INFORMATION TECHNOLOGY
GENERAL CONTROLS AUDIT
CA. Dr. K. Paul Jayakar
M.com., FCA, Ph.D., DIRM, CRISC
Director IT & RMS, Brahmayya & Co.
2nd September 2015
Today’s overview
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
PLANNING AND DESIGN
ACCESS CONTROL
CONFIGURATION AND MANAGEMENT
APPLICATIONS
DATA INTEGRITY AND SECURITY
MONITORING AND LOGGING
PHYSICAL SECURITY
CONTINGENCY PLANNING AND DISASTER PREPAREDNESS
POLICY
THIRD PARTIES
Learning Objectives
•
•
•
•
Technology
Procedure
Policies
Benefits
1. Planning And
Design
a. Classifying Data
b. Risk Management
c. Topology
d. Data flow
2. Access Control
a.
Identify Users, System Administrators, Developers
b.
Access Control Administration: Authorization and Access
Granting Authority
c.
Authentication and Authorization
d.
VPN/Remote Access
e.
Host Interfaces
f.
Network Access Control Devices
3. Configuration And
Management
a.
Host Configuration
b.
Network Device Configuration
c.
Application and Database Configuration
d.
Change Control
e.
Patching and Anti-virus
f.
System Validation
4. Applications
5. Data Integrity And
Security
6. Monitoring And
Logging
a. Application, Database, System, Network, and
Device Logs
b. Log Maintenance and Review
c. Intrusion Detection
d. Testing
7. Physical Security
8. Contingency Planning
And Disaster Preparedness
a. Contingency Planning
b. Non-production Environments
c. Backups
9 Policy
10 Third Parties
New
Environment
NEW
OPPORTUNITIES
New Opportunities
The technology learning curve
Working Toward Mastery
Projects Worked On
Achieve
Mastery
Get
Experienced
Get Familiar
Time Spent
Doing Your Best Work
• Working from home
• Working offsite
• Technology
requirements
Summary
• Define your challenges
– Technological as well as personal
• Set realistic expectation
– Mastery is not achieved overnight
• Keep your eye on the goal
– Mentorship programs
Resources
• ICAI
icai.org ; cit.icai.org
• IIA
theiia.org
• ISACA
isaca.org
QUESTIONS?
THANK YOU