
This tool contains three sample work programs that provide general steps an organization should consider when evaluating its IT general controls environment.
Same steps in these programs include: Obtain a copy of the information security policy; confirm that the policy addresses user authentication, password complexity and system security; confirm that the policy has been reviewed and approved by senior management; confirm that access to the in-scope applications requires the use of a password; confirm that desktops are required to use passwords; and confirm that the usage of default accounts (if any) is limited to one individual.