and for reporting to the Anti-Money Laundering Office in case of suspicious transactions (if
any in the future).
D) True Money’s standards for database audit trails and logging should be reviewed.
We recommend logging all activities on True Money database system according to the True
Corporate Security Policy. In case there is an impact on processing capability, True Money’s
database logging standards should be formally established and approved by authorized
management.
E) Database security function should be segregated from day-to-day database operation function.
We recommend segregation of duties between security administration and day-to-day
operation to enhance check-and-balance control over database system of True Money.
Our audit findings and recommendations have been acknowledged by all responsible functions
and proper actions have been discussed and agreed upon therein. Responsible management is
aware of these issues and the internal control will be assessed and be implemented promptly. In
case of high business impacts are identified and/or judged in the future, the risk will be escalated
to the monitoring process of Risk Monitoring function. It is very important that the corrective
actions on the high/medium-ranked recommendations should be implemented to build internal
control and improve the effectiveness of the internal control over mobile interconnection process.
Please see the appendix II for details. We will follow-up the corrective actions to be taken by
management.