INFORMATION TECHNOLOGY GENERAL CONTROLS AUDIT CA. Dr. K. Paul Jayakar M.com., FCA, Ph.D., DIRM, CRISC Director IT & RMS, Brahmayya & Co. 2nd September 2015 Today’s overview 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. PLANNING AND DESIGN ACCESS CONTROL CONFIGURATION AND MANAGEMENT APPLICATIONS DATA INTEGRITY AND SECURITY MONITORING AND LOGGING PHYSICAL SECURITY CONTINGENCY PLANNING AND DISASTER PREPAREDNESS POLICY THIRD PARTIES Learning Objectives • • • • Technology Procedure Policies Benefits 1. Planning And Design a. Classifying Data b. Risk Management c. Topology d. Data flow 2. Access Control a. Identify Users, System Administrators, Developers b. Access Control Administration: Authorization and Access Granting Authority c. Authentication and Authorization d. VPN/Remote Access e. Host Interfaces f. Network Access Control Devices 3. Configuration And Management a. Host Configuration b. Network Device Configuration c. Application and Database Configuration d. Change Control e. Patching and Anti-virus f. System Validation 4. Applications 5. Data Integrity And Security 6. Monitoring And Logging a. Application, Database, System, Network, and Device Logs b. Log Maintenance and Review c. Intrusion Detection d. Testing 7. Physical Security 8. Contingency Planning And Disaster Preparedness a. Contingency Planning b. Non-production Environments c. Backups 9 Policy 10 Third Parties New Environment NEW OPPORTUNITIES New Opportunities The technology learning curve Working Toward Mastery Projects Worked On Achieve Mastery Get Experienced Get Familiar Time Spent Doing Your Best Work • Working from home • Working offsite • Technology requirements Summary • Define your challenges – Technological as well as personal • Set realistic expectation – Mastery is not achieved overnight • Keep your eye on the goal – Mentorship programs Resources • ICAI icai.org ; cit.icai.org • IIA theiia.org • ISACA isaca.org QUESTIONS? THANK YOU