Beruflich Dokumente
Kultur Dokumente
known to be very mataray expressed her approval but inform them that this form part of her observation in back-to-office report. SO the Team Leader opened the sealed envelope containing the password, after reading it, showed it to the Internal Auditor, the Resident Auditor and ITC representative, then returned the password in the safety box inside the vault and locked it. With the access password, Mr. Captain was given permission by the system to perform the Draw Definition procedures, the next Monday; it was Mr. Colonels turn to define the draw. He was inform last Saturdays incident and he expressed his appreciation for the immediate action undertaken by Mr. Captain but he did not make any action on the sealed password, instead he used the same in that draw.
OBJECTIVES
y To determine the adequacy of the Password control and maintenance procedure of the Philippine Charity Office (PCSO) Lotto Draw System. y To pinpoint lapses or weaknesses of their internal control procedures that can somehow impair the integrity, accuracy and reliability of their systems and data. y To formulate recommendatory procedures to strengthen the Password
The existing standard operating procedure should be amended and should specify the Particular Individual who shall be authorized to unlock the back-up password for accountabilities and responsibilities purposes. There should be a timely review, evaluation and amendments, if necessary, to the existing standard operating procedure of the PCSO Lotto Draw System. They should amend their operating procedure and specify there the particular individual who shall be authorized to unlock the back-up password in order to easily trace the accountable and responsible person, if ever there might be any irregularities to occur.
This action could enhance the general controls of the PCSO Lotto Draw System specifically on their Data Security Controls. This action can prevent the possibilities that the individual who has opened the back-up password can use the said password again in accessing and changing the important files of the organization even without any proper authorization.
The existing standard operating procedure should be amended and should specify the Particular Individual who shall be authorized to unlock the back-up password for accountabilities and responsibilities purposes.
This course of action is important because the organization can pin down the accountable and responsible individual if ever there are some irregularities and any suspicious performance of the system that have been discovered. With this action, the organization can easily trace down the channel of accountabilities and responsibilities. This can encourage also the individual in charge to be more precautious and to be more responsible of the assigned responsibility.
Terminals can be physically restricted so that they are available only to authorized individuals.
Additional sets of passwords and security restrictions can be developed for specific systems and applications.
Written policies and procedures establish formal standards for controlling information system operations. Procedures must be formalized in writing and authorized by the appropriate level of management. Accountabilities and responsibilities must be clearly specified.
Supervision of personnel involved in control procedures ensures that the controls for an information system are performing as intended. With supervision, weaknesses can be spotted, errors corrected, and deviations from standard procedures identified. Without adequate supervision, the bestdesigned set of controls may be bypassed, short-circuited, or neglected.
Prepared by: Leo A. Omamalin Jeniecel G. Alico Junegil Fabular Jay-jay Ree Jee A. Feniquito Ma. Luz Mercedez