What is a PPI Audit?

PPIs are Payment Instruments that facilitate purchase of goods and services, including financial services, remittance facilities, etc., against the value stored on such instruments. 

Banks and non-bank entities have been issuing PPIs in the country after obtaining necessary approval/authorization from RBI under the Payment and Settlement Systems Act, 2007 (PSS Act). 

RBI has issued Master Direction on Issuance and Operation of Prepaid Payment Instruments to carry out information system audit by CISA auditors.

The Reserve Bank of India vide Master Direction DPSS.CO.PD.No.1 164/02.14.006/2017-18 has laid down a framework for the Payment Instrument Providers.

Applicability

  1. Payment Providers must compulsorily comply with the master directions so that the customers can rely on the proper and risk-free transaction methods. 
  2. It is mandatory for PPI issuers to be audited yearly to get and maintain PPI license. 
  3. It is mandatory for PPI issuers to be audited yearly to get PPI license.

Objective

  1. The Reserve Bank of India has laid down a framework for the Payment Instrument Providers and made it compulsory to comply to the master directions, so that the customers can rely on the proper and risk-free transaction methods.
  2. It’s mandated from RBI that All authorised entities/banks issuing PPIs (Prepaid Payment Instruments) in the country to carry out a information system audit by CISA certified auditors to comply with the findings of the audit report.

Approach

Our approach has been covered in  4 phases as mentioned below: 

Phase 1: Audit Planning
Planning and preparation of the audit scope and objectives. 

Phase 2: Risk Assessment and Business Process Analysis
Assessment, measuring, managing, and controlling IT-related risks, thus enhancing the reliability of processes and the entire information system. 

Phase 3: Audit Performance (Compliance and System Review) 
Assessment of controls over critical system platforms, network and physical components, IT infrastructure supporting relevant business processes.

Phase 4: Reporting
Report audit findings, conclusions, and recommendations of the audit in terms of conformance, non-conformance, and opportunities to improve.

    Why CyberSRC®?

    1. We are team of qualified professionals with rich experience of multiple industries such as Manufacturing, BFSI, Insurance, Healthcare, NBFCs & others. Our consultants are industry experts and have proven track records, some of the renowned certificates that our consultants hold such as CISA, CISSP, COBIT, CEH, CCNA, OSCP, ISO 9001 LA/LI, ISO 27001, ITIL LA/LI, PMP, to name a few. 
    2. We believe in adding value to your business which is enabled through our Centre of Excellence (Coe) and, we have end-to-end capability for Program Build – Operations – Transformation. We can jump start and execute projects in Managed Services mode globally and flexible delivery models. 
    3. Our Vision is to be one of the World’s most trusted advisory & solution provider for Cyber Security, Data Protection an Assurance practices.