MEP Vaccine Hero
22/5/12
10.079
81.895
113
Hơn 20 năm nay chưa bị hỏi, nay tự nhiên bị hỏi thế này, thấy đâu có liên can gì đến KIỂM TOÁN đâu mấy anh nhỉ?

SL.NORef.ITGC AreaDescription
4ITE.04IT EnvironmentEmployee (including permanent, contracted, etc) movement listing of:
i. New staff
ii. Transferred staff
iii. Terminated staff
within the audit period (01/July/2019 to 30/March/2020)
6ITE.06IT EnvironmentIT Security Policy and Procedures, for the following areas:
  1. Data Centre Access and Review
  2. Access rules (Establishment of matrix, role based authorisation, changes to matrix)
  3. User Administration (access creation/ modification/ deletion)
  4. Generic ID Management
  5. Password Controls (minimum requirements/ standards)
  6. User Access Review Requirements
  7. Security Audit Log Requirement and Review
  8. Powerful User Management
  9. Program and Configuration Change Management
  10. Test Environment
  11. Version Control
  12. Segregation of duties between developer and migrator
  13. Emergency Change Management
  14. Computer Operations Management (Job scheduling and monitoring, Backup management (schedule, methodology, retention, restoration test))
  15. Backup Media Onsite and Offsite Physical Access
  16. Incident Management
  17. End User Policy
  18. Acceptable Use Policy
  19. Backup Policy
11ITO.05IT OperationsList of personnels authorised to access the backup media onsite
14ITO.08IT OperationsSystem-generated list of incidents report within the audit period (1 July 2019 to 31 Mar 2020)
17ITO.11IT OperationsDisaster Recovery Plan (DRP), Report of the last DRP test performed
19ITO.13IT OperationsMonthly meeting minutes (for the purpose of Incidental Management)
25SEC.04SecuritySegregation of Duties Matrix / Framework
To include the latest SoD Matrix/Framework inclusive of the corresponding reviews (if any)
36CHM.01Change ManagementSystem-generated list of changes migrated to production environment within the audit period( 01/07/2019 -30/03/2020)
 
Hạng B2
11/7/11
303
242
43
Internal audit, tất cả đều có guideline từ tập đoàn... Cty ko có, tức là mình chưa update để chạy theo chuẩn....
 
Hơn 20 năm nay chưa bị hỏi, nay tự nhiên bị hỏi thế này, thấy đâu có liên can gì đến KIỂM TOÁN đâu mấy anh nhỉ?

SL.NORef.ITGC AreaDescription
4ITE.04IT EnvironmentEmployee (including permanent, contracted, etc) movement listing of:
i. New staff
ii. Transferred staff
iii. Terminated staff
within the audit period (01/July/2019 to 30/March/2020)
6ITE.06IT EnvironmentIT Security Policy and Procedures, for the following areas:
  1. Data Centre Access and Review
  2. Access rules (Establishment of matrix, role based authorisation, changes to matrix)
  3. User Administration (access creation/ modification/ deletion)
  4. Generic ID Management
  5. Password Controls (minimum requirements/ standards)
  6. User Access Review Requirements
  7. Security Audit Log Requirement and Review
  8. Powerful User Management
  9. Program and Configuration Change Management
  10. Test Environment
  11. Version Control
  12. Segregation of duties between developer and migrator
  13. Emergency Change Management
  14. Computer Operations Management (Job scheduling and monitoring, Backup management (schedule, methodology, retention, restoration test))
  15. Backup Media Onsite and Offsite Physical Access
  16. Incident Management
  17. End User Policy
  18. Acceptable Use Policy
  19. Backup Policy
11ITO.05IT OperationsList of personnels authorised to access the backup media onsite
14ITO.08IT OperationsSystem-generated list of incidents report within the audit period (1 July 2019 to 31 Mar 2020)
17ITO.11IT OperationsDisaster Recovery Plan (DRP), Report of the last DRP test performed
19ITO.13IT OperationsMonthly meeting minutes (for the purpose of Incidental Management)
25SEC.04SecuritySegregation of Duties Matrix / Framework
To include the latest SoD Matrix/Framework inclusive of the corresponding reviews (if any)
36CHM.01Change ManagementSystem-generated list of changes migrated to production environment within the audit period( 01/07/2019 -30/03/2020)
cái này là internal audit thôi mà, chủ yếu là nó audit về process, procedures, risk assessment chứ không liên quan đến financial
 
MEP Vaccine Hero
22/5/12
10.079
81.895
113
cái này là internal audit thôi mà, chủ yếu là nó audit về process, procedures, risk assessment chứ không liên quan đến financial
Tèo hiểu đúng ý mình nè
M đang nói kiểm toán kế toán á, không phải đánh giá hoạt động
 
Hạng B2
11/2/12
330
9.389
93
Cùng chữ Audit nhưng ý nghĩa khác.

Audit này là đánh giá chứ ko phải kiểm toán.

Như đánh giá ISO, đánh giá nội bộ, đánh giá theo chuẩn mực,...