This question examines whether an internal audit department can submit and approve a Swift user’s attestation on the KYC-SA Swift portal.
Step 1: Understand Attestation Process
TheIndependent Assessment FrameworkandCSCF v2024require attestations to be submitted by an independent party or authorized user representative, not the internal audit department, to ensure objectivity.
Step 2: Evaluate Each Option
A. Yes, providing this is agreed by the head of IT operations and the CISOInternal audit cannot submit or approve attestations, regardless of internal agreements, per theIndependent Assessment Framework.Conclusion: Incorrect.
B. No, this is never an optionTheCSCF v2024andSwift CSP Compliance Guidelinesprohibit internal audit from submitting or approving attestations, as they lack independence from the audited entity.Conclusion: Correct.
C. Yes, an internal auditor can submit the attestation for approval provided they have the appropriate credentials for swift.com. The CISO remains in charge of the approval of the attestationIncorrect. Internal auditors cannot submit or approve, even with credentials, due to independence requirements.Conclusion: Incorrect.
D. Yes, with approval from the Chief auditorIncorrect. Chief auditor approval does not override the independence requirement.Conclusion: Incorrect.
Step 3: Conclusion and Verification
The correct answer isB, as theCSCF v2024andIndependent Assessment Frameworkprohibit internal audit from submitting or approving attestations.
References
Swift Customer Security Controls Framework (CSCF) v2024, Section: Independent Assessment.
Swift Independent Assessment Framework, Section: Attestation Submission.
Swift CSP Compliance Guidelines, Section: Independence Requirements.
