APPENDIX
Illustrative Information Technology Controls to be Reviewed During Internal
Audit in An IT Environment
(Refer paragraph 14)
(The Appendix is only illustrative in nature and does not form part of the
Standard)
SR. NO. CONTROL PARAMETERS
IT Access Control
1 There is a structured IT Policy and facility personnel are aware of the applicable policies.
IT Back-up and Recovery
2 The network has adequately documented backup and recovery procedures/plans/schedules for critical sites.
3 LAN is supported by an uninterruptible power supply (UPS).
4 UPS tested in the last year (to test the batteries)?
5 For disaster-recovery purposes, LAN applications have been prioritized and scheduled for recovery based on importance to the operation.
IT Environmental Controls
6 Smoke detection and automatic fire-extinguishing equipments installed for adequate functioning and protection against fire hazards.
IT Inventory
7 There is a complete inventory of the following: Hardware: Computers, File Servers, Printers, Modems, Switches, Routers, Hubs, etc. Software: all software for each Computer is logged with licenses and serial numbers.
8 There are written procedures for keeping LAN inventory and they identify who (title) is responsible for maintaining the inventory report.
9 Unused equipment is properly and securely stored.
IT Operations
10 LAN administrator has a backup person.
11 LAN administrator monitors the LAN response time, disk storage space, and LAN utilization.
12 LAN administrator is experienced and familiar with operation of the LAN facility.
IT Physical Security
13 Alarms installed at all potential entry and exist points of sensitive
areas.
IT Service Agreements
14 Vendor reliability considered before purchasing LAN hardware and software.
15 Service log maintained to document vendor support servicing.
16 LAN hardware and software purchase contracts include statements regarding vendor support and licensing.
IT Virus Protection Policy
17 The level of virus protection established on servers and workstations is determined and the monitoring of infection are being done by IT administration. Virus Application should be updated on a monthly basis. Laptops if issued should be ensured to have secured internet access.


* The Standard on Internal Audit (SIA) 16, Using the Work of an Expert is published in March 2009 issue of the Journal
APPENDIX
Illustrative Information Technology Controls to be Reviewed During Internal
Audit in An IT Environment
(Refer paragraph 14)
(The Appendix is only illustrative in nature and does not form part of the
Standard)
SR. NO. CONTROL PARAMETERS
IT Access Control
1 There is a structured IT Policy and facility personnel are aware of the applicable policies.
IT Back-up and Recovery
2 The network has adequately documented backup and recovery procedures/plans/schedules for critical sites.
3 LAN is supported by an uninterruptible power supply (UPS).
4 UPS tested in the last year (to test the batteries)?
5 For disaster-recovery purposes, LAN applications have been prioritized and scheduled for recovery based on importance to the operation.
IT Environmental Controls
6 Smoke detection and automatic fire-extinguishing equipments installed for adequate functioning and protection against fire hazards.
IT Inventory
7 There is a complete inventory of the following: Hardware: Computers, File Servers, Printers, Modems, Switches, Routers, Hubs, etc. Software: all software for each Computer is logged with licenses and serial numbers.
8 There are written procedures for keeping LAN inventory and they identify who (title) is responsible for maintaining the inventory report.
9 Unused equipment is properly and securely stored.
IT Operations
10 LAN administrator has a backup person.
11 LAN administrator monitors the LAN response time, disk storage space, and LAN utilization.
12 LAN administrator is experienced and familiar with operation of the LAN facility.
IT Physical Security
13 Alarms installed at all potential entry and exist points of sensitive
areas.
IT Service Agreements
14 Vendor reliability considered before purchasing LAN hardware and software.
15 Service log maintained to document vendor support servicing.
16 LAN hardware and software purchase contracts include statements regarding vendor support and licensing.
IT Virus Protection Policy
17 The level of virus protection established on servers and workstations is determined and the monitoring of infection are being done by IT administration. Virus Application should be updated on a monthly basis. Laptops if issued should be ensured to have secured internet access.


* The Standard on Internal Audit (SIA) 16, Using the Work of an Expert is published in March 2009 issue of the Journal