《IT内审IT审计IT内控问卷中英文版》由会员分享,可在线阅读,更多相关《IT内审IT审计IT内控问卷中英文版(9页珍藏版)》请在金锄头文库上搜索。
1、Information Technology AuditIT 审核IT ”)Internal Control QuestionnaireFor Information T echnology (IT 内控问卷Compa ny: Date:Completed by: Sig nature: Name, title and departme ntPlease complete this questi onn aire (in En glish or Chin ese) accord ing to the followi ng in structio ns:? Answer all the yes/
2、no questions by marking a“x” in the column of“Yes” ,“ No” or“ N/A”;? Write the comments or additional information according to the instruction (n italic) of each question in the column of“Comment ; and? Attach referenee documents in soft or hard copies and write their names in the column of“ Names o
3、f documents attachedQuesti onsYesNoN/AComme ntsName of docume ntsattachedAIT en vir onment IT 环境1 Is access to system program libraries, applicati on system docume ntati on, test files, etc restricted to authorized pers onn el?是否访问系统程序数据库、应用系统文档、测试文件,等,是否仅限于授权人访问?State the authorized pers onnel for
4、system program libraries, applicati on system docume ntati on, test files, etc 请列岀程序数 据库、应用系统文件,测试文件,等等的授权个人State the major systems used in your compa ny请列岀贵公司使 用的主要系统2 Are all programs and systems and their cha nges sufficie ntly docume nts for proper main te nan ce?所有程序和系统及他们的改变是否有足够的文档用于正常维护?3 Ar
5、e all cha nges to programs and system desig n properly approved?所有针对程序和系统设计上的变化是否有严格的批核?Questi onsYesNoN/AComme ntsName of docume ntsattachedDescribe the approval process for cha nges to programs and system desig n.请描述有关程序和系统设计变化上的批核程序4 Are cha nges to programs and system desig n reviewed on a timel
6、y basis by a resp on sible in dividual for improper cha nges? 所有程序和系统设计上的变化是否有相关负责人就不适当的变化进行及时地审查?State who is resp on sible for reviewi ng cha nges to programs and system desig n.请列明负责审查程序和系统设计的负责人5 Are users con sulted on all new system program ming or revisi ons to existi ng program ming regard i
7、ng user n eeds, layout, test data, etc ?所有的新系统程序或者关于用户需要,设计,测试数据等等的针对现有程序的修正是否有与用户商议过?State the major cha nn els of con sultati on and theireffective ness.列明商议的主要渠道和他们的效果6 Are all new systems or system revisi ons run side-by-side with existing systems or extensively tested with realistic test data p
8、rior to their exclusive use for tran sacti on process ing?所有的 新系统或者系统修正与现有系统一起运行,或者被广泛用实际的测试数据测试,优先于他们在事务处理上的专门用途。7 Is curre nt computer capacity and resp onse time periodically reviewed for adequacy aga inst prese nt and expected future needs?是否有周期性地检查当前电脑的能力和反应时间是否有能充 分地和满足目前和未来预期需要?State the freq
9、ue ncy of review. Provide a report/record of theQuesti onsYesNoN/AComme ntsName of docume ntsattachedmost rece nt review.列岀检查的频率。提供一份最近期的检查报告/记录8 Is IT hardware physically secured (from fire, flood and other hazards) and access restricted to authorized pers onnel via card, keys, locked doors, etc? i
10、t硬件的物理可靠性和访问限止是否通过卡片,钥匙授权给指定的授权人员。9 Are users PC protected from un warra nted exposure to theft? 所有用户的电脑是否受到免于被剽窃者非法暴光的保护?State the in ternal con trols for the physical security of PC.列岀 关于个人电脑的物理安全上的内部管控10 Are adequate internal controls to prevent employees from using/copying illegal software?是否有足够
11、的控制,预防止员工 使用/复制非法软件?State the releva nt in ternal c on trols.列岀相关的内部管控11 Does the IT Departme nt con duct periodic review of IT security and com muni cate the results to the man agemeniT?部 是否有执行周期性的IT安全检查,且将结果传给管理部门State the freque ncy of review and provide a copy of the rece nt review report/record
12、.列岀检查的频率和提供一份近期的检查报告/记录12 Are roles and responsibilities of the IT organization defined, documented and understoodIT部的角色和职责是否有被定义,文件化和理解?13 Has IT man ageme nt com muni cated policies and proceduresgover ning the IT orga ni zatio ns activities to all releva nt parties?iT管理是否已传达有关监管it部与所有相关方的政策和流Ques
13、ti onsYesNoN/AComme ntsName of docume ntsattached程?B Computer access security 电脑访问安全1 Is access to computer termi nals and equipme nt limited to authorized pers onn el?访问电脑终端和设备是否限制于授权人员?2 Do procedures exist and are they followed to en sure that all users are authe nticated to the system to support
14、 the validity of tran sactio ns?否存在这样的流程?他们用于确保所有用户被用于支持处理有效性的系统鉴定的流程?State the n ames and docume nt nu mbers of the procedure列. 出流程的名称和文件序号3 Do procedures exist and are they followed to en sure timely acti on relati ng to request ing, establishi ng, issu ing, suspe nding and closi ng user acco un t
15、s?是否存在这样的流程?他们用于保证 对要求、建立、发放、中止和关闭用户帐号作岀及时的反映的流程?State the n ames and docume nt nu mbers of the procedures. 出流程的名称和文件序号4 Does a formal approval process exist for granting access to systems and data?是否存在一个允许进入系统和数据库的正式的确认流程?Briefly describe the approval process.简单描述确认流程5 Is there a process to periodically review access rights?!否有 一个周期性审查访问权限的流程?Briefly describe the review process in cludi ng the freque ncy and scope of review.简单描述包括频率和范围在内的审查流程Questi onsYesNoN/AComme ntsName of docume ntsattached6 Are processes in place
