Professional Documents
Culture Documents
Risk
Descripti
on
1 ITGC Risk IT Policy Intended ITGC 01
Assessme IT related
nt processes
not
followed
due to
absence
of defined
comprehe
nsive IT
policy
document
2 ITGC Control Access Editable ITGC 02
Environm Rights access of
ent Financial
System
(Accounti
ng
Software)
provided
to persons
other than
Company
employee
s (Internal
and
Statutory
Auditors,
Consultan
ts, etc.)
1. For CMS - Significan Higher As Needed Preventiv Automate For Tally 1. Yes For Tally -
Users access rights t e d - all the 2. No give all the
are granted by IT users in users
only upon specific the separate
approval by the accounts user-id
concerned dept. are password
functional head sharing and access
common rights.
2. For Tally - user-id
Users access rights password
are granted by IT and
only upon specific having
approval by the same
concerned access
functional head rights
System prompts Normal Not As Needed Preventiv Automate System No Introduce a
the user to change Higher e d does not password
the password after give any change
the expiration of alerts or policy
30 days. notificatio whereby
ns to the system
force- gives a
change pop-up to
the force-
password change the
after password
expiration after
of 30 days expiration
of 30 days
2. Retrieval is
tested at
reasonable
frequency
Off-site storage of Significan Not As Needed Preventiv Automate There is No Ensure off-
back-up to tackle t Higher e d no off-site site storage
any unforeseen storage of of back-up
event at the office the back- for
premises. up server ensuring
safety of
back-up
2. Servers:
All servers are
installed with anti
virus scanner.
3. Gateway:
Mail server is
managed and all
the Emails are
scanned by threat
management
gateway.