Internal Controls
Internal Controls explain the activities we perform at our organisation to deal with Risks and Compliance Requirements. We document what they do, how we test them and what Policies, Standards and Procedures govern them.
60
0%
Current Internal Controls
0
0%
New Internal Controls
0
0%
Updated Internal Controls
|
Actions
|
Title | Objective | Audit Methodology | Audit Success Criteria | Maintenance Task | Policies |
|---|---|---|---|---|---|---|
|
Background Check Reviews1!!!
|
Ensure that employees and contractors have gone through the mandatory background checks
|
Evidence: ,
- List of employees and contractors that joined the company since last audit, - Request copies of their Background Checks records as per HR Security Policy, , Analysis:, - Review that employees and contractors have their background checks records available at their HR file , , Output:, - All provided evidence, - Spreadsheet with a list of employees and an additional column with a check (if background check was provided or not as expected) |
All employees and contractors reviewed must have their mandatory background checks performed
|
NA
|
HR Security Policy | |
|
Employee contract reviews
|
|
NA
|
NA
|
Ensure employees have contracts and those are kept on esteban gmail account
|
HR Security Policy | |
|
Employee Interview to assess satisfaction
|
|
NA
|
NA
|
Interview all employees and ensure: wages are ok, work is ok, colleagues are ok
|
HR Security Policy | |
|
End-Point Reviews
|
Ensure that end-point hardening and device allocation processes are followed and enforce on all our end-point devices (laptops and mobile phones in particular)
|
Evidence:,
- List of employees that joined and left the organisation since the last audit, - Asset inventory list, , Analysis:, - Meet those new employees with service desk and validate their assigned devices correspond those documented on the inventory. Review if devices meet hardening standards., - Review the inventory and ensure there are receipts for the hardware returned by those employees that have left the organisation, , Output:, - List of employees with a checkbox indicating if the tests are correct or not, - PDF copies of hte receipts |
All hardware must be allowed or removed with receipts that prove the exchange. All devices must follow hardening guides to the detail.
|
NA
|
Hardening Standards HR Security Policy System inventory | |
|
NDA and Policy Signing Reviews
|
Verify that employees and contractors have signed NDA and security policies.
|
Input:
- List of new employee since the last audit; login name in column A - HR to provide copies of the NDA and Contracts for this list of people Analysis: - Ensure each employees has an NDA and signed contract Output: - Spreadsheet with the analysis |
All employees have agreed and signed our NDA and contract.
|
NA
|
NDA Agreement HR Security Policy |