This document contains questions for a system audit questionnaire covering many aspects of an organization's IT environment, systems, and controls. It addresses topics such as the IT infrastructure, organizational structure, control functions, management practices, physical and logical access controls, systems development processes, application controls, and business continuity planning. The goal is to evaluate and identify risks across technical, administrative, and physical security domains.
Basics in IT Audit and Application Control Testing Dinesh O Bareja
IT Audit and Application Control Testing are large and complex activities in themselves, and it is my presentation to share the basics here, based on my own experience and using guidance from IIA GTAGs.
The document is an audit checklist for reviewing the organization and administration, program maintenance, system development, and access controls of a company's information systems. It contains questions to evaluate whether duties are properly segregated, programs are authorized and tested before production, systems are developed following standards, and access to data files is restricted to authorized users and programs. The checklist aims to assess whether the company has implemented proper controls and policies over its IT systems.
This document discusses IT general controls, which are controls that ensure information processing takes place in a reasonably controlled and consistent environment. It describes different types of IT general controls such as logical access controls, program change controls, and IT operations controls. Logical access controls ensure proper user access and passwords while program change controls mandate separate development and production environments and documentation of changes. The document also distinguishes between tests of controls, which evaluate if application and IT general controls are designed and operating effectively, and tests of transactions, which sample data to indirectly assess if an application control is functioning properly over time.
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
The document discusses threats to information technology systems such as data theft, cyberattacks, and system vulnerabilities. It then provides an overview of information technology general controls (ITGCs) and how they are important for ensuring the secure, stable, and reliable performance of technology systems. Finally, it discusses specific areas of focus for ITGCs such as security management, change management, and testing methodologies.
Defining an IT Auditor,
IT Auditor Certifications & ISACA,
IT Audit Phases,
Preparing to be Audited,
How IT auditor audits an Applications,
Auditing technology for Information System.
The document discusses several IT audit methodologies: CobiT, BS 7799, BSI, ITSEC, and Common Criteria. It provides an overview of each methodology, including their main uses, structures, and summaries. CobiT is used for IT audits and governance and has 4 domains and 34 processes. BS 7799 focuses on information security management and lists 109 security controls. BSI is the German IT baseline protection manual with 34 security modules. ITSEC and Common Criteria are evaluation criteria used for security certification.
The document discusses auditing IT infrastructure including hardware, networks, and telecommunications devices. It provides details on objectives of IT audits such as assessing continuity, management/maintenance, and security of systems. It also discusses standards and guidelines for auditing such as CobiT, ISO 27001, and reviewing hardware assets, network design, security, backups, and telecommunication agreements and invoices.
Basics in IT Audit and Application Control Testing Dinesh O Bareja
IT Audit and Application Control Testing are large and complex activities in themselves, and it is my presentation to share the basics here, based on my own experience and using guidance from IIA GTAGs.
The document is an audit checklist for reviewing the organization and administration, program maintenance, system development, and access controls of a company's information systems. It contains questions to evaluate whether duties are properly segregated, programs are authorized and tested before production, systems are developed following standards, and access to data files is restricted to authorized users and programs. The checklist aims to assess whether the company has implemented proper controls and policies over its IT systems.
This document discusses IT general controls, which are controls that ensure information processing takes place in a reasonably controlled and consistent environment. It describes different types of IT general controls such as logical access controls, program change controls, and IT operations controls. Logical access controls ensure proper user access and passwords while program change controls mandate separate development and production environments and documentation of changes. The document also distinguishes between tests of controls, which evaluate if application and IT general controls are designed and operating effectively, and tests of transactions, which sample data to indirectly assess if an application control is functioning properly over time.
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
The document discusses threats to information technology systems such as data theft, cyberattacks, and system vulnerabilities. It then provides an overview of information technology general controls (ITGCs) and how they are important for ensuring the secure, stable, and reliable performance of technology systems. Finally, it discusses specific areas of focus for ITGCs such as security management, change management, and testing methodologies.
Defining an IT Auditor,
IT Auditor Certifications & ISACA,
IT Audit Phases,
Preparing to be Audited,
How IT auditor audits an Applications,
Auditing technology for Information System.
The document discusses several IT audit methodologies: CobiT, BS 7799, BSI, ITSEC, and Common Criteria. It provides an overview of each methodology, including their main uses, structures, and summaries. CobiT is used for IT audits and governance and has 4 domains and 34 processes. BS 7799 focuses on information security management and lists 109 security controls. BSI is the German IT baseline protection manual with 34 security modules. ITSEC and Common Criteria are evaluation criteria used for security certification.
The document discusses auditing IT infrastructure including hardware, networks, and telecommunications devices. It provides details on objectives of IT audits such as assessing continuity, management/maintenance, and security of systems. It also discusses standards and guidelines for auditing such as CobiT, ISO 27001, and reviewing hardware assets, network design, security, backups, and telecommunication agreements and invoices.
Understanding this course help you have an idea on how the audit assessment is performed and where the focus lies. General controls take a large percentage of the entire Audit function and should be paid adequate attention during the session.
The document discusses two broad groupings of information systems control activities: general controls and application controls. General controls relate to many IS applications and support effective application controls by ensuring continued operation of IS. They include logical access controls, system development life cycle controls, program change management controls, and data center physical security controls. Application controls are designed to ensure complete and accurate processing of data from input through output and include controls over input, processing, and output of applications. The design of general controls depends on application control requirements and enterprise risk management, while reliance on application controls depends on the design and operating effectiveness of general controls.
The document outlines key areas for an ITGC audit of ERP systems, including developing and maintaining policies and procedures, installing and testing application software, managing changes, defining and managing service levels, managing third party services, ensuring system security, managing problems and incidents, managing data, and managing operations. Procedures are in place for each area to ensure systems are developed according to policies, changes are managed through formal processes, security and access controls are implemented, incidents are addressed, data is protected, backed up and operations are standardized.
The document provides details on conducting an information system audit of banks. It outlines the scope of audits including hardware controls, data protection controls, network controls, and personnel controls. It also lists topics that will be covered in the audit such as physical security, backups, disaster recovery, software use, and network security controls like login controls and password policies. The purpose is to assess whether the bank's information security safeguards assets effectively, maintains data integrity, and allows for efficient use of systems.
The document discusses various types of application controls. It begins by listing the most common types as input control, process control, and output control. It then provides more details on each type of application control, including definitions and examples. It explains that application controls regulate the input, processing, and output of an application in order to ensure complete and accurate processing of data. The risks of input, processing, and outputs are also summarized.
