Governance and Risk Consultancy Services Case Study On Application Audit at a Limited Company
Over View:
A pioneer manufacturing company in the chemical sector, owning globally popular brands of consumer and specialty chemical products having a pro-active market-driven approach giving it a strong base in both the consumer and industrial segments.
Challenges :
To survive in the current global business scenario, the company realized the importance of availability and security of information as well as the security of its intellectual property. The business processes of the company depended significantly on information technology. The company had several critical applications and databases, which if exposed to attacks could lead to unacceptable risks. The company wanted to ascertain the security risks associated with these critical assets.
Solution :
The solution lay in conducting an information security audit that would:
Application audit involved the following ERP modules with Oracle :
Benefits :
The benefits the client derived from the Application and Database Audit are:
A pioneer manufacturing company in the chemical sector, owning globally popular brands of consumer and specialty chemical products having a pro-active market-driven approach giving it a strong base in both the consumer and industrial segments.
Challenges :
To survive in the current global business scenario, the company realized the importance of availability and security of information as well as the security of its intellectual property. The business processes of the company depended significantly on information technology. The company had several critical applications and databases, which if exposed to attacks could lead to unacceptable risks. The company wanted to ascertain the security risks associated with these critical assets.
Solution :
The solution lay in conducting an information security audit that would:
- identify the assets of the organization
- assess the threats to these assets and existing vulnerabilities
- assess the measures deployed to protect data confidentiality and integrity
- assess the accountability of asset owners
- identify the roles and responsibilities of the system components and users
- provide a basis for specifying requirements and formulate acquisition policy for future plans and acquisition;
- assess the gap between the world best practices (COBIT, ISO 17799) and systems adopted by the organization.
Application audit involved the following ERP modules with Oracle :
- Finance & Accounts
- Sales
- Procurement
- Inventory
- Logical Access controls (User Ids, Passwords, Authentication, Authorization, Audit Trail)
- Input Controls (Range, Validity, Control Totals, Consistency and Concurrency, Exception Reports)
- Processing Controls (Transaction processing, Audit Trails, Integrity of data)
- Output Control (Generation, Distribution, Authentication, Preservation Of Outputs And Comment On The Adequacy) The general guidelines for output controls are
- Interface Control (Transfer of Data, Consistency)
- Authorization Control (Maker / Checker, Super Users, Audit trails)
- Data Integrity / File continuity Control
- Error / Exception handling
- Review testing procedures
Benefits :
The benefits the client derived from the Application and Database Audit are:
- Risk assessment exercise with respect to applications and database
- Awareness of security loopholes in audited area
Related Links
Copyright © 2024 PCS Technology Ltd. All Rights Reserved.
Designed and Website Maintenance by MiracleworX Web Design Mumbai