Scribd
Upload
108 views

GITC Objective 1

This document summarizes testing of logical access controls for application systems at Philippine Veterans Bank. Five control activities were tested: 1) policies and procedures for authorizing user access, 2) completeness of access request forms, 3) maintenance of a user access matrix, 4) appropriateness of access privileges granted to users, and 5) periodic reviews of user access. For each control, design and implementation and operating effectiveness tests were performed, including interviews, reviewing documentation, and examining samples from the population. Exceptions and results were documented.

Uploaded by

Raraj
Copyright
© © All Rights Reserved
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
108 views

GITC Objective 1

This document summarizes testing of logical access controls for application systems at Philippine Veterans Bank. Five control activities were tested: 1) policies and procedures for authorizing user access, 2) completeness of access request forms, 3) maintenance of a user access matrix, 4) appropriateness of access privileges granted to users, and 5) periodic reviews of user access. For each control, design and implementation and operating effectiveness tests were performed, including interviews, reviewing documentation, and examining samples from the population. Exceptions and results were documented.

Uploaded by

Raraj
Copyright
© © All Rights Reserved
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 26

Application

System

Date Raised

No.

Ref

Risk Rating

Issues and Observation

Risk

Recommendation

Management Response

Engagement

Application Systems Recvew Testing Document


Philippine Veterans Bank_Internal Audit Outsourcing

Location:

Makati City, Philippines

Domain

General Information Technology Contols (GITC)

Control Objective:

Logical security tools and techniques are implemented and configured to enable r
application system.
Application owners authorize the nature and extent of user access privileges and such priv
reviewed by application owners to ensure access privileges remain appropriate.

Control Activity:

T1.1 Understand and document the policies and procedures related to the authorization of
application systems.

Test Description:

Attributes
1
2
3
4
Testing/Interview
conducted by
Tesing Documentation
Design and Implementation Testing
Description of the Testing
Done.

D&I Conclusion:

Operating Effectiveness Testing


Period of Review:
Population:
Sampling Frequency:
Number of Samples:

Sample #
1
2

Phase
OE
OE

Sample Description - Interim

Attributes to Test
A

Sample #
1
2
etc

Phase
OE
OE
OE

Sample Description - Final

Tickmark Legend
P
x
n/a

No Exceptions Noted
Exceptions noted
Not Applicable
Results Legend

OE Conclusion:

Attributes to Test
A

ble restriction of access to


privileges are periodically

on of user access to data and

Workpaper Reference

Workpaper Reference

Engagement

Application Systems Recvew Testing Document


Philippine Veterans Bank_Internal Audit Outsourcing

Location:

Makati City, Philippines

Domain

General Information Technology Contols (GITC)

Control Objective:

Logical security tools and techniques are implemented and config


access to application system.
Application owners authorize the nature and extent of user access privileg
periodically reviewed by application owners to ensure access privileges re

Control Activity:

T1.2 Determine completeness of request form and timeliness of its mainte

Test Description:

Attributes
1
2
3
4

Testing/Interview
conducted by
Tesing Documentation
Design and Implementation Testing
Description of the
Testing Done.

D&I Conclusion:

Period of Review:
Population:

Operating Effectiveness Testing

Sampling Frequency:
Number of Samples:

Sample #
1
2

Phase
OE
OE

Sample Description - Interim

Sample #
1
2
etc

Phase
OE
OE
OE

Sample Description - Final

Tickmark Legend
P
x
n/a

No Exceptions Noted
Exceptions noted
Not Applicable
Results Legend

OE Conclusion:

Testing Document
cing

mplemented and configured to enable restriction of

tent of user access privileges and such privileges are


ensure access privileges remain appropriate.

nd timeliness of its maintenance in the system.

ation Testing

ess Testing

end

nd

Attributes to Test
A

Workpaper Reference

Attributes to Test
A

Workpaper Reference

Engagement

Application Systems Recvew Testing Document


Philippine Veterans Bank_Internal Audit Outsourcing

Location:

Makati City, Philippines

Domain

General Information Technology Contols (GITC)

Control Objective:

Logical security tools and techniques are implemented and config


access to application system.
Application owners authorize the nature and extent of user access privileg
periodically reviewed by application owners to ensure access privileges re

Control Activity:

T1.3 Determine creation and maintenance of user access matrix.

Test Description:

Attributes
1
2
3
4

Testing/Interview
conducted by
Tesing Documentation
Design and Implementation Testing
Description of the
Testing Done.

