1. Performance of general controls Internal and external shop operations 2.

Preparation of application assessments Featured on mainframe, UNIX, Windows NT, and other operating systems 3. Transfer control protocol/Internet protocol (TCP/IP) Internet-related data security practice 4. Asynchronous transfer method (ATM) Telecommunications 5. Electronic funds transfer (EFT) Telecommunications 6. Database management systems (DBMS) Knowledge of Oracle, Access, and other DBMS 7. Business continuity planning (disaster recovery planning) The planning and recommended implementation of a corporate disaster recovery plan 8. Systems under change The use of system development methodology, security and control design, and postimplementation reviews 9. Audit integration services Working with . nancial auditors to make assertions on a companys . nancial statements 10. Information security services Internet penetration studies using Internet Security Systems (ISS), Security Administrator Tool for Analyzing Networks (SATAN), and a large-scale Constrained Optimization Problem Set (COPS), and other Internet security tools of trade

1.

A general controls review attempts to gain an overall impression of the controls that are present in the environment surrounding the information systems. These include the organizational and administrative structure of the IS function, the existence of policies and procedures for the day-to-day operations, availability of staff and their skills and the overall control environment. It is important for the IS auditor to obtain an understanding of these as they are the foundation on which other controls reside. A general controls review would also include the infrastructure and environmental controls. A review of the data center or information processing facility should cover the adequacy of air conditioning (temperature, humidity), power supply (uninterruptible power supplies, generators) and smoke detectors/fire suppression systems, a conducive clean and dust free environment, protection from floods and water seepage as well as neat and identifiable electrical and network cabling. Physical access control is another important area for review. Today in a highly networked world, logical access to computer systems is literally universal, yet there is a necessity to control physical access too. There are certain commands and settings that can be executed only from the console of the server and hence it is important to enclose all servers in a secure location protected by suitable mechanisms like locked doors, access swipe cards, biometric access devices or a combination of these. Further the IS auditors also should review the overall access control measures to the entire facility for controls like security guards at the entry gates, displaying of identification badges and logging visitor access.

IT General Controls (ITGCs) Review

IT environments continue to increase in complexity with ever greater reliance on the information produced by IT systems and processes. The recent emergence of regulations aiming to restore the investor confidence placed a greater emphasis on internal controls and often requires independent assessments of the effectiveness of internal controls. More and more market players in their approach towards internal control assessment, design an implementation need embedding an underlying risk analysis approach with a focus on reliable and effective key application controls. While Risk Management in itself is moving at the top of the Board agenda due to high profile business failures , heavy regulatory pressure is increasing compliance requirements which needs to be integrated into the company internal control framework. If you need to establish that:

Systems are developed, configured, and implemented to achieve managements objectives. Changes to programmes and related infrastructure components are requested, prioritised, performed, tested, and implemented in accordance with managements objectives. Transactions are processed completely and accurately in accordance with management's objectives, and that processing problems are identified and resolved completely and accurately to maintain the integrity of financial data. Only authorised access is granted to programmes and data upon authentication of a user's identity. Then PwC can help you PwC can provide you with an overall evaluation of management controls; assurance on business process, system and data technology management. Our services enable you to gain comfort that your systems, processes and risk management procedures are operating effectively and within a well - controlled environment. Our practice is backed by a global resource pool, focused tools, "standard industry practices" knowledge, training and technology. The IT General Controls capability covers identification, evaluation and validation of controls, including reporting of areas for improvement identified together with our recommendations, in the following areas: Access to Programmes and Data

Policies and procedures Roles and responsibilities Security parameter settings of operating systems, applications (including Enterprise Resource Planning (ERP) systems (e.g. SAP, Navision, Oracle) and databases User access rights Monitoring & Training Physical security Network access Control over Computer Operations

Organisation of IT function Service Level Agreements Business Continuity and Disaster Recovery Plans Network Management Backups and Recovery Controls over Programme Development and Implementation of New Systems

Testing Transfer to live Documentation and Training Controls over Programme Changes

Maintenance activities Change Requests