- Financial services provider receives proof of a properly running ICS
- Audit of development, quality assurance and product management processes
- Software development processes meet strict audit criteria in a highly regulated industry
Financial services involve the processing of particularly sensitive financial data that is therefore worthy of protection for tens of thousands of citizens. For this reason, the German Federal Financial Supervisory Authority (BaFin) sets strict requirements that must be met in the case of essential outsourcing. Part of these requirements is an effective and appropriate internal control system for essential business processes, which must be proven by an independent auditing organization as part of an audit. The auditing standard applicable here is IDW PS 951 “Audit of the internal control system at the service company for functions outsourced to the service company”. The BaFin regulatory “Minimum Requirements for Risk Management” (MaRisk) demands that essential outsourced services be strictly monitored with the aid of an ICS and that risk assessments be carried out in the process. These requirements are audited and verified using IDW PS 951.
Tested process quality of the developed software
As part of a customized application, OMNINET developed a central outsourcing management system that hundreds of financial institutions throughout Germany use to outsource services within the overarching banking association in a uniform, secure, and legally compliant manner. Contract management and the evaluation of contractual partners and their services were key aspects of the software solution.
The IDW PS 951 audit of the ICS developed by OMNINET focused primarily on product management, software architecture, and application development processes, defect management, as well as test and release management processes. In addition, workflows, organizational demands, quality assurance and planning specifications and their implementation were assessed, which have a direct or indirect influence on the developed software, on the information security level and on integrity. The result of this comprehensive audit was recorded in a detailed report.
Relevance for OMNINET as a digitalization partner in strictly regulated sectors
“The externally audited effectiveness and adequacy of the developed ICS confirms that OMNINET reliably provides individual software solutions in highly regulated industries. OMNINET has thus proven its status as a digitalization partner for sophisticated and highly complex software developments. In particular, OMNINET has also shown that the development and maintenance of an internal control system can demonstrably withstand the high demands of the financial industry,” says Markus Lenzer, CEO of OMNINET.