Audit Program

Download free SysTrust Audit Framework Templates

Download Free IT Outsourcing Cost-of-Living Adjustment (COLA) Provisions Checklist

1. What is a COLA provision? (A provision that calls for an adjustment to the fees to reflect inflation)

2. At what point during the term of the Agreement will COLA apply?
- Is any inflation built into the fees?
- To what extent should the vendor be managing inflation?

Download free IT Organization Audit Guidelines free download. This audit guidelines used to assess the IT function within a company, whether the policies and procedures already established or not.

Below list of the information asset that should be acquired before performing security assessment:

DNS/NetBIOS name of the asset
This is the name of the system; typically the domain name system (DNS) name and the NetBIOS name will be the same. This is one more way to map the system to the IP address and the Media Access Control (MAC) address.

Operating system of the asset
Although obvious, this is important to the patch management process. If you don’t know what your systems are running, it is difficult if not impossible to know what vulnerabilities to monitor for, and to plan the patching stages.

Listening services on the asset
One of the oldest concepts in information security is the one of least privilege. Systems should not have services listening on them that are not being used. Documenting what is listening on each system and what is needed on each system is a critical step.

A fundamental element of internal control is the segregation of certain key duties. The basic idea underlying segregation of duties is that no employee or group should be in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties. In general, the principal incompatible duties to be segregated include:

- Custody of assets
- Authorization or approval of related transactions affecting those assets
- Recording or reporting of related transactions
- Execution of the transaction or transaction activity

An essential feature of segregation of duties/responsibilities within an organization is that no one employee or group of employees has exclusive control over any transaction or group of transactions.