SlideShare a Scribd company logo

System audit questionnaire

Nicholas Kaptingei
Nicholas Kaptingei

This document contains questions for a system audit questionnaire covering many aspects of an organization's IT environment, systems, and controls. It addresses topics such as the IT infrastructure, organizational structure, control functions, management practices, physical and logical access controls, systems development processes, application controls, and business continuity planning. The goal is to evaluate and identify risks across technical, administrative, and physical security domains.

1 of 15
Download to read offline
Sl.N0. System Audit Questionnaire Background 1 What is the information technology environment? 2 Give a brief description of the equipment. 3 Has a map of the installation been prepared? Otherwise, obtain one. 4 What are the operating systems in use? 5 What are the communications systems in use? 6 What are the various applications which have been computerized? organisation 1 Prepare or obtain an organizational chart of information technology department. 2 Determine job title, job descriptions and names of the persons in IT department. 3 Is there a segregation of duties such as: a. Functions and duties of systems design, programming and data administration are separate from computer operations; b. Programmers do not operate the computer or regulate processing runs; c. Operators have access only to such data and programs as is necessary for performing their assigned tasks; d. Personnel in data processing department are not performing any duties relating to organizing transactions or making changes to master files. 4 Are the duties of computer operators periodically related? 5 Are there well-documented operating procedures? 6 Are the operating functions being properly supervised according to programmed operating procedures? Control Functions 1 Are there persons specifically given the responsibility for performing the control function in the information technology department? 2 Do there duties include control over receipt of input data and recording of control information? 3 Is there control over distribution of output?
4 Is there control over errors to insure that they are reported, corrected and reprocessed? Is review of appropriate logs of error detection and control regularly done? 5 Are master file changes or changes to data authorised in writing by appropriate personnel in the department initiating that changes? 6 Is there any written communication made available to the department initiating the changes informing the IT department of the changes actually made? Management Practices 1 Is there a corporate security policy? 2 Are there any procedure regarding physical security covering the following features: a. Office building; b. Entry to computer centre; c. Access to client’s computer systems; d. Access to server systems; e. Working after office hours; f. Procedures for the prevention and protection. Organization Controls 1 Are there clear segregating of duties within the IT department? 2 Are there separations of duties between IT department and user departments? 3 What are the procedures regarding access to data within the computer system? 4 Password management: a. Access to corporate data base; b. Access to application programs. Systems Development Methodology 1 Are there any standards for systems development? 2 Have the standards been implemented, and if so, to what extent? Program Change Management 1 Are there standard procedures laid down for changes to existing programs? 2 Do they cover the following: a. Authorization for change;
b. Independent testing; c. Compiling and adding to the library of programs by a person independent of the programmer. 3 Are the standard procedures being implemented? Program Library Maintenance 1 Are there well laid out procedures for maintaining computer library? Business Continuity Planning 1 Is there a well-documented business continuity plan? 2 Has it been well-documented and updated? 3 Does it contain procedures regarding: 4 Data backup 5 Backup of hardware, software and communication infrastructure. 6 Are there provisions for use of alternative facilities in the event of fire or other long interruptions? 7 Is there adequate insurance cover for various likely disasters? 8 Is date processing personal covered by fidelity insurance? Environmental Controls 1 Whether the location of computer installation is safe from potential hazards such as water seepage, fire, flood etc.? If not, what precautions have been taken to overcome such problems? 2 Whether ATM/Server Room is clean and the environment is dust free. 3 Whether the electrical and data cabling has been done in a structured manner and is not exposed except at the terminal point? Comment on the status of cabling and hazards, if any. 4 Whether power supply to IT systems is backed up though UPS and is not being used for any other purpose except for the minimal support light? 5 Earth to neutral voltage is 0-2 volts, which should be got tested during the course of audit (incumbent to arrange for the same). Comment on the deviation, if any. 6 Whether the server, if any, is placed in a separate partition/ room and telecommunication line(s) is/are available in the server room/partition? 7 Whether air conditioning, ventilation and humidity control procedures are in place for Servers/ critical equipments/ATM / UPS etc.
8 Whether the Switch/hub is placed in a mounting rack under lock and key? 9 Whether gas-based fire extinguishers are available and the same are valid and in working condition? Physical controls: 1 Whether the server/most critical equipments such as PC for backup/Switches/Routers are located in least accessible area and the access is restricted to authorized persons only? 2 Whether all the IT equipments have been allocated and marked with unique number and are in consonance with the inventory register. 3 Whether all the configuration details have been mentioned in the Inventory Management Register However, if the record is maintained in PC, print out of the same should be pasted in the register and updated regularly. 4 Whether the access to IT installations is restricted to authorized persons only. Whether access violations are properly recorded and appropriate actions taken the regainst. 5 Whether all PCs/Printers are regularly cleaned and covered when not in use? Logical Controls: 1 Whether all the PCs are protected by boot password? 2 Whether all the users have been created with written permission of the Incumbent/Head of the Department? 3 Whether any generic user account name has been created except reserved users account for Operating System, RDBMS and Application Packages? 4 Whether sensitive user IDs (e.g. root, RDBMS, DBA etc) and passwords are maintained as per HO guidelines and the prescribed procedures are being complied with such as : a. Whether passwords are kept in a dual custody in sealed cover.
b. If opened, whether the password has been changed and again kept in sealed cover. 5 Check whether access rights for system files, executable files, data files and parameter files etc. are given on need-to-know/ need–to-do basis. 6 Whether proper record is maintained in respect of Creation/ Deletion of USER IDs in the user maintenance register on specific approval of Incumbent In charge or Departmental Head? Verify if such approval is in place in respect of the entire active user IDs. 7 Whether Enabling and Disabling of User ID s is done daily prior to start of the work as per daily arrangement register and active user ID s in the system are in agreement with the register? Report violations, if any. 8 Whether USER IDs are unique? 9 Whether proper record is maintained for the password of other users changed by the DBA/System Administrator in the register and same carries approval of the Incumbent? Comment on the number of Data Base Administrators/System administrators active at a time. 10 Whether the control on maximum number of invalid logon attempts to three has been specified properly in the system. 11 Whether automatic logout in case of unattended terminals is available on windows/UNIX environment? Specify the time set. 12 Whether the parameter to control maximum validity period of password is set to 15 days. If not, what is the validity period? 13 Whether declaration for maintaining confidentiality of password is held for all the users?
Application Systems Controls: 1 Give package-wise details of bugs/deficiencies reported along with the steps taken for their removal. Whether these are recorded in Software Problem Register? Whether compensatory controls are put in place to ensure correct and valid output? (Attach separate sheet, if required) 2 If source code is available: a. Whether there is adequate separation between the development and production environment. b. Review the adequacy of access controls to source code. c. Whether the custody of source code is with the authorized official (s)? d. Whether proper handing over procedures is being adopted in the event of transfer/change of authorized officials? e. Whether change management procedure is being followed and documented? f. Whether requirements are analyzed for feasibility and necessity? g. Whether proper approval is being taken before making changes? h. Whether changes are tested for correctness before implementing in production environment? 3 Whether parameters of Operating System/RDBMS and Application Software are being changed/ updated as per the prescribed procedures and register to this effect is being maintained? (Not applicable in CBS branches)
