Evaluate logical access management controls to ensure user access rights are
appropriate, approved, reviewed, and aligned with the principle of least privilege.
Assess segregation of duties across applications and systems to identify conflicts that
may result in fraud, unauthorized changes, or process bypass attempts.
Review change management controls ensuring that system changes undergo
development, testing, approval, and controlled migration into production.
Evaluate IT operations including data backup processes, backup retention policies,
scheduled job monitoring, incident management, resolution, and system maintenance.
Assess cybersecurity maturity including endpoint security, network controls, firewalls,
antivirus, intrusion detection, patch management, and vulnerability remediation.
Evaluate disaster recovery and business continuity plans including readiness of DR sites,
failover capabilities, recovery time objectives (RTO), and recovery point objectives (RPO).
Review IT governance frameworks including technology policies, IT strategy alignment,
system documentation, SOPs, and IT risk management practices.
Recommend improvements to enhance security posture, ensure regulatory compliance,
strengthen system reliability, and improve overall IT governance maturity.
