Scribd Logo
Upload

Welcome to Scribd!

  • ITGC Scoping Example and Exercise

    Uploaded by

    kavithaangappan
    1 views12 pages

    Original Title

    5. ITGC Scoping Example and Exercise

    Copyright

    © © All Rights Reserved

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    1 views12 pages

    ITGC Scoping Example and Exercise

    Uploaded by

    kavithaangappan

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 12

    Major Service Lines Department functions

    Executive Management: CEO's Office


    Executive Administration
    Corporate Strategy and Planning: Strategic Planning
    Business Development
    Mergers and Acquisitions
    Operations (Production) Production/Manufacturing
    Quality Assurance/Control
    Inventory Management
    Supply Chain Management
    Logistics and Distribution
    Facilities Management
    Sales and Marketing: Sales Management
    Marketing Strategy
    Product Management
    Market Research
    Advertising and Promotion
    Pricing
    Finance and Accounting: Accounting
    Financial Planning and Analysis
    Treasury
    Taxation
    Internal Audit Audit
    Human Resources (HR): Recruitment and Staffing
    Training and Development
    Compensation and Benefits (Payroll)
    Employee Relations
    HR Information Systems
    Information Technology (IT): IT Strategy
    Application Development
    Infrastructure Management
    Cybersecurity
    IT Support
    Data Analytics
    Research and Development (R&D): Research Strategy
    Product Development
    Innovation Management
    Intellectual Property Management
    Legal and Compliance: Legal Affairs
    Compliance Management
    Contract Management
    Procurement and Supply Chain: Procurement
    Vendor Management
    Strategic Sourcing
    Inventory Management
    Supplier Relationship Management
    Environmental, Health, and Safety (EHS)Environmental Compliance
    Occupational Health and Safety
    Sustainability
    Customer Service: Customer Relationship Management
    Customer Support
    Warranty and Returns
    After-Sales Service
    Corporate Communications: Internal Communications
    External Communications
    Public Relations
    Risk Management: Enterprise Risk Management
    Insurance Management
    Corporate Social Responsibility (CSR): CSR Strategy
    Community Engagement
    Social and Environmental Impact Assessmen
    ERP / Application Name
    1 SAP SuccessFactors

    2 Salesforce

    3 eProcure - Legacy application

    4 SAP S/4 HANA

    5 Tableau

    6 Enablon (Wolters Kluwer)

    7 ServiceNow

    8 (Outsourced to third party)


    Functions used

    Core HR, Recruiting, Learning, Performance and Goals, and Employee Central.

    A widely-used CRM platform for sales, service, marketing, and commerce.

    Focuses on procurement, sourcing, and supplier management.

    Finance, Supply Chain, Manufacturing and Sales

    A powerful data visualization and business intelligence platform.

    GRC Tool - Risk Management, Audit Management, Health & Safety

    IT Service Management - Change requests, Service requests, incidetns and problems


    management
    Payroll Processing
    Application Database Platform
    SAP SuccessFactors SAP HANA Unix
    Salesforce AWS Cloud (SaaS) AWS Cloud (SaaS)
    eProcure - Legacy application Oracle Windows Server
    SAP S/4 HANA SAP HANA Unix
    Tableau Windows Server
    Enablon (Wolters Kluwer) SQL Server Windows Server
    ServiceNow SQL Server Windows Server
    (Payroll - Outsourced to third party) Outsourced Outsourced
    Bitdefender (Anti malware) N/A Windows Server
    Active Directory (end users) Windows Server
    Data Centre
    SAP Cloud
    AWS Cloud
    Chicago
    SAP Cloud
    Chicago
    Chicago
    Chicago
    Outsourced
    Chicago
    Chicago
    SOX compliance requirement in simple terms
    Companies must have good internal controls to ensure their financial repo
    They need to check these controls regularly and report on their effectivene
    An independent auditor needs to verify that the company's assessment is a

