BACKGROUND According to the GARC approved audit plan for 2016, an internal audit of the IT function was carried out in Auckland in April 2016. For KVB Group, most of the IT services are delegated to BancLogix System Co. Limited in Hong Kong, a wholly owned subsidiary of KVB Kunlun Holdings Limited. BancLogix provides both IT operations and application development services for the entire KVB Group. A small IT operations team is based at KVB Kunlun International (HK) Limited to provide infrastructure level and partial application level support to the listed company and its subsidiaries. There are two on-site IT support staff based in Auckland, supporting both KVB Kunlun New Zealand Limited and KVB FX Limited. They functionally report to the IT operations team of listed and unlisted companies in Hong Kong. There is also an Auckland-based IT developer reporting to the Hong Kong development team. Unlike the Group's IT function in Hong Kong, the IT operations in New Zealand have not been regularly audited by external auditor PricewaterhouseCoopers as part of their annual financial audit for KVB. New Zealand companies. However, New Zealand management commissioned a local IT provider, Spark Digital, to review New Zealand's KVB IT infrastructure in June 2015. Spark's audit report highlighted aging IT infrastructure along with a general lack of maintenance as a critical risk for KVB's business. Subsequently, in July 2015, New Zealand management proposed a replacement “Top Down” approach in the “New Zealand IT Operations Improvement Plan” to define and implement a new information technology strategy. An RFP was conducted and ultimately ICONZ was selected as the IT partner to implement this improvement exercise. IT Infrastructure and... half of the document... to meet the requirements under the group's IT project, stronger internal or external IT resources need to be appointed to support this improvement exercise. As mentioned in Spark's report and According to Hong Kong IT Group's AI report, the current Auckland disaster recovery site for ForexStar is dysfunctional and lacks walk-through testing. While it is not just the responsibility of local IT, management should still pay attention as this is a requirement for applying for an FMA license. Among a number of issues that need to be addressed, priority actions are needed to improve network security, clean up and make an accurate inventory of corporate IT assets which could form the basis for improved access control and system maintenance. Work is also needed in relation to service level management with suppliers and strengthening the physical security of IT assets.