View CartView Cart
QuestionsContact Us

Core IT Audit Program



This audit program has been developed for entities that need to facilitate an audit of their application system(s), database(s), network and communication software, and/or systems software in order to identify any inherent risks and to minimize potential exposure to such risks by ensuring that the necessary controls and security are in place and operate effectively.

The audit program contains a comprehensive listing of control objectives and controls to meet the objectives; interview topic recommendations; control documentation recommendations. This audit program can be (re)used on an ongoing basis to audit ANY application system, database, network and communication software, and/or systems software by choosing the controls suitable for particular information systems environment.

*NOTE* See below for more details. Also, use "preview" icon to take a look inside (view a part of the audit program) to ensure it's right for you.

Audit Programs

Preview Core IT Audit ProgramThis IT audit program contains a listing of key internal controls (64 controls) that cover all principal process areas in IT and form a foundation of a well managed and secure information systems environment.

Control framework overview:

Batch & online processing - controls to ensure that organization’s operations around scheduling, performance, and monitoring of IT programs and processes are adequately supervised to ascertain complete, accurate, and valid processing and recording of financial information:
  • Processing to successful and timely completion
  • Authorization and integrity of real-time job and transaction processing
  • Automated scheduling tools (management, security, access to such tools, etc.) and more.
Backup and recovery - controls to ensure organization’s financial data is appropriately managed during the update and storage process to ensure it remains complete, accurate, and valid:
  • Data retention tools (management, security, access to such tools, etc.)
  • Backups and retention of data (planning, scheduling, and supervision)
  • Backup tapes (management, storage, archival, readability assessments, etc.) and more.
Physical security - controls to ensure that appropriate physical security mechanisms operate effectively (access to the building and immediate surroundings of computer equipment, etc.):
  • Assessment of physical access control mechanisms
  • Authority to change physical access control mechanisms
  • Monitoring of physical access control mechanisms, etc.
Logical security - controls to ensure that system security settings are adequately configured and appropriately safeguarded to protect against unauthorized modifications that may result in incomplete, inaccurate, or invalid processing or recording of financial information:
  • Passwords or similar authentication mechanisms
  • Security settings and access restriction mechanisms
  • User access privileges (new access, removal of users, privileged access, SODs, etc.)
  • Security patches/fixes to prevent exploitation of known security vulnerabilities & more.
Change management & control - controls designed to ensure that programs and systems are appropriately acquired or developed, implemented, and managed in a manner that supports accurate, complete, and valid processing and recording of organization’s financial information:
  • Acquisition, development, modification, and maintenance of application systems, databases, network and communication software, and/or systems software
  • Controls around approval, testing prior to implementation, quality assurance reviews, etc.
  • Business risk and impact assessments, adequacy of post implementation reviews
  • Maintenance of operations, technical, and user documentation and more.
Please refer to the "preview" icon above to take a look inside (view a part of the audit program) to ensure it's right for you.
 

Price: $30.00 (Instant Download)


Add to Cart
View Cart