External Audit Questionnaire for NCC

1.3 INFORMATION TECHNOLOGY-(IT)

a) What were the significant changes to the I.T policies and procedures during the
financial year, if any?
Management Response:
A draft policy is being developed and being finalized.

b) What procedures are in place to ensure that owners of information assets

comply with security policy?
Management Response -
The draft policy will cover security policy and operating procedure maunal is
being drafted.

c) Can final audit rely on your IT controls?

Management Response -
Once the policy and procure manuals are finalized and signed off, the audit can
rely on the IT controls.

d) What measures are in place to prevent unauthorized access to computer

terminals and workstations?

Management Response -
Users login to their their terminals with a username and password that is changed
every 3 weeks.

e) Does the organization have a formalized procedure for the reporting of security
breaches with regard to I.T?
Management Response –
It will be in place when the policy is finalized.

f) Are there any transactions that were manually maintained and latter captured
into the system?
Management Response –
- Currently, all the accounting system is manual and excel based for
recording and reporting.

g) Where are backups stored and have the backups been tested?
Management Response –
- Users have Microsoft One-drive accounts that stores the bakcups on the
cloud. A Business contiuity and disaster recovery plan for systems and data
is being developed.
h) Where there any changes to the accounting system? From prior period, please
explain the changes?
 Management Response –
- The commission has just purchased sage pastel and to be installed
on premis. Currently, all the accounting system is manual and excel
based for recording and reporting.

i) What other information systems are being used by the Board?