Business planning
Starting a business
Business support
Business security
Business sales and purchases
Anti-crisis management
FBK Legal
FBK CyberSecurity
Ru
Operational audit under Bank of Russia Regulations No. 437-P and No. 463-P

Operational audit under Bank of Russia Regulations No. 437-P and No. 463-P

Go back

Pursuant to Bank of Russia Regulations No. 437-P dated 17 October 2014 and No. 463-P dated 12 March 2015, trading organisers and clearing houses must conduct an operational audit at least once every two years by engaging independent consultants and submitting the audit results to the Bank of Russia.

Operational audit involves the review (audit) of core processes for the development and operation of automated systems within trading/clearing infrastructure, including information security controls. The audit verifies compliance with technical regulation documents under the Russian Federation law, incorporating provisions of international standards.

FBK is a market leader in audit and advisory services for financial institutions according to the Expert RA rating agency. We have extensive experience in successfully conducting operational audits for various non-credit financial institutions. In the category Audit of Banks, the firm has been ranked 1st annually since 2019 and leads the Audit of Investment Institutions category for the second consecutive year.

During the operational audit (as agreed with the client):
  • Operations of the audited entity are analysed and audit scope is defined.
  • Audit methodology is designed.
  • Regulatory documents and standards for compliance assessment are identified.
  • Comprehensive evaluation of the effectiveness, management, and security of core processes for developing and operating automated systems within the audit scope is performed. Assessment is based on the COBIT 2019 process model and ISO 2700x series standards.

When conducting the operational audit, FBK employs its in-house tool – an instrumental system for assessing control effectiveness across agreed-upon IT processes.

Upon operational audit’s completion, the client receives:
  • Report containing:
  • audit scope description and a list of assessed regulations and standards against which the audit was conducted;
  • audit results (findings), identified non-conformities in IT processes, controls, and associated risks;
  • recommendations to better IT process effectiveness.
  • Assessment of implementation progress for deficiencies identified in previous operational audits.
  • Enhanced operational reliability and improved risk management for information systems.
Our advantages
Expert Team
FBK consultants hold international certifications (CISA, CISM, and CISSP), validating their expertise in information security, risk and project management.
Long-term Collaboration
FBK’s purpose is to establish long-term partnerships, enabling service delivery tailored to your business nuances.
Expertise
FBK’s team has accumulated significant experience in almost all sectors and industries and is well-versed in trends and challenges within specific industries.
Key Persons
Alexey Terekhov
Managing Partner, Financial Services Industry
Contact
Karpushkin Alexey Mikhailovich
Head of IT Audit and Advisory Practice
Contact
With this service, you can also order
Audit of IT infrastructure
SWIFT CSP compliance assessment
Software development process audit
Subscribe to our news
Expert RA
Kommersant
TOP 1000 Russian managers
Pravo.RU
Rossiyskaya Gazeta
Forbes
© FBK 2025 Privacy Statement
This website uses cookies to enhance user experience and to provide necessary site functionality. By clicking the Accept button, you agree to the use of cookies as outlined in our personal data processing policy. You can disable cookies at any time by changing your browser settings.
Accept
Feedback form
Subscribe to the newsletter
Подпишитесь на наши
новости прямо сейчас!