Google

Thursday, May 07, 2009

Audit Program for Auditing Small or Medium size Computer Operation (IT Operation)

1) Inventory

•Identify the hardware and operating systems in used.

•Determine if there is a contract for the hardware and operating systems support.

•Identify the vendor and services performed

2) Maintenance

•Is there a maintenance agreement on the computer equipment available? Ensure that maintenance is performed as scheduled in the agreement.

3) Computer Room Physical Security and operational controls

Assess the adequacy of physical and operational controls of the computer operations area including:-
a. Computer room housekeeping.
b. Computer room security.
c. Expansion possibilities.
d. Personnel safety.

Computer room housekeeping.

•Is the computer room maintained in an orderly manner? Ensure that paper supplies / boxes are neatly kept to minimize outbreak of fire from spreading.

•Are wires/cables neatly arranged to prevent tripping or accidental disconnection?

Computer room security.


•Is there a dedicated computer room to house the computer equipments e.g. server, network equipment, switch, hub, etc.?

•Are computer devices e.g. servers and cabling protected to prevent unauthorized access or interception?

•Are there any procedures for granting access to the computer room? Evaluate the effectiveness of the procedures.

•Is the door to the computer room always locked to prevent unauthorized access?

•Is there any physical access control system installed. Evaluate the adequacy of the system. Ensure that only authorized personnel are granted access to the computer room.


Operational controls
•Are there are any fire suppression systems installed in the computer room? Evaluate the adequacy of the system. Determine if staff are trained on its usage.

•How many fire extinguishers are available on the premise? Are the fire extinguishers serviced regularly?

•Is the operating environment conducive for a computer system to be operating at desired levels? Temperature and humidity should be controlled at tolerable levels to ensure optimum usage and protection of computer hardware/software.

•Is there an Uninterruptible Power Supply (UPS) available?

4) Backup

•Determine the frequency and type of backup performed e.g. system, data. Ensure that backup media are not exposed to environmental damage.

•Are backup media appropriately labeled to avoid confusion?

•Are backup media securely stored?

•Determine if data and program files are adequately retained and backed-up at off-site facilities.

5)Disaster Recovery

Review contingency plans to determine if management has provided for alternative processing for users in the event of loss or interruption of the main computer facility.

6)Insurance Coverage

Review the adequacy of insurance coverage for IT equipments i.e. :-
•Are all computer system related hardware are insured against damage or loss?
•If insured, obtain the insurance policy to ensure completeness and adequacy of the coverage

7)Software Licenses
•Are all software installed in the computers licensed copies?
•Account for the original software packages purchased.

8)Output control / Report printing

•How are outputs e.g. reports distributed to user departments? Controls should be in place to ensure all reports are distributed safely to user departments.

•Is there acknowledgement of receipt? Can these reports be intercepted without being noticed?

•Is there adequate control over the printing, storage and/or destruction of sensitive documents or reports? These documents should be shredded when no longer required. Observe whether such practice is enforced.

Labels:

technorati tags:

0 Comments:

Post a Comment

<< Home