4 Whether all the transactions, except system generated, are authorized by an independent official? 5 Whether database is physically secured? (Not applicable in CBS Branches) 6 Whether the access to the application is restricted to the authorized officials only? (Not applicable in CBS branches) 7 Whether the data is verified periodically in terms of storage space, performance tuning and back up. Give the following details: i)Date of earliest data available Ii)Total capacity of hard disk iii)Free hard disk space 8 In this context, review the response time of the system for different transactions. 9 If the branch was migrated from one package to another after the date of last system audit, was the data integrity ensured. 10 Whether adequate separation of duties is ensured for make checker concept? 11 Whether Incumbent In charge periodically certifies/confirms that the financial powers of the various authorizing officials/end users are defined correctly in the system.
12 Whether the guidelines with regard to checksum are being followed. What action the branch has taken in the event of difference in checksum. (Not applicable in CBS branches) 13 Whether error messages, if any, in the screen are properly recorded in a Register and appropriate action taken? 14 Review the adequacy of the procedures followed for implementing software patches/ periodical upgrades/ new version for application package as well as operating system. Maintenance & Business Continuity Controls: 1 Whether all the hardware items are covered under Warranty/Annual Maintenance Contract? Whether preventive maintenance schedule is being adhered to? 2 Whether a Copy of AMC/Service Level Agreement is held in the Office? 3 Whether the users are aware of the terms of AMC and the names and contact numbers of AMC Vendor? 4 Whether the Software are being supported by the supplier vendor/In-house Development Team? Whether the contact numbers of the persons to be contacted in case of problem/break down is known to the users. 5 In case any hardware item is taken out by the vendor for repair/ servicing, whether user ensures that the equipment does not contain sensitive data? 6 Whether the users are familiar with the fall back procedures to be adopted in the event of power failure or fault in PC, Printer or any other peripheral? 7 Whether users are aware of the procedures for restarting the work in the event of service interruption for various application packages running in the branch?
8 Whether users are aware of the Security Policy guidelines of the Bank to the extent relevant to them. 9 Whether Anti Virus Software is loaded in the systems? Whether data definitions and virus signatures are updated regularly? Give date of last such updation along with the source of updation (by vendor or through internet) and periodicity i.e. daily/weekly/monthly etc. 10 Is the Anti Virus Software configured to check viruses from floppy/CD ROM/e-mail automatically? 11 Check and report if any extraneous software is being used. Give details of such software (s) along with the PCs on which the same is loaded. 12 Whether the users have been provided training in the area of their work? 13 Whether license is held in respect of software being used by the Office/Branch. 14 Whether the original Operating System, RDBMS & other Software packages are kept in a fireproof cabinet? 15 Whether complete backup of Operating System/RDBMS and other application packages with current settings is held/maintained? 16 Whether offsite backup is kept regularly on weekly basis? Give date of last such backup. (Not applicable in CBS branches) 17 Whether all the columns of backup register are filled in properly. (Not applicable in CBS branches) 18 Whether backup media is labeled and recorded? (Not applicable in CBS branches)
19 Whether integrity/ readability of the backup is tested periodically? Comment on the method adopted for the same. Give date of last such testing. (Not applicable in CBS branches) 20 Whether branch-wise inventory of Hardware/Software is being maintained and updated at Zonal Office Level? Networking controls: (Not applicable in stand alone environment) 1 Are there documented procedures for using the network? 2 Has the responsibility and liability of network vendors been defined in the AMC Agreement, whether a copy of such AMC contract is held? 3 Whether the inventory of network equipments e.g. hub, switch, router etc. is being maintained and updated regularly. 4 Whether a network diagram illustrating the physical connections between the network equipments and computers had been prepared and approved by the Incumbent? 5 Whether the networking equipments have been labeled to facilitate cross-reference to inventory register? 6 If routers are installed, review the access controls to the routers. 7 Whether the remote log-on through services such as FTP, TELNET etc. is disabled? 8 Whether dial up access to RAS is logically controlled?
9 Whether CBS node provided in the Office, if any, is physically separated and logically controlled? CBS node should not be used in any other network, report deviation if any. (Applicable only in CBS branches) 10 Whether guidelines for e-mail usage are being complied with? 11 Whether guidelines for internet usage are being complied with? Comment on the network downtime. 12 Whether internet access is given to PC/System being utilized for some bank application having critical data? If so, what precautions are taken to protect against internet hazards? Operational Controls: 1 Whether the following reports are taken and scrutinized by the appropriate officials? i) Exceptional Transactions Report. ii)Rejected Transactions Report. iii)Access Log iv)Audit Trail, if any (non-financial transactions). v)GL affected balances vi)Active Users
2 Whether the interest charged in the accounts is being checked/verified by the authorized official? 3 Whether the interest rate revision is timely incorporated and authorized in the system. In case of delay, whether the differential interest for the intervening period is being appropriated. 4 Whether morning checking is being done as per the Bank’s guidelines. 5 Whether the non-financial transactions e.g. limit enhancement, limit reduction, DP maintenance etc. are properly incorporated and authorized by the authorized officials of the Bank. 6 Review the controls over the procedures adopted for data upload through external media e.g. salary credit through floppy etc. Whether such floppies are checked for viruses before using for processing? What are the controls for checking that the data is not entered more than once? Are compensatory controls in place in the form of checking of transaction by authorized officials? 7 Whether the branch is maintaining any upload account in which some balance is still outstanding? Give details and explain the reasons for keeping such accounts. (Applicable only in CBS branches) 8 Whether the transactions lying in the Proxy Account are reversed within 3 days? Review the outstanding transactions in Proxy Account for overdue entries. (Applicable only in CBS branches) 9 Comment on the number of inter-sol transactions and the charges levied. Whether limited user IDs are permitted to pass such transactions? (Applicable only in CBS branches) 10 Whether the signatures are being captured regularly and authorized in the system? Level of pungency in this regard be commented upon.
Review physical, logical, system and operational controls in respect of the following services rendered by the Branch, if any: 1 Remote Access 2 Tele Banking 3 EDI 4 Government Business 5 CMS 6 Depository 7 SWIFT 8 Internet Banking 9 SFMS 10 Whether access to ATM room is restricted to the authorized persons only? 11 Whether AC installed in ATM room is giving the desired temperature control?
13 Whether ATM room is clean? 14 Whether ATM power back up is supported by UPS. 15 Whether ATM card issue register is maintained and updated regularly and tallies with physical cards received in the branch? 16 Whether control of ATM cards and PIN mailers (in case returned due to wrong address) with two different officials and proper record of the same is maintained and tallies with physical cards? 17 Whether proper record of retained cards and lost/hot cards is maintained and tallies with physical cards? 18 Whether after each month end, ATM audit rolls are kept in sealed envelope in joint custody? 19 Comment whether security in ATM Room is in place. Register Maintenance: 1 Whether the following registers are being maintained, updated and scrutinized/checked. a)Software problem Register. b)Machine breakdown Register, recording downtime. c)Users maintenance Register
d)Back up Register e) Media stock movement Register. f) Hardware/Software inventory management Register showing the configuration details and availability of Warranty/AMC. g) Parameter Updation registers. h) Daily arrangement registers. i) Checksum Register. J) Error Rectification Register (recording operational transactions). k) ATM Register. 2 IS AUDITOR’S OBSERVATIONS 3 IS Auditor to comment/review overall IT governance in the branch/Office? Lacuna or gap is informed/indicated along with steps to be taken to plug it. Adequacy of Hardware, Network and its redundancy.

