Internal Controls

Internal Controls explain the activities we perform at our organisation to deal with Risks and Compliance Requirements. We document what they do, how we test them and what Policies, Standards and Procedures govern them.

58

0%
Current Internal Controls

0

0%
New Internal Controls

0

0%
Updated Internal Controls
Actions
Title
Objective
Audit Methodology
Audit Success Criteria
Maintenance Task
Policies
Transport of Media
Ensure that transport of media was correctly managed
Input:
- Inventory of stored media
- Tickets for the Media queue

Analysis:
- Review all tickets for media transport and ensure the process has been properly followed.

Output:
- Spreadsheet with analysis
All media has been accessed with a reason and all transported media has been transported according to our procedures.
NA
Media Handling Policy
User Access Maintenance Request
Ensure all requests for creation and amendment of user access to systems and data is appropriate and approved.
Account Management Procedures
Visitor Log Reviews
Ensure all visitors have been properly registered before allowing them access to the office
Input:
- CCTV footage of the entrance camera for the last 90 days
- Visitor Logs

Analysis:
- Review %10 of all visitors entry and ensure the log corresponds with CCTV

Output:
- Screenshots and spreadsheet with the entries reviewed
All items reviewed have corresponding CCTV footage that validates the visitor log was properly completed.
NA
Physical Security Standards
VPN Access
VPN access is available to all our employees
Input:
- VPN server configurations
- List of VPN connections from our central log collector since last audit
- List of employees that left the organisation since last audit

Analysis:
- Configurations on VPN servers enforce that only AD valid accounts can login
- The comparison in between VPN logs and employees that left the organisation show no ex-employee ever connected to the VPN

Output:
- Spreadsheet with the analysis
Only employees can (and have) VPN to the organisation.
NA
Hardening Standards Logging & Monitoring Standards
WPA2 Secured Wifi Networks
Ensure Wifi networks comply with our standards
Input:
- List of AP from system inventory; column A hostname
- One txt file per AP with all its configuration settings
- Hardening guide for Wifi systems

Analysis:
- Review each AP config to ensure standards are met (authentication; encryption; Etc)

Output:
- Spreadsheet with the analysis; check mark on column B if the device is correctly configured
All AP are aligned to the standards defined.
NA
Hardening Standards System inventory
XERO Account Reviews
Make sure XERO accounts and roles are correct
Input:
- List of XERO Accounts
- List of roles and permissions for each role

Analysis:
- Ensure only "esteban.ribicic" has "admin" role
- Ensure only our accountants have "accounting" role
- Ensure "Accounting" role can not create invoices
- Ensure Maintenances tasks (review with accounting employees that left) have been completed

Conclusion:
- Screenshots and spreadsheet with the analysis
Permissions and account %100 correct
Check with our accounting firm if all listed XERO accounts are still needed
Account Management Procedures