8/19/2019 General Controls

1/3

Names: Ramos, Jennifer D. Subject: Computer 4Class Schedule: M--! "-#

  Ra$oco, Mar% Joseph &. Section: M'"Date Submitted: !ebruar( #), #*"#

+D /R01R+M !0R 12N2R+3 C0NR03S

8/19/2019 General Controls

2/3

+reas of Controls /ossible 2posures

+udit0bjecti5es

+udit/rocedures

nternal ControlChec%list

".6 0peratin7S(stems Control

• Accidental andintentional threat includingattempts to access dataillegally, violate user privacy, orperform malicious acts

• To verify that eectivemgmt policies and proceduresare in place to prevent theintroduction and spread of destructive programs..

• To ensure that theorganization has an adequateand eective password policyfor controlling access to theoperating system.

• To verify that accessprivileges are granted in amanner that is consistent withthe need to separateincompatible functions and is inaccordance with organizationalpolicy.

• To ensure that theauditing of users and events inadequate for preventing anddetecting abuses,reconstructing key events thatpreceded systems failures andplanning resource allocation.

•   eview the organization!s

policies.

• eview the privileges of a

selection of user groups andindividuals.

• eview the user!s permitted

log"on times.

• #erify that all users are

required to have passwords.

• eview password control

procedures.

• eview the account lockout

policy and procedures.

• #erify that new software is

tested on stand"aloneworkstation.

• eview on screen audit logs

or archiving the $le forsubsequent review.

• +re the current co

of all policies a

procedures

a5ailable8

• s there a Secur

polic( Chec%list8

• s there a summ

of anti-5i

soft9are pro7rainstalled8

• s there a summ

of pass9ord contprocedures8

#.6 DatabaseMana7ementControl

• %nadequate back u p of  data and unauthorized access todata by authorized andunauthorized personnel

• To verify that controlsover data management aresu&cient to preserve theintegrity and physical securityof the database.

• eview access to the computer

room if limited to the computeroperators and %T departmentsupervisor.

• #erify computer labs that

require coded %' cards or keysfor entry

• #erify if program librarian has

restricted access to programsas well as a written user log for

all programs checked out

s there a summar( of:

• &iometric de5ices

• +uthoriation rule

• ser-de;ned

procedures

• 2ncr(ption

• nterference contr

• +ccess Controls

'.6

0r7aniationalStructure

• (rogrammers and

operators who performincompatible functionsmay penetrate programfraud.

• 'ocumentation

•  To verify that individuals

in incompatible areas aresegregated inaccordance with thelevel of potential risk andin a manner thatpromotes a workingenvironment

• )btain the current

organization chart for theinformation technology

•  Through discussion with

information technologypersonnel, evaluate theproper segregation of 

 s there a summar( of:

• /ro7ram Chan7e

Control

• Securit( polic(

chec%list

• 7eneral controls

8/19/2019 General Controls

3/3