Recommended

Audit Checklist for Information Systems
Audit Checklist for Information SystemsAudit Checklist for Information Systems
Audit Checklist for Information Systems
Ahmad Tariq Bhatti
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
Dinesh O Bareja
 
Itauditcl
ItauditclItauditcl
Itauditcl
ankukgoyal
 
IT General Controls
IT General ControlsIT General Controls
IT General Controls
Cicero Ray Rufino
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
Kaushal Trivedi
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologies
genetics
 
Audit of it infrastructure
Audit of it infrastructureAudit of it infrastructure
Audit of it infrastructure
pramod_kmr73
 

Recommended

Audit Checklist for Information Systems
Audit Checklist for Information SystemsAudit Checklist for Information Systems
Audit Checklist for Information Systems
Ahmad Tariq Bhatti
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
Dinesh O Bareja
 
Itauditcl
ItauditclItauditcl
Itauditcl
ankukgoyal
 
IT General Controls
IT General ControlsIT General Controls
IT General Controls
Cicero Ray Rufino
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
Kaushal Trivedi
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologies
genetics
 
Audit of it infrastructure
Audit of it infrastructureAudit of it infrastructure
Audit of it infrastructure
pramod_kmr73
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Compliance
seanpizzy
 
03.1 general control
03.1 general control03.1 general control
03.1 general control
Mulyadi Yusuf
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPs
Jayesh Daga
 
13 information system audit of banks
13 information system audit of banks13 information system audit of banks
13 information system audit of banks
spandane
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT Auditors
Ed Tobias
 
03.2 application control
03.2 application control03.2 application control
03.2 application control
Mulyadi Yusuf
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) Checklist
Ivan Piskunov
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)
Corporate Registers Forum
 
CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016
Hafiz Sheikh Adnan Ahmed
 
Cobit5 owerwiev and implementation proposal
Cobit5 owerwiev and implementation proposalCobit5 owerwiev and implementation proposal
Cobit5 owerwiev and implementation proposal
Emilio Gratton
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
Midhun Nirmal
 
The information security audit
The information security auditThe information security audit
The information security audit
Dhani Ahmad
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
ControlCase
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
Hendri Eka Saputra
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 Checklist
Craig Willetts ISO Expert
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness training
SAROJ BEHERA
 
Iso 9001-internal-audit-checklist
Iso 9001-internal-audit-checklistIso 9001-internal-audit-checklist
Iso 9001-internal-audit-checklist
PHILIP TEO
 
Research proposal 1
Research proposal 1Research proposal 1
Research proposal 1
Ali Yah
 
Proposal Defense Oral Presentation
Proposal Defense Oral PresentationProposal Defense Oral Presentation
Proposal Defense Oral Presentation
Jenny Chen
 

More Related Content

What's hot

Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Compliance
seanpizzy
 
03.1 general control
03.1 general control03.1 general control
03.1 general control
Mulyadi Yusuf
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPs
Jayesh Daga
 
13 information system audit of banks
13 information system audit of banks13 information system audit of banks
13 information system audit of banks
spandane
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT Auditors
Ed Tobias
 
03.2 application control
03.2 application control03.2 application control
03.2 application control
Mulyadi Yusuf
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) Checklist
Ivan Piskunov
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)
Corporate Registers Forum
 
CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016
Hafiz Sheikh Adnan Ahmed
 
Cobit5 owerwiev and implementation proposal
Cobit5 owerwiev and implementation proposalCobit5 owerwiev and implementation proposal
Cobit5 owerwiev and implementation proposal
Emilio Gratton
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
Midhun Nirmal
 
The information security audit
The information security auditThe information security audit
The information security audit
Dhani Ahmad
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
ControlCase
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
Hendri Eka Saputra
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 Checklist
Craig Willetts ISO Expert
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness training
SAROJ BEHERA
 
Iso 9001-internal-audit-checklist
Iso 9001-internal-audit-checklistIso 9001-internal-audit-checklist
Iso 9001-internal-audit-checklist
PHILIP TEO
 

What's hot (20)

Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Compliance
 
03.1 general control
03.1 general control03.1 general control
03.1 general control
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPs
 
13 information system audit of banks
13 information system audit of banks13 information system audit of banks
13 information system audit of banks
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT Auditors
 
03.2 application control
03.2 application control03.2 application control
03.2 application control
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) Checklist
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)
 
CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016
 
Cobit5 owerwiev and implementation proposal
Cobit5 owerwiev and implementation proposalCobit5 owerwiev and implementation proposal
Cobit5 owerwiev and implementation proposal
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
The information security audit
The information security auditThe information security audit
The information security audit
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 Checklist
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness training
 
Iso 9001-internal-audit-checklist
Iso 9001-internal-audit-checklistIso 9001-internal-audit-checklist
Iso 9001-internal-audit-checklist
 

Viewers also liked

Research proposal 1
Research proposal 1Research proposal 1
Research proposal 1
Ali Yah
 
Proposal Defense Oral Presentation
Proposal Defense Oral PresentationProposal Defense Oral Presentation
Proposal Defense Oral Presentation
Jenny Chen
 
Adher list of heritage lithuania
Adher list of heritage lithuaniaAdher list of heritage lithuania
Adher list of heritage lithuania
adher_mii
 
EDUCON16 "An Approach to Gamify an Adaptive Questionnaire Environment" by Pab...
EDUCON16 "An Approach to Gamify an Adaptive Questionnaire Environment" by Pab...EDUCON16 "An Approach to Gamify an Adaptive Questionnaire Environment" by Pab...
EDUCON16 "An Approach to Gamify an Adaptive Questionnaire Environment" by Pab...
eMadrid network
 
Qualitative Questionnaire
Qualitative QuestionnaireQualitative Questionnaire
Qualitative Questionnaire
saujanya94
 
Presentation
PresentationPresentation
Presentation
Tharindra Abeynayake
 
Questionnaire about the environment
Questionnaire about the environmentQuestionnaire about the environment
Questionnaire about the environment
irbaaz
 
Draft of questionnaire with intro
Draft of questionnaire with introDraft of questionnaire with intro
Draft of questionnaire with intro
rurukiz
 
Quantitative Questionnaire
Quantitative QuestionnaireQuantitative Questionnaire
Quantitative Questionnaire
saujanya94
 
Project report kullu telecom district
Project report kullu telecom districtProject report kullu telecom district
Project report kullu telecom district
Pankaj Thakur
 
CREATIVITY SELECTED ELEMENTS QUESTIONNAIRE (CSEQ): A CREATIVE ASSESSMENT INST...
CREATIVITY SELECTED ELEMENTS QUESTIONNAIRE (CSEQ): A CREATIVE ASSESSMENT INST...CREATIVITY SELECTED ELEMENTS QUESTIONNAIRE (CSEQ): A CREATIVE ASSESSMENT INST...
CREATIVITY SELECTED ELEMENTS QUESTIONNAIRE (CSEQ): A CREATIVE ASSESSMENT INST...
Thesigan Nadarajan
 
Report on customer service in telecom sector mine
Report on customer service in telecom sector mineReport on customer service in telecom sector mine
Report on customer service in telecom sector mine
Md. Ahadujjaman
 
Pakistan Telecommunication Services
Pakistan Telecommunication ServicesPakistan Telecommunication Services
Pakistan Telecommunication Services
hussainetd
 
Needs Analysis Questionnaire (ESP)
Needs Analysis Questionnaire (ESP)Needs Analysis Questionnaire (ESP)
Needs Analysis Questionnaire (ESP)
Maria Jessa G. Podelana
 
