Control Intelligence

AI Analysis Results

Cybersecurity & Network SecurityIT General Controls (ITGC)

Back to Sub-Process
51
/ 100
Needs Improvement
Overall Sub-Process Rating
Needs ImprovementControl is partially in place or inconsistently operated.
2 controls evaluated3 strengths identified3 gaps identified
Executive Summary

The Cybersecurity & Network Security process exhibits controls that are partially in place or inconsistently operated. Several gaps in design effectiveness and operating consistency were identified that, if left unaddressed, could elevate residual risk beyond the organization's tolerance. Prompt remediation is recommended.

Strengths
  • Vulnerability scans are performed monthly on in-scope financial... has been partially implemented
  • Multi-factor authentication is enforced for all privileged and... has been partially implemented
  • Management review is performed on a regular cadence
Gaps
  • No automated alerting for control threshold breaches
  • Remediation timelines are not tracked against defined SLAs
  • Evidence of review lacks timestamp and reviewer identity
Recommendations
  1. 1Implement a workflow tool that captures reviewer identity and timestamp for all approvals
  2. 2Develop a remediation tracker with defined SLAs and escalation paths
  3. 3Establish a quarterly monitoring schedule with documented results and sign-off
Framework Mapping
COSO 2013
Principle P11
SOX 404
ICFR.ITGC.CS.01ICFR.ITGC.CS.02
IIA Standards 2024
IV.10.2

Control-Level Breakdown (2)

IT-CS-01Needs ImprovementScore: 56/100
Vulnerability scans are performed monthly on in-scope financial systems and critical findings are remediated within SLA.
Key Finding

The control is partially implemented but operates inconsistently. Vulnerability scans are performed monthly on in-scope financial systems and critical findings are remediated within SLA. Gaps in execution or evidence retention reduce assurance over this area.

Recommendation

Redesign the control to address inconsistencies. Specifically: vulnerability scans are performed monthly on in-scope financial systems and critical findings are remediated within sla. Assign a control owner and establish a testing cadence.

Framework Tags
COSO P11ICFR.ITGC.CS.01IIA IV.10.2
IT-CS-02Needs ImprovementScore: 50/100
Multi-factor authentication is enforced for all privileged and remote access to financial systems.
Key Finding

The control is partially implemented but operates inconsistently. Multi-factor authentication is enforced for all privileged and remote access to financial systems. Gaps in execution or evidence retention reduce assurance over this area.

Recommendation

Redesign the control to address inconsistencies. Specifically: multi-factor authentication is enforced for all privileged and remote access to financial systems. Assign a control owner and establish a testing cadence.

Framework Tags
COSO P11ICFR.ITGC.CS.02IIA IV.10.2