR Controls designed and implemented that appropriately mitigate the WCGW for the inscope significant account balances

This document is intended to facilitate discussion for SOX risk assessment and control mapping; it is not intended to be all inclusive of control activities for the business

Fields populated from information directly from Insight as of 03/05/14

Fields not currently in Insight

Entity Control Related Related IT Vendor Information Corresponding

Control Nature of Control Control Key Sox Process Anti-fraud Key Application/ Service Org Related Service User Developed User Developed Control Updates
What Could Go Wrong (WCGW) Level Automation Application/ Functionality/ Management Produced by COSO Component COSO Principle COSO Point of Focus [Client] Control Corresponding [Client] Control Description
Ref Activity Group Control Control Control System Control Org Application Application ID Assertion Needed
Control (Control Type) System Component Portal ID the Entity (Control Instance ID)

To the extent possible, all information received, or

Principle 11: Selects and PoF-54: Determines Dependency between the
downloaded from [Application] and entered into the
Develops General Use of Technology in Business Processes and
Completeness Manual - Control segregation computations is reviewed for
Information that is provided Controls over Technology General Controls;PoF-65:Captures
Review on Dependent on Reconciliation Activities;Inform completeness and action taken if necessary. In
1 Controllers may be incomplete x x [Application] [Application] N N/A N/A N N/A Y Technology;Principle 13: Internal and External Sources of Data;PoF- 240341 Compliance
Information from an IT Reports ation and addition, a control check is performed validatingthat
(Segregation Computations) Uses Relevant 66:Processes Relevant Data into Information;PoF-
[Application] application communication summary cells in each spreadsheet prepared by the
Information;Principle 14: 67:Maintains Quality throughout Processing.;PoF-
team are linked and summed corectly. Variances are
Communicates Internally 69:Communicates Internal Control Information
analyzed as an indication of incomplete reporting.

The Futures Regulatory Services manager reviews

Information that is provided
2 Function Review Controllers may be inaccurate
(Segregation Computations)
Principle 16: Conducts on a daily basis all functions performed by the
PoF-81:Uses Knowledgeable Personnel.;PoF-78:
Monitoring Ongoing and/or Separate team.In addition, each member of the team will
Considers a Mix of Ongoing and Separate
x x Manual N/A N/A N/A N N/A N/A N N/A Y Activities;Contro Evaluations;Principle 12: 240158 review each function they perform for both accuracy Compliance
Evaluations.;PoF-60:Performs in a Timely
l Activities Deploys through Policies and completeness, and record their findings in a Key
Manner ;PoF-61:Takes Corrective Action
and Procedures Control Checklist verifying each key control that they
own.

PoF-48:
Principle 10: Selects and
Integrates with Risk Assessment;PoF-65:Captures
Develops Control Customer balances are reconciled to the general
Manual - Control Internal and External Sources of Data;PoF-
Information that is provided Activities;Principle 13: ledger, and positions are reconciled to the respective
Dependent on Reconciliation Activities;Inform 66:Processes Relevant Data into Information;PoF-
3 Exception Analysis Controllers may be inaccurate x x [Application] [Application] N N/A N/A N N/A Y Uses Relevant 240156 exchanges by operations each day. Any exceptions Compliance
an IT Reports ation and 67:Maintains Quality throughout Processing.;PoF-
(Segregation Computations) Information;Principle 12: are reported to the futures regulatory services team
application communication 60:Performs in a Timely Manner ;PoF-61:Takes
Deploys through Policies for incorporation into the segregation computations.
Corrective Action;PoF-62:Performs Using
and Procedures
Competent Personnel

Principle 6: Specifies
Suitable
Risk Objectives;Principle 7: PoF-22:Operations Objectives - Considers
A day to day analysis is performed in order to validate
Manual - assessment;Co Identifies and Analyzes Tolerances for Risk;PoF-39:
Daily Segregation Information that is provided and explain swings in the amount of client assets
Dependent on ntrol Risk;Principle 12: Estimates Significance of Risks Identified;PoF-
4 Computation Controllers may be inaccurate x x [Application] N/A Display Reports N N/A N/A N N/A Y 239961 under segregation. This analysis is done as part of Compliance
an IT Activities;Inform Deploys through Policies 62:Performs Using Competent Personnel;PoF-
Analysis (Segregation Computations) the preparation process. The computations are then
application ation and and Procedures;Principle 67:Maintains Quality throughout Processing.;PoF-
handed off to a manager for their review and sign-off.
communication 13: Uses Relevant 69:Communicates Internal Control Information
Information;Principle 14:
Communicates Internally

To ensure the integrity and accuracy of collateral

positions on our books and records ([Client]), the
positions in [Client] are downloaded into the collateral
Principle 12: Deploys PoF-60:Performs in a Timely Manner ;PoF- reconcilliations and compared to positions in
Manual - Control
Information that is provided through Policies and 65:Captures Internal and External Sources of [Application] of the same accounts. A break report is
[Client] (securities Dependent on Reconciliation Activities;Inform
5 Controllers may be incomplete x x [Application] [Application] N N/A N/A N N/A Y Procedures;Principle 13: Data;PoF-66:Processes Relevant Data into 240311 printed each morning from [Application] listing breaks Compliance
position ledger) an IT Reports ation and
(Segregation Computations) Uses Relevant Information;PoF-67:Maintains Quality throughout by cusip and quantity between [Application] and
application communication
Information Processing. [Client]. Since we are using the [Application] collateral
values for the segregation computations, a saneness
check is done comparing par values between
[Application] and [Client].

Principle 12: Deploys PoF-61:Takes Corrective Action;PoF-62:Performs

Control The analyst preparing the collateral reconciliations
Verify the Information that is provided through Policies and Using Competent Personnel;PoF-65:Captures
Reconciliation Activities;Inform verifies on a daily basis that the value of securities in
6 amount/value in Controllers may be inaccurate x x Manual [Application] [Application] N N/A N/A N N/A Y Procedures;Principle 13: Internal and External Sources of Data;PoF- 240296 Compliance
Reports ation and customer segregated, secured, and sequestered
lock-up accounts (Segregation Computations) Uses Relevant 66:Processes Relevant Data into Information;PoF-
communication accounts is accurate.
Information 67:Maintains Quality throughout Processing.

Completeness
review of
Manual - Information and PoF-64:Identifies Information Requirements;PoF- To the extent possible, all information downloaded
information Information that is provided
Dependent on communication; Principle 13: Uses 65:Captures Internal and External Sources of from [Application] to prepare the [Client] Segregation
7 downloaded from Controllers may be inaccurate x x [Application] Interfaces N N/A N/A N N/A Y 240298 Compliance
an IT Control Relevant Information Data;PoF-67:Maintains Quality throughout computations is reviewed for saneness and
[Application] (Segregation Computations)
application [Application] Activities Processing. completeness.
(Balance Sheet
Workstation)

Page 4 of 4