Internal Controls
Internal Controls explain the activities we perform at our organisation to deal with Risks and Compliance Requirements. We document what they do, how we test them and what Policies, Standards and Procedures govern them.
60
0%
Current Internal Controls
0
0%
New Internal Controls
0
0%
Updated Internal Controls
|
Actions
|
Title | Objective | Audit Methodology | Audit Success Criteria | Maintenance Task | Policies |
|---|---|---|---|---|---|---|
|
Code Reviews
|
Review the code that manages key functionalities to ensure SDLC standards are met
|
Input:
- List of application in the scope of the program and their key functionalities as per our SDLC procedure - Reference to the software deployment tickets Analysis: - Ensure that all key functionalities have been tested before being deployed by at least two different people. Output: - Spreadsheet with the list of tickets and a check mark if they have been properly reviewed. |
All key features have been contested by at least two people before being deployed.
|
NA
|
SDLC Procedures | |
|
Software Deployment Reviews
|
On every release of software functional, test and security test cases must be defined and evidence of their testing must be stored. Every release requires a change management ticket which must include all this information and records. This controls ensures this process is followed in detail.
|
Evidence: ,
- Inventory of assets, - Tickets in Service Desk corresponding to software deployments , - Screenshots of the version of the application to review, , Analysis: , - Review the deployments for the software have followed the procedures in particular approvals and evidence that testing has been completed, , Conclusion: , - Spreadsheet with analysis |
All tested deployments have followed the stated procedure
|
NA
|
SDLC Procedures System inventory | |
|
Software Testing
|
|
Input:
- Testing case sheets Analysis: - Review how many bugs where found on each testing cases results since the last audit Conclusion: - Spreadsheet with analysis |
We should have consistently reduced the amount of bugs over time
|
NA
|
SDLC Procedures |