This document provides information about an ISO 27001 awareness training course held by K2A Training Academy. The one-day course aims to help participants understand how to safeguard organizational data and information from both external and internal threats. It covers topics such as information security background, risks and controls, and the ISO 27001 certification process. Breaks are scheduled during the day for tea and lunch. Attendees are not permitted to smoke or use their mobile devices during the sessions.
This document summarizes an IT security audit conducted on the information systems of the Companies Division. The audit was outsourced to external consultants and assessed application, network, and physical security. It identified vulnerabilities in various areas and provided recommendations to address them within specified timeframes. The audit deliverables included reports outlining the methodology, findings, and corrective action plans. The benefits of the audit included strengthening security policies and controls, implementing physical access controls, and establishing a process to continuously monitor and improve the security of the information system.
This document contains an outline for a CISA review course covering topics such as information security management, logical access controls, network security, and auditing frameworks. It includes sections on inventorying and classifying assets, access permissions, privacy issues, risks from external parties, and incident response. Self-assessment questions test on weaknesses like uncontrolled database passwords, the risks of single sign-on, uses of intrusion detection systems, and effective antivirus controls.
This document provides an overview of ISO 27001, which establishes requirements for an Information Security Management System (ISMS). It discusses the requirements to establish, implement, maintain, and continually improve the ISMS. The key requirements include establishing the scope and policy of the ISMS, conducting a risk assessment, selecting controls, implementing controls, monitoring and reviewing the system, taking corrective and preventive actions, and conducting management reviews. The purpose is to introduce a systematic approach to managing information security risks and ensure the confidentiality, integrity and availability of information assets.
This document discusses the process of conducting an information security audit. It begins by defining an information security audit and explaining that it assesses how an organization's security policies protect information. It then describes the general methodology, which involves assessing general controls at the entity, application, and technical levels. The document outlines the planning, internal control, testing, and reporting phases of an audit. It provides details on tasks like developing audit scopes and checklists, assessing policies and documentation, and writing the final audit report. The overall purpose is to explain the end-to-end process of performing an information security audit.
ControlCase covers the following:
- What does SOC stand for?
- What is SOC 2 compliance?
- What is SOC 2 certification?
- What is a SOC 2 report?
- Who can perform a SOC 2 audit?
- How do managed service providers comply with SOC 2
- How to lower cost of SOC 2 audit?
- ControlCase methodology for SOC 2 compliance
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
This document provides an overview of internal controls and information system auditing. It defines internal controls as processes designed to provide reasonable assurance of achieving objectives related to operations, financial reporting, and compliance. It discusses control objectives, components of internal controls including the control environment, risk assessment, control activities, information and communication, and monitoring. The document also covers the Foreign Corrupt Practices Act, types of financial reporting controls, segregation of duties, accounting systems, limitations of internal controls, and the role of internal controls in financial audits.
Here is an easy to use checklist for ISO 27001
if you require any advise please call CAW Consultancy Business Solutions on 01772 932058 or our 24 hour hotline 07427535662
Due to the dramatic increase of threats worldwide, there is a need for the companies to find ways how to increase the information security. Therefore, one solution is to implement the ISO/IEC 27001 in order to protect information both internally and externally.
Main points that will be covered are:
• The scope of ISO 27001 & associated other standards references
• Information Security and ISIM Terminologies
• ISIM auditing principles
• Managing audit program & audit activities
Presenter:
Eng. Kefah El-Ghobbas is a specialist in ‘Business Process Excellence' through ‘Business Process Re-engineering' with over 20 years of experience.
Link of the recorded session published on YouTube: https://youtu.be/rTxA8PVULUs
This document is an internal audit checklist for ISO 9001:2008. It contains questions to evaluate an organization's compliance with ISO 9001 requirements for quality management systems. The checklist addresses topics such as quality manual documentation, document control, infrastructure, product realization planning, customer requirements, internal audits, and monitoring. Auditors will use this checklist to assess conformance and identify any nonconformities.
This document provides background information on a study being conducted to improve students' cognitive abilities using interactive virtual art. It discusses Malaysia's initiatives to integrate technology into education to prepare students for 21st century skills. Studies have shown benefits of arts education for student achievement and well-being. The study aims to identify students' current art achievement levels, determine the effectiveness of interactive learning for teaching visual art, and identify ways to improve art learning. It puts forth a hypothesis that student achievement will be significantly different after using interactive software and defines key terms like cognitive and interactive.
The document discusses a study examining tourists' perceptions and willingness to pay for interpretive services at heritage sites in Lukang, Taiwan. It provides background on interpretive services and their importance for heritage tourism. The study uses a questionnaire survey of 500 tourists and an open-ended contingent valuation method to determine tourists' willingness to pay for interpretive guides. Statistical analysis uses a Box-Cox double-hurdle model to analyze how perceptions, experiences, and socioeconomic factors influence willingness to pay.
Understanding this course help you have an idea on how the audit assessment is performed and where the focus lies. General controls take a large percentage of the entire Audit function and should be paid adequate attention during the session.
The document discusses two broad groupings of information systems control activities: general controls and application controls. General controls relate to many IS applications and support effective application controls by ensuring continued operation of IS. They include logical access controls, system development life cycle controls, program change management controls, and data center physical security controls. Application controls are designed to ensure complete and accurate processing of data from input through output and include controls over input, processing, and output of applications. The design of general controls depends on application control requirements and enterprise risk management, while reliance on application controls depends on the design and operating effectiveness of general controls.
The document outlines key areas for an ITGC audit of ERP systems, including developing and maintaining policies and procedures, installing and testing application software, managing changes, defining and managing service levels, managing third party services, ensuring system security, managing problems and incidents, managing data, and managing operations. Procedures are in place for each area to ensure systems are developed according to policies, changes are managed through formal processes, security and access controls are implemented, incidents are addressed, data is protected, backed up and operations are standardized.
The document provides details on conducting an information system audit of banks. It outlines the scope of audits including hardware controls, data protection controls, network controls, and personnel controls. It also lists topics that will be covered in the audit such as physical security, backups, disaster recovery, software use, and network security controls like login controls and password policies. The purpose is to assess whether the bank's information security safeguards assets effectively, maintains data integrity, and allows for efficient use of systems.
The document discusses various types of application controls. It begins by listing the most common types as input control, process control, and output control. It then provides more details on each type of application control, including definitions and examples. It explains that application controls regulate the input, processing, and output of an application in order to ensure complete and accurate processing of data. The risks of input, processing, and outputs are also summarized.
This document provides information about an ISO 27001 awareness training course held by K2A Training Academy. The one-day course aims to help participants understand how to safeguard organizational data and information from both external and internal threats. It covers topics such as information security background, risks and controls, and the ISO 27001 certification process. Breaks are scheduled during the day for tea and lunch. Attendees are not permitted to smoke or use their mobile devices during the sessions.