    Audit scope for Business Processes

    All the processes impacting Application used by the


    financial reporting Company
    Business process scoping
    Financial accounting S/4 HANA FI module
    Management acccounting S/4 HANA CO module
    Treasury and Cash Management S/4 HANA TRM module
    Sales and distribution S/4 HANA SD module
    Material Management S/4 HANA MM module
    Production Planning S/4 HANA PP module
    Procurement e-procure legacy application
    Payroll Outsourcced

    Application Scoping List of all applications In Scope or not


    SAP SuccessFactors Not in Scope
    Salesforce Not in Scope
    eProcure - Legacy application Yes - In scope
    SAP S/4 HANA Yes - In scope
    Tableau Not in Scope
    Enablon (Wolters Kluwer) Not in Scope
    ServiceNow Not in Scope
    (Payroll - Outsourced to third partYes in Scope

    App & Infra scoping Application Database


    SAP SuccessFactors SAP HANA
    Salesforce AWS Cloud (SaaS)
    eProcure - Legacy application Oracle
    SAP S/4 HANA SAP HANA
    Tableau
    Enablon (Wolters Kluwer) SQL Server
    ServiceNow SQL Server
    (Payroll - Outsourced to third partOutsourced

    IT Process Scoping Change Management / SDLC


    Logical access
    Security Management
    Data Backup

    IT detailed scoping Scoped Application App/ DB / Platform / NW /


    Datacentre

    eProcure Application
    Database - Oracle
    Data
    Platform Windows
    Network
    S/4 HANA Application
    Database (managed by org)
    Database (managed by SAP)
    Data
    Platform
    Network (org)
    Network (SAP)
    Payroll App, DB, Data, Platform, NW

    Organisaation Scope

    Application eProcure & S/4


    Database eProcure & S/4
    OS Win_ep
    NW Rout1,2,3,4 & FW1,2

    Soc 1 From SAP


    SOC1 From Company xx for the Payroll app
    ure their financial reporting is accurate.
    ort on their effectiveness.
    pany's assessment is accurate.

    Platform Data Centre


    Unix SAP Cloud
    AWS Cloud (SaaS) AWS Cloud
    Windows Server Chicago
    Unix SAP Cloud
    Windows Server Chicago
    Windows Server Chicago
    Windows Server Chicago
    Outsourced Outsourced
    App / Infra reference Change Management / Logical access Security Data Backup
    SDLC Management

    eProcure app Yes Yes Yes N/A


    Ora_ep_Prod Yes Yes Yes N/A
    Ora_ep_Prod N/A N/A N/A Yes
    Win_ep Yes Yes Yes N/A
    Rout1, Rout2, FW 1 Yes Yes Yes N/A
    S/4 HANA Yes Yes Yes N/A
    SAP db Yes Yes Yes N/A
    SOC1 SOC1 SOC1 N/A
    N/A N/A N/A SOC1
    SOC1 SOC1 SOC1 N/A
    Rout3, Rout4, FW 2 Yes Yes Yes N/A
    SOC1 SOC1 SOC1 N/A
    SOC1 SOC1 SOC1 SOC1
    ABC Bank Service Lines Audit Scope Applications used Who maintains
    Credit Dept Yes Core Banking ABC Bank
    Deposits Yes Core Banking
    Investemnts Yes Core Banking
    Forex & Treasurey Yes ABCMoney ABC Bank
    Credit card Yes CardPower Third Party
    CRM No Care4U Cloud Service
    Marketing No ABCMark ABC Bank
    Tie up with Insurance. No
    Bancassurance No specific application

    IT Setup Application Database Platform Data Centre


    Core Banking Oracle Unix Mumbai
    ABCMoney SQL Server Windows Mumbai
    ABCMark SQL Server Windows Mumbai

    ITGC audit to be conducted for the following processes


    Change Management
    Logical access
    Data Backup
    Data Centre controls
    Incidents and Problems management
    NW, OS, DB and App Security

    1. Prepare a scope document for audit at the organisation


    2. Indicate SOC1 requirements
    SW change- dev and maintenance is outsources to XYZ consultants

    Totally managed by CardPower a third party Service provider

    You might also like