Open navigation menu

Scribd

0% found this document useful (0 votes)

444 views4 pages

XXX Department PBC List

The document is a request from GIAS (Group Internal Audit Services) to XXX Department for documentation to perform an IT audit. It includes a list of 23 items across various IT processes that GIAS is requesting, including entity level controls, access to programs and data, change management, and operations. For each item, it lists the process, description, responsible person, original request date, and date delivered.

Uploaded by

Copyright

© © All Rights Reserved

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as XLSX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

444 views4 pages

XXX Department PBC List

The document is a request from GIAS (Group Internal Audit Services) to XXX Department for documentation to perform an IT audit. It includes a list of 23 items across various IT processes that GIAS is requesting, including entity level controls, access to programs and data, change management, and operations. For each item, it lists the process, description, responsible person, original request date, and date delivered.

Uploaded by

Copyright

© © All Rights Reserved

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as XLSX, PDF, TXT or read online on Scribd

You are on page 1/ 4

GIAS - Month 201X

GIAS XXX Department PBC List

Client XXX Department Period-end 31 December 2010
Prepared By Paul Mburu Date 20 April 2011 W/P Reference

We would like to request and receive the following documentation prior to performing assessment procedures on-site. Either electronic or hard copy format is acceptable.
For each document, please provide a contact name to facilitate discussion and completion of our procedures.

Please note, we will also request to interview appropriate personnel in order to gain additional information in each of the areas below.

Whereas this PBC contains a list of information we deem vital for the IT audit, we may request for additional information as required.

Tracking Statistics

GIAS
Client Client
Item GIAS Original Requested
Process Description of Requested Item Responsible Comments / Date Delivered to GIAS
# Request Date Delivery
Personnel Questions
Date

Entity Level Controls Program

1 Entity Level The business strategy and the IT strategy showing how the XXX 20-Apr-11 27-Apr-11
Controls Program alignment of the two

2 Entity Level Previous year (2009) and current year IT budgets (2010) XXX 20-Apr-11 27-Apr-11
Controls Program

3 Entity Level ICT department organizational structure XXX 20-Apr-11 27-Apr-11

Controls Program

4 Entity Level Job descriptions of all Top IT personnel XXX 20-Apr-11 27-Apr-11
Controls Program

5 Entity Level The data classification policy XXX 20-Apr-11 27-Apr-11

Controls Program

6 Entity Level Service Level Agreement between the IT department and the XXX 20-Apr-11 27-Apr-11
Controls Program business units

7 Entity Level ICT equipment inventory XXX 20-Apr-11 27-Apr-11

Controls Program

8 Entity Level Training calendar / Program for IT personnel XXX 20-Apr-11 27-Apr-11
Controls Program

Access to Programs and Data

9 Access to Information Technology security Policies and procedures XXX 20-Apr-11 27-Apr-11
Programs and
Data
10 Access to Internet and Email policies and procedures XXX 20-Apr-11 27-Apr-11
Programs and
Data

Group Internal Audit Services

GIAS - Month 201X Tracking Statistics

GIAS
Client Client
Item GIAS Original Requested
Process Description of Requested Item Responsible Comments / Date Delivered to GIAS
# Request Date Delivery
Personnel Questions
Date

11 Access to End user policies XXX 20-Apr-11 27-Apr-11

Programs and
Data

12 Access to Copies of management meeting minutes that ratified the above XXX 20-Apr-11 27-Apr-11
Programs and policies i.e. items 9, 10 and 11
Data

13 Access to Documented procedures on communication of security policies to XXX 20-Apr-11 27-Apr-11

Programs and all users within the firm
Data

14 Access to User awareness training calendar XXX 20-Apr-11 27-Apr-11

Programs and
Data

15 Access to Evidence of security awareness training done to users during the XXX 20-Apr-11 27-Apr-11
Programs and year
Data

16 Access to System generated reports of the password policies implemented XXX 20-Apr-11 27-Apr-11
Programs and for ISCALA, HIAFFINITY, ECLIPSE and the Windows domain.
Data

17 Access to System generated reports of all users of ISCALA, HIAFFINITY, XXX 20-Apr-11 27-Apr-11
Programs and ECLIPSE and all the domain users. This report should include:
Data User Name, Status (enabled/disabled), last password change
date and last log on date
18 Access to Example user access form for new system access (ISCALA, XXX 20-Apr-11 27-Apr-11
Programs and HIAFFINITY, ECLIPSE and the Windows domain) and evidence of
Data approval by the IT department and the business unit.