This document summarizes an IT security audit conducted on the information systems of the Companies Division. The audit was outsourced to external consultants and assessed application, network, and physical security. It identified vulnerabilities in various areas and provided recommendations to address them within specified timeframes. The audit deliverables included reports outlining the methodology, findings, and corrective action plans. The benefits of the audit included strengthening security policies and controls, implementing physical access controls, and establishing a process to continuously monitor and improve the security of the information system.
This document contains an outline for a CISA review course covering topics such as information security management, logical access controls, network security, and auditing frameworks. It includes sections on inventorying and classifying assets, access permissions, privacy issues, risks from external parties, and incident response. Self-assessment questions test on weaknesses like uncontrolled database passwords, the risks of single sign-on, uses of intrusion detection systems, and effective antivirus controls.
This document provides an overview of ISO 27001, which establishes requirements for an Information Security Management System (ISMS). It discusses the requirements to establish, implement, maintain, and continually improve the ISMS. The key requirements include establishing the scope and policy of the ISMS, conducting a risk assessment, selecting controls, implementing controls, monitoring and reviewing the system, taking corrective and preventive actions, and conducting management reviews. The purpose is to introduce a systematic approach to managing information security risks and ensure the confidentiality, integrity and availability of information assets.
This document discusses the process of conducting an information security audit. It begins by defining an information security audit and explaining that it assesses how an organization's security policies protect information. It then describes the general methodology, which involves assessing general controls at the entity, application, and technical levels. The document outlines the planning, internal control, testing, and reporting phases of an audit. It provides details on tasks like developing audit scopes and checklists, assessing policies and documentation, and writing the final audit report. The overall purpose is to explain the end-to-end process of performing an information security audit.
ControlCase covers the following:
- What does SOC stand for?
- What is SOC 2 compliance?
- What is SOC 2 certification?
- What is a SOC 2 report?
- Who can perform a SOC 2 audit?
- How do managed service providers comply with SOC 2
- How to lower cost of SOC 2 audit?
- ControlCase methodology for SOC 2 compliance
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
This document provides an overview of internal controls and information system auditing. It defines internal controls as processes designed to provide reasonable assurance of achieving objectives related to operations, financial reporting, and compliance. It discusses control objectives, components of internal controls including the control environment, risk assessment, control activities, information and communication, and monitoring. The document also covers the Foreign Corrupt Practices Act, types of financial reporting controls, segregation of duties, accounting systems, limitations of internal controls, and the role of internal controls in financial audits.
Here is an easy to use checklist for ISO 27001
if you require any advise please call CAW Consultancy Business Solutions on 01772 932058 or our 24 hour hotline 07427535662
Due to the dramatic increase of threats worldwide, there is a need for the companies to find ways how to increase the information security. Therefore, one solution is to implement the ISO/IEC 27001 in order to protect information both internally and externally.
Main points that will be covered are:
• The scope of ISO 27001 & associated other standards references
• Information Security and ISIM Terminologies
• ISIM auditing principles
• Managing audit program & audit activities
Presenter:
Eng. Kefah El-Ghobbas is a specialist in ‘Business Process Excellence' through ‘Business Process Re-engineering' with over 20 years of experience.
Link of the recorded session published on YouTube: https://youtu.be/rTxA8PVULUs
This document is an internal audit checklist for ISO 9001:2008. It contains questions to evaluate an organization's compliance with ISO 9001 requirements for quality management systems. The checklist addresses topics such as quality manual documentation, document control, infrastructure, product realization planning, customer requirements, internal audits, and monitoring. Auditors will use this checklist to assess conformance and identify any nonconformities.
This document provides background information on a study being conducted to improve students' cognitive abilities using interactive virtual art. It discusses Malaysia's initiatives to integrate technology into education to prepare students for 21st century skills. Studies have shown benefits of arts education for student achievement and well-being. The study aims to identify students' current art achievement levels, determine the effectiveness of interactive learning for teaching visual art, and identify ways to improve art learning. It puts forth a hypothesis that student achievement will be significantly different after using interactive software and defines key terms like cognitive and interactive.
The document discusses a study examining tourists' perceptions and willingness to pay for interpretive services at heritage sites in Lukang, Taiwan. It provides background on interpretive services and their importance for heritage tourism. The study uses a questionnaire survey of 500 tourists and an open-ended contingent valuation method to determine tourists' willingness to pay for interpretive guides. Statistical analysis uses a Box-Cox double-hurdle model to analyze how perceptions, experiences, and socioeconomic factors influence willingness to pay.
This document provides a list of important cultural heritage sites in Lithuania that could be used for educational purposes. It begins with an introduction and then lists several UNESCO World Heritage sites, including the Vilnius Historic Center, the Curonian Spit, Lithuanian cross crafting, and Baltic song and dance celebrations. For the Vilnius Historic Center, it provides a short history and describes its importance as the capital of the Grand Duchy of Lithuania from the 13th to 18th centuries. It then suggests ways the provided UNESCO teaching kit could be adapted to investigate and teach students about the listed cultural heritage sites in Lithuania.
This document contains a 12-question survey about litter, recycling, and the environment at Cranford school. It asks students to identify common litter items, littered areas of the school, how to improve environmental attitudes, which groups litter most and least, ideas for an environmental sculpture, what materials it would use, what existing school sculptures lack, what can be made from cans and bottles, important environmental messages, and the cleanest school department.
The document discusses Kandy, Sri Lanka, which was designated a UNESCO World Heritage Site in 1988. It highlights several important cultural and architectural attributes of Kandy, including the Temple of the Tooth, the Royal Palace, and various temples and rituals. The document also analyzes tourism data in Kandy, finding that most visitors are from Europe, peak season is July, and both foreign and domestic tourists report high levels of satisfaction with their visits. Some recommendations are made to further improve the tourism experience in Kandy.
This document contains a 12-question survey about litter and recycling at a school called Cranford. The questions ask students about common litter items, locations with the most litter, times when the school is untidiest, ways to improve litter attitudes, who throws the most and least litter, teacher and student efforts to stop litter, good materials for recycling sculptures, potential sculpture topics, whether sculptures have messages, and how the school could improve recycling.
The document is a survey questionnaire being conducted by two UPV students, Nasser Ray Domingo and Rowe Mari Joseph Roquez, for their Economics Research II course. The questionnaire contains various questions regarding awareness of and attitudes toward cultural heritage sites, specifically focusing on the economic valuation of the UNESCO World Heritage Site of Santo Tomas de Villanova Church in Miagao, Iloilo. It begins with introductory questions about awareness of heritage sites in general and knowledge of Miagao Church. Following sections address attitudes toward cultural heritage preservation and valuation questions.
