Scribd Logo
Upload

Welcome to Scribd!

  • SSD Observations Only Template Lab Manual 2-Module1-Solution

    Uploaded by

    Naresh Batra Associates
    24 views6 pages
    The audit report summarizes the results of an information systems audit of ABC Bank's data center operations. Several medium and high-risk observations were noted regarding issues with logical and physical access controls, change management processes, user access reviews, and backup media management. Detailed observations and risk rankings are provided for each of the 12 control objectives that were reviewed as part of the audit.

    Original Description:

    Original Title

    SSd Observations Only Template Lab Manual 2-Module1-Solution

    Copyright

    © © All Rights Reserved

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The audit report summarizes the results of an information systems audit of ABC Bank's data center operations. Several medium and high-risk observations were noted regarding issues with logical and physical access controls, change management processes, user access reviews, and backup media management. Detailed observations and risk rankings are provided for each of the 12 control objectives that were reviewed as part of the audit.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    24 views6 pages

    SSD Observations Only Template Lab Manual 2-Module1-Solution

    Uploaded by

    Naresh Batra Associates
    The audit report summarizes the results of an information systems audit of ABC Bank's data center operations. Several medium and high-risk observations were noted regarding issues with logical and physical access controls, change management processes, user access reviews, and backup media management. Detailed observations and risk rankings are provided for each of the 12 control objectives that were reviewed as part of the audit.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    IS Audit Report of A Bank's Data

    Ref of appointment Letter


    A. Executive Summary
    Disclaimers If any
    Introduction: We have been assigned IS Audit of ABC Bank…
    Auditee Environment: ABC Bank is having a Data centre with 600 servers…
    B. Scope Information system audit of Data Centre operations of A Bank
    Date of Visits
    Team Members
    Draft Submited On
    Final report submited On
    C. Intended AReceipients
    1 Audit department
    2 CTO (IT department)
    3 Chief Risk Officer
    D. Classification Crietaria for Risk
    Very High High Medium Low
    Breach could result Breach could result Breach could result in Breach could result in minor
    in financial losses, or in very serious loss serious loss or injury, loss or injury
    in exceptionally or injury, and the and the business
    grave injury to business process process could be
    individual or the could fail negatively affected
    organization and the
    business process will
    fail

    E. Summary Table of Number of observations classified by risk


    Very High High Medium Low

    F. Graphical distribution of observations

    G. Detailed observation
    Sr. No. Control objectives Audit procedures Risk Ranking observations
    1 Maintenance of Observations & Asset register
    Asset Register confirmation was not updated
    and not reviewed
    for last two years. Asset
    register not having any
    ownership and location
    information

    2 Logical access Observations & All menus are accessible to


    control confirmation all the users.

    3 Physical access observations No frisking was done at the


    control entry point of data centre

    4 Physical access observations and There is no biometric access


    control interview control at the entry point of
    data centre. Piggybacking
    can not be avoided by single
    guard posted there.

    5 Logical access Observations & Incident management


    control confirmation register provide information
    of three logical access cases
    of violation of access
    control during last three
    months. No root cause
    analysis done and no
    followup was made.

    6 Logical access Observations & It was observed that testing


    control confirmation and development team use
    the same data in the same
    server without any
    partition.

    7 Segregation of Observations & It was observed that


    duties confirmation production team and
    testing team has direct
    access to production server
    8 Version control Observations & Version control was not
    management confirmation maintained and there is no
    librarian posted in the data
    Centre.

    9 Change Observations & Change Management


    Management confirmation process is manual and there
    is a gap in execution and
    testing of changes.

    10 User Management Observations & It was observed that user


    confirmation access review of all
    application done manually
    and the periodicity is once
    in a year.

    11 Patch Observations & DBA team is managing the


    Management confirmation patch management process
    for application system as
    well as databases.

    12 Backup media Observations & Backup tapes are not


    management confirmation lebelled accurately
    externally and internally
    and stored in humid
    condition within the data
    centre.

    Name of Auditor
    Signature
    Seal
    Date
    A Bank's Data Centre

    Negligible
    Breach could result in little
    or no loss or injury

    Negligible

    Impact Recommendation Management Comments

    You might also like