19 Access to Example access change request form requesting for user profile XXX 20-Apr-11 27-Apr-11
Programs and changes (both ISCALA, HIAFFINITY, ECLIPSE and the windows
Data domain) and evidence of approval by the IT department and the
business unit.
20 Access to Documented procedures for revoking system access in ISCALA, XXX 20-Apr-11 27-Apr-11
Programs and HIAFFINITY, ECLIPSE and the Windows domain
Data

21 Access to A copy of the server room access logs for the current year (Soft XXX 20-Apr-11 27-Apr-11
Programs and copy / Hard Copy)
Data

22 Access to The network diagram XXX 20-Apr-11 27-Apr-11

Programs and
Data

23 Access to Router and firewall configuration reports XXX 20-Apr-11 27-Apr-11

Programs and
Data

Group Internal Audit Services

GIAS - Month 201X Tracking Statistics

GIAS
Client Client
Item GIAS Original Requested
Process Description of Requested Item Responsible Comments / Date Delivered to GIAS
# Request Date Delivery
Personnel Questions
Date

24 Access to Evidence of vulnerability assessments / penetration tests XXX 20-Apr-11 27-Apr-11

Programs and performed by independent parties to help identify loop holes in
Data the LAN and WAN

25 Access to The name and version of ISCALA, HIAFFINITY, ECLIPSE XXX 20-Apr-11 27-Apr-11
Programs and underlying database
Data

26 Access to A formal approval granting the ISCALA, HIAFFINITY, ECLIPSE XXX 20-Apr-11 27-Apr-11
Programs and DBA access to the production database
Data

27 Access to Audit logs of activities performed by the ISCALA, HIAFFINITY, XXX 20-Apr-11 27-Apr-11
Programs and ECLIPSE DBA and evidence of their periodic review
Data

28 Access to Segregation of duty matrix illustrating access considerations that XXX 20-Apr-11 27-Apr-11
Programs and are considered when creating profiles within ISCALA,
Data HIAFFINITY, ECLIPSE and the Windows domain

29 Access to System generated report of group profiles within ISCALA, XXX 20-Apr-11 27-Apr-11
Programs and HIAFFINITY, ECLIPSE and the Windows domain. This report
Data should also include all the rights assigned to each profile

30 Access to System generated report of all users showing which profiles they XXX 20-Apr-11 27-Apr-11
Programs and belong to in both ISCALA, HIAFFINITY, ECLIPSE and the
Data Windows domain

31 Access to Evidence of segregation of duty review performed by XXX 20-Apr-11 27-Apr-11

Programs and management including supporting documentation and criteria
Data included for evaluation of appropriate segregation of duties has
been considered for all users in ISCALA, HIAFFINITY, ECLIPSE
and the Windows domain

Program Changes
32 Program Changes Policies and procedures relating to change management and XXX 20-Apr-11 27-Apr-11
exception management during implementation. Specifically,
policies and procedures documenting the process of requesting,
end-user, IT testing, authorizing/approving, migrating into
production, resolving application issues, emergency change
control process, configuration change control process,
implementation plans, process for updating production libraries.

33 Program Changes System-generated listing of changes carried out on the ISCALA, XXX 20-Apr-11 27-Apr-11
HIAFFINITY, ECLIPSE application.

34 Program Changes Copies of user testing results for changes XXX 20-Apr-11 27-Apr-11

Program Development
35 Program System development methodology/System acquisition XXX 20-Apr-11 27-Apr-11
Development methodology
Group Internal Audit Services
GIAS - Month 201X Tracking Statistics

GIAS
Client Client
Item GIAS Original Requested
Process Description of Requested Item Responsible Comments / Date Delivered to GIAS
# Request Date Delivery
Personnel Questions
Date

36 Program List of ongoing IT projects XXX 20-Apr-11 27-Apr-11

Development

37 Program List of significant software amendments /upgrades /changes XXX 20-Apr-11 27-Apr-11
Development during the year

38 Program Project management documentation that has been prepared to XXX 20-Apr-11 27-Apr-11
Development define project scope, requirements, and budgetary requirements
for all system development projects implemented in the current
year.

