Sie sind auf Seite 1von 11

CIMB Niaga Auto Finance Client Assistance Package - IT General Controls Document Request for Audit Period 2012

Period: 1 June 2012 - 31 October 2012

The following list is dynamic. Thus, changes in data request (addition / deletion) may occur during fieldwor

Application in scope: eGL, Confins 2W, Confins, and Focus


Ref A A1 A2 A3 A4 A5 A6 A7 B B1 Description IT HIGH LEVEL IT Organisation Chart and job description. (Latest, if any). MoM Management meeting ITSP / IT Strategic Plan 2012 Risk Profile Report IT Internal Audit Report SLA (Service Level Agreement) with vendor(s) IT SLA (Service Level Agreement) PROGRAM CHANGES Policies and procedures related to program changes (Latest, if any)

Application Problem & Request Tracking Annual Report from vendor List of Program Changes (last modified screenshot for .dll and .asp) Screenshot version on 2w & 4W DB and DBOS level Screenshot version on 2w & 4W Appl and Appl OS level System Development Request Form or E-mail from user requesting the changes. This evidence is required for samples selected based on B4 B8 User Acceptance Testing (UAT) documentation This evidence is required for samples selected based on B4 B9 Form migrasi documentation This evidence is required for samples selected based on B4 B10 Screenshot Login to Training, Testing and Production Environment Server C ACCESS TO PROGRAMS AND DATA C1 IT Security Policy and Procedures (Latest, if any) Application level List of application users, along with access privileges as of 31 October 2012, includes the following fields, but not limited to: - Login ID - Full Name - ID Status (Active/Inactive) - Expired Date - First Created - Last Login - Branch - Group ID - Group Description - Role/Access Privileges Formal User Access Forms Based on samples selected from C2

B2 B3 B4 B5 B6 B7

C2

C3

C4 C5 C6 C7 C8 C9 C10 C11 C12 C13 C14 C15 C16 C17 C18 C19 C20 C21 C22 D D1

List of Resigned and Rotated Employee (e.g. from HRD) during June - October 2012 User Access Matrix & User Access Review List of user with administrator privilege in application User Access Privilege Review Password Configuration in application level Application in OS level List of user with administrator privilege in application OS Windows (Screenshot) User Access Privilege Review Password Configuration Database level List of user with administrator privilege from SQL database Data Modification Log - Reporting database activities Password Configuration in Windows OS level User Access Privilege Review Database in OS level List of user with administrator privilege in database OS Windows (Screenshot) User Access Privilege Review Password Configuration Data Center & Network Network diagram & topology Antivirus scheduler Server Room Log Book Data server activity & modification log COMPUTER OPERATIONS Policies and procedures related to computer operations (Latest, if any)

D2 Backup scheduler for 2W & 4W D3 Backup status log report for 2W application (CONFINS & E-GL) (for sample date, refer to sheet "backup sample") D4 Backup status log for 4W application screenshot (CONFINS & FOCUS) (for sample date, refer to sheet "backup sample") D5 EoD Checklist + EoD log D6 Backup checklist for 4W application (for sample date, refer to sheet "backup sample") D7 Restoration checklist for 2W application (for June and August) D8 Restoration checklist for 4W application (for June and August) D9 Interface web report for 2W & 4W (for sample date, refer to sheet "interface sample") D10 EoD Scheduler D11 Interface scheduler for 2W & 4W D12 Interface log (for sample date, refer to sheet "interface sample") D13 Helpdesk report (sample month : July and September) D14 SLA report from vendor (sample month : July and September) D15 Monthly SLA report (sample month : July and September) D16 DR Plan documentation

D17 E E1 E2 F F1 F2 G G1

DRP Testing result PROGRAM DEVELOPMENT Policies and procedures related to program development (Latest, if any) Data Migration documentation (regarding the additional server) 4W JOURNAL ENTRIES Manual Journal from period January 2012 - October 2012 (E-GL for 2W) Manual Journal from period January 2012 - October 2012 (FOCUS for 4W) HRIS application (Off the-shelf) Program development/changes documentation (request, approval, testing, post implementation review, data migration d

Legend : Population / urgent data Policy & procedures Received

ay occur during fieldwork depends on condition in the location.

