What Management Controls Be Implemented And Effectively Working For Ffc
The IT Management controls appear to be properly implemented and effectively working for FFC. The assessed level of risk is low. FFC has a strong IT strategic plan that is in line with the corporate strategic plan which has a diverse set of strong members on the committees and allows for fundamentally sound decisions that are best for the organization by taking all aspects of the business into consideration. The organizational structure is conducive to a strong and clear reporting channels which include the CIO reporting to the CFO and EVP. One step lower on the corporate ladder the VPs of applications, operations, information security and database administration reports to CIO.
Findings -- System Development
Overall, the risk assessment of systems development resulted in a grade of low. FFC has adopted Structured System Analysis and Design Methodology (SSADM) that is a strong proven system to allow for the updates to the systems to be made properly. The design methodology, SSADM, is followed and appropriately used. FFC implements controls in the processes after the process is implemented in the system, best practices would be to implement the controls before the system is in place. This approach gives FFC the advantage of seeing how the system will actually work upon implementation and then assess what controls would be best. There internal audit committee has a voting member on the projects team.
Findings -- Data Security
In the area of…