Names: Ramos, Jennifer D.

Class Schedule: M-W-F 1-2

Raoco, Mark Joseph B.
Date Submitted: February 27, 2012

Subject: Computer 4
Section: M31

AUDIT PROGRAM FOR GENERAL CONTROLS

Areas of
Controls
1.)
Operating
Systems Control

Possible Exposures

Accidental
and
intentional
threat
including
attempts
to
access
data
illegally, violate user privacy, or
perform malicious acts

Audit
Audit
Objectives
Procedures

To verify that effective

Review the organizations
mgmt policies and procedures
policies.
are in place to prevent the
introduction and spread of Review the privileges of a
destructive programs..
selection of user groups and
individuals.

To
ensure
that
the
organization has an adequate
and effective password policy Review the users permitted
log-on times.
for controlling access to the
operating system.
Verify that all users are
required to have passwords.

To verify that access

privileges are granted in a
manner that is consistent with Review password control
the
need
to
separate
procedures.
incompatible functions and is in
accordance with organizational Review the account lockout
policy.
policy and procedures.

To
ensure
that
the
auditing of users and events in
adequate for preventing and
detecting
abuses,
reconstructing key events that
preceded systems failures and
planning resource allocation.

2.)
Database
Management
Control

3.)

Inadequate back up of
data and unauthorized access to
data
by
authorized
and
unauthorized personnel

Organizational
Structure

Programmers
and
operators who perform
incompatible
functions
may penetrate program
fraud.
Documentation

Verify that new software is

tested
on
stand-alone
workstation.

Review on screen audit logs

or archiving the file for
subsequent review.

To verify that controls

over data management are Review access to the computer
sufficient
to
preserve
the
room if limited to the computer
integrity and physical security
operators and IT department
of the database.
supervisor.
Verify computer labs that
require coded ID cards or keys
for entry
Verify if program librarian has
restricted access to programs
as well as a written user log for
all programs checked out

To verify that individuals

in incompatible areas are
segregated
in
accordance
with
the
level of potential risk and
in
a
manner
that
promotes
a
working

Obtain
the
current
organization chart for the
information technology
Through discussion with
information
technology
personnel,
evaluate
the
proper
segregation
of

Internal Control
Checklist

Are the current copy

of all policies and
procedures
are
available?

Is there a Security
policy Checklist?

Is there a summary
of
anti-virus
software
programs
installed?

Is there a summary
of password control
procedures?

Is there a summary of:

Biometric devices
Authorization rules
User-defined
procedures
Encryption
Interference controls
Access Controls

Is there a summary of:

Program Change
Control
Security policy
checklist
IT general controls