Names: Ramos, Jennifer D.

Subject: Computer 4
Class Schedule: M-W-F 1-2
Raoco, Mark Joseph B. Section: M31
Date Submitted: February 27, 2012

AUDIT PROGRAM FOR GENERAL CONTROLS

 Areas of Audit Audit Internal Control
Controls Possible Exposures Objectives Procedures Checklist
1.) Operating Accidental and To verify that effective Review the organizations Are the current copy
Systems Control intentional threat including mgmt policies and procedures policies. of all policies and
attempts to access data are in place to prevent the
illegally, violate user privacy, or introduction and spread of Review the privileges of a procedures are
perform malicious acts destructive programs.. available?
selection of user groups and
individuals.
To ensure that the Is there a Security
organization has an adequate policy Checklist?
and effective password policy Review the users permitted
for controlling access to the log-on times.
Is there a summary
operating system.
Verify that all users are of anti-virus
software programs
To verify that access required to have passwords.
installed?
privileges are granted in a
manner that is consistent with Review password control
the need to separate procedures.
Is there a summary
incompatible functions and is in of password control
accordance with organizational Review the account lockout procedures?
policy. policy and procedures.
To ensure that the
auditing of users and events in
Verify that new software is
adequate for preventing and tested on stand-alone
detecting abuses, workstation.
reconstructing key events that
preceded systems failures and Review on screen audit logs
planning resource allocation. or archiving the file for
subsequent review.
2.) Database Inadequate back up of To verify that controls Is there a summary of:
Management data and unauthorized access to over data management are Review access to the computer
Control data by authorized and sufficient to preserve the room if limited to the computer Biometric devices
unauthorized personnel integrity and physical security operators and IT department
of the database. Authorization rules
supervisor.
Verify computer labs that User-defined
procedures
require coded ID cards or keys
for entry Encryption
Verify if program librarian has Interference controls
restricted access to programs Access Controls
as well as a written user log for
all programs checked out

3.) Programmers and To verify that individuals Obtain the current Is there a summary of:
operators who perform in incompatible areas are organization chart for the
Organizational incompatible functions segregated in information technology Program Change
Structure may penetrate program accordance with the Through discussion with Control
fraud. level of potential risk and information technology Security policy
in a manner that personnel, evaluate the checklist
Documentation promotes a working proper segregation of IT general controls