The examination of RPSwill be conducted in accordance with generally accepted internal auditing standards and will also meet the requirements of the Commonwealth of Virginia (COV) Information Technology Resource Management(ITRM) Standard SEC502-00, Information Technology Security Audit Standard SEC501-01, and Information Technology Security Audit Standard SEC 502-00.
The RPS System Audit will review thefunctioning of the RPS system for the period October, 2007 through April, 2008 and is scheduled to conclude by June 30, 2008 with a total of 300 audit hours. The audit will be performed by JohnJohnson, Managing Auditor and Sam Samuels, Staff Auditor. The RPS system interconnects with system MNO. This audit excludes the MNO system but will include the RPS system up to the network interfacepoint with the MNO system as well as the logical access controls between the systems. This audit includes the application layer as well as the infrastructure layer of the RPS system. The RPS SystemAudit does not include general end user Security Awareness Training or the incident response plan as these areas are covered in the regularly scheduled General Controls Audit.
Proposed ObjectivesOverall, the RPS Audit will assess the effectiveness of controls over the RPS system and compliance with COV ITRM SEC500-02, IT Security Policy, COV ITRM SEC501-01, IT Security Standard, DCS IT SystemsManagement Procedures, any legal requirements and best practices. Specifically, the objectives of the RPS System Audit are to determine whether the IT security controls for the RPS system are documentedand provide reasonable assurance that:
1. Physical access to the production environment, stored data, and documentation is restricted to prevent unauthorized destruction, modification,...