SOX.2.0.13:: Difference between revisions
No edit summary |
No edit summary |
||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
<br> | <br> | ||
::'''1. Risk: | ::'''1. Risk: Business requirements are not met or third parties have inappropriate access to business data stores and business processes.'''<br> | ||
:::a. [[SOX.2.0.13:|'''SOX.2.0.13''']] | :::a. [[SOX.2.0.13:|'''SOX.2.0.13''']] IT management determines that, before selection, potential third parties are properly qualified through an assessment of their capability to deliver the required service and a review of their financial viability.<br> | ||
<br> | <br> | ||
</blockquote> | </blockquote> | ||
Line 8: | Line 8: | ||
'''Testing Procedures''' | '''Testing Procedures''' | ||
<blockquote style="background: white; border: 1px solid black; padding: 1em;"> | <blockquote style="background: white; border: 1px solid black; padding: 1em;"> | ||
Obtain the criteria and business case used for selection of third-party service providers. Assess whether these criteria include a consideration of the third party’s financial stability, skill and knowledge of the systems under management, and controls over security, availability and processing integrity. .<br> | |||
<br> | <br> | ||
</blockquote> | </blockquote> | ||
Line 26: | Line 26: | ||
'''Control Stewards Process Narrative''' | '''Control Stewards Process Narrative''' | ||
<blockquote style="background: white; border: 1px solid black; padding: 1em;"> | <blockquote style="background: white; border: 1px solid black; padding: 1em;"> | ||
<p><font color=#008000> | <p><font color=#008000>Insert Narrative here.</font></p> | ||
<br> | <br> |
Latest revision as of 18:30, 14 June 2006
- 1. Risk: Business requirements are not met or third parties have inappropriate access to business data stores and business processes.
- a. SOX.2.0.13 IT management determines that, before selection, potential third parties are properly qualified through an assessment of their capability to deliver the required service and a review of their financial viability.
Testing Procedures
Obtain the criteria and business case used for selection of third-party service providers. Assess whether these criteria include a consideration of the third party’s financial stability, skill and knowledge of the systems under management, and controls over security, availability and processing integrity. .
Testing Frequency
Quarterly validation of all systems within scope.
Evidence Archive Location
Insert hyperlink or location of evidence archive.
Control Stewards Process Narrative
Insert Narrative here.
Control Steward – Steve Somebody
Process Illustration
Replace this test by inserting a process diagram, flowchart or other visual representation to illustrate the process narrative as necessary. Include a brief description of the process illustration.
Control Status and Auditors Commentary
The control is effective.
File:Greenlock.jpg
Status is acceptable.
Control Exception Commentary
Status is acceptable.
Remediation Plan
Remediation is not required at this time.