SOX.2.0.13:: Difference between revisions
No edit summary |
No edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 2: | Line 2: | ||
<br> | <br> | ||
::'''1. Risk: Business requirements are not met or third parties have inappropriate access to business data stores and business processes.'''<br> | ::'''1. Risk: Business requirements are not met or third parties have inappropriate access to business data stores and business processes.'''<br> | ||
:::a. [[SOX.2.0. | :::a. [[SOX.2.0.13:|'''SOX.2.0.13''']] IT management determines that, before selection, potential third parties are properly qualified through an assessment of their capability to deliver the required service and a review of their financial viability.<br> | ||
<br> | <br> | ||
</blockquote> | </blockquote> | ||
Line 8: | Line 8: | ||
'''Testing Procedures''' | '''Testing Procedures''' | ||
<blockquote style="background: white; border: 1px solid black; padding: 1em;"> | <blockquote style="background: white; border: 1px solid black; padding: 1em;"> | ||
Obtain the | Obtain the criteria and business case used for selection of third-party service providers. Assess whether these criteria include a consideration of the third party’s financial stability, skill and knowledge of the systems under management, and controls over security, availability and processing integrity. .<br> | ||
<br> | <br> | ||
</blockquote> | </blockquote> | ||
Line 26: | Line 26: | ||
'''Control Stewards Process Narrative''' | '''Control Stewards Process Narrative''' | ||
<blockquote style="background: white; border: 1px solid black; padding: 1em;"> | <blockquote style="background: white; border: 1px solid black; padding: 1em;"> | ||
<p><font color=#008000> | <p><font color=#008000>Insert Narrative here.</font></p> | ||
<br> | <br> | ||
Line 41: | Line 41: | ||
'''Control Status and Auditors Commentary''' | '''Control Status and Auditors Commentary''' | ||
<blockquote style="background: white; border: 1px solid black; padding: 1em;"> | <blockquote style="background: white; border: 1px solid black; padding: 1em;"> | ||
<p><font color=#008000>The control is effective | <p><font color=#008000>The control is effective. </font></p> | ||
<br> | <br> | ||
[[Image:greenlock.jpg]]<br> | [[Image:greenlock.jpg]]<br> |
Latest revision as of 18:30, 14 June 2006
- 1. Risk: Business requirements are not met or third parties have inappropriate access to business data stores and business processes.
- a. SOX.2.0.13 IT management determines that, before selection, potential third parties are properly qualified through an assessment of their capability to deliver the required service and a review of their financial viability.
Testing Procedures
Obtain the criteria and business case used for selection of third-party service providers. Assess whether these criteria include a consideration of the third party’s financial stability, skill and knowledge of the systems under management, and controls over security, availability and processing integrity. .
Testing Frequency
Quarterly validation of all systems within scope.
Evidence Archive Location
Insert hyperlink or location of evidence archive.
Control Stewards Process Narrative
Insert Narrative here.
Control Steward – Steve Somebody
Process Illustration
Replace this test by inserting a process diagram, flowchart or other visual representation to illustrate the process narrative as necessary. Include a brief description of the process illustration.
Control Status and Auditors Commentary
The control is effective.
File:Greenlock.jpg
Status is acceptable.
Control Exception Commentary
Status is acceptable.
Remediation Plan
Remediation is not required at this time.