general controls
TRANSCRIPT
-
8/19/2019 General Controls
1/3
Names: Ramos, Jennifer D. Subject: Computer 4Class Schedule: M--! "-#
Ra$oco, Mar% Joseph &. Section: M'"Date Submitted: !ebruar( #), #*"#
+D /R01R+M !0R 12N2R+3 C0NR03S
-
8/19/2019 General Controls
2/3
+reas of Controls /ossible 2posures
+udit0bjecti5es
+udit/rocedures
nternal ControlChec%list
".6 0peratin7S(stems Control
• Accidental andintentional threat includingattempts to access dataillegally, violate user privacy, orperform malicious acts
• To verify that eectivemgmt policies and proceduresare in place to prevent theintroduction and spread of destructive programs..
• To ensure that theorganization has an adequateand eective password policyfor controlling access to theoperating system.
• To verify that accessprivileges are granted in amanner that is consistent withthe need to separateincompatible functions and is inaccordance with organizationalpolicy.
• To ensure that theauditing of users and events inadequate for preventing anddetecting abuses,reconstructing key events thatpreceded systems failures andplanning resource allocation.
• eview the organization!s
policies.
• eview the privileges of a
selection of user groups andindividuals.
• eview the user!s permitted
log"on times.
• #erify that all users are
required to have passwords.
• eview password control
procedures.
• eview the account lockout
policy and procedures.
• #erify that new software is
tested on stand"aloneworkstation.
• eview on screen audit logs
or archiving the $le forsubsequent review.
• +re the current co
of all policies a
procedures
a5ailable8
• s there a Secur
polic( Chec%list8
• s there a summ
of anti-5i
soft9are pro7rainstalled8
• s there a summ
of pass9ord contprocedures8
#.6 DatabaseMana7ementControl
• %nadequate back u p of data and unauthorized access todata by authorized andunauthorized personnel
• To verify that controlsover data management aresu&cient to preserve theintegrity and physical securityof the database.
• eview access to the computer
room if limited to the computeroperators and %T departmentsupervisor.
• #erify computer labs that
require coded %' cards or keysfor entry
• #erify if program librarian has
restricted access to programsas well as a written user log for
all programs checked out
s there a summar( of:
• &iometric de5ices
• +uthoriation rule
• ser-de;ned
procedures
• 2ncr(ption
• nterference contr
• +ccess Controls
'.6
0r7aniationalStructure
• (rogrammers and
operators who performincompatible functionsmay penetrate programfraud.
• 'ocumentation
• To verify that individuals
in incompatible areas aresegregated inaccordance with thelevel of potential risk andin a manner thatpromotes a workingenvironment
• )btain the current
organization chart for theinformation technology
• Through discussion with
information technologypersonnel, evaluate theproper segregation of
s there a summar( of:
• /ro7ram Chan7e
Control
• Securit( polic(
chec%list
• 7eneral controls
-
8/19/2019 General Controls
3/3