Internal Controls

Internal Controls explain the activities we perform at our organisation to deal with Risks and Compliance Requirements. We document what they do, how we test them and what Policies, Standards and Procedures govern them.

60

0%
Current Internal Controls

0

0%
New Internal Controls

0

0%
Updated Internal Controls
Actions
Title
Objective
Audit Methodology
Audit Success Criteria
Maintenance Task
Policies
Code Reviews
Review the code that manages key functionalities to ensure SDLC standards are met
Input:
- List of application in the scope of the program and their key functionalities as per our SDLC procedure
- Reference to the software deployment tickets

Analysis:
- Ensure that all key functionalities have been tested before being deployed by at least two different people.

Output:
- Spreadsheet with the list of tickets and a check mark if they have been properly reviewed.
All key features have been contested by at least two people before being deployed.
NA
SDLC Procedures
Software Deployment Reviews
On every release of software functional, test and security test cases must be defined and evidence of their testing must be stored. Every release requires a change management ticket which must include all this information and records. This controls ensures this process is followed in detail.
Evidence: ,
- Inventory of assets,
- Tickets in Service Desk corresponding to software deployments ,
- Screenshots of the version of the application to review,
,
Analysis: ,
- Review the deployments for the software have followed the procedures in particular approvals and evidence that testing has been completed,
,
Conclusion: ,
- Spreadsheet with analysis
All tested deployments have followed the stated procedure
NA
SDLC Procedures System inventory
Software Testing
Input:
- Testing case sheets

Analysis:
- Review how many bugs where found on each testing cases results since the last audit

Conclusion:
- Spreadsheet with analysis
We should have consistently reduced the amount of bugs over time
NA
SDLC Procedures