preview

Case Study : Area Risk Assessment

Satisfactory Essays
ITGC Area Risk Assessment
IT Management Low
Systems Development Low
Data Security Medium
Change Management Low
Business Continuity Planning High
Alexandra DeHaven
IT General Controls

ITGC Area Summary of Issue Strength or Weakness
IT Management FFC has an IT strategic plan Strength
IT Management FFC has an IT Steering Committee Strength
IT Management VP Information Security reports to CIO Weakness
IT Management FFC plan matches IT plan Strength
IT Management VP Applications reports to CIO Weakness
IT Management Steering Committee Members 5/7 report to CIO Weakness
IT Management VP Operations reports to CIO Weakness
IT Management VP Database Administration reports to CIO Weakness
IT Management CIO Reports to the CFO Strength
Systems
…show more content…
FFC recently implemented a fingerprint bio-coding payment system in its stores and this implementation required that FFC change other systems as well. An IT General Control (ITGC) review is mandatory to meet SAS 109’s risk assessment procedures and SOX Section 404 Management Assessment of Internal Controls requirements. This is also important because it builds a foundation to begin the implementation on.
Purpose:
The ITCG controls are important for both security reasons as well as data validation for the systems within a company that manage financial data. There are high costs that come with protecting a data and it is important to identify all the possible risks that a company may end up facing and creating a plan for protection.
Scope:
As stated by Sophie Ewing, the audit senior, the team reviewed the technical issues related to FFC’s internal controls and evaluated FFC’s operating systems, its telecommunications software, and its network configuration and firewall. The evaluation changes how the financial auditor assesses the risk of
Get Access