View CartView Cart

QuestionsContact Us

Audit Programs

Table of Contents:

This audit program provides a solid framework for assessing a wide array of key internal controls that form a foundation of a well managed and secure information systems environment. The audit program contains 65 controls across the following principal process areas in IT:

Information Systems Operations

Batch job, report and online transaction processing procedures

Controls and testing procedures to determine if organization’s operations around scheduling, performance, and monitoring of IT programs and processes are adequately supervised:
  • Processing to successful and timely completion
  • Authorization and integrity of job and transaction processing
  • Automated scheduling tools (management, security, access to such tools, etc.) 

Backup and recovery

Controls to ensure organization’s financial data is appropriately managed during storage:
  • Data retention tools (management, security, access to such tools, etc.)
  • Backups and retention of data (planning, scheduling, and supervision)
  • Backup tapes (management, storage, archival, readability assessments, encryption and more).

Physical security

Controls and test steps to determine if facilities that house relevant information-processing and storage infrastructure are appropriately managed:
  • Physical access mechanisms
  • Authority to administer physical access mechanisms
  • Physical access control procedures (approvals from management, access disablement, monitoring and access recertification procedures)

Information Security

Configurable security parameters and settings
Controls and testing procedures to assess the effectiveness of the system configuration and security settings:
  • Password requirements
  • Procedures to safeguard default vendor accounts
  • Patching procedures to prevent exploitation of known security vulnerabilities
  • Procedures to detect security events and respond to security incidents
  • Procedures to detect unauthorized changes to the security and configuration settings
  • Configuration baselines
  • Privileged system administration access

Logical access controls
A set of controls and testing guidance to determine if access to the computer systems is restricted to authorized individuals:
  • Privileged user administration access
  • Logical access control procedures (access authorization, access disablement, monitoring and access recertification procedures)
  • Segregation of duties
  • Information security techniques to prevent the disclosure of sensitive and confidential information (encryption of data in transit, masking or scrambling of data in cloned environments, etc.)

Change Management


Development procedures
Controls and audit guidelines to determine if changes to the key financial applications, databases, network and systems software are appropriately developed:
  • A formal change management procedure addressing entity's change management requirements
  • Assessment of method(s) for logging changes to the production environment
  • Controls to ensure that testing is performed in accordance with the test strategy prepared and approved by system owners and development management
  • Controls to ensure that end user acceptance testing is performed in accordance with the test strategy prepared and approved by business owners
  • Segregation of production environment from development and test environments

Implementation procedures
Audit guidelines to determine if changes to the key financial applications, databases, network and systems software are appropriately implemented:
  • Business risk assessment and business impact analysis
  • Authorization by management
  • Source code control/version control system to maintain copies of the prior versions of the production source code
  • Rollback strategy
  • Restriction of access to the production environment
  • Post-implementation assessment

Please view an excerpt from the audit program to ensure it's right for you.

Price: $65.00 (Instant Download)


Add to Cart
View Cart