Computer Operations
39 Computer Disaster Recovery Plan / Business Continuity Plan (BCP). XXX 20-Apr-11 27-Apr-11
Operations
40 Computer Backup policies & procedures XXX 20-Apr-11 27-Apr-11
Operations
41 Computer Back-ups sign off documents XXX 20-Apr-11 27-Apr-11
Operations
42 Computer Testing plans and support documentation of tests over XXX 20-Apr-11 27-Apr-11
Operations application recovery, backups, and record retention
requirements tested prior to implementation.
43 Computer XXX 20-Apr-11 27-Apr-11
Evidence that backup tapes are rotated to an offsite storage
Operations
facility.

44 Computer Problem/Incident management procedures XXX 20-Apr-11 27-Apr-11

Operations

45 Computer Problem logs for the current year XXX 20-Apr-11 27-Apr-11
Operations

46 Computer Antivirus software name and version XXX 20-Apr-11 27-Apr-11

Operations

47 Computer Antivirus software configuration screenshots i.e. when to run XXX 20-Apr-11 27-Apr-11
Operations updates, scans etc

48 Computer Listing of all batch jobs within ISCALA, HIAFFINITY, ECLIPSE XXX 20-Apr-11 27-Apr-11
Operations

49 Computer Documented procedures for execution of batch jobs XXX 20-Apr-11 27-Apr-11
Operations

Group Internal Audit Services

You might also like

Dcu Manual
No ratings yet
Dcu Manual
164 pages
Change Management Policy Template
100% (1)
Change Management Policy Template
7 pages
ITGCs and Its Areas
No ratings yet
ITGCs and Its Areas
16 pages
ITGC Expected Evidence Spreadsheet
No ratings yet
ITGC Expected Evidence Spreadsheet
54 pages
Ca SCM MF SCL Enu
No ratings yet
Ca SCM MF SCL Enu
278 pages
Quarter 1 FINAL Grade 8 CSS Learning Material
100% (2)
Quarter 1 FINAL Grade 8 CSS Learning Material
166 pages
11-Mod 3 Information Security Management-13!08!2024
No ratings yet
11-Mod 3 Information Security Management-13!08!2024
66 pages
Data Backup and Recovery Policy and Procedures
100% (2)
Data Backup and Recovery Policy and Procedures
10 pages
IT General Controls Audit Work Program
100% (1)
IT General Controls Audit Work Program
15 pages
IT General Control Checklist
100% (4)
IT General Control Checklist
11 pages
Module 5 Part 2 Computer Controls
No ratings yet
Module 5 Part 2 Computer Controls
77 pages
InfoSystemsAuditChecklist (Version 1)
100% (1)
InfoSystemsAuditChecklist (Version 1)
44 pages
MIS Audit Checklist
100% (3)
MIS Audit Checklist
19 pages
Access Control Policy
No ratings yet
Access Control Policy
7 pages
Technology Management Master
No ratings yet
Technology Management Master
10 pages
2 Computer Controls
No ratings yet
2 Computer Controls
70 pages
IT General Control Audit Work Program
No ratings yet
IT General Control Audit Work Program
7 pages
ITGC
100% (1)
ITGC
4 pages
IT Audit Questionnaire
100% (1)
IT Audit Questionnaire
126 pages
CH 10
No ratings yet
CH 10
19 pages
Network Data Backup Policy
100% (1)
Network Data Backup Policy
19 pages
IT & Is Policy
No ratings yet
IT & Is Policy
77 pages
ITGeneral Controls Audit
No ratings yet
ITGeneral Controls Audit
6 pages
Security Program and Policies
No ratings yet
Security Program and Policies
39 pages
IT General Controls Audit Program - Template 1 - 0 - Rev 1-23-2020
No ratings yet
IT General Controls Audit Program - Template 1 - 0 - Rev 1-23-2020
51 pages
Information Technology General Controls (Itgcs) 101
No ratings yet
Information Technology General Controls (Itgcs) 101
16 pages
PolicyManual - Boise State Univ - Sec08 - 08180 - 2023-02-06 - PDF
No ratings yet
PolicyManual - Boise State Univ - Sec08 - 08180 - 2023-02-06 - PDF
4 pages
MANAGEMENT INFORMATION SYSTEMS-Group Work
No ratings yet
MANAGEMENT INFORMATION SYSTEMS-Group Work
14 pages
OS Security 01
No ratings yet
OS Security 01
9 pages
Teaching Day 8-9
No ratings yet
Teaching Day 8-9
29 pages
Information Security Risk Assessment Checklist