The document contains an 11 question survey about the school environment and sculptures. It asks questions about recycling habits of different departments and year groups, attitudes toward recycling and litter, opinions on existing sculptures and ideas for new sculptures, and the biggest environmental issue at the school. The questions cover topics like which years recycle the most/least, whether the respondent recycles paper and puts rubbish in bins, preferences for types and locations of sculptures, and the largest source of waste at the school.
This document provides an overview of a project report on employee retention strategies of BSNL. It includes a declaration, certificate, acknowledgements, preface, and table of contents. The project aims to understand the various strategic initiatives adopted by BSNL towards retention of their employees in Kullu Telecom District of Himachal Pradesh. It will analyze BSNL's retention practices and make recommendations to improve employee retention.
CREATIVITY SELECTED ELEMENTS QUESTIONNAIRE (CSEQ): A CREATIVE ASSESSMENT INST...Thesigan Nadarajan
The document describes a study that developed and tested the Creativity Selected Elements Questionnaire (CSEQ) as a tool to assess creativity. The CSEQ measures 8 elements of creativity based on prior theories. It was administered to 900 students across 3 colleges to examine relationships between creativity and demographic variables. Key findings included relationships between creativity and factors like age, gender, education level. The CSEQ showed potential for use in orientation, curriculum design, and identifying students with creative strengths. Reliability analyses found acceptable internal consistency for the overall CSEQ despite some scales having lower reliability given their small number of items.
Report on customer service in telecom sector mineMd. Ahadujjaman
This report analyzes the customer service of mobile operator Banglalink based on a case study. The objectives are to understand Banglalink's customer service standards, customer satisfaction levels, challenges and opportunities for improvement. Primary data was collected through interviews with Banglalink employees and customers. Secondary sources included internal documents and external research.
Key findings include barriers to Banglalink's customer care like network coverage issues. Reliability was found to most significantly influence overall customer satisfaction. The report recommends Banglalink focus on expanding network coverage and prioritizing reliability to improve the customer experience.
Muhammad Hussain worked out on Pakistan Telecommunication Services. This was study project, assigned by BIZTEK Karachi.
For further details, do contact me on 03458124575, engrshanas@yahoo.com or mhussain@etd1.co.uk
The document discusses the results of a study on the impact of COVID-19 lockdowns on air pollution. The study found that lockdowns led to short-term reductions in nitrogen dioxide and fine particulate matter concentrations globally. However, the decreases in air pollution were temporary and levels rose back to normal once lockdown restrictions were lifted and activity resumed.
The document summarizes communication channels and strategies used within the HR department of Mobilink, Pakistan's leading cellular service provider. It identifies that HR primarily uses internal communication through emails and announcements to employees. External communication is limited to recruitment advertising. Downward, upward, horizontal, and crosswise/diagonal communication flows exist within established formal and informal channels. Barriers to effective communication include cultural differences with a multinational workforce and lack of feedback mechanisms between some levels of management.
This document analyzes human resource management practices in Pakistan's major telecommunication companies (Mobilink, Warid, Ufone, Zong, and Telenor). It describes the key functions of HR departments, including recruitment, training, performance evaluation, and compensation. It also examines specific HR policies and issues within each company, such as sources for hiring, orientation processes, and common employee benefits. Overall, the document finds that HR practices have improved employee motivation, satisfaction, and development across the telecommunication sector over the last three years.
A Questionnaire for Identify Failures in Business Analysis Phase of ERP ProjectsVaruna Harshana
Identifying business needs and designing solutions is done through the processes of “Business Analysis”. Many solutions are developed to provide the needs of businesses which include the implementation of ERP systems. ERP systems mostly cuts across many business processes hence create many complexities while designing them. The probability rate for these complexities to turn into failures is high. The Business analyst is mostly responsible in handling these issues and reduces them as well. Business analysis includes many phases which can be shown as follows;
Enterprise/Company analysis
Requirements planning and management
Requirements elicitation
Requirements analysis and documentation
Requirements communication
Solution assessment and validation
The above mentioned phases need to be executed in order to do a proper business analysis. Many aspects need to be considered and standards need to be followed in doing this analysis, so as mentioned earlier there is a high probability for these phases not to function in the expected manner. So the identification of the potential process failures needs to be done.
This can be done by preparing a questionnaire which will monitor important elements of each of the above mentioned phases of business analysis. These questions will be addressing many aspects such as standards used, tools used, parties responsible, causes of actions, etc. In this manner this questionnaire could simply identify the failures that could occur while carrying out the Business analysis stage.
The questionnaire that we prepared will clearly indicate how effectively anyone could point out potential failures of “Business analysis” stage.
The document provides details about Mobilink GSM, including its vision, mission, goals, values, achievements, services, strategies, competition, management functions, organizational structure, corporate social responsibility programs, and HR functions. Mobilink is the largest mobile network operator in Pakistan with over 24 million subscribers and aims to provide innovative communication solutions to customers. The report was prepared by a group of MBA students for their business communication course instructor.
- The study aimed to determine the learning preferences of 4th year high school students in Mabitac, Laguna, as well as the teaching strategies used by their mathematics teachers.
- Most students were 16-year-old females from Mabitac National High School. Their top three learning preferences were visual, auditory, and kinesthetic. Teachers averaged 31 years old and had 1-5 years of experience.
- There were significant relationships between students' age, gender, and school and their learning preferences. There were also significant relationships between teachers' age, education, experience, and training and their teaching strategies. However, there was no significant relationship between students' preferences and teachers' strategies.
Research Project on Brand Preference of Mobile PhonesMonika Kadam
The document is a project report submitted by Monika Kadam to fulfill the requirements of a Bachelor of Business Administration degree. It discusses Monika's research on the brand preferences of mobile phones among students. The report includes an introduction to mobile phones and the telecom industry in India, objectives, research methodology, data analysis, findings, recommendations, and references. Key players in the Indian mobile market discussed include Samsung, Nokia, Sony, Blackberry, Apple, Micromax, and LG.
The document outlines the key areas an information system auditor would evaluate, including hardware, software, documentation, system environment, and security. The hardware review examines system fileservers, workstations, network components, and other devices. The software evaluation covers operating systems, applications, licensing, and upgrade policies. Documentation audits validate disaster recovery plans, log files, and user policies. The system environment review analyzes critical functions, management support, training, budgets, and other requirements. Finally, the security examination checks access controls, passwords, backups, and other security measures.
