KY MANAGEMENT CONTROL:
Jump to navigation
Jump to search
MANAGEMENT CONTROL
Risk Association Control Activities:
- 1. KY DOI A.1 Is there an IS steering committee or other evidence that top management is involved in the IS function and, if so, who are the members? Please provide copies of the steering committee meeting minutes or other evidence (e.g., memos or agendas) of steering committee meetings held during the period under review.
- 1. KY DOI A.1 Is there an IS steering committee or other evidence that top management is involved in the IS function and, if so, who are the members? Please provide copies of the steering committee meeting minutes or other evidence (e.g., memos or agendas) of steering committee meetings held during the period under review.
- 2. KY DOI A.2 Is the IS department fully staffed and, if not, list the significant vacancies? Please provide an organization chart that identifies significant vacancies.
- 2. KY DOI A.2 Is the IS department fully staffed and, if not, list the significant vacancies? Please provide an organization chart that identifies significant vacancies.
- 3. KY DOI A.3 Is there an internal audit function? Please refer to question B5 under Organization Controls. If so, is an IS division or specialist on the staff? Please provide the name and phone number of the internal audit contact person or senior IS specialist responsible for providing assistance to the IS examiners.
- 3. KY DOI A.3 Is there an internal audit function? Please refer to question B5 under Organization Controls. If so, is an IS division or specialist on the staff? Please provide the name and phone number of the internal audit contact person or senior IS specialist responsible for providing assistance to the IS examiners.
- 4. KY DOI A.4 Are periodic tests or reviews of the system made by the internal audit staff to ensure that controls are functioning in accordance with established standards? Please provide a list of system reviews performed during the period under review over each financially significant system, along with copies of system review reports and/or test results.
- 4. KY DOI A.4 Are periodic tests or reviews of the system made by the internal audit staff to ensure that controls are functioning in accordance with established standards? Please provide a list of system reviews performed during the period under review over each financially significant system, along with copies of system review reports and/or test results.
- 5. KY DOI A.5 Is there an IS strategy consistent with the business strategy and, if so, has it been communicated by senior management to the rest of the individuals in the company? Please provide the table of contents or executive overview of the strategic plan for the business and information systems.
- 5. KY DOI A.5 Is there an IS strategy consistent with the business strategy and, if so, has it been communicated by senior management to the rest of the individuals in the company? Please provide the table of contents or executive overview of the strategic plan for the business and information systems.
Implementation Guide:
Section A – No scoping note included, as completion of this section is required for all companies.
Supplemental Information:
--Mdpeters 08:26, 23 June 2006 (EDT)