The basic process how to develop sounds good information security policy.
1. Selecting an information security policy architecture development/review team. The size of the team will vary depending on the organization size. A suggestion for the policy development team would be as follows:
a. Senior administrator (servers, network devices);
b. Management team member who will be assisting with enforcement;
c. Counsel team member;
d. Internal audit team member;
e. User community member (this person could be the policy interpreter before implementing into the enterprise);
f. Writer—a technical writer, if possible.
2. Reviewing the information security team’s reporting structure to ensure appropriate staffing for monitoring and appropriate level of authority for enforcement.
The purpose of this checklist is to document the activities performed as part of the monthly financial close process at a company. For each step covered in this checklist, users are encouraged to document the responsible person, date due, and whether the task has been completed and reviewed. This tool has been updated to include additional general financial close procedures and steps related to recording fixed assets.
Financial areas addressed in this checklist include:
* General Close Procedures
* Accounts Receivable
* Prepaid Expenses
* Other Current Assets
* Fixed Assets
* Accumulated Depreciation and Amortization
* Other Assets
The goal of Enterprise Risk Management is to identify, evaluate and manage key risks impacting an organization’s ability to achieve it’s objectives and strategies. This document provides a template to inventory and assess critical risk areas (business functions) and the associated risks embedded within each area.
When using this template, for each area, please rate:
* Current process control effectiveness on a High / Medium / Low scale
* Past performance history on a Good / Fair / Poor scale
* Personnel adequacy on a Good / Fair / Poor scale
Then, please rank the top ten functions/risk areas, based on the threat of embedded risks on achieving the company's objectives and strategies for the upcoming year. Consider the following when ranking the top ten risk areas:
IT general controls typically impact multiple applications in the technology environment and prevent certain events from impacting the integrity of processing or data. Computer operations, physical and logical security, program changes, systems development and business continuity are examples of processes where general IT controls reside. These IT controls are “pervasive” because they can have an impact on the organization’s achievement of financial reporting objectives germane to many of it processes.
Software contracts should also address the following:
1. Flexibility and choice for upgrades and updates. Some contracts specify required upgrades to receive updates or maintenance.
2. SLAs for defining expectations for support and maintenance.
3. Annual maintenance costs. Should be fixed at the time of purchase and should not vary.
4. Provisions for protecting the company against unforeseen problems such as software interoperability.
5. Intellectual property rights for modi. cations. Customer may not be granted the rights for modifications.