This document provides an audit checklist to evaluate an organization's management information systems (MIS). The checklist covers various areas including organization and administration of the MIS department, program maintenance and system development lifecycles, access controls, continuity of operations, and personnel policies for MIS staff. It contains over 150 questions to assess controls, policies, procedures, documentation, segregation of duties, and disaster recovery plans related to the organization's IT environment and processes.
The document is an audit checklist for reviewing the organization and administration, program maintenance, system development, and access controls of a company's information systems. It contains questions to evaluate whether duties are properly segregated, programs are authorized and tested before production, systems are developed following standards, and access to data files is restricted only to authorized users and programs. The checklist aims to assess whether the company has implemented proper controls and policies over its IT systems.
Enterprise Asset Management- Mobility Readiness ChecklistUnvired Inc.
This document provides a checklist for assessing an organization's readiness for enterprise asset management mobility. It covers key areas to evaluate such as master data, business processes, reporting, documents, systems landscape, mobile strategy, security, change management, testing, training, go-live, support, continuous improvement, and identifying process owners and champions. The goal is to help define requirements and ensure a successful mobile EAM implementation and sustainability over time.
This document discusses the effects of information technology on internal controls. It begins by outlining the principles of a reliable system according to the AICPA Trust Services framework. It then discusses control environment issues like segregation of duties for IT roles. The document also covers risk assessment, information and communication considerations, monitoring activities, and various control activities for general computer controls, application controls, and manual exception report follow up. Overall, it provides an overview of how IT impacts internal controls across different components of the COSO framework.
Threat and Risk Assessment QuestionnaireCompletion da.docxMARRY7
Threat and Risk Assessment Questionnaire
Completion date:
Reviewed date:
Responsible ICT division:
<Operations or Business Services>
Service:
<Enter service being assessed>
Security Classification:
Unclassified
Confidentiality category:
ICT-IN-CONFIDENCE
threat and Risk assessment questionnaire completed by:
Section
Completed by:
Completed by:
Date
1. Current Operational Status
2. Privacy Focus
3. Documentation Focus
4. Employee Focus
5. Application Focus
6. Data Focus
7. Identity Management Focus
8. Physical Focus
9. Server Focus
10. Network Focus
11. Cloud Services
12. Third Party Agreements
Document version control
Version
Date
Author
Summary of changes
1.0
<date>
Author
<changes>
Table of contents
threat and Risk assessment questionnaire completed by:2
Document version control3
Table of contents4
Introduction5
Purpose of system5
Scope5
1.current operational status5
2.privacy focus5
3.documentation focus7
4.employee focus8
5.application focus9
6.data focus12
7.identity management focus14
8.physical focus16
9.server focus19
10.network focus21
11.cloud services24
12.third party agreements26
Associated documents27
references28
Document review28
Appendix A29
RACI Responsibility Matrix29
Appendix b29
semi quantitative analysis30
Threat and Risk Assessment Questionnaire 2 April 2015
Page 1 of 1
Introduction
This Threat and Risk Assessment Questionnaire, which is agnostic to the technology being utilised, is designed to assist in categorising and assessing the risks to services they provide to business.
Each section should be completed by the person (or delegate) who is responsible for that part of the system. NOTE: ONLY complete sections of this document which are relevant to the system being assessed.
Each section contains a list of best practice security standards that should be considered during design, development and implementation of the system, and may pose a risk if they have not been considered. For each of these, a description of the current controls in place and their effectiveness should be added, along with the likelihood and the consequence if the risk is not addressed. Refer to Appendix B for an explanation of how to evaluate the Likelihood and Consequence. Purpose of system
<Describe the service that is being assessed>Scope
<Describe the scope of the threat and risk assessment including any limitations>1. current operational status
Please select the current operational status of the service being assessed?
Operational (currently in production)
In-Development (being designed, developed, or deployed)
Transition (currently undergoing a major upgrade or transition)
2. privacy focus
Answering Yes to any of the following questions may suggest that consultation with a privacy officer is required or with the NSW Privacy Commissioner who can provide advice on the Privacy and Personal Information Protection Act 1998.
Please answer the following questions about privacy regarding the s ...
Chapter 4 : Auditing and the information technology environmentKugendranMani
This document discusses auditing in an information technology environment. It begins by outlining how IT assists businesses through production, communication, internal controls, financial reporting, and decision making. It then describes the implications of changing IT, including a shift from manual to electronic controls. The document also discusses determining complexity levels in computerized systems, general and application controls, audit planning strategies, and risks related to IT environments like access control and data loss.
OwnYIT is a systems management software that allows IT staff to automate tasks and proactively control, update, and protect desktops, servers, and mobile devices from a single integrated console. It offers features such as maintaining security and compliance with patches and updates, software deployment, hardware and software inventory management, remote desktop access, and reports. The software aims to increase enterprise efficiency by helping IT staff reduce costs and respond to audits while maintaining security and configuration integrity across all devices.
The document discusses a review questions and answers manual for DISA modules. It contains a disclaimer stating that the views expressed are those of the authors and not necessarily ICAI. It provides a table of contents listing the modules covered. It also contains information about publishing details, copyright, and a preface.
This document discusses a review questions and answers manual for DISA modules. It contains a disclaimer stating that the views expressed are those of the authors and not necessarily ICAI. It provides a table of contents listing the modules covered. It also provides instructions that the material is for educational purposes only and that all copyrights are acknowledged.
2. INFORMATION GATHERING.pptx Computer Applications in PharmacyVedika Narvekar
B.Pharm sem 2
Computer Applications in Pharmacy
requirement and feasibility analysis, data flow diagrams, process
specifications, input/output design, process life cycle, planning and
managing the project
The document contains questions related to concepts of planning and control for information systems. It includes questions about total quality management, levels of management, importance of planning for information systems, organizational planning, business models, information technology architecture, system analysis and design, MIS development procedures, quality in information systems, acquisition of hardware/software, computer peripherals, software types, structured/unstructured decisions, information system audits, the planning process, computational support for planning, importance of control, feedback, factors for IS organization, Nolan's stage models of IS growth, and content of an IS master plan.
The document discusses several key steps organizations should take before migrating files to an enterprise content management system (ECM) to ensure a successful implementation. These include conducting a thorough business and systems analysis, preparing stakeholders, analyzing business processes, assessing recordkeeping requirements, preparing for document and email migrations, and building a sustainable security management framework. Taking the necessary time for these activities prior to any file migration is essential for minimizing risks and ensuring adoption of the new ECM system.
