BAICS Form 3
INTERNAL CONTROL SELF ASSESSMENT
Bureau of Fire Protection (BFP)
Information Technology
REMARKS
(If yes, indicate
MOV/documentary
requirements/action taken
ICC
Sample submitted
Ref. ICC Statement YES NO N/A
MOV MOVs If no, indicate why is it
#
answered as NO
if N/A, provide justification
why it is not applicable)
96 The organization has an approved IT N/A
organizational chart and written job descriptions
that adequately defines the lines of authority,
duties/responsibilities
/accountabilities and reporting and
communication.
Do you have adequate IT Controls on: N/A No Trainings, Seminars and
Schooling Attended
IT General Controls N/A No Trainings, Seminars and
Schooling Attended
IT ENVIRONMENT N/A No Trainings, Seminars and
Schooling Attended
● Strategic IT Plan
● Processes, Organization and Relationships
● Management Aims and Direction
● IT Skills and Training i.
Access Control N/A No Trainings, Seminars and
Schooling Attended
● Physical Security
● Logical Access
Backup and Recovery Controls
Systems and Program
Computer Operations Controls N/A No Trainings, Seminars and
Schooling Attended
● Service-Level Agreements
● Performance and Capacity
● Systems Security
● Configuration Management
● Problem and Incident Management
Disaster Recovery N/A No Trainings, Seminars and
Schooling Attended
Network Controls N/A No Trainings, Seminars and
Schooling Attended
Internet/Intranet Controls N/A No Trainings, Seminars and
Schooling Attended
97 ● Application/Internet Control
● Processing Control
● Output Control
Compliance to IT LRRs
Protection from Malware