IT General Controls Risk Assessment Report

1526 words 7 pages
IT General Controls Risk Assessment Report
Foods Fantastic Company

Background:
In accordance with our IT audit plan, the Foods Fantastic Company (FFC) Audit Team has performed an ITGC review of the 5 critical ITGC areas and in-scope applications so as to enable the audit team to follow a controls-based audit approach and be able to rely on the IT controls in place at FFC. FFC is a publicly traded, regional grocery store located in the mid-Atlantic region which relies on many state-of-the-art IT systems and software and which are all managed in-house.

Purpose:
We hope to gain comfort that FFC’s systems, IT practices, and risk management procedures are working properly and are operationally effective within a
…show more content…
Per discussion with FFC’s CIO, we noted that SSADM is followed for all projects and the CIO periodically reviews project’s budget-to-actual reconciliation. Although internal audit only performs post-implementation reviews on projects greater than $2 million, because internal audit is a voting member of project teams, internal audit is well aware of developing projects and adds comfort to our assessment of low risk within the Systems Development area. Based on our interview with VP, Applications, we identified the new bio-coding payment system to have been tested in 3 parts across different user departments prior to the acceptance of the new system. This extensive amount of testing highlights the appropriate governance within Systems Development.
We found many issues with the Data Security ITGC area. Because the integrity of many of the IT systems and processes relies on the security of information and data, we have considered Data Security a higher risk area. Although the IT department has a security policy which addresses organizational security, the policy has not been revised for almost 8 years. There are strong physical security procedures in place, such as keeping the computer rooms locked and requiring escorts for all contractors and outside personnel. We found issues pertaining to environmental controls and on the logical side of Data Security. Environmental controls were only tested semi-annually which we

Related

  • Internal Control and Sunshine Center
    1330 words | 6 pages
  • High-Risk Family Assessment Snd Health Promotion
    2143 words | 9 pages
  • The Aadit Report and Internal Control Evaluation
    1100 words | 5 pages
  • A Systematic Approach of Strategies to Control and Monitor Ohs Risks
    2268 words | 10 pages
  • Uniqlo Assessment Presentation and Project Report Environmental Analysis Apparel Brand Management
    1063 words | 5 pages
  • Nebosh Igc Practical Assessment Report (Sample)
    1243 words | 5 pages
  • P4 - Plan a Risk Assessment for a Selected Administrative Work Environment.
    1121 words | 5 pages
  • Critical Risk Assessment and Milestone Schedule
    929 words | 4 pages
  • Chernobyl Risk Assessment
    1618 words | 7 pages
  • Risk Assessment Case Study
    2170 words | 9 pages