This document discusses information systems and their design. It defines information as organized data including text, numbers, audio, video and images. The key components of an information system are processes, data, hardware, software and people. There are several types of information systems including management information systems, transaction processing systems, decision support systems, executive information systems and expert/artificial intelligence systems. The design of information systems involves logical design, physical design, construction and testing. Logical design translates user requirements into functions and structures to organize information. Data flow diagrams and data dictionaries are important tools used in the design process.
The document provides an overview of IT audit concepts including:
- Why IT systems need to be audited due to risks of errors, inaccuracies, and deficiencies affecting financial reporting
- The types of IT controls including general controls over the IT infrastructure and environment, and application controls specific to automated applications
- Examples of minimum areas to assess for IT general controls including entity-level controls, access security, change management, backup/recovery and third parties
- Risks that can occur if IT general controls are deficient including inaccurate or unauthorized processing, data issues, and unauthorized access or changes
This document discusses internal controls in computer information systems. It outlines five categories of general controls: 1) organization and operation controls, 2) systems development and documentation controls, 3) hardware and systems software controls, 4) access controls, and 5) data and procedural controls. It also discusses application controls which relate to specific accounting tasks performed by computer systems, including input, processing, and output controls. The document provides examples of controls within each category to ensure integrity, authorization and security of data processing.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.gueste080564
The use of spreadsheets in financial reporting and operational processes, is a key tool for some corporations, and is an integral part of the information and decision-making framework.
Resumes, Cover Letters, and Applying OnlineBruce Bennett
This webinar showcases resume styles and the elements that go into building your resume. Every job application requires unique skills, and this session will show you how to improve your resume to match the jobs to which you are applying. Additionally, we will discuss cover letters and learn about ideas to include. Every job application requires unique skills so learn ways to give you the best chance of success when applying for a new position. Learn how to take advantage of all the features when uploading a job application to a company’s applicant tracking system.
5 Common Mistakes to Avoid During the Job Application Process.pdfAlliance Jobs
The journey toward landing your dream job can be both exhilarating and nerve-wracking. As you navigate through the intricate web of job applications, interviews, and follow-ups, it’s crucial to steer clear of common pitfalls that could hinder your chances. Let’s delve into some of the most frequent mistakes applicants make during the job application process and explore how you can sidestep them. Plus, we’ll highlight how Alliance Job Search can enhance your local job hunt.
Leadership Ambassador club Adventist modulekakomaeric00
Aims to equip people who aspire to become leaders with good qualities,and with Christian values and morals as per Biblical teachings.The you who aspire to be leaders should first read and understand what the ambassador module for leadership says about leadership and marry that to what the bible says.Christians sh
Joyce M Sullivan, Founder & CEO of SocMediaFin, Inc. shares her "Five Questions - The Story of You", "Reflections - What Matters to You?" and "The Three Circle Exercise" to guide those evaluating what their next move may be in their careers.
Job Finding Apps Everything You Need to Know in 2024SnapJob
SnapJob is revolutionizing the way people connect with work opportunities and find talented professionals for their projects. Find your dream job with ease using the best job finding apps. Discover top-rated apps that connect you with employers, provide personalized job recommendations, and streamline the application process. Explore features, ratings, and reviews to find the app that suits your needs and helps you land your next opportunity.
How to Prepare for Fortinet FCP_FAC_AD-6.5 Certification?NWEXAM
Begin Your Preparation Here: https://bit.ly/3VfYStG — Access comprehensive details on the FCP_FAC_AD-6.5 exam guide and excel in the Fortinet Certified Professional - Network Security certification. Gather all essential information including tutorials, practice tests, books, study materials, exam questions, and the syllabus. Solidify your knowledge of Fortinet FCP_FAC_AD-6.5 certification. Discover everything about the FCP_FAC_AD-6.5 exam, including the number of questions, passing percentage, and the time allotted to complete the test.
Learnings from Successful Jobs SearchersBruce Bennett
Are you interested to know what actions help in a job search? This webinar is the summary of several individuals who discussed their job search journey for others to follow. You will learn there are common actions that helped them succeed in their quest for gainful employment.
Jill Pizzola's Tenure as Senior Talent Acquisition Partner at THOMSON REUTERS...dsnow9802
Jill Pizzola's tenure as Senior Talent Acquisition Partner at THOMSON REUTERS in Marlton, New Jersey, from 2018 to 2023, was marked by innovation and excellence.
A Guide to a Winning Interview June 2024Bruce Bennett
This webinar is an in-depth review of the interview process. Preparation is a key element to acing an interview. Learn the best approaches from the initial phone screen to the face-to-face meeting with the hiring manager. You will hear great answers to several standard questions, including the dreaded “Tell Me About Yourself”.
IT Career Hacks Navigate the Tech Jungle with a RoadmapBase Camp
Feeling overwhelmed by IT options? This presentation unlocks your personalized roadmap! Learn key skills, explore career paths & build your IT dream job strategy. Visit now & navigate the tech world with confidence! Visit https://www.basecamp.com.sg for more details.
1. Sl.N0. System Audit Questionnaire
Background
1
What is the information technology environment?
2 Give a brief description of the equipment.
3
Has a map of the installation been prepared? Otherwise,
obtain one.
4 What are the operating systems in use?
5 What are the communications systems in use?
6
What are the various applications which have been
computerized?
organisation
1
Prepare or obtain an organizational chart of information
technology department.
2
Determine job title, job descriptions and names of the persons
in IT department.
3
Is there a segregation of duties such as:
a. Functions and duties of systems design, programming
and data administration are separate from computer
operations;
b. Programmers do not operate the computer or regulate
processing runs;
c. Operators have access only to such data and programs
as is necessary for performing their assigned tasks;
d. Personnel in data processing department are not
performing any duties relating to organizing
transactions or making changes to master files.
4 Are the duties of computer operators periodically related?
5 Are there well-documented operating procedures?
6
Are the operating functions being properly supervised
according to programmed operating procedures?
Control Functions
1
Are there persons specifically given the responsibility for
performing the control function in the information technology
department?
2
Do there duties include control over receipt of input data and
recording of control information?
3 Is there control over distribution of output?
2. 4
Is there control over errors to insure that they are reported,
corrected and reprocessed? Is review of appropriate logs of
error detection and control regularly done?
5
Are master file changes or changes to data authorised in
writing by appropriate personnel in the department initiating
that changes?
6
Is there any written communication made available to the
department initiating the changes informing the IT department
of the changes actually made?
Management Practices
1 Is there a corporate security policy?
2
Are there any procedure regarding physical security covering
the following features:
a. Office building;
b. Entry to computer centre;
c. Access to client’s computer systems;
d. Access to server systems;
e. Working after office hours;
f. Procedures for the prevention and protection.
Organization Controls
1 Are there clear segregating of duties within the IT department?
2
Are there separations of duties between IT department and
user departments?
