Internal Controls

Internal Controls explain the activities we perform at our organisation to deal with Risks and Compliance Requirements. We document what they do, how we test them and what Policies, Standards and Procedures govern them.

60

0%
Current Internal Controls

0

0%
New Internal Controls

0

0%
Updated Internal Controls
Actions
Title
Objective
Audit Methodology
Audit Success Criteria
Maintenance Task
Policies
Background Check Reviews1!!!
Ensure that employees and contractors have gone through the mandatory background checks
Evidence: ,
- List of employees and contractors that joined the company since last audit,
- Request copies of their Background Checks records as per HR Security Policy,
,
Analysis:,
- Review that employees and contractors have their background checks records available at their HR file ,
,
Output:,
- All provided evidence,
- Spreadsheet with a list of employees and an additional column with a check (if background check was provided or not as expected)
All employees and contractors reviewed must have their mandatory background checks performed
NA
HR Security Policy
Employee contract reviews
NA
NA
Ensure employees have contracts and those are kept on esteban gmail account
HR Security Policy
Employee Interview to assess satisfaction
NA
NA
Interview all employees and ensure: wages are ok, work is ok, colleagues are ok
HR Security Policy
End-Point Reviews
Ensure that end-point hardening and device allocation processes are followed and enforce on all our end-point devices (laptops and mobile phones in particular)
Evidence:,
- List of employees that joined and left the organisation since the last audit,
- Asset inventory list,
,
Analysis:,
- Meet those new employees with service desk and validate their assigned devices correspond those documented on the inventory. Review if devices meet hardening standards.,
- Review the inventory and ensure there are receipts for the hardware returned by those employees that have left the organisation,
,
Output:,
- List of employees with a checkbox indicating if the tests are correct or not,
- PDF copies of hte receipts
All hardware must be allowed or removed with receipts that prove the exchange. All devices must follow hardening guides to the detail.
NA
Hardening Standards HR Security Policy System inventory
NDA and Policy Signing Reviews
Verify that employees and contractors have signed NDA and security policies.
Input:
- List of new employee since the last audit; login name in column A
- HR to provide copies of the NDA and Contracts for this list of people

Analysis:
- Ensure each employees has an NDA and signed contract

Output:
- Spreadsheet with the analysis
All employees have agreed and signed our NDA and contract.
NA
NDA Agreement HR Security Policy