Application

System

Date Raised

No.

Ref

Risk Rating

Issues and Observation

Risk

Recommendation

Management Response

Engagement

Application Systems Recvew Testing Document

Philippine Veterans Bank_Internal Audit Outsourcing

Location:

Makati City, Philippines

Domain

General Information Technology Contols (GITC)

Control Objective:

Logical security tools and techniques are implemented and configured to enable r
application system.
Application owners authorize the nature and extent of user access privileges and such priv
reviewed by application owners to ensure access privileges remain appropriate.

Control Activity:

T1.1 Understand and document the policies and procedures related to the authorization of
application systems.

Test Description:

Attributes
1
2
3
4
Testing/Interview
conducted by
Tesing Documentation
Design and Implementation Testing
Description of the Testing
Done.

D&I Conclusion:

Operating Effectiveness Testing

Period of Review:
Population:
Sampling Frequency:
Number of Samples:

Sample #
1
2

Phase
OE
OE

Sample Description - Interim

Attributes to Test
A

Sample #
1
2
etc

Phase
OE
OE
OE

Sample Description - Final

Tickmark Legend
P
x
n/a

No Exceptions Noted
Exceptions noted
Not Applicable
Results Legend

OE Conclusion:

Attributes to Test
A

ble restriction of access to

privileges are periodically

on of user access to data and

Workpaper Reference

Workpaper Reference

Engagement

Application Systems Recvew Testing Document

Philippine Veterans Bank_Internal Audit Outsourcing

Location:

Makati City, Philippines

Domain

General Information Technology Contols (GITC)

Control Objective:

Logical security tools and techniques are implemented and config

access to application system.
Application owners authorize the nature and extent of user access privileg
periodically reviewed by application owners to ensure access privileges re

Control Activity:

T1.2 Determine completeness of request form and timeliness of its mainte

Test Description:

Attributes
1
2
3
4

Testing/Interview
conducted by
Tesing Documentation
Design and Implementation Testing
Description of the
Testing Done.

D&I Conclusion:

Period of Review:
Population:

Operating Effectiveness Testing

Sampling Frequency:
Number of Samples:

Sample #
1
2

Phase
OE
OE

Sample Description - Interim

Sample #
1
2
etc

Phase
OE
OE
OE

Sample Description - Final

Tickmark Legend
P
x
n/a

No Exceptions Noted
Exceptions noted
Not Applicable
Results Legend

OE Conclusion:

Testing Document
cing

mplemented and configured to enable restriction of

tent of user access privileges and such privileges are

ensure access privileges remain appropriate.

nd timeliness of its maintenance in the system.

ation Testing

ess Testing

end

nd

Attributes to Test
A

Workpaper Reference

Attributes to Test
A

Workpaper Reference

Engagement

Application Systems Recvew Testing Document

Philippine Veterans Bank_Internal Audit Outsourcing

Location:

Makati City, Philippines

Domain

General Information Technology Contols (GITC)

Control Objective:

Logical security tools and techniques are implemented and config

access to application system.
Application owners authorize the nature and extent of user access privileg
periodically reviewed by application owners to ensure access privileges re

Control Activity:

T1.3 Determine creation and maintenance of user access matrix.

Test Description:

Attributes
1
2
3
4

Testing/Interview
conducted by
Tesing Documentation
Design and Implementation Testing
Description of the
Testing Done.

D&I Conclusion:

Operating Effectiveness Testing

Period of Review:
Population:
Sampling Frequency:
Number of Samples:

Sample #
1
2

Phase
OE
OE

Sample Description - Interim

Sample #
1
2
etc

Phase
OE
OE
OE

Sample Description - Final

Tickmark Legend
P
x
n/a

No Exceptions Noted
Exceptions noted
Not Applicable
Results Legend

OE Conclusion:

Testing Document
cing

mplemented and configured to enable restriction of

tent of user access privileges and such privileges are

ensure access privileges remain appropriate.

er access matrix.