3
What are the procedures regarding access to data within the
computer system?
4
Password management:
a. Access to corporate data base;
b. Access to application programs.
Systems Development Methodology
1 Are there any standards for systems development?
2
Have the standards been implemented, and if so, to what
extent?
Program Change Management
1
Are there standard procedures laid down for changes to
existing programs?
2
Do they cover the following:
a. Authorization for change;
3. b. Independent testing;
c. Compiling and adding to the library of programs by a
person independent of the programmer.
3 Are the standard procedures being implemented?
Program Library Maintenance
1
Are there well laid out procedures for maintaining computer
library?
Business Continuity Planning
1 Is there a well-documented business continuity plan?
2 Has it been well-documented and updated?
3 Does it contain procedures regarding:
4 Data backup
5
Backup of hardware, software and communication
infrastructure.
6
Are there provisions for use of alternative facilities in the event
of fire or other long interruptions?
7 Is there adequate insurance cover for various likely disasters?
8 Is date processing personal covered by fidelity insurance?
Environmental Controls
1
Whether the location of computer installation is safe from
potential hazards such as water seepage, fire, flood etc.? If
not, what precautions have been taken to overcome such
problems?
2
Whether ATM/Server Room is clean and the environment
is dust free.
3
Whether the electrical and data cabling has been done in a
structured manner and is not exposed except at the terminal
point? Comment on the status of cabling and hazards, if any.
4
Whether power supply to IT systems is backed up though UPS
and is not being used for any other purpose except for the
minimal support light?
5
Earth to neutral voltage is 0-2 volts, which should be got tested
during the course of audit (incumbent to arrange for the same).
Comment on the deviation, if any.
6
Whether the server, if any, is placed in a separate partition/
room and telecommunication line(s) is/are available in the
server room/partition?
7
Whether air conditioning, ventilation and humidity control
procedures are in place for Servers/ critical equipments/ATM /
UPS etc.
4. 8
Whether the Switch/hub is placed in a mounting rack under
lock and key?
9
Whether gas-based fire extinguishers are available and the
same are valid and in working condition?
Physical controls:
1
Whether the server/most critical equipments such as PC for
backup/Switches/Routers are located in least accessible area
and the access is restricted to authorized persons only?
2
Whether all the IT equipments have been allocated and
marked with unique number and are in consonance with the
inventory register.
3
Whether all the configuration details have been mentioned in
the Inventory Management Register However, if the record is
maintained in PC, print out of the same should be pasted in
the register and updated regularly.
4
Whether the access to IT installations is restricted to
authorized persons only. Whether access violations are
properly recorded and appropriate actions taken the regainst.
5
Whether all PCs/Printers are regularly cleaned and covered
when not in use?
Logical Controls:
1
Whether all the PCs are protected by boot password?
2
Whether all the users have been created with written
permission of the Incumbent/Head of the Department?
3
Whether any generic user account name has been created
except reserved users account for Operating System, RDBMS
and Application Packages?
4
Whether sensitive user IDs (e.g. root, RDBMS, DBA etc) and
passwords are maintained as per HO guidelines and the
prescribed procedures are being complied with such as :
a. Whether passwords are kept in a dual custody in
sealed cover.
5. b. If opened, whether the password has been changed
and again kept in sealed cover.
5
Check whether access rights for system files, executable files,
data files and parameter files etc. are given on need-to-know/
need–to-do basis.
6
Whether proper record is maintained in respect of Creation/
Deletion of USER IDs in the user maintenance register on
specific approval of Incumbent In charge or Departmental
Head? Verify if such approval is in place in respect of the
entire active user IDs.
7
Whether Enabling and Disabling of User ID s is done daily
prior to start of the work as per daily arrangement register and
active user ID s in the system are in agreement with the
register? Report violations, if any.
8
Whether USER IDs are unique?
9
Whether proper record is maintained for the password of other
users changed by the DBA/System Administrator in the
register and same carries approval of the Incumbent?
Comment on the number of Data Base Administrators/System
administrators active at a time.
10
Whether the control on maximum number of invalid logon
attempts to three has been specified properly in the system.
11
Whether automatic logout in case of unattended terminals is
available on windows/UNIX environment? Specify the time
set.
12
Whether the parameter to control maximum validity period of
password is set to 15 days. If not, what is the validity period?
13
Whether declaration for maintaining confidentiality of password
is held for all the users?
6. Application Systems Controls:
1
Give package-wise details of bugs/deficiencies reported along
with the steps taken for their removal. Whether these are
recorded in Software Problem Register? Whether
compensatory controls are put in place to ensure correct and
valid output?
(Attach separate sheet, if required)
2
If source code is available:
a. Whether there is adequate separation between the
development and production environment.
b. Review the adequacy of access controls to source
code.
c. Whether the custody of source code is with the
authorized official (s)?
d. Whether proper handing over procedures is being
adopted in the event of transfer/change of authorized
officials?
e. Whether change management procedure is being
followed and documented?
f. Whether requirements are analyzed for feasibility and
necessity?
g. Whether proper approval is being taken before making
changes?
h. Whether changes are tested for correctness before
implementing in production environment?
3
Whether parameters of Operating System/RDBMS and
Application Software are being changed/ updated as per the
prescribed procedures and register to this effect is being
maintained?
(Not applicable in CBS branches)
7. 4
Whether all the transactions, except system generated, are
authorized by an independent official?
5
Whether database is physically secured?
(Not applicable in CBS Branches)
6
Whether the access to the application is restricted to the
authorized officials only?
(Not applicable in CBS branches)
7
Whether the data is verified periodically in terms of storage
space, performance tuning and back up. Give the following
details:
i)Date of earliest data available
Ii)Total capacity of hard disk
iii)Free hard disk space
8
In this context, review the response time of the system for
different transactions.
9
If the branch was migrated from one package to another after
the date of last system audit, was the data integrity ensured.
10
Whether adequate separation of duties is ensured for make
checker concept?
11
Whether Incumbent In charge periodically certifies/confirms
that the financial powers of the various authorizing officials/end
users are defined correctly in the system.
8. 12
Whether the guidelines with regard to checksum are being
followed. What action the branch has taken in the event of
difference in checksum.
(Not applicable in CBS branches)
13
Whether error messages, if any, in the screen are properly
recorded in a Register and appropriate action taken?
14
Review the adequacy of the procedures followed for
implementing software patches/ periodical upgrades/ new
version for application package as well as operating system.
Maintenance & Business Continuity Controls:
1
Whether all the hardware items are covered under
Warranty/Annual Maintenance Contract? Whether preventive
maintenance schedule is being adhered to?