Mobilink Gsm
Mobilink GsmMobilink Gsm
Mobilink Gsm
sana_shakeel
 
Project Report Of Mangement
Project Report Of MangementProject Report Of Mangement
Project Report Of Mangement
Roshni Rox
 
A Questionnaire for Identify Failures in Business Analysis Phase of ERP Projects
A Questionnaire for Identify Failures in Business Analysis Phase of ERP ProjectsA Questionnaire for Identify Failures in Business Analysis Phase of ERP Projects
A Questionnaire for Identify Failures in Business Analysis Phase of ERP Projects
Varuna Harshana
 
Mobilink Management Report
Mobilink Management ReportMobilink Management Report
Mobilink Management Report
Zeeshan Ali
 
Research problem
Research problemResearch problem
Research problem
aleli ariola
 
Research Project on Brand Preference of Mobile Phones
Research Project on Brand Preference of Mobile PhonesResearch Project on Brand Preference of Mobile Phones
Research Project on Brand Preference of Mobile Phones
Monika Kadam
 

Viewers also liked (20)

Research proposal 1
Research proposal 1Research proposal 1
Research proposal 1
 
Proposal Defense Oral Presentation
Proposal Defense Oral PresentationProposal Defense Oral Presentation
Proposal Defense Oral Presentation
 
Adher list of heritage lithuania
Adher list of heritage lithuaniaAdher list of heritage lithuania
Adher list of heritage lithuania
 
EDUCON16 "An Approach to Gamify an Adaptive Questionnaire Environment" by Pab...
EDUCON16 "An Approach to Gamify an Adaptive Questionnaire Environment" by Pab...EDUCON16 "An Approach to Gamify an Adaptive Questionnaire Environment" by Pab...
EDUCON16 "An Approach to Gamify an Adaptive Questionnaire Environment" by Pab...
 
Qualitative Questionnaire
Qualitative QuestionnaireQualitative Questionnaire
Qualitative Questionnaire
 
Presentation
PresentationPresentation
Presentation
 
Questionnaire about the environment
Questionnaire about the environmentQuestionnaire about the environment
Questionnaire about the environment
 
Draft of questionnaire with intro
Draft of questionnaire with introDraft of questionnaire with intro
Draft of questionnaire with intro
 
Quantitative Questionnaire
Quantitative QuestionnaireQuantitative Questionnaire
Quantitative Questionnaire
 
Project report kullu telecom district
Project report kullu telecom districtProject report kullu telecom district
Project report kullu telecom district
 
CREATIVITY SELECTED ELEMENTS QUESTIONNAIRE (CSEQ): A CREATIVE ASSESSMENT INST...
CREATIVITY SELECTED ELEMENTS QUESTIONNAIRE (CSEQ): A CREATIVE ASSESSMENT INST...CREATIVITY SELECTED ELEMENTS QUESTIONNAIRE (CSEQ): A CREATIVE ASSESSMENT INST...
CREATIVITY SELECTED ELEMENTS QUESTIONNAIRE (CSEQ): A CREATIVE ASSESSMENT INST...
 
Report on customer service in telecom sector mine
Report on customer service in telecom sector mineReport on customer service in telecom sector mine
Report on customer service in telecom sector mine
 
Pakistan Telecommunication Services
Pakistan Telecommunication ServicesPakistan Telecommunication Services
Pakistan Telecommunication Services
 
Needs Analysis Questionnaire (ESP)
Needs Analysis Questionnaire (ESP)Needs Analysis Questionnaire (ESP)
Needs Analysis Questionnaire (ESP)
 
Mobilink Gsm
Mobilink GsmMobilink Gsm
Mobilink Gsm
 
Project Report Of Mangement
Project Report Of MangementProject Report Of Mangement
Project Report Of Mangement
 
A Questionnaire for Identify Failures in Business Analysis Phase of ERP Projects
A Questionnaire for Identify Failures in Business Analysis Phase of ERP ProjectsA Questionnaire for Identify Failures in Business Analysis Phase of ERP Projects
A Questionnaire for Identify Failures in Business Analysis Phase of ERP Projects
 
Mobilink Management Report
Mobilink Management ReportMobilink Management Report
Mobilink Management Report
 
Research problem
Research problemResearch problem
Research problem
 
Research Project on Brand Preference of Mobile Phones
Research Project on Brand Preference of Mobile PhonesResearch Project on Brand Preference of Mobile Phones
Research Project on Brand Preference of Mobile Phones
 

Similar to System audit questionnaire

A075434624
A075434624A075434624
A075434624
Dharmendra Kumar
 
Misauditchecklist 121023080803-phpapp01
Misauditchecklist 121023080803-phpapp01Misauditchecklist 121023080803-phpapp01
Misauditchecklist 121023080803-phpapp01
Ravikrishnan Nc
 
Itauditcl
ItauditclItauditcl
Itauditcl
SAMMOU
 
Enterprise Asset Management- Mobility Readiness Checklist
Enterprise Asset Management- Mobility Readiness ChecklistEnterprise Asset Management- Mobility Readiness Checklist
Enterprise Asset Management- Mobility Readiness Checklist
Unvired Inc.
 
Effects of IT on internal controls
Effects of IT on internal controlsEffects of IT on internal controls
Effects of IT on internal controls
Lou Foja
 
Threat and Risk Assessment QuestionnaireCompletion da.docx
Threat and Risk Assessment QuestionnaireCompletion da.docx Threat and Risk Assessment QuestionnaireCompletion da.docx
Threat and Risk Assessment QuestionnaireCompletion da.docx
MARRY7
 
Chapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentChapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environment
KugendranMani
 
Owny IT Desktop Monitoring Featurelist
Owny IT Desktop Monitoring FeaturelistOwny IT Desktop Monitoring Featurelist
Owny IT Desktop Monitoring Featurelist
NCS Computech Ltd.
 
Text-DISA_Review_Questions.docx
Text-DISA_Review_Questions.docxText-DISA_Review_Questions.docx
Text-DISA_Review_Questions.docx
CAVEDPRAKASHPALIWAL
 
Text-DISA_Review_Questions.docx
Text-DISA_Review_Questions.docxText-DISA_Review_Questions.docx
Text-DISA_Review_Questions.docx
CAVEDPRAKASHPALIWAL
 
Document Control in FDA Regulated Environments - When and how to automate
Document Control in FDA Regulated Environments - When and how to automateDocument Control in FDA Regulated Environments - When and how to automate
Document Control in FDA Regulated Environments - When and how to automate
Jeff Thomas
 
2. INFORMATION GATHERING.pptx Computer Applications in Pharmacy
2. INFORMATION GATHERING.pptx Computer Applications in Pharmacy2. INFORMATION GATHERING.pptx Computer Applications in Pharmacy
2. INFORMATION GATHERING.pptx Computer Applications in Pharmacy
Vedika Narvekar
 
Unit Iii
Unit IiiUnit Iii
Unit Iii
Ram Dutt Shukla
 
Conducting_a_Business_and_Systems_Analysis
Conducting_a_Business_and_Systems_AnalysisConducting_a_Business_and_Systems_Analysis
Conducting_a_Business_and_Systems_Analysis
Mark Grysiuk, CRM, CIP, ermM
 
Information system
Information systemInformation system
Information system
danishhashmi11
 
computer system validation
computer system validationcomputer system validation
computer system validation
Gopal Patel
 
audit_it_250759.pdf
audit_it_250759.pdfaudit_it_250759.pdf
audit_it_250759.pdf
mabkhoutaliwi1
 