Period

Related Application ALL APPLICATION ALL APPLICATION -

PwC

Client

Date Requested 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012

Date Received

Latest 2012 2012 2012 2012 2012 2012 Latest

Lucky Lucky Lucky Lucky Lucky Lucky Lucky Diana

Pak Dwinanto Pak Dwinanto Pak Dwinanto Pak Dwinanto Pak Dwinanto Pak Dwinanto Pak Dwinanto Pak Leonardis

11/19/2012

as of 31/10/2012 2012 2012 2012 2012 2012 2012 2012 2012 Latest

ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION -

Diana Diana Diana Diana Diana Diana Diana Diana Diana Diana

Pak Dwinanto Pak Dwinanto Pak Jeffry & Pak Jeffry Pak Leonardis Pak Leonardis Pak Dwinanto Pak Dwinanto Pak Dwinanto Pak Dwinanto Pak Leonardis

11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012

11/19/2012 11/19/2012 11/19/2012 11/20/2012 11/20/2012 11/20/2012

11/19/2012

2012

CONFINS 2W, CONFINS Diana 4W, E-GL, FOCUS

Pak Leonardis

11/13/2012

2012

ALL APPLICATION

Diana

Pak Dwinanto

11/13/2012

2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 Latest

ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION -

Diana Diana Diana Diana Diana Diana Diana Diana Diana Diana Diana Diana Diana Diana Diana Diana Diana Diana Diana Diana

Pak Leonardis Pak Dwinanto Pak Ari & Pak Hadi Pak Dwinanto Pak Ari & Pak Hadi Pak Ari & Pak Hadi Pak Dwinanto Pak Ari & Pak Hadi Pak Ari & Pak Hadi Pak Ari & Pak Hadi Pak Ari & Pak Hadi Pak Dwinanto Pak Ari & Pak Hadi Pak Dwinanto Pak Ari & Pak Hadi Pak Dwinanto Pak Dwinanto Pak Dwinanto Pak Dwinanto Pak Dwinanto

11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012

11/20/2012

11/19/2012

2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012

ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION ALL APPLICATION -

Diana Diana Diana Diana Diana Diana Diana Diana Diana Diana Diana Diana Diana Diana Diana

Pak Ari & Pak Hadi Pak Ari & Pak Hadi Pak Ari & Pak Hadi Pak Ari & Pak Hadi Pak Ari & Pak Hadi Pak Ari & Pak Hadi Pak Ari & Pak Hadi Pak Ari & Pak Hadi Pak Ari & Pak Hadi Pak Ari & Pak Hadi Pak Ari & Pak Hadi Pak Dwinanto Pak Dwinanto Pak Dwinanto Pak Dwinanto

11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012

2012 Latest 2012 2012 2012 2012 2012

Diana Diana Diana Diana Diana Diana Diana

Pak Dwinanto Pak Dwinanto Pak Ari Pak Leonardis Pak Leonardis Pak Ari Pak Ari

11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/13/2012 11/19/2012

11/19/2012

Remarks

Status

Already obtained the IT Org.

Pending for job desc Pending Pending Pending Pending Pending Pending

Received, consists of : - Change Configuration and Parameter procedure - Program enhancement procedure

In PwC Review

Received Received Received Received Received Received Received Received, User ID management procedure Already received : - E-GL - CONFINS 4W - CONFINS 2W Still pending : - FOCUS

Pending Pending Received Received Received Received Received Received Received In PwC Review

Pending

Pending

Received

In PwC Review Pending Pending Pending Pending Pending Pending Pending Pending Pending Pending Pending Pending Pending Pending

Received

In review by PwC Pending Pending Pending In PwC Review

Received, consist of : - backup restore database - DRP activation - IT Procurement - IT Problem Request & Handling Mgt

Pending Pending Pending Pending Pending Pending Pending Pending Pending Pending Pending Pending Pending Pending Pending

Pending Received In PwC Review Pending In PwC Review Pending Pending Pending

Received

Requested Backup Sample Date No Date 1 8 June 2 14 June 3 21 June 4 25 June 5 5 July 6 11 July 7 12 July 8 28 July 9 15 August 10 17 August 11 21 August 12 29 August 13 13 September 14 14 September 15 10 September 16 19 September 17 4 October 18 8 October 19 16 October 20 24 October

2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012

Requested Interface Sample Date No Date 1 5 June 2 13 June 3 21 June 4 29 June 5 4 July 6 17 July 7 20 July 8 26 July 9 3 August 10 8 August 11 9 August 12 23 August 13 13 September 14 14 September 15 27 September 16 28 September 17 2 October 18 3 October 19 9 October 20 16 October

2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012