Application System

Date Raised

No.

Ref

Risk Rating

Issues and Observation

Risk

Recommendation

Management Response

Engagement

Application Systems Recvew Testing Document

Philippine Veterans Bank_Internal Audit Outsourcing

Location:

Makati City, Philippines

Domain

General Information Technology Contols (GITC)

Control Objective:

Logical security tools and techniques are administered to restrict access

other information resources.
The security administrator is notified of employees who have changed roles and re
or been terminated. Access privileges of such employees are immediately changed

Control Activity:

T3.1 Understand and document the policies and procedures relating to notification
changes, transfer and resignation/termination.

Test Description:

Attributes
1
2
3
4

Testing/Interview
conducted by
Tesing Documentation
Design and Implementation Testing
Description of the
Testing Done.

D&I Conclusion:

Operating Effectiveness Testing

Period of Review:
Population:
Sampling Frequency:
Number of Samples:

Sample #
1
2

Phase
OE
OE

Sample Description - Interim

Attributes to Test
A

Sample #
1
2
etc

Phase
OE
OE
OE

Sample Description - Final

Tickmark Legend
P
x
n/a

No Exceptions Noted
Exceptions noted
Not Applicable
Results Legend

OE Conclusion:

Attributes to Test
A

ess to programs, data, and

nd responsibilities, transferred,
nged to reflect their new status.

ations for employee roles

Workpaper Reference

Workpaper Reference

Engagement

Application Systems Recvew Testing Document

Philippine Veterans Bank_Internal Audit Outsourcing

Location:

Makati City, Philippines

Domain

General Information Technology Contols (GITC)

Control Objective:

Logical security tools and techniques are administered to restrict access

other information resources.
The security administrator is notified of employees who have changed roles and re
or been terminated. Access privileges of such employees are immediately changed

Control Activity:

T3.2 Determine timeliness of information to-and-from HR and IT (user access right

access are granted/revoked in a timely manner.

Test Description:

Attributes
1
2
3
4

Testing/Interview
conducted by
Tesing Documentation
Design and Implementation Testing
Description of the
Testing Done.

D&I Conclusion:

Operating Effectiveness Testing

Period of Review:
Population:
Sampling Frequency:
Number of Samples:

Sample #
1
2

Phase
OE
OE

Sample Description - Interim

Attributes to Test
A

Sample #
1
2
etc

Phase
OE
OE
OE

Sample Description - Final

Tickmark Legend
P
x
n/a

No Exceptions Noted
Exceptions noted
Not Applicable
Results Legend

OE Conclusion:

Attributes to Test
A

ess to programs, data, and

nd responsibilities, transferred,
nged to reflect their new status.

ights provider) and test whether

Workpaper Reference

Workpaper Reference