Today I will be focusing on the remaining part of YX Precious Metal Berhad’s ITGC. I am going to complete the last section, which is the computer operations, which includes automated job processing, backup procedures, patch management, and problem management procedures.
The automated job processing is to determine whether management has controls in place over the design and execution of system jobs to ensure accuracy, completeness, and timely processing of system jobs, including batch jobs and interfaces, for relevant information systems related to financial reporting. What we do is to inquire the person on change whether there are procedures practiced in the company to monitor the system job and we will inspect the documentation to determine whether the job scheduling is in place.
For the backup procedure, we will determine whether management has controls in place over the design and execution of backup, recovery, and storage to ensure accuracy, completeness, and timely processing of system backup, including restoration test of backup, for relevant information systems related to financial reporting. We will ask the person in charge whether there is control being used over the execution and monitoring of system backup and offsite backup. To test the operating effectiveness, we will inspect the samples of the backup log or report to determine whether the integrity and completeness of data backup were tested by the system operators.
Moving to patch management, we will determine whether the management has a patch management process in place to ensure the proper preventive measures are taken against potential threats and security vulnerabilities. This includes the implementation of anti-virus software. To test its effectiveness, we will request the client to provide us the screenshots of its antivirus status and we will check whether it is up to date or not.
The last section is related to the incident and problem management procedures, it is to determine whether management has controls in place to ensure that system problems that could potentially impact the financial reporting process are identified and resolved in a timely manner. We will inquire with the client about the process for logging, investigating, and resolving incidents and failures.
Main things that have learned
To continue YX Precious Metal Berhad ITGC work
Comment/idea/opinion
N/A
Comments