Audit Serve, Inc.
 |
Technical Articles |
|
|
Conferences |
|
|
Audit Programs |
|
|
Audit Serve Seminars |
|
|
Consulting Services |
|
|
Audit Vision Email Newsletter Free! |
|
|
What's New |
|
|
Contact Us |
The Premier Audit, Security & SOX Consulting Company
Audit Serve’s Partial List of Entity-Level Controls
|
1 |
All employees are required to review and formally accept the corporate Code of Conduct Policy. |
|
2 |
All employees are required to review and formally accept the corporate Security Policy. |
|
3 |
All employees and contractors are required to sign corporate confidentiality agreements. |
|
4 |
Continuous audit monitoring process is in place to detect out-of-compliance conditions. |
|
5 |
All material entities are subject to an annual Risk Assessment. |
|
6 |
A compliance function is established within each critical entity. |
|
7 |
A Data classification standard is established and required to be used throughout the company to identify and classify all components. |
|
8 |
A Systems Development Methodology is utilized by all software development areas. |
|
9 |
A workflow management system is deployed for all software changes. |
|
10 |
All employees are required to attend corporate ethics training as part of the new hire process. |
|
11 |
Employee transfer policy requires that all employee security access to corporate systems to be removed and establish security access using the new hire process. |
Do require assistance on establishing and testing your company’s
entity-level controls
which are mapped to your activity-level controls?
Audit Serve SOX Scope Reduction Consulting Services
Contact Mitch Levine for a free proposal email: Levinemh@auditserve.com
|
12 |
An annual security access entitlement review is performed which includes all known security resource components. |
|
13 |
Access requests to all security resource components are required to be processed through a formal security request handling process. |
|
14 |
Data owners are defined for all sensitive resources within the company. |
|
15 |
Job Descriptions are established for all corporate-wide job functions. |
|
16 |
All external parties which host corporate data are required to have an annual independent assessment to ensure the effectiveness of their controls. |
|
17 |
An Internal Audit function is established which review corporate adherence to corporate standards. |
|
18 |
All employees and contractors are required to attend annual security awareness training. |
|
19 |
An independent third party vendor performs quarterly vulnerability assessments of all external facing and internal network components. |
|
20 |
An organization wide analysis is performed on an annual basis to ensure that a proper level of separation of duties exists for all key business and IT processes. |
|
21 |
All buildings which contain corporate data centers are manned by 24 hour security with video surveillance cameras monitoring all data center access points. |
For additional information and to obtain a
Free Proposal of Services, Detailed Project Tasks and Cost Estimate,
contact Mitchell Levine
Phone: (203) 972-3567 FAX: (203) 972-3367 email:
Levinemh@auditserve.com
27 Pine Street, Suite 700
New Canaan, CT 06840 USA
Technical Articles | Conferences | Audit Programs | Audit Serve Seminars | Consulting Services | Audit Vision Newsletter | What's New | Contact US
This website has been optimized for Netscape and Internet Explorer 4.0
and above. Your comments and suggestions are always welcome, please email webmaster@auditserve.com.
Copyright © 2000 All rights reserved. 27 Pine Street, Suite 700, New Canaan,
CT 06840 USA.