Professional Documents
Culture Documents
Creditcard Security Apg
Creditcard Security Apg
Background/Purpose
The purpose of this audit program is to identify specific audit procedures to be performed in
conjunction with our review of the controls in place to safeguard the confidentiality of customer
credit card information stored in databases or application software administered by company
personnel. We will review our findings with the legal department to ascertain our legal risk
associated with storage of this customer data.
Wkppr Performed
Procedures Ref. by
Planning
1) Develop an inventory of all operations that accept credit cards
for payment of receivables.
2) Develop a questionnaire to use for interviews of IT and operation
managers for all such businesses. Review questionnaire with legal
department to ensure all areas of risk are targeted for questions.
Field Work
1) Interview Operations Managers regarding different systems
credit card data is stored on.
2) Interview IT Managers responsible for safeguarding this
information regarding controls in place to protect customer credit
card information in the various locations.
3) Obtain a list of employees with access to customer credit card
information on the various systems.
4) Interview IT Manager responsible for firewall protection to
understand firewall controls.
5) Review findings with legal department to assess our legal risk..
Questionnaire