general check list for is audit of application
TRANSCRIPT
-
8/3/2019 general Check List for is Audit of Application
1/3
General check list for IS audit of application
A. Detailed design document
B. Copy of Administrative manualC. Copy of Architecture and Application Setup
D. System specification documentE. Copy of User manual
F. One time parameter setting details.G. Details of accounting parameter setting.
H. Data flow diagramI. Interface with other applicationsJ. Whether Remote access to vendor is givenK. Details of application dependency Generic user ID.
L. Details of hard coded user ID and passwords.M. Copy of sign off document.
N. Copy of UAT Test cases with sign-offO. What are the Outstanding issues as on date
P. Whether report on User activities ( Audit trail) can be generatedfrom application.
Q. List of modules implemented. Schedule for implementation ofremaining modules , if any
R. Segregation of duties List of DB/OS/Application administratorfrom Bob and from HP / vendor
S. Access Control
Logical Application Group
Application Users
System / application administrator
Application Group- rights & privileges
Application Users- rights & privileges
Audit trail / Logs Report from application
Maker / Checker
Access to application key files & folders
Application password policy
Generic users
User Ids & Password hard coded in any scripts-Documentation
Super user passwords in sealed envelop
Application version
Application patches testing and procedure followed
Input data validation for key fields.
Sign off document
-
8/3/2019 general Check List for is Audit of Application
2/3
Application Exception reports
Data base
Data base Group Data base Users
Data base administrator
Data base Group- rights & privileges
Data base Users- rights & privileges
Audit logging
Auditing of data base administrator.
Log shipping
Access to log files
Access to archival log files
Access to DB home directory
Data base password policy
Database hardening
Data base version
Data base patches
Data base licenses
Generic users
User Ids & Password hard coded in any scripts Documentation
Super user passwords in sealed envelop
Review of database user access rights - guidelines
Back end access
Back up offsite storage
BCP & Disaster recovery setup
Testing of BCP & Disaster recovery setup
Monitoring of online replication from DC to DR
Log monitoring DB,OS - How , frequency
Operating system Application, Database, Webapplication.
Operating system Group
Operating system Users Operating system administrator
Operating system Group- rights & privileges
Operating system Users- rights & privileges
Audit logging
Auditing of Operating system administrator.
Log shipping
-
8/3/2019 general Check List for is Audit of Application
3/3
Access to log files
Access to archival log files
Access to OS directory
Operating system password policy
Operating system hardening
Operating system version Operating system service pack / hot fixes
Operating system licenses
Generic users
User Ids & Password hard coded in any scripts -Documentation
Super user passwords in sealed envelop
Review of OS user access rights - guidelines
Clock synchronisation
Application , DB ,Web Servers part of domain
User Access Management application
User Access Management data base
User Access Management Operating system
Interfaces between other applications documentation
Data upload
Test environment
Segregation of duties - Access to production setup Developer
Documented Operating critical procedures
Various processes