The Application software is acquired to facilitate the business plan of the organisation. The application control review would evaluate the product and services offered by the application software against the parameters sets and standard followed. It would assess how the confidentiality and integrity of data maintained by the application software and what are the built in recovery and continuity feature to ensure availability of the service.
The Audit activity would take cognisance of the products offered by it such as Loan Product, Deposit Product and Interest criteria verification. It would focus on performance, stability, redundancy and accuracy of transaction performed using the Application software.
The Audit trail would assess the Application software documentation like User Manual and Maintenance Manual. It would take into consideration how the documents are maintained and utilised.
The Audit activity would overview the operating system, verify the system configuration and ensure that latest OS version running at the site. It would also take review of latest updates/ patches released by OS vendor have been applied. It would focus on the steps taken for hardening of the operating software.
The audit activity would take review of the Access Control policies, procedures and implementation within the organisation. It would assess the criticality and sensitivity of the resources and information available. It would observe whether any classification made on the information depending on its sensitivity.
The Auditing would focus on the policies of the organisation for job distribution, how practically it has maintained. It would assess how well the roles and responsibilities are defined and what controls have been established to bring surety in practical implementation.
It would take review of the documentation elaborating Continuity plan of the organisation and how the plan is periodically tested and necessary appropriates are included in the plan document.
The Auditing would assess the Disaster Recovery plan operational in the organization and what are the provisions made for the Continuity of the service in case of unprecedented events or incidents.
The audit activity would take review of System Uptime/Downtime, Network Uptime/Downtime, Deadlock occurred, Rate of throughput, CPU utilisation, Return of the Investment (ROI), and IT Staffing % of revenue.
The Audit activity would assess the policy documentation management role and the control established by the management to ensure compliance and utilisation of the IT for the maximum benefits. |
