Article 10 – Project Review and Basic Policy
44010.3.4 EDP Audit
-
Every two years the Department shall carry out and submit to the DOFDepartment Of Finance an EDPElectronic Data Processing (see IT) audit. This audit is the responsibility of the Internal Audit Unit of PFABProgram and Fiscal Audits Branch (see OACC) (see DOMDepartment Operations Manual 49040). The audit shall be consistent with the DOFDepartment Of Finance publication, “Information Technology Security and Risk Management Guidelines.” This guide reflects the SAMState Administrative Manual requirements regarding the responsibility and control of EDPElectronic Data Processing (see IT) policy, and provides audit guidelines; however, it may not cover all areas to be audited. The guide and information about it are available through the Internal Audit Unit of PFABProgram and Fiscal Audits Branch (see OACC).
-
To accomplish this audit it is likely that ITS under development shall be selected for audit on a sample basis. The intent of the audit is to make an assessment of the degree of compliance by CDC with departmental and State policies and procedures. The scope of the audit shall include, but not be limited to, the following:
-
Project approvals, feasibility study, and risk analysis (DOMDepartment Operations Manual 49020).
-
Operational recovery plan (DOMDepartment Operations Manual 49030).
-
Information security practices.
-
-
The Project Manager is responsible for ensuring that the project documentation is in compliance with policy.