D&I Conclusion:

Operating Effectiveness Testing

Period of Review:
Population:
Sampling Frequency:
Number of Samples:

Sample #
1
2

Phase
OE
OE

Sample Description - Interim

Sample #
1
2
etc

Phase
OE
OE
OE

Sample Description - Final

Tickmark Legend
P
x
n/a

No Exceptions Noted
Exceptions noted
Not Applicable
Results Legend

OE Conclusion:

Testing Document
cing

mplemented and configured to enable restriction of

tent of user access privileges and such privileges are


ensure access privileges remain appropriate.

er access matrix.

ation Testing

ess Testing

end

nd

Attributes to Test
A

Workpaper Reference

Attributes to Test
A

Workpaper Reference

Engagement

Application Systems Recvew Testing Document


Philippine Veterans Bank_Internal Audit Outsourcing

Location:

Makati City, Philippines

Domain

General Information Technology Contols (GITC)

Control Objective:

Logical security tools and techniques are implemented and config


access to application system.
Application owners authorize the nature and extent of user access privileg
periodically reviewed by application owners to ensure access privileges re

Control Activity:

T1.4 Determine appropriateness and sharing of user access given to users

Test Description:

Attributes
1
2
3
4

Testing/Interview
conducted by
Tesing Documentation
Design and Implementation Testing
Description of the
Testing Done.

D&I Conclusion:

Operating Effectiveness Testing

Period of Review:
Population:
Sampling Frequency:
Number of Samples:

Sample #
1
2

Phase
OE
OE

Sample Description - Interim

Sample #
1
2
etc

Phase
OE
OE
OE

Sample Description - Final

Tickmark Legend
P
x
n/a

No Exceptions Noted
Exceptions noted
Not Applicable
Results Legend

OE Conclusion:

Testing Document
cing

mplemented and configured to enable restriction of

tent of user access privileges and such privileges are


ensure access privileges remain appropriate.

user access given to users for every application/system.

ation Testing

ess Testing

end

nd

Attributes to Test
A

Workpaper Reference

Attributes to Test
A

Workpaper Reference

Engagement

Application Systems Recvew Testing Document


Philippine Veterans Bank_Internal Audit Outsourcing

Location:

Makati City, Philippines

Domain

General Information Technology Contols (GITC)

Control Objective:

Logical security tools and techniques are implemented and config


access to application system.
Application owners authorize the nature and extent of user access privileg
periodically reviewed by application owners to ensure access privileges re

Control Activity:

T1.5 Determine existence and effectivity of user access periodic review.

Test Description:

Attributes
1
2
3
4

Testing/Interview
conducted by
Tesing Documentation
Design and Implementation Testing
Description of the
Testing Done.

D&I Conclusion:

Operating Effectiveness Testing

Period of Review:
Population:
Sampling Frequency:
Number of Samples:

Sample #
1
2

Phase
OE
OE

Sample Description - Interim

Sample #
1
2
etc

Phase
OE
OE
OE

Sample Description - Final

Tickmark Legend
P
x
n/a

No Exceptions Noted
Exceptions noted
Not Applicable
Results Legend

OE Conclusion:

Testing Document
cing

mplemented and configured to enable restriction of

tent of user access privileges and such privileges are


ensure access privileges remain appropriate.

r access periodic review.

ation Testing

ess Testing

end

nd

Attributes to Test
A

Workpaper Reference

Attributes to Test
A

Workpaper Reference

Engagement

Application Systems Recvew Testing Document


Philippine Veterans Bank_Internal Audit Outsourcing

Location:

Makati City, Philippines

Domain

General Information Technology Contols (GITC)

Control Objective:

Logical security tools and techniques are implemented and config


access to application system.
Application owners authorize the nature and extent of user access privileg
periodically reviewed by application owners to ensure access privileges re

Control Activity:

T1.5 Determine existence and effectivity of user access periodic review.

Test Description:

Attributes
1
2
3
4

Testing/Interview
conducted by
Tesing Documentation
Design and Implementation Testing
Description of the
Testing Done.

D&I Conclusion:

Operating Effectiveness Testing

Period of Review:
Population:
Sampling Frequency:
Number of Samples:

Sample #
1
2

Phase
OE
OE

Sample Description - Interim

Sample #
1
2
etc

Phase
OE
OE
OE

Sample Description - Final

Tickmark Legend
P
x
n/a

No Exceptions Noted
Exceptions noted
Not Applicable
Results Legend

OE Conclusion:

Testing Document
cing

mplemented and configured to enable restriction of

tent of user access privileges and such privileges are


ensure access privileges remain appropriate.

r access periodic review.

ation Testing

ess Testing

end

nd

Attributes to Test
A

Workpaper Reference

Attributes to Test
A

Workpaper Reference

You might also like