Risk Control Matrix Format
Risk Control Matrix Format
Process - ITGC
Access Management
Security
Management
Security
Management
Security
Management
Security
Management
Security
Management
Security
Management
Computer
Operations
1. This is being done only for assets and not 1. (a) On resignation or Termination of employee
for other accesses revokation provided to Department head should inform IT and HR department
exiting employee, apart from SAP ID immidiately. 1 (b) IT
department should remove accesses immidiately
1.Policy is not approved by BOD,Policy is Policy should be approved by BOD ,should be regulerly
not regulerly reviewed and updated .Policy reviewed and updated.Policy should be implemented in
implementated in informal way and 100 % formal way by way of undertaking from all employees
implenattion is not enured and reguler uwareness program.
Reference Remark observation Control Owner Frequency of
Document Control/s
1. HR As and when
2. Sr Manager IT
3. Manager IT and
Sr Manager IT
refer security
policy in it
policy
Key Control Nature of Type of Control
Control
Yes Detective(Based Manual + Automated
on email)