Your checklists (
0
)
AI Checklist Generator
From the makers of
Manifestly Checklists
Sign in
Email address
Email me a magic link
Home
> ITGC Testing Audit Checklist
ITGC Testing Audit Checklist
1. Planning and Preparation
Define the scope of the ITGC audit.
Identify key stakeholders and their roles.
Gather relevant documentation (policies, procedures, system descriptions).
Review prior audit findings and management responses.
2. Control Environment Assessment
Evaluate the overall IT control environment.
Assess the competence and resources of the IT team.
Review organizational structure and reporting lines.
Analyze the effectiveness of communication regarding IT controls.
3. Access Controls
Verify user access provisioning processes.
Review user access rights for critical systems.
Test for timely removal of access for terminated employees.
Assess multi-factor authentication implementation.
4. Change Management
Review change management policies and procedures.
Test the approval process for changes to IT systems.
Verify documentation and testing of changes before implementation.
Assess the monitoring of changes post-implementation.
5. Data Backup and Recovery
Evaluate data backup policies and procedures.
Test the frequency and completeness of backups.
Review the restoration process and conduct a test restore.
Assess the security of backup storage (on-site and off-site).
6. Incident Management
Review incident management policies and procedures.
Assess the logging and tracking of incidents.
Verify the escalation process for critical incidents.
Evaluate response times and resolution effectiveness.
7. System Development and Maintenance
Review SDLC (Software Development Life Cycle) practices.
Assess testing procedures for new and modified applications.
Verify documentation and approval for system changes.
Evaluate post-implementation reviews and lessons learned.
8. Monitoring and Reporting
Assess monitoring controls for IT systems and applications.
Review the reporting process for control deficiencies.
Evaluate the frequency and content of IT control reports.
Verify follow-up actions on identified issues.
9. Documentation and Evidence Gathering
Ensure all control procedures are documented.
Collect evidence for each control tested.
Document findings and recommendations.
Prepare a summary report for stakeholders.
10. Follow-up and Continuous Improvement
Schedule follow-up reviews for remediation of findings.
Evaluate the effectiveness of implemented changes.
Foster a culture of continuous improvement in IT controls.
Update the ITGC audit checklist based on lessons learned.
Download CSV
Download JSON
Download Markdown
Use in Manifestly