Note the procedures used to amend programs. Review details of the program library structure, and note controls which allow only authorized individuals to access each library. PROGRAM MAINTENANCE AND SYSTEM DEVELOPMENTĭevelopment and changes to programs are authorized, tested, and approved, prior to being placed in production. Is EDP audit being carried by internal audit or an external consultant to ensure compliance of policies and controls established by management? Is strategic data processing plan developed by the company for the achievement of long-term business plan?Īre there any key personnel within IT department whose absence can leave the company within limited expertise?Īre there any key personnel who are being over-relied?
Is the custody of assets restricted to personnel outside the EDP department? Is the EDP Department independent of the user department and in particular the accounting department?Īre there written job descriptions for all jobs within EDP department and these job descriptions are communicated to designated employees?Īre EDP personnel prohibited from having incompatible responsibilities or duties in user departments and vice versa?Īre there written specifications for all jobs in the EDP Department?Īre the following functions within the EDP Department performed by separate sections:Īre the data processing personnel prohibited from duties relating to:Īre all processing pre-scheduled and authorized by appropriate personnel?Īre there procedures to evaluate and establish who has access to the data in the database?Īre the EDP personnel adequately trained?Īre systems analysts programmers denied access to the computer room and limited in their operation of the computer?Īre operators barred from making changes to programs and from creating or amending data before, during, or after processing? Has the company developed an IT strategy linked with the long and medium term plans? Is there a steering committee where the duties and responsibilities for managing MIS are clearly defined?
Is there a separate EDP department within the company? Review the company organization chart, and the data processing department organization chart. So i hope this will help for the IT audit professionals while they will be in field of security and infrastructure check.ĭownload IT Audit Checklist word file for print No.ĭoes the organization of data processing provide for adequate segregation of duties? I have made a complete list here for the IT audit based on my skill and with the help if many professionals. Fot this reason you must have a checklist as a security professional. Based on your skill you may perform a lot of taks, but you must have to keep track what tasks you have completed and which tasks are still left.
When you will go for Information System audit means IT audit then you have to perform different tasks. Complete IT Audit checklist for any types of organization.
0 kommentar(er)
