Internal Controls
Internal Controls explain the activities we perform at our organisation to deal with Risks and Compliance Requirements. We document what they do, how we test them and what Policies, Standards and Procedures govern them.
60
0%
Current Internal Controls
0
0%
New Internal Controls
0
0%
Updated Internal Controls
Actions
|
Title | Objective | Audit Methodology | Audit Success Criteria | Maintenance Task | Policies |
---|---|---|---|---|---|---|
Transport of Media
|
Ensure that transport of media was correctly managed
|
Input:
- Inventory of stored media - Tickets for the Media queue Analysis: - Review all tickets for media transport and ensure the process has been properly followed. Output: - Spreadsheet with analysis |
All media has been accessed with a reason and all transported media has been transported according to our procedures.
|
NA
|
Media Handling Policy | |
User Access Maintenance Request
|
Ensure all requests for creation and amendment of user access to systems and data is appropriate and approved.
|
|
|
|
Account Management Procedures | |
Visitor Log Reviews
|
Ensure all visitors have been properly registered before allowing them access to the office
|
Input:
- CCTV footage of the entrance camera for the last 90 days - Visitor Logs Analysis: - Review %10 of all visitors entry and ensure the log corresponds with CCTV Output: - Screenshots and spreadsheet with the entries reviewed |
All items reviewed have corresponding CCTV footage that validates the visitor log was properly completed.
|
NA
|
Physical Security Standards | |
VPN Access
|
VPN access is available to all our employees
|
Input:
- VPN server configurations - List of VPN connections from our central log collector since last audit - List of employees that left the organisation since last audit Analysis: - Configurations on VPN servers enforce that only AD valid accounts can login - The comparison in between VPN logs and employees that left the organisation show no ex-employee ever connected to the VPN Output: - Spreadsheet with the analysis |
Only employees can (and have) VPN to the organisation.
|
NA
|
Hardening Standards Logging & Monitoring Standards | |
WPA2 Secured Wifi Networks
|
Ensure Wifi networks comply with our standards
|
Input:
- List of AP from system inventory; column A hostname - One txt file per AP with all its configuration settings - Hardening guide for Wifi systems Analysis: - Review each AP config to ensure standards are met (authentication; encryption; Etc) Output: - Spreadsheet with the analysis; check mark on column B if the device is correctly configured |
All AP are aligned to the standards defined.
|
NA
|
Hardening Standards System inventory | |
XERO Account Reviews
|
Make sure XERO accounts and roles are correct
|
Input:
- List of XERO Accounts - List of roles and permissions for each role Analysis: - Ensure only "esteban.ribicic" has "admin" role - Ensure only our accountants have "accounting" role - Ensure "Accounting" role can not create invoices - Ensure Maintenances tasks (review with accounting employees that left) have been completed Conclusion: - Screenshots and spreadsheet with the analysis |
Permissions and account %100 correct
|
Check with our accounting firm if all listed XERO accounts are still needed
|
Account Management Procedures |