No ratings yet
Information Security Risk Assessment Checklist
7 pages
SAP Validation
100% (2)
SAP Validation
47 pages
CAB Example
No ratings yet
CAB Example
12 pages
IT General Controls
No ratings yet
IT General Controls
6 pages
Microsoft 70-685: PRO: Windows 7 Enterprise Desktop Support Technician
No ratings yet
Microsoft 70-685: PRO: Windows 7 Enterprise Desktop Support Technician
60 pages
ISO27002-2013 Version Change Summary
No ratings yet
ISO27002-2013 Version Change Summary
8 pages
Index: Special Characters A
No ratings yet
Index: Special Characters A
12 pages
What Are IT General Controls? - ITGC: Access To Programs and Data
No ratings yet
What Are IT General Controls? - ITGC: Access To Programs and Data
4 pages
IT Security Policy
100% (2)
IT Security Policy
13 pages
Policies Procedures Ch5
No ratings yet
Policies Procedures Ch5
25 pages
Project Proposal Template
100% (3)
Project Proposal Template
12 pages
Systems Development Life Cycle PDF
No ratings yet
Systems Development Life Cycle PDF
92 pages
IT General Control Audit Program
No ratings yet
IT General Control Audit Program
20 pages
Project Management Group Assignment: Scope Statement & Report For Technology Associates, Inc
No ratings yet
Project Management Group Assignment: Scope Statement & Report For Technology Associates, Inc
11 pages
IT General Control Checklist V1.1
No ratings yet
IT General Control Checklist V1.1
11 pages
Protecting Corporate Data: Enterprise Storage: A Strategy To Consider Information Security Security Policy and Standards
No ratings yet
Protecting Corporate Data: Enterprise Storage: A Strategy To Consider Information Security Security Policy and Standards
43 pages
Information Security Assessment: Version: 1.2 / 06.11.2012
No ratings yet
Information Security Assessment: Version: 1.2 / 06.11.2012
10 pages
IT Change Management Policy - Best Definitions MOUNT UNION
No ratings yet
IT Change Management Policy - Best Definitions MOUNT UNION
4 pages
Network Security Policy: Purpose
No ratings yet
Network Security Policy: Purpose
17 pages
What Are IT General Controls? - ITGC: Access To Programs and Data
No ratings yet
What Are IT General Controls? - ITGC: Access To Programs and Data
4 pages
Csec It June 2010 Qa
50% (2)
Csec It June 2010 Qa
16 pages
Salesforce Certified Administrator Dumps 2
No ratings yet
Salesforce Certified Administrator Dumps 2
12 pages
1Z0 1033 23
No ratings yet
1Z0 1033 23
14 pages
Ref. ITGC Area Description Due Date Received? Date Received Process Owner Comments
No ratings yet
Ref. ITGC Area Description Due Date Received? Date Received Process Owner Comments
1 page
Transition Plan Template
No ratings yet
Transition Plan Template
15 pages
Questionnaire To Describe Computer Environment: Annex 1
No ratings yet
Questionnaire To Describe Computer Environment: Annex 1
4 pages
Airlines Reservation Synopsis
No ratings yet
Airlines Reservation Synopsis
49 pages
A. Application Specific Questions: Application Name Application Name 1. General
No ratings yet
A. Application Specific Questions: Application Name Application Name 1. General
32 pages
TechNet Group Policy Tips and Tricks
No ratings yet
TechNet Group Policy Tips and Tricks
30 pages
No. Description Yes No N/A Access To Data Files Audit Objective
No ratings yet
No. Description Yes No N/A Access To Data Files Audit Objective
13 pages
DeyPoS Complete Report
No ratings yet
DeyPoS Complete Report
77 pages
Application
No ratings yet
Application
4 pages
Cisa - 4th Chapter - IT Service Delivery and Support
No ratings yet
Cisa - 4th Chapter - IT Service Delivery and Support
4 pages
Ebook: Data Visualization Tools For Users (English)
No ratings yet
Ebook: Data Visualization Tools For Users (English)
26 pages
Let's Web Dynpro. Part I: Web Dynpro: It Is Neither A Tool With Only Drag and Drop (Those Who Have
