8/19/2019 Security Risk&Audit Made easy

1/1

Team

CE -> Girish -> IT risk + IT sec + IT audit

fnacle (treasure, ib) + fnone + crm + hrms

Mandate

An Application Audit, should, at a minimum determine the eistence o! controls in

the !ollo"in# areas$

• Inputs controls (%ata input checked !or limits, ran#e checks, permitted

&alues)

• 'rocessin# ('rocessin# is complete, accurate and authoried)

•  utputs (utput in inte#ral)

• *o#ical ecurit (Access control)

o umber o! allo"able unsuccess!ul lo#-on attempts

o .ole based access control

o uper user control

o /our ee principle !or transactions

o ession time outs

• Audit trails and lo#s

• %ata stora#e, retrie&al and archi&in# controls

 The team can #o throu#h Test Cases !or an application and see i! the test cases are

su0cient to address the controls mechanisms, i! the team has doubts o! su0cienc

the can carr out a test run themsel&es1

Audit trail on the applications needs to be checked thorou#hl and manuall in

order to ensure that accountabilit o! user actions on the application1