Railway Reservation System - Software Engineering
Railway Reservation System - Software EngineeringRailway Reservation System - Software Engineering
Railway Reservation System - Software Engineering
Lalit Pal
 
Internal-control-in-the-computer-information-system-chap-27-aud-5-FINAL.pptx
Internal-control-in-the-computer-information-system-chap-27-aud-5-FINAL.pptxInternal-control-in-the-computer-information-system-chap-27-aud-5-FINAL.pptx
Internal-control-in-the-computer-information-system-chap-27-aud-5-FINAL.pptx
JayLloyd8
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
gueste080564
 

Similar to System audit questionnaire (20)

A075434624
A075434624A075434624
A075434624
 
Misauditchecklist 121023080803-phpapp01
Misauditchecklist 121023080803-phpapp01Misauditchecklist 121023080803-phpapp01
Misauditchecklist 121023080803-phpapp01
 
Itauditcl
ItauditclItauditcl
Itauditcl
 
Enterprise Asset Management- Mobility Readiness Checklist
Enterprise Asset Management- Mobility Readiness ChecklistEnterprise Asset Management- Mobility Readiness Checklist
Enterprise Asset Management- Mobility Readiness Checklist
 
Effects of IT on internal controls
Effects of IT on internal controlsEffects of IT on internal controls
Effects of IT on internal controls
 
Threat and Risk Assessment QuestionnaireCompletion da.docx
Threat and Risk Assessment QuestionnaireCompletion da.docx Threat and Risk Assessment QuestionnaireCompletion da.docx
Threat and Risk Assessment QuestionnaireCompletion da.docx
 
Chapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentChapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environment
 
Owny IT Desktop Monitoring Featurelist
Owny IT Desktop Monitoring FeaturelistOwny IT Desktop Monitoring Featurelist
Owny IT Desktop Monitoring Featurelist
 
Text-DISA_Review_Questions.docx
Text-DISA_Review_Questions.docxText-DISA_Review_Questions.docx
Text-DISA_Review_Questions.docx
 
Text-DISA_Review_Questions.docx
Text-DISA_Review_Questions.docxText-DISA_Review_Questions.docx
Text-DISA_Review_Questions.docx
 
Document Control in FDA Regulated Environments - When and how to automate
Document Control in FDA Regulated Environments - When and how to automateDocument Control in FDA Regulated Environments - When and how to automate
Document Control in FDA Regulated Environments - When and how to automate
 
2. INFORMATION GATHERING.pptx Computer Applications in Pharmacy
2. INFORMATION GATHERING.pptx Computer Applications in Pharmacy2. INFORMATION GATHERING.pptx Computer Applications in Pharmacy
2. INFORMATION GATHERING.pptx Computer Applications in Pharmacy
 
Unit Iii
Unit IiiUnit Iii
Unit Iii
 
Conducting_a_Business_and_Systems_Analysis
Conducting_a_Business_and_Systems_AnalysisConducting_a_Business_and_Systems_Analysis
Conducting_a_Business_and_Systems_Analysis
 
Information system
Information systemInformation system
Information system
 
computer system validation
computer system validationcomputer system validation
computer system validation
 
audit_it_250759.pdf
audit_it_250759.pdfaudit_it_250759.pdf
audit_it_250759.pdf
 
Railway Reservation System - Software Engineering
Railway Reservation System - Software EngineeringRailway Reservation System - Software Engineering
Railway Reservation System - Software Engineering
 
Internal-control-in-the-computer-information-system-chap-27-aud-5-FINAL.pptx
Internal-control-in-the-computer-information-system-chap-27-aud-5-FINAL.pptxInternal-control-in-the-computer-information-system-chap-27-aud-5-FINAL.pptx
Internal-control-in-the-computer-information-system-chap-27-aud-5-FINAL.pptx
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
 

Recently uploaded

0624.speakingengagementsandteaching-01.pdf
0624.speakingengagementsandteaching-01.pdf0624.speakingengagementsandteaching-01.pdf
0624.speakingengagementsandteaching-01.pdf
Thomas GIRARD BDes
 
在线制作加拿大萨省大学毕业证文凭证书实拍图原版一模一样
在线制作加拿大萨省大学毕业证文凭证书实拍图原版一模一样在线制作加拿大萨省大学毕业证文凭证书实拍图原版一模一样
在线制作加拿大萨省大学毕业证文凭证书实拍图原版一模一样
2zjra9bn
 
Resumes, Cover Letters, and Applying Online
Resumes, Cover Letters, and Applying OnlineResumes, Cover Letters, and Applying Online
Resumes, Cover Letters, and Applying Online
Bruce Bennett
 
Tape Measure Training & Practice Assessments.pdf
Tape Measure Training & Practice Assessments.pdfTape Measure Training & Practice Assessments.pdf
Tape Measure Training & Practice Assessments.pdf
KateRobinson68
 
Introducing Gopay Mobile App For Environment.pptx
Introducing Gopay Mobile App For Environment.pptxIntroducing Gopay Mobile App For Environment.pptx
Introducing Gopay Mobile App For Environment.pptx
FauzanHarits1
 
5 Common Mistakes to Avoid During the Job Application Process.pdf
5 Common Mistakes to Avoid During the Job Application Process.pdf5 Common Mistakes to Avoid During the Job Application Process.pdf
5 Common Mistakes to Avoid During the Job Application Process.pdf
Alliance Jobs
 
Leadership Ambassador club Adventist module
Leadership Ambassador club Adventist moduleLeadership Ambassador club Adventist module
Leadership Ambassador club Adventist module
kakomaeric00
 
Switching Careers Slides - JoyceMSullivan SocMediaFin - 2024Jun11.pdf
Switching Careers Slides - JoyceMSullivan SocMediaFin - 2024Jun11.pdfSwitching Careers Slides - JoyceMSullivan SocMediaFin - 2024Jun11.pdf
Switching Careers Slides - JoyceMSullivan SocMediaFin - 2024Jun11.pdf
SocMediaFin - Joyce Sullivan
 
Job Finding Apps Everything You Need to Know in 2024
Job Finding Apps Everything You Need to Know in 2024Job Finding Apps Everything You Need to Know in 2024
Job Finding Apps Everything You Need to Know in 2024
SnapJob
 
BUKU PENJAGAAN BUKU PENJAGAAN BUKU PENJAGAAN
BUKU PENJAGAAN BUKU PENJAGAAN BUKU PENJAGAANBUKU PENJAGAAN BUKU PENJAGAAN BUKU PENJAGAAN
BUKU PENJAGAAN BUKU PENJAGAAN BUKU PENJAGAAN
cahgading001
 
How to Prepare for Fortinet FCP_FAC_AD-6.5 Certification?
How to Prepare for Fortinet FCP_FAC_AD-6.5 Certification?How to Prepare for Fortinet FCP_FAC_AD-6.5 Certification?
How to Prepare for Fortinet FCP_FAC_AD-6.5 Certification?
NWEXAM
 
Learnings from Successful Jobs Searchers
Learnings from Successful Jobs SearchersLearnings from Successful Jobs Searchers
Learnings from Successful Jobs Searchers
Bruce Bennett
 
Leave-rules.ppt CCS leave rules 1972 for central govt employees
Leave-rules.ppt CCS leave rules 1972 for central govt employeesLeave-rules.ppt CCS leave rules 1972 for central govt employees
Leave-rules.ppt CCS leave rules 1972 for central govt employees
Sreenivas702647
 
