Who is a GST Suvidha Provider or GSP?
GST Suvidha Provider or GSP focuses to an empowering influence for organizations to consent to the GST arrangements through their GST software. In other words, they are the authorized intermediaries for businesses to reach out to the GST portal services. GSPs have their applications and APIs developed in line with the GST laws and regulations. A GSP uses its software platform and enables GST taxpayers to comply with GST guidelines and provisions. It uses innovative methodologies for taxpayers to do different activities in the GST portal, extending from registration and invoicing towards GST return filings.
What is a GST Suvidha System Audit?
GST is one of the biggest tax reforms in Indian history. Some of the functionalities of GST systems include registration, tax payment, invoice uploading, return filing, etc. All return filings under the GST gets managed by the GSTN. The GST network has asked GSPs to get their systems well-inspected and audited as per the ISO standards. The audit should get completed before they start feeding information to the network. The process guarantees data security as the reform can push large chunks of data into GST system networks.
Objectives of the Audit
Some of the major objectives connected to the GST Suvidha System Audit are as follows;
- To target risk areas and validate the records maintained in the course of normal business.
- To deploy compliance verification concerning data security and GST regulations
- To ensure continuous workflow of GST networks as large chunks of data, in the form of sales/purchase invoices, get flushed into the network daily
Applicability of the Audit
- GST Suvidha Providers must perform system audits as per ISO standards before feeding data information into the network
- The system audit on the prevailing ISO standard must be conducted by an authorized auditor from CERT-In empanelled list before pushing data into the GST networks
Approach/ Process to the Audit
Ensuring compliance with the data security standards and adhering to the GST law regulations is a vital consideration for the audit process. GST Suvidha Providers System Audit requires CERT-IN empanelled security auditors to conduct the inspection process. CERT-In has a list of recognized cyber security auditors capable of conducting mandatory audits for government collaborations and engagements. The Audit process is as follows;
1. Audit Planning & Preparation
The phase involves the planning and mapping of audit scopes and objectives. In this phase, the GSP system environment gets carefully studied and analysed before initiating the assessment process.
2. Risk Assessment
The phase involves risk evaluation and testing to detect information system flaws and vulnerabilities in the GSP. It focuses on uncovering IT-related threats and vulnerabilities as a part of enhancing the security posture.
3. Compliance & System Review
In the compliance and system review phase, all controls over critical system platforms, physical & network components and IT infrastructure get assessed to the core. It draws out all possible deviations from the expected data security standard, adhering to the best practices of GST norms.
4. Audit Reporting
The phase involves a detailed and prioritized report of test assessments and findings. It also includes actionable recommendations and a roadmap to effective patching of identified risks. The audit report points to the conformance, non-conformance, and proposed improvements in line with the expected regulation standard.
Wrapping Up
In the digital age of significance, CERT-In, the statutory body governing information technology security for the nation, has made its call clear in GSP
audits. The requirement to carry out GSP audits by one of the auditors in the CERT-In panel has conveyed the right move toward ensuring data security in the portal. Additionally, CERT-In empanelled auditors will have the required skill and efficiency to draw the current security posture of GSP systems and controls aligning to it. By conducting audits, GSP providers will have a stable, solid, and upright platform to handle GST operations. They could converge the deviations and mitigate risks, enhancing the operational flow of GST networks.