ation Testing

ess Testing

end

nd

Attributes to Test
A

Workpaper Reference

Attributes to Test
A

Workpaper Reference

Engagement

Application Systems Recvew Testing Document

Philippine Veterans Bank_Internal Audit Outsourcing

Location:

Makati City, Philippines

Domain

General Information Technology Contols (GITC)

Control Objective:

Logical security tools and techniques are implemented and config

access to application system.
Application owners authorize the nature and extent of user access privileg
periodically reviewed by application owners to ensure access privileges re

Control Activity:

T1.4 Determine appropriateness and sharing of user access given to users

Test Description:

Attributes
1
2
3
4

Testing/Interview
conducted by
Tesing Documentation
Design and Implementation Testing
Description of the
Testing Done.

D&I Conclusion:

Operating Effectiveness Testing

Period of Review:
Population:
Sampling Frequency:
Number of Samples:

Sample #
1
2

Phase
OE
OE

Sample Description - Interim

Sample #
1
2
etc

Phase
OE
OE
OE

Sample Description - Final

Tickmark Legend
P
x
n/a

No Exceptions Noted
Exceptions noted
Not Applicable
Results Legend

OE Conclusion:

Testing Document
cing

mplemented and configured to enable restriction of

tent of user access privileges and such privileges are

ensure access privileges remain appropriate.

user access given to users for every application/system.

ation Testing

ess Testing

end

nd

Attributes to Test
A

Workpaper Reference

Attributes to Test
A

Workpaper Reference

Engagement

Application Systems Recvew Testing Document

Philippine Veterans Bank_Internal Audit Outsourcing

Location:

Makati City, Philippines

Domain

General Information Technology Contols (GITC)

Control Objective:

Logical security tools and techniques are implemented and config

access to application system.
Application owners authorize the nature and extent of user access privileg
periodically reviewed by application owners to ensure access privileges re

Control Activity:

T1.5 Determine existence and effectivity of user access periodic review.

Test Description:

Attributes
1
2
3
4

Testing/Interview
conducted by
Tesing Documentation
Design and Implementation Testing
Description of the
Testing Done.

D&I Conclusion:

Operating Effectiveness Testing

Period of Review:
Population:
Sampling Frequency:
Number of Samples:

Sample #
1
2

Phase
OE
OE

Sample Description - Interim

Sample #
1
2
etc

Phase
OE
OE
OE

Sample Description - Final

Tickmark Legend
P
x
n/a

No Exceptions Noted
Exceptions noted
Not Applicable
Results Legend

OE Conclusion:

Testing Document
cing

mplemented and configured to enable restriction of

tent of user access privileges and such privileges are

ensure access privileges remain appropriate.

r access periodic review.

ation Testing

ess Testing

end

nd

Attributes to Test
A

Workpaper Reference

Attributes to Test
A

Workpaper Reference

Engagement

Application Systems Recvew Testing Document

Philippine Veterans Bank_Internal Audit Outsourcing

Location:

Makati City, Philippines

Domain

General Information Technology Contols (GITC)

Control Objective:

Logical security tools and techniques are implemented and config

access to application system.
Application owners authorize the nature and extent of user access privileg
periodically reviewed by application owners to ensure access privileges re

Control Activity:

T1.5 Determine existence and effectivity of user access periodic review.

Test Description:

Attributes
1
2
3
4

Testing/Interview
conducted by
Tesing Documentation
Design and Implementation Testing
Description of the
Testing Done.

D&I Conclusion:

Operating Effectiveness Testing

Period of Review:
Population:
Sampling Frequency:
Number of Samples:

Sample #
1
2

Phase
OE
OE

Sample Description - Interim

Sample #
1
2
etc

Phase
OE
OE
OE

Sample Description - Final

Tickmark Legend
P
x
n/a

No Exceptions Noted
Exceptions noted
Not Applicable
Results Legend

OE Conclusion:

Testing Document
cing

mplemented and configured to enable restriction of

tent of user access privileges and such privileges are

ensure access privileges remain appropriate.

r access periodic review.

ation Testing

ess Testing

end

nd

Attributes to Test
A

Workpaper Reference

Attributes to Test
A

Workpaper Reference