Lbs last rank 2023 9988kr47h4744j445.pdf
Lbs last rank 2023 9988kr47h4744j445.pdfLbs last rank 2023 9988kr47h4744j445.pdf
Lbs last rank 2023 9988kr47h4744j445.pdf
ashiquepa3
 
Status of Women in Pakistan.pptxStatus of Women in Pakistan.pptx
Status of Women in Pakistan.pptxStatus of Women in Pakistan.pptxStatus of Women in Pakistan.pptxStatus of Women in Pakistan.pptx
Status of Women in Pakistan.pptxStatus of Women in Pakistan.pptx
MuhammadWaqasBaloch1
 
Jill Pizzola's Tenure as Senior Talent Acquisition Partner at THOMSON REUTERS...
Jill Pizzola's Tenure as Senior Talent Acquisition Partner at THOMSON REUTERS...Jill Pizzola's Tenure as Senior Talent Acquisition Partner at THOMSON REUTERS...
Jill Pizzola's Tenure as Senior Talent Acquisition Partner at THOMSON REUTERS...
dsnow9802
 
Gabrielle M. A. Sinaga Portfolio, Film Student (2024)
Gabrielle M. A. Sinaga Portfolio, Film Student (2024)Gabrielle M. A. Sinaga Portfolio, Film Student (2024)
Gabrielle M. A. Sinaga Portfolio, Film Student (2024)
GabrielleSinaga
 
A Guide to a Winning Interview June 2024
A Guide to a Winning Interview June 2024A Guide to a Winning Interview June 2024
A Guide to a Winning Interview June 2024
Bruce Bennett
 
IT Career Hacks Navigate the Tech Jungle with a Roadmap
IT Career Hacks Navigate the Tech Jungle with a RoadmapIT Career Hacks Navigate the Tech Jungle with a Roadmap
IT Career Hacks Navigate the Tech Jungle with a Roadmap
Base Camp
 
官方认证美国旧金山州立大学毕业证学位证书案例原版一模一样
官方认证美国旧金山州立大学毕业证学位证书案例原版一模一样官方认证美国旧金山州立大学毕业证学位证书案例原版一模一样
官方认证美国旧金山州立大学毕业证学位证书案例原版一模一样
2zjra9bn
 

Recently uploaded (20)

0624.speakingengagementsandteaching-01.pdf
0624.speakingengagementsandteaching-01.pdf0624.speakingengagementsandteaching-01.pdf
0624.speakingengagementsandteaching-01.pdf
 
在线制作加拿大萨省大学毕业证文凭证书实拍图原版一模一样
在线制作加拿大萨省大学毕业证文凭证书实拍图原版一模一样在线制作加拿大萨省大学毕业证文凭证书实拍图原版一模一样
在线制作加拿大萨省大学毕业证文凭证书实拍图原版一模一样
 
Resumes, Cover Letters, and Applying Online
Resumes, Cover Letters, and Applying OnlineResumes, Cover Letters, and Applying Online
Resumes, Cover Letters, and Applying Online
 
Tape Measure Training & Practice Assessments.pdf
Tape Measure Training & Practice Assessments.pdfTape Measure Training & Practice Assessments.pdf
Tape Measure Training & Practice Assessments.pdf
 
Introducing Gopay Mobile App For Environment.pptx
Introducing Gopay Mobile App For Environment.pptxIntroducing Gopay Mobile App For Environment.pptx
Introducing Gopay Mobile App For Environment.pptx
 
5 Common Mistakes to Avoid During the Job Application Process.pdf
5 Common Mistakes to Avoid During the Job Application Process.pdf5 Common Mistakes to Avoid During the Job Application Process.pdf
5 Common Mistakes to Avoid During the Job Application Process.pdf
 
Leadership Ambassador club Adventist module
Leadership Ambassador club Adventist moduleLeadership Ambassador club Adventist module
Leadership Ambassador club Adventist module
 
Switching Careers Slides - JoyceMSullivan SocMediaFin - 2024Jun11.pdf
Switching Careers Slides - JoyceMSullivan SocMediaFin - 2024Jun11.pdfSwitching Careers Slides - JoyceMSullivan SocMediaFin - 2024Jun11.pdf
Switching Careers Slides - JoyceMSullivan SocMediaFin - 2024Jun11.pdf
 
Job Finding Apps Everything You Need to Know in 2024
Job Finding Apps Everything You Need to Know in 2024Job Finding Apps Everything You Need to Know in 2024
Job Finding Apps Everything You Need to Know in 2024
 
BUKU PENJAGAAN BUKU PENJAGAAN BUKU PENJAGAAN
BUKU PENJAGAAN BUKU PENJAGAAN BUKU PENJAGAANBUKU PENJAGAAN BUKU PENJAGAAN BUKU PENJAGAAN
BUKU PENJAGAAN BUKU PENJAGAAN BUKU PENJAGAAN
 
How to Prepare for Fortinet FCP_FAC_AD-6.5 Certification?
How to Prepare for Fortinet FCP_FAC_AD-6.5 Certification?How to Prepare for Fortinet FCP_FAC_AD-6.5 Certification?
How to Prepare for Fortinet FCP_FAC_AD-6.5 Certification?
 
Learnings from Successful Jobs Searchers
Learnings from Successful Jobs SearchersLearnings from Successful Jobs Searchers
Learnings from Successful Jobs Searchers
 
Leave-rules.ppt CCS leave rules 1972 for central govt employees
Leave-rules.ppt CCS leave rules 1972 for central govt employeesLeave-rules.ppt CCS leave rules 1972 for central govt employees
Leave-rules.ppt CCS leave rules 1972 for central govt employees
 
Lbs last rank 2023 9988kr47h4744j445.pdf
Lbs last rank 2023 9988kr47h4744j445.pdfLbs last rank 2023 9988kr47h4744j445.pdf
Lbs last rank 2023 9988kr47h4744j445.pdf
 
Status of Women in Pakistan.pptxStatus of Women in Pakistan.pptx
Status of Women in Pakistan.pptxStatus of Women in Pakistan.pptxStatus of Women in Pakistan.pptxStatus of Women in Pakistan.pptx
Status of Women in Pakistan.pptxStatus of Women in Pakistan.pptx
 
Jill Pizzola's Tenure as Senior Talent Acquisition Partner at THOMSON REUTERS...
Jill Pizzola's Tenure as Senior Talent Acquisition Partner at THOMSON REUTERS...Jill Pizzola's Tenure as Senior Talent Acquisition Partner at THOMSON REUTERS...
Jill Pizzola's Tenure as Senior Talent Acquisition Partner at THOMSON REUTERS...
 
