Ho Yu ITGC
ITGC Area
Summary of Issue
Strength or Weakness
IT Management
FFC has an IT strategic plan
Strength
IT Management
CIO reports only to the Chief Financial Officer
Weakness
IT Management
Applications, Operations, Information Security, and Database Administration are reported to the CIO
Weakness
IT Management
FFC has an IT steering committee –
1. the Senior Vice President (SrVP) and Chief Information Officer (CIO)
2. the VP, Applications
3. the VP, Data Base Administration (DBA)
4. the VP, Operations
5. the VP, Information Security (IS)
6. the Executive Vice President and Chief Financial Officer (CFO)
7. the SrVP, Internal Audit
Strength
Systems Development
FFC design, develop, and implement systems in a logical fashion
Strength
Systems Development
FFC consider internal controls as an integral part of systems design
Strength
Systems Development
FFC’s Internal Audit Department is involved as a voting member of the project teams. Internal audit performs post-implementation reviews on all projects over $2 million
Weakness
Systems Development
IT personnel adequately tested the new bio-coding payment system prior to its implementation.
Strength
Data Security
FFC’s computer room within its data center is locked at all times. All outside contractors or visitors must first contact the data center manager for entry into the computer room. Each must bring an official picture ID, sign a visitors’ log, and be escorted at all times by data center personnel during the visit
Strength
Data Security
Environmental control are in place in the computer room. Appropriate maintenance staff test these controls semi-annually
Strength
Data Security
The VP, IS is responsible for modifying and/disabling user IDs for personnel whose job duties change because of promotions, transfers, and/or terminations based on the Transfers and Terminations report, which the Human Resources department forwards to the VP each month
Weakness
Data Security
The IT executive Steering Committee revised FFC’s
Summary of Issue
Strength or Weakness
IT Management
FFC has an IT strategic plan
Strength
IT Management
CIO reports only to the Chief Financial Officer
Weakness
IT Management
Applications, Operations, Information Security, and Database Administration are reported to the CIO
Weakness
IT Management
FFC has an IT steering committee –
1. the Senior Vice President (SrVP) and Chief Information Officer (CIO)
2. the VP, Applications
3. the VP, Data Base Administration (DBA)
4. the VP, Operations
5. the VP, Information Security (IS)
6. the Executive Vice President and Chief Financial Officer (CFO)
7. the SrVP, Internal Audit
Strength
Systems Development
FFC design, develop, and implement systems in a logical fashion
Strength
Systems Development
FFC consider internal controls as an integral part of systems design
Strength
Systems Development
FFC’s Internal Audit Department is involved as a voting member of the project teams. Internal audit performs post-implementation reviews on all projects over $2 million
Weakness
Systems Development
IT personnel adequately tested the new bio-coding payment system prior to its implementation.
Strength
Data Security
FFC’s computer room within its data center is locked at all times. All outside contractors or visitors must first contact the data center manager for entry into the computer room. Each must bring an official picture ID, sign a visitors’ log, and be escorted at all times by data center personnel during the visit
Strength
Data Security
Environmental control are in place in the computer room. Appropriate maintenance staff test these controls semi-annually
Strength
Data Security
The VP, IS is responsible for modifying and/disabling user IDs for personnel whose job duties change because of promotions, transfers, and/or terminations based on the Transfers and Terminations report, which the Human Resources department forwards to the VP each month
Weakness
Data Security
The IT executive Steering Committee revised FFC’s