No ratings yet
Let's Web Dynpro. Part I: Web Dynpro: It Is Neither A Tool With Only Drag and Drop (Those Who Have
80 pages
Top 25 Oracle IT Application and IT General Controls - Test of Control Templates
No ratings yet
Top 25 Oracle IT Application and IT General Controls - Test of Control Templates
14 pages
Sigle Page Website HTML Code Helper GD
No ratings yet
Sigle Page Website HTML Code Helper GD
110 pages
Splunk SPLK 3001
No ratings yet
Splunk SPLK 3001
34 pages
Best Practices For Department Server and Enterprise System Checklist Instructions
No ratings yet
Best Practices For Department Server and Enterprise System Checklist Instructions
8 pages
Intune Privacy and Data Protection Overview
No ratings yet
Intune Privacy and Data Protection Overview
13 pages
Advanced SQL - LAB 2
No ratings yet
Advanced SQL - LAB 2
11 pages
Deploying and Configuring SSIS Packages
No ratings yet
Deploying and Configuring SSIS Packages
25 pages
Gamename: Game Design Document
No ratings yet
Gamename: Game Design Document
8 pages
Game Log
No ratings yet
Game Log
61 pages
Top 10 Oracle Database: Controls - Test of Control Template
No ratings yet
Top 10 Oracle Database: Controls - Test of Control Template
30 pages
Top 25 JD Edwards IT Audit Controls
No ratings yet
Top 25 JD Edwards IT Audit Controls
7 pages
Various Infrastructure Audit Audit Programs
No ratings yet
Various Infrastructure Audit Audit Programs
38 pages
Plotter PopJet 165-180-200 User Guide v.2
No ratings yet
Plotter PopJet 165-180-200 User Guide v.2
27 pages
TSS (CA Top Secret Access Control Software) Audit Program Guide
No ratings yet
TSS (CA Top Secret Access Control Software) Audit Program Guide
9 pages
Vasu Basis
No ratings yet
Vasu Basis
5 pages
"C" Programming Language
No ratings yet
"C" Programming Language
29 pages
SRS PKon RxNet Technical
No ratings yet
SRS PKon RxNet Technical
4 pages
Linux OS
No ratings yet
Linux OS
10 pages
ISConsulting EndUserStandardsandGuidelines
No ratings yet
ISConsulting EndUserStandardsandGuidelines
58 pages
Testing Ingine Kali
No ratings yet
Testing Ingine Kali
30 pages
Bluecoat Proxy SG - Password Recovery
No ratings yet
Bluecoat Proxy SG - Password Recovery
7 pages
Hybris Documentation
No ratings yet
Hybris Documentation
30 pages
UNIX Permissions
No ratings yet
UNIX Permissions
4 pages
Satmotion Pocket PC User Guide
No ratings yet
Satmotion Pocket PC User Guide
27 pages
Top 20 Windows 2002-2003 Audit Controls
No ratings yet
Top 20 Windows 2002-2003 Audit Controls
9 pages
CarTool v2.2.0 Release Notes
No ratings yet
CarTool v2.2.0 Release Notes
7 pages
Interacting With Computer (Input Devices) 2
No ratings yet
Interacting With Computer (Input Devices) 2
3 pages
CV
No ratings yet
CV
3 pages
Gujarat Technological University
No ratings yet
Gujarat Technological University
2 pages
BI and Big Data Management
From Everand
BI and Big Data Management
Ulrich Hambuch
No ratings yet
Python Data Wrangling for Business Analytics: Python for Business Analytics Series
From Everand
Python Data Wrangling for Business Analytics: Python for Business Analytics Series
George Snypes
2/5 (1)
Analytics and Big Data for Accountants
From Everand
Analytics and Big Data for Accountants
Jim Lindell
No ratings yet
Internet Service Providers & Web Search Portal Lines World Summary: Market Values & Financials by Country
From Everand
Internet Service Providers & Web Search Portal Lines World Summary: Market Values & Financials by Country
Editorial DataGroup
No ratings yet
Internet Service Providers & Web Search Portal Revenues World Summary: Market Values & Financials by Country
From Everand
Internet Service Providers & Web Search Portal Revenues World Summary: Market Values & Financials by Country
Editorial DataGroup
No ratings yet