Gabrielle M. A. Sinaga Portfolio, Film Student (2024)
Gabrielle M. A. Sinaga Portfolio, Film Student (2024)Gabrielle M. A. Sinaga Portfolio, Film Student (2024)
Gabrielle M. A. Sinaga Portfolio, Film Student (2024)
 
A Guide to a Winning Interview June 2024
A Guide to a Winning Interview June 2024A Guide to a Winning Interview June 2024
A Guide to a Winning Interview June 2024
 
IT Career Hacks Navigate the Tech Jungle with a Roadmap
IT Career Hacks Navigate the Tech Jungle with a RoadmapIT Career Hacks Navigate the Tech Jungle with a Roadmap
IT Career Hacks Navigate the Tech Jungle with a Roadmap
 
官方认证美国旧金山州立大学毕业证学位证书案例原版一模一样
官方认证美国旧金山州立大学毕业证学位证书案例原版一模一样官方认证美国旧金山州立大学毕业证学位证书案例原版一模一样
官方认证美国旧金山州立大学毕业证学位证书案例原版一模一样
 

System audit questionnaire

  • 1. Sl.N0. System Audit Questionnaire Background 1 What is the information technology environment? 2 Give a brief description of the equipment. 3 Has a map of the installation been prepared? Otherwise, obtain one. 4 What are the operating systems in use? 5 What are the communications systems in use? 6 What are the various applications which have been computerized? organisation 1 Prepare or obtain an organizational chart of information technology department. 2 Determine job title, job descriptions and names of the persons in IT department. 3 Is there a segregation of duties such as: a. Functions and duties of systems design, programming and data administration are separate from computer operations; b. Programmers do not operate the computer or regulate processing runs; c. Operators have access only to such data and programs as is necessary for performing their assigned tasks; d. Personnel in data processing department are not performing any duties relating to organizing transactions or making changes to master files. 4 Are the duties of computer operators periodically related? 5 Are there well-documented operating procedures? 6 Are the operating functions being properly supervised according to programmed operating procedures? Control Functions 1 Are there persons specifically given the responsibility for performing the control function in the information technology department? 2 Do there duties include control over receipt of input data and recording of control information? 3 Is there control over distribution of output?
  • 2. 4 Is there control over errors to insure that they are reported, corrected and reprocessed? Is review of appropriate logs of error detection and control regularly done? 5 Are master file changes or changes to data authorised in writing by appropriate personnel in the department initiating that changes? 6 Is there any written communication made available to the department initiating the changes informing the IT department of the changes actually made? Management Practices 1 Is there a corporate security policy? 2 Are there any procedure regarding physical security covering the following features: a. Office building; b. Entry to computer centre; c. Access to client’s computer systems; d. Access to server systems; e. Working after office hours; f. Procedures for the prevention and protection. Organization Controls 1 Are there clear segregating of duties within the IT department? 2 Are there separations of duties between IT department and user departments? 3 What are the procedures regarding access to data within the computer system? 4 Password management: a. Access to corporate data base; b. Access to application programs. Systems Development Methodology 1 Are there any standards for systems development? 2 Have the standards been implemented, and if so, to what extent? Program Change Management 1 Are there standard procedures laid down for changes to existing programs? 2 Do they cover the following: a. Authorization for change;
  • 3. b. Independent testing; c. Compiling and adding to the library of programs by a person independent of the programmer. 3 Are the standard procedures being implemented? Program Library Maintenance 1 Are there well laid out procedures for maintaining computer library? Business Continuity Planning 1 Is there a well-documented business continuity plan? 2 Has it been well-documented and updated? 3 Does it contain procedures regarding: 4 Data backup 5 Backup of hardware, software and communication infrastructure. 6 Are there provisions for use of alternative facilities in the event of fire or other long interruptions? 7 Is there adequate insurance cover for various likely disasters? 8 Is date processing personal covered by fidelity insurance? Environmental Controls 1 Whether the location of computer installation is safe from potential hazards such as water seepage, fire, flood etc.? If not, what precautions have been taken to overcome such problems? 2 Whether ATM/Server Room is clean and the environment is dust free. 3 Whether the electrical and data cabling has been done in a structured manner and is not exposed except at the terminal point? Comment on the status of cabling and hazards, if any. 4 Whether power supply to IT systems is backed up though UPS and is not being used for any other purpose except for the minimal support light? 5 Earth to neutral voltage is 0-2 volts, which should be got tested during the course of audit (incumbent to arrange for the same). Comment on the deviation, if any. 6 Whether the server, if any, is placed in a separate partition/ room and telecommunication line(s) is/are available in the server room/partition? 7 Whether air conditioning, ventilation and humidity control procedures are in place for Servers/ critical equipments/ATM / UPS etc.
  • 4. 8 Whether the Switch/hub is placed in a mounting rack under lock and key? 9 Whether gas-based fire extinguishers are available and the same are valid and in working condition? Physical controls: 1 Whether the server/most critical equipments such as PC for backup/Switches/Routers are located in least accessible area and the access is restricted to authorized persons only? 2 Whether all the IT equipments have been allocated and marked with unique number and are in consonance with the inventory register. 3 Whether all the configuration details have been mentioned in the Inventory Management Register However, if the record is maintained in PC, print out of the same should be pasted in the register and updated regularly. 4 Whether the access to IT installations is restricted to authorized persons only. Whether access violations are properly recorded and appropriate actions taken the regainst. 5 Whether all PCs/Printers are regularly cleaned and covered when not in use? Logical Controls: 1 Whether all the PCs are protected by boot password? 2 Whether all the users have been created with written permission of the Incumbent/Head of the Department? 3 Whether any generic user account name has been created except reserved users account for Operating System, RDBMS and Application Packages? 4 Whether sensitive user IDs (e.g. root, RDBMS, DBA etc) and passwords are maintained as per HO guidelines and the prescribed procedures are being complied with such as : a. Whether passwords are kept in a dual custody in sealed cover.
  • 5. b. If opened, whether the password has been changed and again kept in sealed cover. 5 Check whether access rights for system files, executable files, data files and parameter files etc. are given on need-to-know/ need–to-do basis. 6 Whether proper record is maintained in respect of Creation/ Deletion of USER IDs in the user maintenance register on specific approval of Incumbent In charge or Departmental Head? Verify if such approval is in place in respect of the entire active user IDs. 7 Whether Enabling and Disabling of User ID s is done daily prior to start of the work as per daily arrangement register and active user ID s in the system are in agreement with the register? Report violations, if any. 8 Whether USER IDs are unique? 9 Whether proper record is maintained for the password of other users changed by the DBA/System Administrator in the register and same carries approval of the Incumbent? Comment on the number of Data Base Administrators/System administrators active at a time. 10 Whether the control on maximum number of invalid logon attempts to three has been specified properly in the system. 11 Whether automatic logout in case of unattended terminals is available on windows/UNIX environment? Specify the time set. 12 Whether the parameter to control maximum validity period of password is set to 15 days. If not, what is the validity period? 13 Whether declaration for maintaining confidentiality of password is held for all the users?
  • 6. Application Systems Controls: 1 Give package-wise details of bugs/deficiencies reported along with the steps taken for their removal. Whether these are recorded in Software Problem Register? Whether compensatory controls are put in place to ensure correct and valid output? (Attach separate sheet, if required) 2 If source code is available: a. Whether there is adequate separation between the development and production environment. b. Review the adequacy of access controls to source code. c. Whether the custody of source code is with the authorized official (s)? d. Whether proper handing over procedures is being adopted in the event of transfer/change of authorized officials? e. Whether change management procedure is being followed and documented? f. Whether requirements are analyzed for feasibility and necessity? g. Whether proper approval is being taken before making changes? h. Whether changes are tested for correctness before implementing in production environment? 3 Whether parameters of Operating System/RDBMS and Application Software are being changed/ updated as per the prescribed procedures and register to this effect is being maintained? (Not applicable in CBS branches)
