IT General Controls Risk Assessment Report
Foods Fantastic Company
In accordance with our IT audit plan, the Foods Fantastic Company (FFC) Audit Team has performed an ITGC review of the 5 critical ITGC areas and in-scope applications so as to enable the audit team to follow a controls-based audit approach and be able to rely on the IT controls in place at FFC. FFC is a publicly traded, regional grocery store located in the mid-Atlantic region which relies on many state-of-the-art IT systems and software and which are all managed in-house.
We hope to gain comfort that FFC’s systems, IT practices, and risk management procedures are working properly and are operationally effective within a …show more content…
We found many issues with the Data Security ITGC area. Because the integrity of many of the IT systems and processes relies on the security of information and data, we have considered Data Security a higher risk area. Although the IT department has a security policy which addresses organizational security, the policy has not been revised for almost 8 years. There are strong physical security procedures in place, such as keeping the computer rooms locked and requiring escorts for all contractors and outside personnel. We found issues pertaining to environmental controls and on the logical side of Data Security. Environmental controls were only tested semi-annually which we