Risk Assessment - Level 4 Aquisition & Installation

Detailed Control Objective:
the organisation's system development life cycle methodology should require that adequate mechanisms for audit trails are available or can be developed for the solution identified and selected. The mechanisms should provide the ability to protect sensitive data (e.g.: user ID's) against discovery and misuse.

KEY
A.	Non Existant: Management processes are not applied at all
B.	Intial Adhoc: Processes are ad hoc and disorganised
C.	Repeatable but intuitive: Processing follows a regular pattern
D.	Defined Process: Processes are documented and communicated
E.	Managed and Measurable: Processes are monitored and measured
F.	Optimised: Best practises are followed and automated
N/A	Not Applicable: This question is not applicable to this particular staff member

CobiT Control: Identify automated solutions

IT INVESTMENT

1.10 Audit Trails Design		A.	B.	C.	D.	E.	F.	N/A
1.10.1	Does the organisation’s system development life cycle methodology require that adequate mechanisms for audit trails are:
	a. available or
	b. can be developed
	for the solution identified and selected?
1.10.2	Do the mechanisms provide the ability to protect sensitive data (e.g., user ID’s) against discovery and misuse.

Click here to return to Risk Assessment