  • 7. 4 Whether all the transactions, except system generated, are authorized by an independent official? 5 Whether database is physically secured? (Not applicable in CBS Branches) 6 Whether the access to the application is restricted to the authorized officials only? (Not applicable in CBS branches) 7 Whether the data is verified periodically in terms of storage space, performance tuning and back up. Give the following details: i)Date of earliest data available Ii)Total capacity of hard disk iii)Free hard disk space 8 In this context, review the response time of the system for different transactions. 9 If the branch was migrated from one package to another after the date of last system audit, was the data integrity ensured. 10 Whether adequate separation of duties is ensured for make checker concept? 11 Whether Incumbent In charge periodically certifies/confirms that the financial powers of the various authorizing officials/end users are defined correctly in the system.
  • 8. 12 Whether the guidelines with regard to checksum are being followed. What action the branch has taken in the event of difference in checksum. (Not applicable in CBS branches) 13 Whether error messages, if any, in the screen are properly recorded in a Register and appropriate action taken? 14 Review the adequacy of the procedures followed for implementing software patches/ periodical upgrades/ new version for application package as well as operating system. Maintenance & Business Continuity Controls: 1 Whether all the hardware items are covered under Warranty/Annual Maintenance Contract? Whether preventive maintenance schedule is being adhered to? 2 Whether a Copy of AMC/Service Level Agreement is held in the Office? 3 Whether the users are aware of the terms of AMC and the names and contact numbers of AMC Vendor? 4 Whether the Software are being supported by the supplier vendor/In-house Development Team? Whether the contact numbers of the persons to be contacted in case of problem/break down is known to the users. 5 In case any hardware item is taken out by the vendor for repair/ servicing, whether user ensures that the equipment does not contain sensitive data? 6 Whether the users are familiar with the fall back procedures to be adopted in the event of power failure or fault in PC, Printer or any other peripheral? 7 Whether users are aware of the procedures for restarting the work in the event of service interruption for various application packages running in the branch?
  • 9. 8 Whether users are aware of the Security Policy guidelines of the Bank to the extent relevant to them. 9 Whether Anti Virus Software is loaded in the systems? Whether data definitions and virus signatures are updated regularly? Give date of last such updation along with the source of updation (by vendor or through internet) and periodicity i.e. daily/weekly/monthly etc. 10 Is the Anti Virus Software configured to check viruses from floppy/CD ROM/e-mail automatically? 11 Check and report if any extraneous software is being used. Give details of such software (s) along with the PCs on which the same is loaded. 12 Whether the users have been provided training in the area of their work? 13 Whether license is held in respect of software being used by the Office/Branch. 14 Whether the original Operating System, RDBMS & other Software packages are kept in a fireproof cabinet? 15 Whether complete backup of Operating System/RDBMS and other application packages with current settings is held/maintained? 16 Whether offsite backup is kept regularly on weekly basis? Give date of last such backup. (Not applicable in CBS branches) 17 Whether all the columns of backup register are filled in properly. (Not applicable in CBS branches) 18 Whether backup media is labeled and recorded? (Not applicable in CBS branches)
  • 10. 19 Whether integrity/ readability of the backup is tested periodically? Comment on the method adopted for the same. Give date of last such testing. (Not applicable in CBS branches) 20 Whether branch-wise inventory of Hardware/Software is being maintained and updated at Zonal Office Level? Networking controls: (Not applicable in stand alone environment) 1 Are there documented procedures for using the network? 2 Has the responsibility and liability of network vendors been defined in the AMC Agreement, whether a copy of such AMC contract is held? 3 Whether the inventory of network equipments e.g. hub, switch, router etc. is being maintained and updated regularly. 4 Whether a network diagram illustrating the physical connections between the network equipments and computers had been prepared and approved by the Incumbent? 5 Whether the networking equipments have been labeled to facilitate cross-reference to inventory register? 6 If routers are installed, review the access controls to the routers. 7 Whether the remote log-on through services such as FTP, TELNET etc. is disabled? 8 Whether dial up access to RAS is logically controlled?
  • 11. 9 Whether CBS node provided in the Office, if any, is physically separated and logically controlled? CBS node should not be used in any other network, report deviation if any. (Applicable only in CBS branches) 10 Whether guidelines for e-mail usage are being complied with? 11 Whether guidelines for internet usage are being complied with? Comment on the network downtime. 12 Whether internet access is given to PC/System being utilized for some bank application having critical data? If so, what precautions are taken to protect against internet hazards? Operational Controls: 1 Whether the following reports are taken and scrutinized by the appropriate officials? i) Exceptional Transactions Report. ii)Rejected Transactions Report. iii)Access Log iv)Audit Trail, if any (non-financial transactions). v)GL affected balances vi)Active Users
  • 12. 2 Whether the interest charged in the accounts is being checked/verified by the authorized official? 3 Whether the interest rate revision is timely incorporated and authorized in the system. In case of delay, whether the differential interest for the intervening period is being appropriated. 4 Whether morning checking is being done as per the Bank’s guidelines. 5 Whether the non-financial transactions e.g. limit enhancement, limit reduction, DP maintenance etc. are properly incorporated and authorized by the authorized officials of the Bank. 6 Review the controls over the procedures adopted for data upload through external media e.g. salary credit through floppy etc. Whether such floppies are checked for viruses before using for processing? What are the controls for checking that the data is not entered more than once? Are compensatory controls in place in the form of checking of transaction by authorized officials? 7 Whether the branch is maintaining any upload account in which some balance is still outstanding? Give details and explain the reasons for keeping such accounts. (Applicable only in CBS branches) 8 Whether the transactions lying in the Proxy Account are reversed within 3 days? Review the outstanding transactions in Proxy Account for overdue entries. (Applicable only in CBS branches) 9 Comment on the number of inter-sol transactions and the charges levied. Whether limited user IDs are permitted to pass such transactions? (Applicable only in CBS branches) 10 Whether the signatures are being captured regularly and authorized in the system? Level of pungency in this regard be commented upon.
  • 13. Review physical, logical, system and operational controls in respect of the following services rendered by the Branch, if any: 1 Remote Access 2 Tele Banking 3 EDI 4 Government Business 5 CMS 6 Depository 7 SWIFT 8 Internet Banking 9 SFMS 10 Whether access to ATM room is restricted to the authorized persons only? 11 Whether AC installed in ATM room is giving the desired temperature control?
  • 14. 13 Whether ATM room is clean? 14 Whether ATM power back up is supported by UPS. 15 Whether ATM card issue register is maintained and updated regularly and tallies with physical cards received in the branch? 16 Whether control of ATM cards and PIN mailers (in case returned due to wrong address) with two different officials and proper record of the same is maintained and tallies with physical cards? 17 Whether proper record of retained cards and lost/hot cards is maintained and tallies with physical cards? 18 Whether after each month end, ATM audit rolls are kept in sealed envelope in joint custody? 19 Comment whether security in ATM Room is in place. Register Maintenance: 1 Whether the following registers are being maintained, updated and scrutinized/checked. a)Software problem Register. b)Machine breakdown Register, recording downtime. c)Users maintenance Register
  • 15. d)Back up Register e) Media stock movement Register. f) Hardware/Software inventory management Register showing the configuration details and availability of Warranty/AMC. g) Parameter Updation registers. h) Daily arrangement registers. i) Checksum Register. J) Error Rectification Register (recording operational transactions). k) ATM Register. 2 IS AUDITOR’S OBSERVATIONS 3 IS Auditor to comment/review overall IT governance in the branch/Office? Lacuna or gap is informed/indicated along with steps to be taken to plug it. Adequacy of Hardware, Network and its redundancy.