2
Whether a Copy of AMC/Service Level Agreement is held in
the Office?
3
Whether the users are aware of the terms of AMC and the
names and contact numbers of AMC Vendor?
4
Whether the Software are being supported by the supplier
vendor/In-house Development Team? Whether the contact
numbers of the persons to be contacted in case of
problem/break down is known to the users.
5
In case any hardware item is taken out by the vendor for
repair/ servicing, whether user ensures that the equipment
does not contain sensitive data?
6
Whether the users are familiar with the fall back procedures to
be adopted in the event of power failure or fault in PC, Printer
or any other peripheral?
7
Whether users are aware of the procedures for restarting the
work in the event of service interruption for various application
packages running in the branch?
9. 8
Whether users are aware of the Security Policy guidelines of
the Bank to the extent relevant to them.
9
Whether Anti Virus Software is loaded in the systems?
Whether data definitions and virus signatures are updated
regularly? Give date of last such updation along with the
source of updation (by vendor or through internet) and
periodicity i.e. daily/weekly/monthly etc.
10
Is the Anti Virus Software configured to check viruses from
floppy/CD ROM/e-mail automatically?
11
Check and report if any extraneous software is being used.
Give details of such software (s) along with the PCs on which
the same is loaded.
12
Whether the users have been provided training in the area of
their work?
13
Whether license is held in respect of software being used by
the Office/Branch.
14
Whether the original Operating System, RDBMS & other
Software packages are kept in a fireproof cabinet?
15
Whether complete backup of Operating System/RDBMS and
other application packages with current settings is
held/maintained?
16
Whether offsite backup is kept regularly on weekly basis? Give
date of last such backup.
(Not applicable in CBS branches)
17
Whether all the columns of backup register are filled in
properly.
(Not applicable in CBS branches)
18
Whether backup media is labeled and recorded?
(Not applicable in CBS branches)
10. 19
Whether integrity/ readability of the backup is tested
periodically? Comment on the method adopted for the same.
Give date of last such testing.
(Not applicable in CBS branches)
20
Whether branch-wise inventory of Hardware/Software is being
maintained and updated at Zonal Office Level?
Networking controls:
(Not applicable in stand alone environment)
1
Are there documented procedures for using the network?
2
Has the responsibility and liability of network vendors been
defined in the AMC Agreement, whether a copy of such AMC
contract is held?
3
Whether the inventory of network equipments e.g. hub, switch,
router etc. is being maintained and updated regularly.
4
Whether a network diagram illustrating the physical
connections between the network equipments and computers
had been prepared and approved by the Incumbent?
5
Whether the networking equipments have been labeled to
facilitate cross-reference to inventory register?
6
If routers are installed, review the access controls to the
routers.
7
Whether the remote log-on through services such as FTP,
TELNET etc. is disabled?
8
Whether dial up access to RAS is logically controlled?
11. 9
Whether CBS node provided in the Office, if any, is physically
separated and logically controlled? CBS node should not be
used in any other network, report deviation if any.
(Applicable only in CBS branches)
10
Whether guidelines for e-mail usage are being complied with?
11
Whether guidelines for internet usage are being complied
with? Comment on the network downtime.
12
Whether internet access is given to PC/System being utilized
for some bank application having critical data? If so, what
precautions are taken to protect against internet hazards?
Operational Controls:
1
Whether the following reports are taken and scrutinized by the
appropriate officials?
i) Exceptional Transactions Report.
ii)Rejected Transactions Report.
iii)Access Log
iv)Audit Trail, if any (non-financial transactions).
v)GL affected balances
vi)Active Users
12. 2
Whether the interest charged in the accounts is being
checked/verified by the authorized official?
3
Whether the interest rate revision is timely incorporated and
authorized in the system. In case of delay, whether the
differential interest for the intervening period is being
appropriated.
4
Whether morning checking is being done as per the Bank’s
guidelines.
5
Whether the non-financial transactions e.g. limit enhancement,
limit reduction, DP maintenance etc. are properly incorporated
and authorized by the authorized officials of the Bank.
6
Review the controls over the procedures adopted for data
upload through external media e.g. salary credit through floppy
etc. Whether such floppies are checked for viruses before
using for processing? What are the controls for checking that
the data is not entered more than once? Are compensatory
controls in place in the form of checking of transaction by
authorized officials?
7
Whether the branch is maintaining any upload account in
which some balance is still outstanding? Give details and
explain the reasons for keeping such accounts.
(Applicable only in CBS branches)
8
Whether the transactions lying in the Proxy Account are
reversed within 3 days? Review the outstanding transactions
in Proxy Account for overdue entries.
(Applicable only in CBS branches)
9
Comment on the number of inter-sol transactions and the
charges levied. Whether limited user IDs are permitted to
pass such transactions?
(Applicable only in CBS branches)
10
Whether the signatures are being captured regularly and
authorized in the system? Level of pungency in this regard be
commented upon.
13. Review physical, logical, system and operational controls
in respect of the following services rendered by the
Branch, if any:
1
Remote Access
2
Tele Banking
3
EDI
4
Government Business
5
CMS
6
Depository
7
SWIFT
8
Internet Banking
9
SFMS
10
Whether access to ATM room is restricted to the authorized
persons only?
11
Whether AC installed in ATM room is giving the desired
temperature control?
14. 13
Whether ATM room is clean?
14
Whether ATM power back up is supported by UPS.
15
Whether ATM card issue register is maintained and updated
regularly and tallies with physical cards received in the
branch?
16
Whether control of ATM cards and PIN mailers (in case
returned due to wrong address) with two different officials and
proper record of the same is maintained and tallies with
physical cards?
17
Whether proper record of retained cards and lost/hot cards is
maintained and tallies with physical cards?
18
Whether after each month end, ATM audit rolls are kept in
sealed envelope in joint custody?
19
Comment whether security in ATM Room is in place.
Register Maintenance:
1
Whether the following registers are being maintained, updated
and scrutinized/checked.
a)Software problem Register.
b)Machine breakdown Register, recording downtime.
c)Users maintenance Register
15. d)Back up Register
e) Media stock movement Register.
f) Hardware/Software inventory management Register
showing the configuration details and availability of
Warranty/AMC.
g) Parameter Updation registers.
h) Daily arrangement registers.
i) Checksum Register.
J) Error Rectification Register (recording operational
transactions).
k) ATM Register.
2
IS AUDITOR’S OBSERVATIONS
3
IS Auditor to comment/review overall IT governance in the
branch/Office? Lacuna or gap is informed/indicated along with
steps to be taken to plug it.
Adequacy of Hardware, Network and its redundancy.